Our Commitment to the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) imposes additional requirements for companies that collect or store personal data of European Union residents.
Customer security and privacy is our top priority. At MDaemon Technologies, we understand the importance of your personal data, and we take steps to secure and protect it whenever it is stored in our infrastructure.
Our policies regarding data ownership and protection are focused on providing you with confidence that your data remains secure, and under your control. We have established a number of measures to ensure that customers and their data are treated in a manner consistent with privacy principles and industry best practices.
We are committed to address EU data protection requirements applicable to MDaemon Technologies as a data collector and processor.
We are fully committed to enable and assist in any way, our customers, the data processors and controllers, with complete control of their private data in order for them to meet their GDPR obligations. For our On-Premise software, we’ll continue to ensure that our product empowers our customers to fulfil their responsibility as both controllers and processors.
Data Protection: MDaemon Technologies commits to conforming to information security best practices. Your privacy is important to us. Our site has security measures in place to protect against the loss, misuse and unauthorized alteration of the information under our control. More specifically, we use SSL (Secure Sockets Layer) encryption when collecting or transferring sensitive personal information such as credit card information.
In line with GDPR, appropriate measures are assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, state of the art technologies, and the nature of the processing. Regular testing of the effectiveness of all security measures is a continuous process.
View Our End User License Agreement (EULA).
Our Approach to Helping You
MDaemon Technologies provides flexible, affordable and easy to manage private email server and email security gateway software that can help companies with GDPR compliance. However, the responsibility for meeting the GDPR data controller and processor requirements is with the user of the software.
Below are some examples how the MDaemon email server and SecurityGateway for email servers can help you manage GDPR requirements.
Encryption and Security
MDaemon enables the use of Open PGP encryption service to protect message content. Both MDaemon and SecurityGateway use SSL Certificate settings, IP Shielding, Authentication Failure Screening, Account Hijack Detection and many other features to help protect your email from unauthorized access and other malicious activity (Refer to MDaemon Security Features or SecurityGateway Features for specific actions by feature).
Selective folder sharing (Inbox, Contacts, Calendar, Tasks, Notes, Docs and Voice Notes) with customizable access rights per user facilitates collaboration among employees without compromising their right to privacy. They can share only what they want with whom they want in a professional manner and avoid sharing anything that may contain personal or classified company information.
You have the ability to enforce an effective password complexity policy (desktop and mobile users) in order to make sure that your passwords are not compromised by brute force attacks. You can also apply 2-Factor-Authentication on web mail.
To minimize the information collected in email log files, MDaemon offers the ability to selectively disable various types of email logging (IMAP, Remote Access, DNS Blacklist Activity, etc.). However, disabling various types of logging can make troubleshooting difficult. If you choose to enable logging features, MDaemon can be configured to automatically zip log files after a configured number of days and it can also delete archives of log files after a set number of days.
Only you have access to your data. If external support services such as troubleshooting are needed, you can allow only temporary access to the designated technical personnel and you should disable such access immediately after the agreed work is completed.
You retain exclusive control of your email server settings and data.
The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customers store in our software is theirs. MDaemon’s file structure allows for easy export in commonly used and machine readable format. MDaemon also works with third-party email archiving solutions, like Mailstore. SecurityGateway uses a Firebird SQL database structure.
Isolating your data on your own private on-premise infrastructure enables you to secure your email in the following ways: 1) you can avoid multi-tenant environments that usually become targets of brute force attacks; 2) you apply encryption and all the security measures that meet your company policies; 3) you know where your data is stored and backed-up; and 4) you have exclusive access to and control of your data.
Monitoring & Alerts
MDaemon provides you with the necessary monitoring settings and tools so you can receive alerts if there is suspicious activity with individual accounts or the server. These alerts can be sent to a mobile device or desktop based upon how you set up the notification delivery settings.
For administrators needing to search for individual email data, MDaemon Remote Administration also gives domain and global administrators the ability to search mailboxes for strings. With SecurityGateway, searches can be fine-tuned to find messages that meet specific criteria within a specific queue, or they can search all messages at once. Search scope can be narrowed by to/from user, date, or to inbound or outbound messages or messages containing specific header text, etc.
For additional questions please contact us at email@example.com