Questions about contract data processing (CDP) and the new EU General Data Protection Regulation (GDPR)
You must conclude a Data Processing Agreement with us if you process personal data as a processor in the meaning of Art. 28 GDPR (General Data Protection Regulation). Please check whether you use our services to process personal data in the meaning of the GDPR. If so, please conclude this agreement with us. You can present this agreement if you are audited by your data protection authority.
TABLE OF CONTENTS
- Which data does STRATO process when somebody visits my website?
- How do I conclude a DPA according to the new EU General Data Protection Regulation (GDPR)?
- What is the Whois database, and why is my data publically accessible there?
- Which TÜV certifications has STRATO AG obtained?
- How secure are the STRATO data centers and where are the data stored?
- Does STRATO send the email “Please review your domain data” on behalf of ICANN?
- How does STRATO ensure that the data it processes are protected from access by third parties?
Which data does STRATO process when somebody visits my website?
The IP addresses of visitors to your website are collected and stored in log files. We store the IP addresses of visitors to your websites for a maximum of seven days in order to detect and defend against attacks.
For more information about the log files, read the following article:
How to learn more about the traffic on your web pages
No, these data apply only to the STRATO website.
How do I conclude a DPA according to the new EU General Data Protection Regulation (GDPR)?
Pursuant to Art. 28 GDPR, we are obliged to conclude a Data Processing Agreement if you use our services to process personal data. Please check whether you process personal data with the services we provide. If so, please conclude this agreement with us.
By concluding this agreement, you oblige us to adhere to the provisions of a Data Protection Agreement according to Art. 28 GDPR. You can present this agreement if you are audited by your data protection authority.
This new DPA replaces any previous DPA concluded you may have with us.
What is the Whois database, and why are my data publically accessible there?
When a user registers a domain with STRATO, we are obliged by law to transmit their details to the official registry for registration. The Whois pages are publicly accessible on the internet and contain information on who is responsible for each domain. In the case of “.com” domains, the data also includes the email address under which the domain was registered. STRATO uses your data for contractual fulfillment only. The data are not transmitted to third parties in any other way.
For more information, read the following FAQ article:
What is Whois and which data is stored there?
Which TÜV certifications has STRATO AG obtained?
The STRATO data centers have been consistently TÜV-certified according to ISO 27001 since 2004. DIN ISO/IEC 27001 (ISO 27001 for short) is the most widely used international standard for IT security management. It defines the requirements that a system for IT security management must fulfill. The purpose of implementing the standard is to demonstrate that adequate and appropriate security measures are in place to protect information assets and to create trust among interested parties. ISO 27001 applies to the development and operation of internet products and services, as well as to the corresponding data centers. This certification includes a systematic security concept and numerous security measures in the IT infrastructure itself, in the secondary technology, and in the process chain. The security concept is based on defined standards and is revised regularly. Our security measures include data mirroring between both data centers, battery-supported uninterrupted power supply, emergency diesel generators for up to four weeks of entirely autonomous operation, laser fire alarms and gaseous fire suppression, admission and access rules, declarations of liability and training courses for employees, as well as regular analyses of new security requirements.
How secure are the STRATO data centers and where are the data stored?
We are only able to provide you with very limited detailed information about our data centers. The security of your data is our particular concern, so any disclosure of precise details about our security policies would merely inhibit their effectiveness. For example: By disclosing how admission to our data centers works and which obstacles need to be overcome (biometric data, admission cards, alarms, door openers, codes, registration, times etc.), we would simply make the task of a potential intruder unnecessarily easier.
We can provide the following assurances in regard to the security of your data in our data centers:
- STRATO operates two data centers, in Berlin and Karlsruhe. They satisfy rigorous security standards in regard to physical security, power supply, air conditioning, network connection, fail-safe operation and admission control, which we demonstrate with our certification according to the ISO/IEC 27001 standard.
- The data centers are exclusively used by STRATO. There is no collocation arrangement or server housing, so third parties do not gain admission (except for maintenance etc., but only if accompanied by a STRATO employee).
- STRATO hosts more than 60,000 servers in the data centers. Both the premises and the power supply are designed for hosting on an extremely large scale.
- Technology in the data centers largely follows a redundant design. Most systems are available in several identical versions to guarantee maximum availability.
Data processing takes place only in these data centers and therefore exclusively in Germany; i.e. STRATO is obliged to comply with the data protection laws in Germany.
For more information about security in the STRATO data centers, visitstrato.de/sicherheit/#rechenzentren.
Does STRATO send the email “Please review your domain data” on behalf of ICANN?
Yes. STRATO is obliged to send this request. For more detailed information about STRATO’s obligation to request that you review domain data, visit the ICANN website (English) at: https://www.icann.org/resources/pages/registrars/consensus-policies/wdrp-en
How does STRATO ensure that the data it processes are protected from access by third parties?
We prioritize data security and protection.
TÜV SÜD has also certified the data security of STRATO data centers according to ISO 27001. The data are protected from unauthorized access by a variety of security mechanisms. They are stored in a data pool that is logically separated from the data of other customers (zpool zones, login separation etc.)