General Data Protection Regulation

On 25 May 2018, the new General Data Protection Regulation (GDPR) came into force, a regulation with which the European Commission intends to standardize the protection of personal data of EU citizens.

The regulation applies to all companies dealing data of European citizens, even if these are not based within the EU. For this reason it is important to rely on a service provider that is correctly applying the requirements set by the new legislation (EU Regulation 2016/679).

Qboxmail has started a process of analysis and adaptation of its information systems, procedures and staff training, in order to guarantee its customers and users the application of all the provisions that the law provides.

Qboxmail guarantees its Customers and Users the correct application of the provisions of the GDPR for company email management services.

Privacy by default and by design

Our softwares have always been designed and developed following the “Data protection by default and by design” concept.

Data integrity and security

We use strong encryption for data we believe we must guarantee an adequate level of security for the risk of their loss or theft. Is in place a procedure to digitally sign the log files and give them a certain date in accordance with Italian law.

New Privacy policy

A new Privacy policy is available in accordance with the directives of the GDPR regulation.

Log storage in accordance with the law

We are responsible for keeping the logs in accordance with the law for the period prescribed by Italian law.

Exporting data

The POP and IMAP features allow administrators to export customer data at any time during the term of the contract. Access logs and audit logs can be exported as CSV.

Deleting data

Customers can delete their data at any time. When a definitive deletion request is sent (such as the cancellation of an Email Account), the data will be removed from any system within a maximum of 60 days, unless otherwise required by law.

Data confidentiality

We have always made encryption available to protect data in transit. All Webmail, POP, IMAP, SMTP services are accessible by default via TLS.

Vulnerability management

To detect possible software vulnerabilities, we use internally developed tools, as well as periodic tests to verify possible violations.

Register of processing operations

We have prepared a Treatment register, or a Register of the processing activities carried out, available to the supervisory authority.

Staff training

All Qboxmail collaborators have followed internal training courses related to the requirements of the GDPR and are constantly updated and raise awareness on the issues of security and confidentiality of the data we process.

Data Controller

Qboxmail Srl operates as a “Data Controller” when it determines the purposes and means of processing personal data.

This is the case in which Qboxmail collects data for billing, service improvement, sales operations, requests for technical assistance, commercial management or when Qboxmail processes personal data of its employees.

In this case, “your” data hosted on Qboxmail’s services are not affected, unlike some information concerning you or your employees (for example, information regarding the identity and contact details of your contact in Qboxmail as part of a request for Support).

In these cases Qboxmail guarantees to:

limit the collection of data to those strictly necessary
not to use personal data for purposes other than those for which they were originally collected
keep personal data for a limited period, or for the entire duration of the contract and the following 36 months
do not transfer this data to third parties who are not part of the companies of the Group or who are not involved in the execution of the contract

Data processing manager

Qboxmail Srl operates as “Data Processing Manager” when processing personal data on behalf of a Data Controller.

This is the case when Qboxmail services are used and users’ personal data is stored on the Qboxmail infrastructure. Within the limits of its technical constraints, Qboxmail will treat the hosted data exclusively according to the indications, and on behalf of the Customers, who are the Data Controller or have received instructions to be authorized by any other Owners to allow Qboxmail the Treatment.

In these cases, Qboxmail undertakes to:

treat personal data exclusively for the purposes of the correct execution of services
do not transfer your data outside the EU
implement high safety standards in order to guarantee a high level of security to our services
notify you as soon as possible in the event of data breach
assist you in fulfilling your regulatory obligations by providing you with adequate documentation of our services

What Qboxmail customers need to do

consult an expert for legal advice relating to your company
communicate to users that, for the services active with us, the Data Processor is Qboxmail Srl
update your Privacy Policy so that it takes into consideration that of Qboxmail Srl
have their own legal basis for processing and sharing user data with us

F.A.Q.

Who is the Data Controller

The Data Controller is defined as the person who determines the purposes and means of processing personal data.

Who is the Data Processor?

The Data processing manager is defined as the person who processes personal data on behalf of a Data Controller.

What is personal data?

Personal data is all information relating to an identified or identifiable living person. Also the various information that, collected together, can lead to the identification of a specific person constitute the personal data.

What is sensitive data?

Sensitive data are those that can reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, adherence to parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, the health status and sexual life.

Example of personal data

first and last name
home address
email address, such as firstname.lastname@company.com
identity card number
location data (eg. positioning function on a mobile phone)
an IP (Internet Protocol) address
a cookie ID
the advertising identifier of your phone

Examples of data not considered personal

registration number in the register of companies of a company
email address, as info@company.com
data made anonymous

What is data processing?

The treatment covers a wide range of operations performed on personal data, including those with manual or automated means. Includes the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction of personal data.

Who is the owner of the data hosted and stored on the Qboxmail services?

The data stored by the customer, which uses Qboxmail services, remains the property of the customer.
Qboxmail does not access or use these data, unless it is strictly necessary and within the limits of its technical constraints.

When can Qboxmail access Customer data hosted and stored on our services?

Qboxmail only accesses data in the following situations:

for the execution of the services and in particular to optimize the assistance to the customers when they contact the technical support of Qboxmail. In this case, access to user data remains controlled thanks to precise authorizations and activity logs
to fulfill legal obligations in the context of strictly controlled judicial and / or administrative requests

General Data Protection Regulation