GDPR - the protection of personal data

 

gdpr

GDPR

The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe that introduces stringent requirements that set new standards in compliance, security and data protection.

CoreTech and the GDPR

In addition to ensuring its compliance, CoreTech is committed to offering services and resources that allow clients to comply with any GDPR requirements that they are required to comply with regarding their activities. In this regard, CoreTech has released new features and others will be.

Data Centre in Italy

CoreTech is a 100% Italian company and the data centers are located in Italy. For more information visit the Datacentre page

Datacenter

CoreTech is a CISPE member

CoreTech recently announced its compliance with the CISPE Code of Conduct of which Amazon AWS, Aruba, Register and OVH are also members.
The CISPE Code of Conduct enables cloud customers to assess their cloud infrastructure provider's compliance with data protection obligations under the GDPR.
This further reassures customers of their ability to control their data in a safe, secure and compliant environment.

Cispe

Definition of the GDPR

To avoid misinterpretations of regulatory obligations, the essential expressions for understanding the GDPR are defined below:





  • Titolare del trattamento dei dati: persona fisica o giuridica, autorità pubblica, servizio o altro organismo che, da solo o con altri soggetti, determina i mezzi e le finalità del trattamento.
Responsabile GDPR
  • Responsible for data processing: persona fisica o giuridica, autorità pubblica, servizio o altro organismo che tratta dati personali per conto del titolare o del responsabile del trattamento.


Incaricato GDPR

CoreTech agisce come responsabile per tutti i trattamenti, mentre è titolare per i soli dati dati di contatto dei clienti

CoreTech as the data controller

Questo è certamente il caso in cui le tue aspettative su CoreTech sono più incisive. CoreTech riveste il ruolo di "responsabile del trattamento" quando tratta dati personali per conto di un titolare del trattamento o di un altro responsabile.
This is the situation that occurs when using CoreTech services and storing personal data on a CoreTech infrastructure. Within the limits of its technical constraints, CoreTech will process hosted data solely as directed by you, and on your behalf.

L'impegno di CoreTech in qualità di responsabile del trattamento dei dati

Nel ruolo di incaricato del trattamento dei dati, CoreTech si impegna in particolare a eseguire le seguenti azioni:

CoreTech come titolare del trattamento dei dati

CoreTech riveste il ruolo di "titolare del trattamento dei dati" quando determina i mezzi e le finalità del "proprio" trattamento di dati personali.

This is the case where CoreTech collects data for billing, service and performance improvement, sales operations, commercial management, etc ..., but also when CoreTech processes the personal data of its employees.
In this case, "your" data hosted on CoreTech services, are not affected, unlike some information concerning you or your employees (for example information relating to the identity and contact details of your contact in CoreTech as part of a request for Support ). This is why CoreTech is keen to explain the safeguards put in place to ensure the protection of this personal data:

Security measures

It is essential to distinguish between the security of client hosted data and the security of the infrastructures hosting this data.

gdpr_dati

Customer-hosted data security

Il cliente è l'unico responsabile della sicurezza delle proprie risorse e dei sistemi applicativi implementati per l'utilizzo dei servizi. CoreTech mette a disposizione degli strumenti per supportare il cliente nella protezione dei propri dati. Ogni servizio ha i suoi strumenti specifici; di seguito alcuni di essi:

  • Granular data backup (of specific services)
  • Server instance backup (for cloud servers)
  • Activity logging (to specific services)
  • Access logging (to the platform)
  • Sygma monitoring agent (for cloud server)
  • Ticket System for tracking communications
Infrastrutture GDPR

Infrastructure security

CoreTech is committed to guaranteeing the maximum security of its infrastructures, in particular by implementing an information systems security policy and responding to the needs of numerous laws and certifications. CoreTech takes the necessary measures to preserve the security and confidentiality of the personal data processed, in particular, to prevent them from being violated, damaged, or from unauthorized third parties accessing them.

CoreTech undertakes to implement:

  • physical security measures to prevent unauthorized persons from accessing the infrastructures on which client data is stored
  • security personnel in charge of ensuring the physical security of CoreTech premises 24 hours a day, 7 days a week
  • an authorization management system to allow access to the premises and data only to people who need them in the context of their business
  • a physical and/or logical system to keep clients separate from each other (depending on the services)
  • strong authentication processes for users and administrators thanks to a strict password management policy
  • processes and devices to track all the actions performed on its information system and, in compliance with current regulations, report any incidents affecting client data

Shared responsibility

What is meant by shared responsibility?

In terms of compliance and data security, both CoreTech and the client are both responsible, albeit on different fronts.
CoreTech will then take care of the maintenance, updating and protection of the physical infrastructure on which all cloud services are run.
Only at the explicit request of the client or upon the release of access passwords, CoreTech will be able to intervene at a technical level on the service purchased.
Based on the CoreTech service used, the competencies of shared responsibility are detailed below. We invite all clients to read their responsibilities concerning the services used.
CoreTech is committed to applying all reference standards to ensure information security.

Stellar - Server Cloud

CoreTech

  • Keep the software infrastructure up to date with the most stable and secure versions of the software released by the manufacturer
  • Monitor the infrastructure of virtualization, hypervisor and storage systems to ensure continuity of services
  • Check for any security-related anomalies that are highlighted through the system logs or alerts
  • Deactivation of the service if following a report by other service providers, the server is carrying out anomalous behaviors (spam, phishing, contents relating to terrorism, fraud, hacked site)
  • Inform the client if any problems are encountered on the server during the monitoring or analysis of the logs

Customer

  • Set access passwords to the server and to the software installed on it with a level of difficulty in compliance with the defined policies and password change according to the reference standards (e.g. ISO 27002)
  • Carefully guard server access data and limit its disclosure
  • Promptly intervene in the event of CoreTech reports on problems relating to the security of your server
  • Correctly configure the backup jobs of your data with the tools made available by CoreTech and ask for support in case of doubts about the configurations
  • Check the results of data backups on a daily basis
  • Periodically check the correct operation of the VM backup by consulting the results from the Sygma panel
  • Periodically organize the VM restore tests with CoreTech in order to ensure the correct execution of the VM backups
  • Periodically check the event logs and operating system logs on your server to prevent any problems
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem

RocketWeb - Web Hosting

CoreTech

  • Daily Backup Control. Backup retention is 35 days (5 weeks)
  • Keep the Web Hosting servers updated with the most stable and secure software versions released by the manufacturer
  • Daily checks regarding the update status of the integrated antivirus
  • Monitor the webserver to ensure continuity of service
  • Check for any security-related anomalies that are highlighted through the system logs or alerts
  • Inform the manufacturer of the software related to the web servers if it becomes aware of any security flaws in the system
  • Deactivation of the service if following a report by other service providers, the site is behaving abnormally (spam, phishing, contents related to terrorism, fraud, hacked site)

Customer

  • Set access passwords to the Plesk management panel, to the FTP site, or the website management system (e.g. WordPress admin access) with a level of difficulty in compliance with the defined policies and password change according to the reference standards (e.g. ISO 27002)
  • Carefully guard your Plesk, FTP and website login data and limit their disclosure
  • Promptly intervene in the event of CoreTech reports on problems relating to the security of its website
  • Proceed to periodically update the elements relating to the security of your website (for example updating the version of WordPress
  • Make a personal backup of your website at least once a month
  • Carefully guard the access data to the RocketBox service and limit its divulgence
  • Check weekly for any anomalies relating to the use of resources on your website
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem

Email Service

CoreTech

  • Daily Backup Control. Sixty (60) days of Backup retention
  • Daily checks regarding the update status of the integrated antivirus
  • Daily checks for the presence of servers in public Black Lists
  • Keep mail systems up to date with the most stable and secure software versions released by the manufacturer
  • Monitor the mail server to ensure continuity of service
  • Check for any security-related anomalies that are highlighted through the system logs or alerts
  • Notify the client if, by reading the mail server logs, circumstances arise that could endanger the e-mail accounts and the data contained therein
  • Inform the software manufacturer of the mail server if it becomes aware of any security flaws in the system
  • Immediate password change, if the account had been hacked and was sending spam, delete all the queued emails related to the specific account (whether they are valid or spam). Notice to the client for appropriate checks and password changes
  • At the client's request, willingness to export mail archives on magnetic media or in interchange areas (activity to be quantified economically)

Customer

  • Set passwords to access the mail service with a level of difficulty in compliance with the defined policies and password change according to the reference standards (e.g. ISO 27002)
  • Carefully guard the access data to mailboxes and limit their disclosure
  • Inform your users about the good use of e-mail regarding safety and the dangers of phishing and viruses
  • Promptly intervene in the event of CoreTech reports on problems relating to the mailbox
  • Periodically make a backup of your mail archive on your storage systems to have a copy of the archive in case you want to change supplier
  • Avoid using mailboxes for SPAM or mass sending of unauthorized emails by recipients
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem
  • Evaluate the frequency or event for password changes in your company procedures

1Backup - Cloud Backup

CoreTech

  • Daily check of the status of servers and storage 1Backup
  • Keep systems updated with the most stable and secure software versions released by the manufacturer
  • Monitor servers to ensure continuity of service

Customer

  • Check the results of your backups daily
  • Properly configure backup jobs and related retention according to your needs
  • Carry out a restore test at least monthly / bimonthly
  • Set complex passwords to access the service
  • Safeguard the access data of Backup agents and limit their disclosure
  • Carefully store the data encryption password if different from the one used for the Backup Agent
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem
  • Promptly intervene in the event of CoreTech reports on problems relating to the service

MailArchive - Mail Archiving

CoreTech

  • Daily check of the status of Mail Archive servers and storage
  • Keep systems updated with the most stable and secure software versions released by the manufacturer
  • Monitor servers to ensure continuity of service
  • Daily backup checks to ensure data integrity

Customer

  • Check the outcome of the archiving based on the needs or set times.
  • Properly configure archiving jobs
  • Carry out a restore test at least monthly / bimonthly
  • Set complex passwords to access the service
  • Carefully guard the access data to the archive boxes and limit their disclosure
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem
  • Promptly intervene in the event of CoreTech reports on problems relating to the service

RocketBox - File Sharing

CoreTech

  • Daily Backup Control. Backup retention is 35 days (5 weeks)
  • Keep RocketBox servers updated with the most stable and secure software versions released by the manufacturer
  • Monitor the webserver to ensure continuity of service

Customer

  • Set access passwords to the RocketBox panel
  • Carefully guard the access data to the RocketBox service and limit its disclosure
  • Promptly intervene in the event of CoreTech reports on problems relating to the security of its website
  • Carefully guard the access data to the RocketBox service and limit its divulgence
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem

RocketNews - EMail Marketing

CoreTech

  • Daily Backup Control. Backup retention is 35 days (5 weeks)
  • Keep RocketNews servers updated with the most stable and secure software versions released by the manufacturer
  • Monitor the webserver to ensure continuity of service

Customer

  • Set access passwords to the RocketNews panel
  • Carefully guard the access data to the RocketNewsletter service and limit its disclosure
  • Promptly intervene in the event of CoreTech reports on problems relating to the security of its website
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem

Sygma - Platform

CoreTech

  • Keep systems updated with the most stable and secure software versions released by the manufacturer
  • Monitor servers and data synchronization processes to ensure continuity of service
  • Daily backup checks to ensure data integrity
  • Additional Backup (to another datacenter in the Netherlands)

Customer

  • Daily backup checks to ensure data integrity
  • Export data at least monthly / bimonthly
  • Set complex passwords to access the service
  • Carefully guard the access data to Sygma and all the services included and limit their disclosure. With particular attention to the password encryption used for storing credentials in Sygma.
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem
  • Promptly intervene in the event of CoreTech reports on problems relating to the service

Sygma Connect - Remote Control

CoreTech

  • Daily check of the status of MailArchive servers and storage
  • Keep systems updated with the most stable and secure software versions released by the manufacturer
  • Monitor servers to ensure continuity of service
  • Daily backup checks to ensure data integrity
  • Monitor servers to ensure continuity of service

Customer

  • Check the outcome of the archiving based on the needs or set times
  • Properly configure archiving jobs
  • Carry out a restore test at least monthly / bimonthly
  • Set complex passwords to access the service
  • Carefully guard the access data to the archive boxes and limit their disclosure
  • Promptly inform CoreTech in case of anomalies that could determine a data security problem
  • Promptly intervene in the event of CoreTech reports on problems relating to the service

Documents

Document information

Document title: GDPR
Document version: V.2
Date of last adjustment: 19/11/2024