Handling vast amounts of data comes with great responsibility. We take data security and your privacy seriously.
Data security
Data protection aims to protect personal data against unauthorized third-party access, loss, or modification. Personal data in this context refers to all information relating to an identified or an identifiable person.
Data security refers to the protection of all company data, both personal and non-personal. The focus here is to ensure the security of the infrastructures used to store data, making sure no data leaks or breaches occur.
IONOS provides a suite of services powered by our advanced cloud infrastructure, ensuring the technical aspects of our platform run smoothly. We prioritize security and comply with stringent regulations, including the EU's GDPR, to safeguard customer data in our data centers.
IONOS customers are responsible for the security of their own data when using the cloud service and infrastructure. Customers must equally take measures to protect their data stored in the cloud from unauthorized access and possible data loss.
The European General Data Protection Regulation (GDPR) is one of the most robust legal frameworks for data protection in the world. It applies to all companies operating, processing and/or collecting personal data in the EU. Due to this, the regulation is relevant for all US companies that also operate within the EU or have decided to host their data in IONOS data centers within the EU.
In the context of the GDPR, a distinction must be made between two IONOS Cloud use cases.
The customer is solely responsible for any third-party personal data that is processed or stored in the IONOS Cloud. In this case, IONOS takes the role of a processor, acting only on behalf of the customer and based on their instructions. You find more information about this topic here:
https://www.ionos.com/terms-gtc/terms-enterprise-cloud/terms-and-conditions-of-company-name-cloud-long/
IONOS processes the personal information of their customers as agreed on in the service contract and according to the highest national and international data protection standards.
For the protection of personal data, it’s important to ensure highly secure technical and organizational measures (TOM).
Secure pseudonymization and encryption of personal data is a big part of TOM. It’s also crucial to take care of the integrity, confidentiality, availability and resilience of systems and services that are used to process and store that data.
Finally, personal data should be restorable and made available again after a possible technical incident.
These essential tasks related to TOM are shared between the customer and IONOS.
For example, IONOS customers are responsible for the pseudonymisation and encryption of their own customer data. This also applies to backups.
IONOS on the other hand is responsible for the secure operation of the data centres. This includes taking appropriate measures relating to fire safety and restricted access to the facilities.
Further information about the current version of the TOM can be found in the Data Processing Agreement.
IONOS provides its customers with a flexible virtualized infrastructure over the internet, on servers, storage devices, and networks. However, these don’t have to be exclusively used for this purpose. The customer can design their own virtual data center (IONOS Cloud Virtual Data Center or IONOS Cloud VDC) with the help of a user interface (Data Center Designer or DCD) or an API.
The Data Center Designer can be accessed via the IONOS website. In the DCD, the customer can choose the location where their data will be stored, as long as the chosen IONOS Cloud product is also available in that location.
The customer's data is always stored in the data centers of their choice. IONOS Cloud does not move customer data to other locations without the customer’s consent. This applies to all IONOS Cloud products.
The customer is to independently configure and manage all ordered service components (CPU, Cores, RAM, servers, storage devices, network interface cards, internet connection, IT infrastructure).
Data shall be collected, processed and used only for the customer’s business purposes and for the purpose of providing services to the customer. The customer is responsible to ensure the legality of the data processed in the VDC/DCD.
IONOS operates multiple geo-redundant data centers in Europe and the USA. In Germany and the UK IONOS uses 100% renewable energy to operate its data centers. You can freely choose the location of your data center if the chosen cloud product is also available in that location.