On 25 May 2018, the new General Data Protection Regulation (GDPR) came into force, a regulation with which the European Commission intends to standardize the protection of personal data of EU citizens.
The regulation applies to all companies dealing data of European citizens, even if these are not based within the EU. For this reason it is important to rely on a service provider that is correctly applying the requirements set by the new legislation (EU Regulation 2016/679).
Qboxmail has started a process of analysis and adaptation of its information systems, procedures and staff training, in order to guarantee its customers and users the application of all the provisions that the law provides.
Qboxmail guarantees its Customers and Users the correct application of the provisions of the GDPR for company email management services.
Our softwares have always been designed and developed following the “Data protection by default and by design” concept.
We use strong encryption for data we believe we must guarantee an adequate level of security for the risk of their loss or theft. Is in place a procedure to digitally sign the log files and give them a certain date in accordance with Italian law.
A new Privacy policy is available in accordance with the directives of the GDPR regulation.
We are responsible for keeping the logs in accordance with the law for the period prescribed by Italian law.
The POP and IMAP features allow administrators to export customer data at any time during the term of the contract. Access logs and audit logs can be exported as CSV.
Customers can delete their data at any time. When a definitive deletion request is sent (such as the cancellation of an Email Account), the data will be removed from any system within a maximum of 60 days, unless otherwise required by law.
We have always made encryption available to protect data in transit. All Webmail, POP, IMAP, SMTP services are accessible by default via TLS.
To detect possible software vulnerabilities, we use internally developed tools, as well as periodic tests to verify possible violations.
We have prepared a Treatment register, or a Register of the processing activities carried out, available to the supervisory authority.
All Qboxmail collaborators have followed internal training courses related to the requirements of the GDPR and are constantly updated and raise awareness on the issues of security and confidentiality of the data we process.
Qboxmail Srl operates as a “Data Controller” when it determines the purposes and means of processing personal data.
This is the case in which Qboxmail collects data for billing, service improvement, sales operations, requests for technical assistance, commercial management or when Qboxmail processes personal data of its employees.
In this case, “your” data hosted on Qboxmail’s services are not affected, unlike some information concerning you or your employees (for example, information regarding the identity and contact details of your contact in Qboxmail as part of a request for Support).
In these cases Qboxmail guarantees to:
Qboxmail Srl operates as “Data Processing Manager” when processing personal data on behalf of a Data Controller.
This is the case when Qboxmail services are used and users’ personal data is stored on the Qboxmail infrastructure. Within the limits of its technical constraints, Qboxmail will treat the hosted data exclusively according to the indications, and on behalf of the Customers, who are the Data Controller or have received instructions to be authorized by any other Owners to allow Qboxmail the Treatment.
In these cases, Qboxmail undertakes to:
The Data Controller is defined as the person who determines the purposes and means of processing personal data.
The Data processing manager is defined as the person who processes personal data on behalf of a Data Controller.
Personal data is all information relating to an identified or identifiable living person. Also the various information that, collected together, can lead to the identification of a specific person constitute the personal data.
Sensitive data are those that can reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, adherence to parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, the health status and sexual life.
The treatment covers a wide range of operations performed on personal data, including those with manual or automated means. Includes the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction of personal data.
The data stored by the customer, which uses Qboxmail services, remains the property of the customer.
Qboxmail does not access or use these data, unless it is strictly necessary and within the limits of its technical constraints.
Qboxmail only accesses data in the following situations: