General Data Protection Regulation (GDPR)

Here is the information you need regarding the new European regulation on the protection of personal data, published in the official journal of the European Union which will come into effect on May 25, 2018.

Data Protection Officer (DPO)

The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

Procedure for storing and transmitting passwords

Our internal procedures and tools take into account all the best practices relating to the storage and transmission of passwords and sensitive data while respecting privacy and all current regulations.

Regular reminders are sent to the teams to ensure compliance with procedures and the proper use of tools.

Confidentiality agreement for the handling of personal data

All of our staff who are responsible for handling personal data have signed a confidentiality agreement.

Access to the facilities used for the processing of personal data

Technical and organizational measures have been put in place to prevent any unauthorized person from accessing the facilities used for processing: access to our premises is secured by an individual nominative biometric access, a video surveillance system with remote recording and an alarm system.

Staff awareness on data breach

Our internal procedures and tools take into account all the good practices relating to raising staff awareness when outputting data in the form of a USB key or any other medium.

Regular reminders are sent to the teams to ensure compliance with procedures and the proper use of tools.

Physical web data storage sites

Depending on the main host of your data, most of the time Online.net, Amazon Web Services or OVH.

Physical data storage sites of the Backup Platform

Datacenter ISVTEC 1
Vélizy
France

Datacenter ISVTEC 2
Aubervilliers
France

Physical data storage site for the Disaster Recovery Platform

Datacenter ISVTEC 1
Vélizy
France

Company hosting the data backup

ISVTEC
14 avenue de l'Opéra
75001 Paris
France

Security measures implemented with regard to the storage of data from the Backup Platform?

The data is distributed in two datacenters located in separate cities more than 25 km apart to ensure continuity of service in the event of force majeure: earthquake, fire, storm, flood, water damage, plane crash , etc.

Data storage security:

  • Encryption: AES CBC ESSIV algorithms
  • Key: SHA with a key lenght of 256 bits or more
  • Passphrase: random length between 256 and 512 characters made up of numbers, letters and symbols, typed interactively at each start of the backup nodes to ensure that a physical theft of the server makes the data inaccessible

Data transfer security:

  • Encryption: SSH AES CBC
  • Key: SHA with a key lenght of 2048 bits or more
  • Passphrase: random length between 12 and 32 characters composed of numbers, letter and symbols

Data recovery method in case of problem

Remote connection by SSH or physical access to the servers by our intervention team in extreme cases.

Certifications

No certification has been necessary to accomplish our missions at this time.

Breach of personal data

We make available the email address abuse@isvtec.com allowing anyone to notify us of any violation or attempted violation of personal data in order to allow our Team to react in the most efficient and professional manner possible.


ISVTEC
14 avenue de l'Opéra
75001 Paris, France

Phone: +33-184-16-16-17
contact@isvtec.com
Support Access