As a data hosting provider, the European regulation assigns us a role of data "processor" supplier, subcontractor of the customer who remains the owner and "controller of the processing" that he applies to his data.
This means that our customers should establish a mapping of personal data that they collect, store, process and render. A register must be kept up-to-date to attest to the traceability of the transactions. All processes for the processing of personal data must be designed from the beginning according to a principle of "privacy by design" which allows to respect this regulation.
For our part, we must be able to attest at any time that our information security policy also complies with this regulation. For example, we need to know exactly where the data are hosted and we need to know how to detail at any time our data protection, resilience and reversibility procedures.
The "Tier 4" level of protection of our main datacenter in Sophia Antipolis and the security procedures set up at TAS, in particular for our certifications, are aligned with the requirements of this regulation, as for our role.
However, the sharing of responsibilities with our customers "data processing controllers" remains a constant point of awareness, especially when we provide the administration of the outsourced servers. The protection of data is a permanent job, which cannot be decreed once and for all, especially given the human errors that can occur even in highly automated processes.
Our hosting services are formalized by personalized contracts that take into account the particular context of each customer.
Datasheet GDPR