GDPR Compliance Statement
The General Data Protection Regulation (GDPR) is effective from the 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.
Interxion welcomes the arrival of the GDPR. The success of our company builds on the trust that our customers, employees and other stakeholders have in our ability to deliver premier quality. This includes our ability to apply a high level of data protection and security in relation to personal data that our customers, employees and third parties entrust to us.
Interxion considers it not just its duty to comply with national and international data protection regulations, but also to do this by applying the same standards, processes and procedures throughout our Interxion footprint in a cohesive and comprehensive manner. This allows Interxion to deliver the transparency, predictability and consistency that our stakeholders continue to expect from us.
Being an ISO 27001 and ISO22301 compliant organisation, we have a comprehensive suite of industry leading technical and organisational controls in place to assure a high level for security and compliance within our datacenters.
Physical and environmental security
As a trusted service provider of datacenter facilities, we are fully focussed on and responsible for the physical and the environmental security of our datacenters as well the customer areas within these facilities. This includes physical access controls, logical access controls, system controls and network security controls.
No processing of customer personal data
We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, Interxion is not able to monitor the processing of Customer Personal Data in our customer’s systems.
Data protection and security
For security purposes we have a legitimate interest as a Data controller in the processing of the personal data of our visitors accessing the datacenter. Our visitors are required to register personal data (Visitor Personal Data) at the entrance, and, where fingerprint readers are part of our access management system, provide fingerprints. In addition, the general access areas and the customer areas are controlled and secured by CCTV recordings. Visitor Personal Data is processed in compliance with the applicable GDPR principles. Amongst other things, this means that Visitor Personal Data shall not be kept longer than strictly necessary for security compliance purposes or as required by local law.
As we have already implemented a consistent level of data protection and security in our datacenters, we will be fully GDPR compliant by 25 May 2018 and have all required policies, processes and procedures in place.
Any Interxion GDPR related questions and any data subject requests can be addressed to Interxion’s Data Protection Officer at email@example.com.