GDPR: how we protect your data

Utixo takes all necessary measures to preserve the security and confidentiality of personal data processed. The main commitment is to prevent them from being hacked, damaged or unauthorized third parties from accessing them. We make you GDPR compliant.

The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe, effective May 25, 2018. Unlike Directive 95/46/EC previously in force, the GDPR has direct application throughout the European Union and does not require national transpositions. As such, it will promote the harmonization of legal regimes in the area of personal data protection in Europe. Better yet, the GDPR has a principle of extraterritoriality that allows, under certain circumstances, its scope to be extended beyond European borders.

If personal data are processed in your facility, there is a good chance that you are subject to the provisions of the GDPR and therefore you will have to fulfill certain obligations.

By choosing Utixo to protect your data, depending on the position needed for your organization, it may have different positions, i.e., as an appointee or as a processor of your data.

GDPR: definitions to understand it

Understanding a European regulation is not always easy, especially when it contains 99 articles, 173 recitals, 11 chapters and many guidelines to make it clearer. Therefore, it is essential to know the GDPR in order to avoid any risk from misinterpreting the regulatory obligations imposed. Here are some definitions to know:

Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly
Processing means any operation or set of operations performed with or without the support of automated processes and applied to personal data or sets of data (collection, recording, transmission, storage, preservation, datamining, consultation, use, interconnection, etc.)
Data controller: a natural or legal person, public authority, service or other body which, alone or with other entities, determines the means and purposes of processing
Data processor: a natural or legal person, public authority, department or other body that processes personal data on behalf of the data controller

Utixo's commitment as data processor.

This is certainly where your expectations of Utixo are most impactful, in which case Utixo plays the role of “processor” when it processes personal data on behalf of a controller.

This is the situation when using Utixo services and storing personal data on an infrastructure. Within the limits of its technical constraints, Utixo will process the hosted data only according to your instructions, and on your behalf.

In the role of data processor, Utixo is particularly committed to performing the following actions:

Only process personal information for the purpose of the proper performance of services: Utixo will never use your information for any other purpose (marketing, etc...)
Do not transfer your data outside the EU or outside countries recognized by the European Commission as having a sufficient level of protection, provided you do not select a datacenter in an area outside the EU
Inform you of any use of other processors who may process your personal data even though, to date, no services involving access to user archived content are outsourced outside of Serverweb
Implement high security standards in order to ensure a high level of security for our services
Alert you as soon as possible in the event of a data breach
Assist you in meeting your regulatory obligations by providing adequate documentation of our services

Utixo's commitment as the data processing RESPONSIBLE.

Utixo plays the role of “data controller” when it determines the means and purposes of its processing of personal data.

This is the case when Utixo collects data for billing, service and performance improvement, sales operations, commercial management, etc., but also when Utixo processes the personal data of its employees.
In this case, “your” data hosted on Utixo services, are not affected, unlike some information about you or your employees (e.g., information about the identity and contact details of your contact in Utixo as part of a support request). This is why Utixo is keen to explain the safeguards put in place to ensure the protection of this personal data, and that is in detail:

Limit data collection to those that are strictly necessary: by doing so, when ordering a service you enter only the data required by Utixo to provide services related to billing, support or fulfill legal obligations in the area of data retention
Do not use personal data for purposes other than those for which it was originally collected
Retain personal data for a limited period. For example, data processed for purposes related to customer relationship management with Utixo (last name, first name, address, email, etc...), are retained by the company for the entire duration of the contract and the following 36 months. At the end of this period, they are permanently deleted from all media and backups
Do not transfer this data to third parties that are not part of Utixo's related companies that are involved in the execution of the contract. During migrations within the Group, some data may be transferred outside the European Union based on the business rules implemented by Utixo
Implement appropriate technical and organizational measures in order to ensure a high level of security

In the case of problems, the standard Service Level Agreement (SLA) provides for problem resolution within 2 hours in 98% of cases, within 6 hours in 2%.

It is possible to agree on different and specific SLAs designed on customer needs.

Want more information?

FAQ - Frequently Asked Questions

Who owns the personal data used and stored by the client as part of our services?

Data stored by the client using Utixo services remain the property of the client.

Utixo does not access or use this data except when strictly necessary and within its technical constraints.

Utixo respects the obligation not to resell this data, nor to use it for personal purposes (such as datamining, profiling or direct marketing activities).

Under what circumstances can Utixo access data stored and used by the client as part of our services?

Utixo only accesses data in two situations:

For the purpose of service execution and in particular to optimize assistance to customers when they contact Technical Support. In this case, access to user data remains controlled through specific permissions and special control and security measures;
To fulfill legal obligations in the context of judicial and/or administrative requests, strictly controlled.

Access in case of intervention by Utixo Technical Support:
When the customer contacts Support, depending on the subject of support, two categories of data can be accessed. On the one hand, to better handle the customer’s request, Support takes note of the information provided by the user during the creation of their Utixo account (last name, first name, phone number, email address, etc…).
On the other hand, only at the express request of the customer, and subject to the specific technical constraints of each service, Support may have access to the data stored by the user on the Utixo services, in order to identify the source of the problem encountered and possibly be able to solve it.

Access in case of a request by judicial and/or administrative authorities:
In order to act in accordance with applicable regulations, Utixo is required to respond to requests from judicial and/or administrative authorities. Since access applications are subject to a strict legal regime, Utixole only authorizes after verifying their validity. In addition, as long as the request or the law does not prohibit it, Utixo undertakes to notify the customer of this type of request as soon as possible. Applications from a third country are processed only if they are based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the European Union or a member state.

What are Utixo's commitments on data localization?

When a service allows the client to store data, Utixo informs the location or geographic area where the datacenter is located. This information can be found on our Web site or can be provided by Technical Support.

When several locations are available, the customer has the option of selecting the one he or she prefers when ordering. The location of Utixo datacenters can be viewed at any time on our Web site. Except for some specific conditions related to certain services (mentioned in the special conditions in force), Utixo is not allowed to change, without the customer’s agreement, the location or geographical area agreed upon during the order.

Is customer data transferred outside the European Union?

Unless specified, Utixo services are provided from datacenters on the territory of the European Union with appropriate certifications.

Customer data will never be transferred outside countries of the European Union unless requested by the customer.

What are the certifications of your data centers?

You can find our data center certifications at the following
LINK