Security Statement
Learn more about how your privacy and personal data are protected at all levels.
State Level
Switzerland is renowned for its strict laws and regulations on privacy and data protection that make it impossible for any third party including authorities to get access to a web hosting provider's data, unless a formal request is filed by a prosecutor, who is investigating a client in particular. There's hardly any other country in the world with a matching grade of privacy protection at the political level.
Policy Level
Security, privacy, excellence and responsibility are the cornerstones of our company's philosophy. We are deeply convinced that every one of our clients has the fundamental and inalienable right of privacy. COIN.HOST is bound by strict privacy, confidentiality and data protection policies to make sure that our services are provided in accordance with Swiss federal law and the core principles that guide our company.
Infrastructure Level
Not only your data and privacy are protected by Swiss laws, but also we as web hosting professionals take weighty efforts to secure it at the infrastructure level. Our data center in Zürich is practically a fortress: 24/7 CCTV surveillance, perimeter and inner premises security patrols, multi-layered access barriers, including mantraps and biometric readers. Take a tour to learn more about our data center in Zürich.
Technical Measures
At COIN.HOST, we employ state-of-the-art security technologies to ensure the highest level of protection for your data. Our robust security architecture includes:
- Firewalls: Our advanced firewall systems are designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. This acts as a barrier between your secure internal network and unauthorized external networks.
- DDoS Protection: Our Distributed Denial of Service (DDoS) protection safeguards your website and applications from various types of DDoS attacks. By filtering out malicious traffic and only allowing legitimate requests to reach your server, we ensure uninterrupted service availability even during large-scale attacks.
- SSL/TLS Encryption: We use Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt all data transmitted to and from our servers. This ensures that any information you share with us remains confidential and secure from eavesdropping.
- Intrusion Detection Systems (IDS): Our real-time intrusion detection systems continuously monitor network activities for malicious exploits or vulnerabilities. This allows us to identify and address potential security threats before they can impact your data.
- Two-Factor Authentication via Authenticator App (2FA): For enhanced security, we employ Two-Factor Authentication (2FA) using authenticator apps like Authy. In addition to your regular password, a time-sensitive code generated by the app is required to gain access to your account. This dual-layer authentication ensures that even if your password is compromised, unauthorized access is still prevented.
- Data Backups (For Eligible Plans): For plans that have ordered or included backups, we perform regular automated backups of all data stored on our servers. This feature ensures quick data restoration in the event of hardware failure, data corruption, or other types of data loss.
- Anti-Malware Software: Our comprehensive anti-malware solutions are designed to detect and remove a wide range of malicious software, including viruses, worms, and trojans, thereby ensuring the integrity of your data and systems.
- VPN Access: All internal communications within the company are conducted over a secure Virtual Private Network (VPN). This adds an extra layer of security by encrypting all data traffic, making it virtually impossible for unauthorized parties to intercept sensitive information.
- Regular Security Audits: We conduct ongoing internal and external security audits to identify and rectify any vulnerabilities. These audits are performed by certified professionals who ensure that our security measures meet or exceed industry standards.
Compliance and Certifications
At COIN.HOST, we take compliance seriously and adhere to internationally recognized standards to ensure the highest level of security and reliability. Our data center operates in accordance with the following frameworks and certifications:
- ITILv3 Framework: The IT Infrastructure Library version 3 (ITILv3) is a globally recognized set of best practices for IT service management. It provides a practical framework for identifying, planning, delivering, and supporting IT services to meet the needs of a business. By operating within ITILv3 framework, we ensure that our IT services are aligned with the needs of our clients and that we maintain high levels of business performance and customer satisfaction.
- ISO 27001: This is an international standard for Information Security Management Systems (ISMS). It specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of the organization's overall business risks. By being ISO 27001 certified, our data processing facility proves to have identified risks and put in place preventative measures to protect client data from unauthorized access or alterations.
- ISO 22301: This standard outlines the requirements for a Business Continuity Management System (BCMS), focusing on the need for a well-defined incident response and recovery plan. It helps organizations minimize the impact of disruptions, ensuring that essential functions can continue during and after an emergency. Compliance with ISO 22301 means that we our infrastructure is prepared for, and can respond to, a range of operational disruptions.
- FINMA Circular 07/8: This is a Swiss regulation that sets the risk management and internal control parameters for financial institutions. It outlines the organizational requirements, minimum standards for risk management, and the roles and responsibilities of the board of directors and management. Compliance with this circular is externally audited, confirming the adherence to stringent Swiss financial market regulations.
Our commitment to these standards is not just a badge of honor; it's a promise to our clients that we operate at the highest levels of security and reliability. Our facilities undergo regular audits and reviews to ensure ongoing compliance, providing you with the assurance that your data is in safe hands.
Key Principles of Data Protection in Switzerland
As a Swiss company, COIN.HOST operates under Switzerland's robust data protection laws, which are designed to safeguard the privacy and security of individuals' personal information. The following key principles form the backbone of data protection in Switzerland, ensuring that organizations like ours handle personal data responsibly and transparently:
- Lawfulness: Personal data must be processed lawfully and in good faith. Organizations and individuals are required to have a legitimate and well-founded reason for collecting and using personal data, thereby creating a foundation of trust between data subjects and those handling their information.
- Purpose Limitation: Data should only be collected and processed for specified, explicit, and legitimate purposes. This principle prevents organizations from using personal data for purposes unrelated or incompatible with the original intent, thus safeguarding individuals' privacy.
- Proportionality: The processing of personal data must be necessary and proportionate to the intended purpose. By limiting data collection to what is strictly necessary, organizations can minimize the risk of privacy violations and data breaches.
- Data Accuracy: Organizations have an obligation to verify the information they collect and to take appropriate measures to correct or delete any inaccurate or incomplete data. Ensuring data accuracy not only protects individuals' privacy rights but also helps organizations make informed decisions.
- Data Security: Organizations must implement appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction. This includes using encryption, access controls, and secure storage solutions.
- Transparency: Data subjects have the right to be informed about the collection and processing of their personal data. Organizations must be transparent about their data handling practices, fostering a relationship of trust and accountability.
- Data Subject Rights: Individuals have the right to access, correct, and delete their personal data, as well as to object to its processing in certain circumstances. These rights empower data subjects to take control of their information and hold organizations accountable for their data processing activities.
New Federal Act on Data Protection (NFADP)
The New Federal Act on Data Protection (NFADP), along with its accompanying Ordinance, has come into effect on September 1, 2023. This landmark legislation represents a significant overhaul of Switzerland's data protection framework, bringing it in line with international standards like the EU's General Data Protection Regulation (GDPR).
The act introduces the concept of 'Privacy by Design' and 'Privacy by Default,' requiring companies to integrate data protection into the development of business processes and systems. This means that privacy settings must be configured at the highest levels of protection by default, ensuring that personal data is automatically safeguarded.
The new legislature also significantly elevates the standards for personal data protection and individual privacy rights in Switzerland. It empowers consumers, including web hosting customers, to take greater control of their personal information. This is particularly beneficial for web hosting customers, as the stringent regulations ensure that their sensitive data - ranging from personal identification to financial transactions - is handled with the utmost care and security.
Moreover, the NFADP holds companies to a higher standard of accountability and transparency, requiring them to implement robust data protection measures and be transparent about their data processing activities. This fosters a culture of trust and reliability, making Switzerland an even more attractive location for web hosting services.
These advancements solidify Switzerland's reputation as a safe harbor for privacy seekers worldwide. The country's commitment to upholding the highest standards of data protection not only benefits its citizens but also offers an added layer of security for international customers who choose Swiss-based services for their data management needs. In a world where data breaches and privacy violations are increasingly common, Switzerland stands as a beacon of data protection and privacy.
235.1 Federal Act of 19 June 1992 on Data Protection
At the federal level, the collection and use of personal data is regulated by the Federal Act on Data Protection.
170.4 Canton of Zürich's Act on Information and Data Protection
At the Canton level, the collection and use of personal data is regulated by Act on Information and Data Protection of Canton of Zürich.