When you decide to outsource some or all of the hosting for the data that your organisation processes to Nuclear.Hosting, you are entrusting us with a share of your information assets. We are aware of the issues that this can represent for your company, particularly when it comes to compliance with the relevant data protection regulations. This is why Nuclear.Hosting is providing the most complete information possible on issues concerning the protection of personal data.
Personal data protection regulations
There are currently various documents covering data protection in place at the national, international, and European levels. The most important ones are the following:
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealed on 25 May 2018 by Regulation (EU) 2016/679
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Charter of Fundamental Rights of the European Union (2012/C 326/02).
- Convention for the protection of individuals with regard to automatic processing of personal data.
Nuclear.Hosting undertakes to abide by its obligations in accordance with the aforementioned regulations, particularly the General Data Protection Regulations (GDPR). It’s this commitment to compliance in particular which means that Nuclear.Hosting’s customers can also meet some of their own regulatory obligations. We strongly advise all our customers to be particularly vigilant on these aspects of compliance.
Other, more specific regulations may exist, including for certain specific categories of personal data. In such cases, organisations are solely responsible for correctly identifying the regulations applicable to their business activities, and achieving compliance with them.
Security of Infrastructure and Processing
It is essential to draw a distinction between the security of the data stored by the customer and the security of the infrastructures that store the information.
Security of the data stored by the customer: the customer is solely responsible for ensuring the security of the resources and application systems that they utilise with Nuclear.Hosting’s services. Nuclear.Hosting offers tools to help customers secure their data.
Security of infrastructures: Nuclear.Hosting is committed to ensuring optimal security for its infrastructures. This includes implementing a security policy for information systems, and meeting the requirements for multiple standards.
The security of Nuclear.Hosting infrastructuresNuclear.Hosting takes all necessary precautions to maintain the security and confidentiality of the personal data it processes, to prevent it being corrupted, damaged or accessed by third parties.
Nuclear.Hosting is committed to implementing the following:
- Physical security measures to prevent unauthorised persons from accessing the infrastructures which store customers’ data.
- Security guards responsible for ensuring the physical security of OVH premises, 24/7.
- An authorisation management system to ensure that only those persons who need to access premises and data may do so, within the limits of their remit.
- A physical and/or logical system for keeping customers separate from each other (depending on the service).
- Strong user and administrator authentication processes, thanks to a strict password management policy and the use of two-factor authentication measures.
- Processes and measures for tracing all actions carried out on the information systems, and for compiling reports in the event of an incident affecting customer data, in accordance with current regulations.