🚀 DPA - Data Protection Act

“ ”

If you are a structure that processes personal data, you are probably affected by the provisions of the new Federal Act on Data Protection (nFADP), which came into force on 1 September 2023, and its implementing provisions, the OPDo and the OCPD. In this respect, you are subject to obligations that must be respected. The same applies to Infomaniak, which, in view of its situation, has separate obligations in its capacity as subcontractor or data controller.

It is essential to distinguish between the security of the infrastructures on which your data is hosted and the exploitation and implementation of the data by you.

Customer's role

It is solely responsible for the security of resources and application systems that it uses with Infomaniak's services.

Infomaniak's Role

We are committed to ensuring the safety of our infrastructure, including a security policy that meets the requirements of various standards and certifications as well as the GDPR.

As a hosting provider, Infomaniak is committed to complying with its obligations under the regulations. As a result, you must also respect the points of your regulatory obligations related to our services.

As a subcontractor, Infomaniak is committed to:

Store your data in our datacenters based exclusively in Switzerland and never transfer your data outside of our datacenters.
Implement high-security standards and maintain continuous improvement processes to provide you with a high level of security in our services.
Notify you as soon as possible in the event of a violation of your data.
Be transparent when we use subcontractors that could process your data.
Maintain and develop our physical security measures to prevent access to the infrastructures on which your data are stored by unauthorised persons.
Have physical and / or logical isolation systems (depending on the services) to isolate customer hosting services from each other, and carry out intrusion tests once a year in order to ensure data tightness between customers.
Be exemplary in terms of reactivity for security updates on the systems we manage.
Implement appropriate technical and organisational measures to guarantee the confidentiality, availability, integrity and traceability of the personal data entrusted to us.

Frequently asked questions about nFADP and Infomaniak

Am I complying with the nFADP by using Infomaniak's services?

Yes, Infomaniak meets the requirements imposed by the Data Protection Act.

However, it is essential to distinguish between the obligations incumbent upon Infomaniak as subcontractor and those incumbent on the customer as data controller. Indeed, it is the latter's responsibility to ensure that it complies with legislation by virtue of its role as data controller.

What is Infomaniak's role and responsibility with regard to the nFADP?

As a Swiss company, Infomaniak is responsible for ensuring its compliance with current legislation in order to guarantee the protection of the personal data it processes.

Further information can be found on the following pages:

Our data privacy policy specifies the data we store in order to provide and execute our services.
Our personal data protection policy describes Infomaniak's commitments as a subcontractor which hosts all your data, including personal data.

Has Infomaniak appointed a data protection advisor?

Yes, Infomaniak's coordinator for the operation, management and protection of personal data is Tiago Pedro. As Data Protection Officer, he is responsible for informing and advising data controllers, all company employees and our subcontractors.

Should you have any queries, please write directly to dpo@infomaniak.com.