General Data Protection Regulations for Email Hosting services provided by Qboxmail Srl

The new General Data Protection Regulation

On 25 May 2018 the new General Data Protection Regulation (GDPR) will enter into force. Through this regulation, the European Commission intends to harmonize protection of EU citizens’ personal data.

The regulation applies to all companies dealing with data from European citizens, even if they are not based within the EU. It is therefore important to rely on a service provider that correctly applies the conditions laid down by the new legislation (EU Regulation 2016/679).

Qboxmail and the GDPR

For months, Qboxmail has been analyzing and, where necessary, adapting its information systems, procedures, and staff training and awareness to ensure compliance with the requirements laid down in the regulation to its customers and users.

Qboxmail guarantees its customers and users correct application of the GDPR provisions for Email Hosting services.



Data protection by default and by design

Our software has always been designed and manufactured in keeping with the idea: “Data protection by default and by design”.


Data integrity and security

We use data encryption and believe it’s essential to guarantee appropriate security against the risk of loss or theft. We also have a procedure to digitally sign log files and store specific data in them in line with Italian regulations.


New Privacy Statement

By the date of entry into force of the GDPR, a new privacy policy conforming to the new directives will have been created.


Keeping logs in accordance with the law

We are responsible for keeping logs in accordance with the law for the period prescribed by Italian regulations. 


Exporting data

The POP and IMAP features allow administrators to export customer data at any time during the contract’s term of validity. Access logs and audit logs can be exported as CSV.


Deleting data

Customers can delete their data at any time. When a final deletion request is sent (such as deleting an Email Account), the data will be removed from any system within a maximum of 45 days, unless otherwise provided by regulatory obligations.


Data confidentiality

We always make encryption available to protect data in transit. All webmail, POP, IMAP, SMTP services are accessible by default via SSL/TLS


Vulnerability management

To detect any software vulnerabilities, we use internally developed tools as well as periodic tests to verify possible violations.


Register of Processing Operations

The “Register of Processing Operations”, i.e. a register of processing activities carried out, will be prepared and available to the supervisory authority.


Data Protection Impact Assessment (DPIA) documents

A document will be prepared for each processing activity carried out which analyzes the processed data, evaluates the potential risk deriving from it and identifies the precautions necessary to mitigate this risk.


Staff training

All Qboxmail’s employees have attended internal training courses on the GDPR and are constantly updated and informed about issues relating to the security and confidentiality of the data we deal with.

What Qboxmail customers need to do

This section is being finalized. It will be updated according to the guidelines issued by the Data Protection Authority.

  • Consult a lawyer to get legal advice about your company
  • Inform users that the data processing manager is Qboxmail Srl 



For more information on the GDRP in Qboxamil, contact us
Contact us
Login Free trial