GDPR: how we protect your data
Utixo takes all necessary measures to preserve the security and confidentiality of personal data processed. The main commitment is to prevent them from being hacked, damaged or unauthorized third parties from accessing them. We make you GDPR compliant.
The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe, effective May 25, 2018. Unlike Directive 95/46/EC previously in force, the GDPR has direct application throughout the European Union and does not require national transpositions. As such, it will promote the harmonization of legal regimes in the area of personal data protection in Europe. Better yet, the GDPR has a principle of extraterritoriality that allows, under certain circumstances, its scope to be extended beyond European borders.
If personal data are processed in your facility, there is a good chance that you are subject to the provisions of the GDPR and therefore you will have to fulfill certain obligations.
GDPR: definitions to understand it
Understanding a European regulation is not always easy, especially when it contains 99 articles, 173 recitals, 11 chapters and many guidelines to make it clearer. Therefore, it is essential to know the GDPR in order to avoid any risk from misinterpreting the regulatory obligations imposed. Here are some definitions to know:
Utixo's commitment as data processor.
This is certainly where your expectations of Utixo are most impactful, in which case Utixo plays the role of “processor” when it processes personal data on behalf of a controller.
This is the situation when using Utixo services and storing personal data on an infrastructure. Within the limits of its technical constraints, Utixo will process the hosted data only according to your instructions, and on your behalf.
In the role of data processor, Utixo is particularly committed to performing the following actions:
Utixo's commitment as the data processing RESPONSIBLE.
Utixo plays the role of “data controller” when it determines the means and purposes of its processing of personal data.
This is the case when Utixo collects data for billing, service and performance improvement, sales operations, commercial management, etc., but also when Utixo processes the personal data of its employees.
In this case, “your” data hosted on Utixo services, are not affected, unlike some information about you or your employees (e.g., information about the identity and contact details of your contact in Utixo as part of a support request). This is why Utixo is keen to explain the safeguards put in place to ensure the protection of this personal data, and that is in detail:
In the case of problems, the standard Service Level Agreement (SLA) provides for problem resolution within 2 hours in 98% of cases, within 6 hours in 2%.
It is possible to agree on different and specific SLAs designed on customer needs.
Want more information?
FAQ - Frequently Asked Questions
Data stored by the client using Utixo services remain the property of the client.
Utixo does not access or use this data except when strictly necessary and within its technical constraints.
Utixo respects the obligation not to resell this data, nor to use it for personal purposes (such as datamining, profiling or direct marketing activities).
Utixo only accesses data in two situations:
- For the purpose of service execution and in particular to optimize assistance to customers when they contact Technical Support. In this case, access to user data remains controlled through specific permissions and special control and security measures;
- To fulfill legal obligations in the context of judicial and/or administrative requests, strictly controlled.
Access in case of intervention by Utixo Technical Support:
When the customer contacts Support, depending on the subject of support, two categories of data can be accessed. On the one hand, to better handle the customer’s request, Support takes note of the information provided by the user during the creation of their Utixo account (last name, first name, phone number, email address, etc…).
On the other hand, only at the express request of the customer, and subject to the specific technical constraints of each service, Support may have access to the data stored by the user on the Utixo services, in order to identify the source of the problem encountered and possibly be able to solve it.
Access in case of a request by judicial and/or administrative authorities:
In order to act in accordance with applicable regulations, Utixo is required to respond to requests from judicial and/or administrative authorities. Since access applications are subject to a strict legal regime, Utixole only authorizes after verifying their validity. In addition, as long as the request or the law does not prohibit it, Utixo undertakes to notify the customer of this type of request as soon as possible. Applications from a third country are processed only if they are based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the European Union or a member state.
When a service allows the client to store data, Utixo informs the location or geographic area where the datacenter is located. This information can be found on our Web site or can be provided by Technical Support.
When several locations are available, the customer has the option of selecting the one he or she prefers when ordering. The location of Utixo datacenters can be viewed at any time on our Web site. Except for some specific conditions related to certain services (mentioned in the special conditions in force), Utixo is not allowed to change, without the customer’s agreement, the location or geographical area agreed upon during the order.
Unless specified, Utixo services are provided from datacenters on the territory of the European Union with appropriate certifications.
Customer data will never be transferred outside countries of the European Union unless requested by the customer.