If you're a structure that processes personal data, you're probably affected by the provisions of the new Federal Act on Data Protection (FADP), which came into force on 1 September 2023, and its OPDo application device. In this respect, you are subject to obligations that must be respected. The same applies to Infomaniak which, in view of its situation, has distinct obligations in its capacity as subcontractor or data controller.

It's essential to distinguish between the security of the infrastructure on which your data is hosted and the way in which you operate and implement it.

The customer's role

He is solely responsible for the security of the resources and application systems he uses with Infomaniak services.

Infomaniak's role

We are committed to ensuring the security of our infrastructures, notably through a security policy that meets the requirements of various standards, certifications as well as the GDPR.

When do we share your information with other parties?

As a hosting provider, Infomaniak undertakes to comply with its obligations in line with the aforementioned regulations. As a result, you are also able to comply with the points of your regulatory obligations that are linked to our services.

As a subcontractor, Infomaniak undertakes to:

Implement appropriate technical and organisational measures to guarantee the confidentiality, availability, integrity and traceability of the personal data entrusted to us.

Implement high security standards and maintain continuous improvement processes to provide you with a high level of security as part of our services.

Maintain and develop our physical security measures to prevent unauthorised access to the infrastructures on which your data is stored.

Be exemplary in terms of our responsiveness to security updates on the systems we manage.

Be transparent when we use subcontractors who may process your data.

Notify you as soon as possible in the event of a data breach.

Store your data in our data centers based exclusively in Switzerland, and never transfer your data outside our own infrastructure.

Have physical and / or logical isolation systems (depending on the services) to isolate customer hosting solutions from each other and carry out intrusion tests once a year to ensure that data is watertight between customers.

Frequently asked questions about the nFADP /# comment #/ Questions fréquentes relatives à la nLPD

  • Yes, Infomaniak meets the requirements of the Federal Act on Data Protection.


    However, it is essential to distinguish between the obligations incumbent upon Infomaniak as a subcontractor and those incumbent upon the customer as data controller. It is indeed the latter's responsibility to ensure that it complies with the legislation by virtue of its role as data controller.


  • As a Swiss company, Infomaniak is responsible for ensuring its compliance with current legislation in order to guarantee the protection of the personal data it processes.


    Further information can be found on the following pages:



  • Yes, Yoann Lopez is Infomaniak's coordinator for the use, management and protection of personal data. As Data Protection Officer, he is responsible for informing and advising data controllers, all company employees and our subcontractors.


    If necessary, please contact us directly at dpo@infomaniak.com.