Knowledge base

1000 FAQs, 500 tutorials and instructional videos. Here, there are only solutions!

Understanding Data Security, LPD, and GDPR

Update 07/09/2026

This guide covers data protection regulations in Switzerland and Europe, and the measures taken by Infomaniak to secure your customer data and data within Web Hosting and Mail Services.

 

Understanding the difference between data security and data privacy

Data security aims to prevent unauthorized access to your information. It relies on measures such as encryption, firewalls, or VPNs. A security breach can have disastrous consequences: imagine a hacker stealing your entire customer database and demanding a ransom to recover it. This type of attack – ransomware – can cripple a company overnight.

Data privacy concerns who can access your information and how it is used. Even if your data is secure against hacking, it can be collected, analyzed, and resold… perfectly legally.

Example: you carefully store your customers' information, but without realizing it, a service you use shares – anonymously – this data with third parties. Result? Your competitors can obtain valuable insights into your market and target your own customers without ever needing to hack into your systems.

 

FDPA & GDPR

In Switzerland, the FDPA (Federal Act on Data Protection) and nFDPA (for the "new Act" in force since September 2023) protect the privacy of residents by regulating the collection and processing of personal data by organizations.

The EU's GDPR (General Data Protection Regulation), which has been in effect since May 2018, affects global companies that process the data of European residents, including in Switzerland. While the Swiss Federal Act on Data Protection (FADP) applies to the data of Swiss residents, the GDPR concerns the data of EU residents. Swiss companies that manage European data must comply with the GDPR requirements, including the designation of a Data Protection Officer and the performance of Impact Assessments in the event of risky processing.

 

Your Role as an Infomaniak Customer

With regard to the data hosted that belongs to you – and in particular if this data contains personal data of your visitors, contacts or customers – it is your responsibility to ensure its compliance.

When processing this personal data, it is essential to inform users about the purpose and methods of this processing. This is generally done through a privacy policy or a data processing agreement (DPA).

Agreement between Data Controller and Data Processor

A DPA (Data Processing Agreement), called AVV (Auftragsverarbeitungsvertrag) in German, ATD (Accordo di Trattamento dei Dati) in Italian and CTA (Contrato de Tratamiento de Datos) in Spanish, translates to Data Processing Agreement or Data Processing Contract.

This is a mandatory contract provided for by the GDPR between a data controller and a data processor. It defines the purpose, duration, and nature of the processing, as well as the obligations and security measures. Its objective is to protect the personal data entrusted to a service provider.

This GDPR certificate (in PDF format) can be generated and downloaded from the Manager (accessible to users of the organization who are owners or administrators):

  1. Click here to access the Data Processing Agreement (DPA) management in the Infomaniak Manager (need help?).
  2. Click the Generate button to download the customized PDF document:

Here are some tips:

  • Provide information on all data processing activities, not just those related to the website.
  • Ensure easy access to the privacy policy on the website, for example in the footer of each page.
  • In general, it is not necessary to obtain user approval for privacy policies (e.g., for forms); simply indicate where to find the policy (example Site Creator).
  • Keep in mind that the new, more detailed information rules may require adjustments to existing privacy policies.

It is crucial to differentiate between the security of the infrastructure where your data is hosted and the management and implementation of data on your side. As a hosting provider, Infomaniak acts as a data processor for your GDPR-related obligations. In this context, its privacy policy and cookie policy, as well as its terms and conditions, provide you with the necessary guarantees regarding its compliance as a data processor.

If necessary, you can find professionals or online guides to help you with the compliance process.

 

Infomaniak's Role

Like companies that work with user data, Infomaniak must comply with the LPD and, because some of its users are European citizens, also with the GDPR:

These commitments, as outlined in the general and specific terms and conditions, are as follows:

  • store your data within data centers exclusively located in Switzerland and never transfer your information outside of these infrastructures
  • apply rigorous security standards and continuously improve processes to guarantee a high level of security across all services
  • promptly inform you in the event of a data breach
  • ensure transparency towards you when Infomaniak uses subcontractors that may process your data
  • strengthen and develop physical security measures to prevent unauthorized access to the infrastructures where your data is stored
  • implement physical and/or logical isolation systems (depending on the services) to separate the hosting of different clients; in addition, Infomaniak conducts annual penetration tests to guarantee data isolation between clients
  • demonstrate a high level of responsiveness in securely updating the systems under their responsibility

 

Manage cookies on the infomaniak.com website

When you visit the infomaniak.com page, you must make a choice regarding the acceptance of certain cookies. To change this choice later, access your preferences from the footer of the website:


Has this FAQ been helpful?