On 25 May 2018 the new General Data Protection Regulation (GDPR) will enter into force. Through this regulation, the European Commission intends to harmonize protection of EU citizens’ personal data.
The regulation applies to all companies dealing with data from European citizens, even if they are not based within the EU. It is therefore important to rely on a service provider that correctly applies the conditions laid down by the new legislation (EU Regulation 2016/679).
For months, Qboxmail has been analyzing and, where necessary, adapting its information systems, procedures, and staff training and awareness to ensure compliance with the requirements laid down in the regulation to its customers and users.
Qboxmail guarantees its customers and users correct application of the GDPR provisions for Email Hosting services.
Our software has always been designed and manufactured in keeping with the idea: “Data protection by default and by design”.
We use data encryption and believe it’s essential to guarantee appropriate security against the risk of loss or theft. We also have a procedure to digitally sign log files and store specific data in them in line with Italian regulations.
By the date of entry into force of the GDPR, a new privacy policy conforming to the new directives will have been created.
We are responsible for keeping logs in accordance with the law for the period prescribed by Italian regulations.
The POP and IMAP features allow administrators to export customer data at any time during the contract’s term of validity. Access logs and audit logs can be exported as CSV.
Customers can delete their data at any time. When a final deletion request is sent (such as deleting an Email Account), the data will be removed from any system within a maximum of 45 days, unless otherwise provided by regulatory obligations.
We always make encryption available to protect data in transit. All webmail, POP, IMAP, SMTP services are accessible by default via SSL/TLS
To detect any software vulnerabilities, we use internally developed tools as well as periodic tests to verify possible violations.
The “Register of Processing Operations”, i.e. a register of processing activities carried out, will be prepared and available to the supervisory authority.
A document will be prepared for each processing activity carried out which analyzes the processed data, evaluates the potential risk deriving from it and identifies the precautions necessary to mitigate this risk.
All Qboxmail’s employees have attended internal training courses on the GDPR and are constantly updated and informed about issues relating to the security and confidentiality of the data we deal with.
This section is being finalized. It will be updated according to the guidelines issued by the Data Protection Authority.
