General Data Protection Regulation for the services offered by Vianova
The EU regulation on the protection of personal data no. 2016/679 (‘GDPR’) aims to modernize and harmonize the data protection strategy in place in all European Union countries.
Vianova guarantees to its Customers and Users that the provisions of the GDPR will be properly applied with regard to the services offered. This is driven not just by the need to comply with the standards of the new regulation, but also by our commitment to guaranteeing maximum transparency in the processing and protection of data at all times.
Below is an overview of the main measures adopted by Vianova in compliance with the provisions of the GDPR.
How we protect data: physical protection
Data security
Data relating to our Customers and services is stored in our Data Centers in Pisa and Massarosa.
The fact that our facilities are located in Italy offers customers further protection as regards legislation covering the security and confidentiality of corporate data.
The Pisa and Massarosa Data Centers are housed within the company’s offices, in direct contact with the Network Operation Centers (NOCs), and are monitored at all times by highly trained personnel. Both of the Data Centers house the technological platforms used to supply Vianova services (e.g. Mail, Desk, Cloud and Centrex), as well as Customer equipment and servers stored in our colocation facilities. The Pisa Data Center is designed and built according to Tier IV standards.
Data relating to Hosting services is hosted at the Turin facility of Host spa, a company belonging to the Vianova Group.
Security
- the facilities are located in areas with low seismic activity and are built in line with anti-flooding and anti-earthquake principles, allowing them to withstand major floods and earthquakes
- the facilities are protected by a perimeter alarm and by video surveillance systems, with a remote link to local security companies
- only authorized and certified personnel can access the Data Centers, using electronic badges and biometric readers
- in the Pisa Data Center, individual cabinets can only be opened with personal electronic badges
- all systems are monitored 24 hours a day, 7 days a week
Fire prevention
- the Massarosa Data Center is fitted with a nitrogen fire suppression system that uses high-pressure cylinders
- the Pisa Data Center uses an active oxygen reduction fire prevention system. The oxygen percentage is kept below the minimum level necessary for combustion, thus making it impossible for any type of flame to develop
- the Data Center area is divided into sections by fire-resistant REI 120 walls and doors
- a special detection system checks the hydrogen levels in the UPS and battery rooms and automatically activates the air exchange systems if necessary
Power supply
- our electrical systems are based on multiple, independent power supply systems following separate and diversified paths
- in the event of an emergency, power continuity is guaranteed thanks to UPS areas with redundant static transfer switches, 48 V power stations, and diesel generator sets
- the Pisa UPS areas are located in separate rooms with independent cooling units
- each individual rack has a redundant, dual-feed power supply
Air conditioning
- the air conditioning system is designed to ensure increased device efficiency
- the Pisa air conditioning system is powered at all times (continuous cooling), even if the generators are called into use
Redundancy
- 100 Gbps of capacity to connect the fiber optic ring between the Pisa and Lucca Data Centers
- local and geo-redundancy of all core equipment (routers, switches, telephone exchanges, servers, etc.), with synchronous replication of storage data
- redundancy of the circuits connecting all PoPs towards the Pisa and Lucca Data Centers
- redundancy of the circuits connecting with Internet exchange points and the national telephone network
Organizational data protection measures
Policy, appointments, and data protection
Vianova has adopted organizational measures aimed at improved data protection, appointing the parties involved in the processing and assigning them with specific instructions.
All policies and contractual forms have been updated.
Vianova as Data Controller
Vianova acts as the Data Controller when it determines the purposes for which and the means by which personal data is processed. This is the case when Vianova collects data for contract management, for the activation of subscriber services, for billing, and for technical support requests.
Vianova as Data Processor
Vianova acts as a Data Processor when it processes personal data on behalf of a Data Controller. This is the case when a Customer uses Vianova’s services and stores the personal data of data subjects on Vianova’s infrastructure. Vianova processes the data hosted on behalf of Customers in compliance with current legislation.
Data Protection Officer
On the basis of its activities, Vianova is obliged to appoint a Data Protection Officer. To this end, it has entrusted the role to Aksilia srl, Via Fontana 22, Milan. The email address of the Data Protection Officer is dpo@vianova.it – certified email dpo.consilia.srl@pec.it.
Employees
Vianova has appointed all the employees and collaborators authorized to process data, providing them with the necessary processing instructions.
Furthermore, in order to ensure that employees remain suitably up to date, the company provides internal training courses concerning the legislation on the protection of personal data and constantly works to raise awareness among employees and collaborators regarding the security and confidentiality of the data processed.
Partners and Representatives
Vianova’s network of Partner companies is made up of ethical businesses founded on their openness and the transparency of their relationship with Customers.
Our Representatives are professionals, trained and coordinated directly by Vianova, who work alongside Partners to promote the sale of Vianova services at their Customer Base.
The commercial collaboration between Vianova and its Partners and Representatives involves the processing of Customer data by the latter, and they are therefore appointed as Data Processors (Article 28 of the GDPR) with all the necessary instructions for correct processing.
Suppliers
Vianova uses suppliers to manage and provide certain services (or parts of them) that require the processing of Customer data. In these circumstances, the suppliers are designated as Data Processors (Article 28 of the GDPR) and they are provided with the necessary instructions for correct processing.
Business processes
All business processes and the data and information management system are ISO 27001 certified and are constantly updated and improved to offer Customers the highest levels of security at all times. Vianova applies the principle of incorporating ‘Privacy by design’, starting with the design of a business process using the related IT support applications.
Transfers of personal data to third countries
Vianova does not transfer its Customers’ data to third countries.
How you can protect your personal data
In the cases provided for, data subjects have the right to ask the Data Controller for access to their personal data, to have it rectified or erased, and to restrict or object to processing, as well as the right to data portability (Articles 15 and following of the Regulation). A specific request can be submitted to the Data Controller or to the Data Protection Officer indicated above.
For further information and to download the relevant form drawn up by the Italian Data Protection Authority, see the website https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.
Contact us
For more information on the GDPR, you can contact us at privacy@vianova.it.
last updated June 2018