Menu
  • Downloads
  • Knowledge Base
  • Documentation
  • Reputation
  • Email Security Tester
  • Downloads
  • Knowledge Base
  • Documentation
  • Reputation
  • Email Security Tester
home/Knowledge Base/Libraesva ESG/Libraesva and GDPR
Popular searches:GDPR, ESG 5 migration guide, "How to configure Libraesva ESG for Microsoft 365"

Libraesva and GDPR

2571 views 7 May 7, 2018 Updated on April 2, 2025 rsa

Table of Contents

  • Introduction
  • Libraesva ESG and Archiver on-premise
  • Libraesva ESG and Archiver as cloud services
  • Libraesva PhishBrain cloud service
  • Libraesva LetsDMARC cloud service
  • Data breach requirements for cloud services provided by Libraesva
  • Libraesva ESG features for the privacy
  • Libraesva Archiver features for the privacy
  • Libraesva sub-processors
  • Libraesva certifications
  • Libraesva product privacy policies
Print to PDF

 

Introduction

The GDPR builds upon existing privacy legislation, enhancing strict requirements for managing personal data and clarifying responsibilities and roles for both “data processors” and “data controllers”.

If you manage personal data, you were already subject to relevant privacy regulations prior to the GDPR, and its provisions are not entirely new or distinct from previous laws.

The GDPR introduces important new concepts, such as “privacy by design”, which focuses on incorporating best practices into company processes that are widely recognized and utilized.

While nothing fundamentally new is introduced, the GDPR presents an opportunity to review and strengthen our privacy and security posture.

The following paragraphs provide clarification on the role of Libraesva appliances in relation to personal data.

Remember that the GDPR focuses on processes, not tools, highlighting the importance of understanding and implementing best practices to ensure compliance.

 

Libraesva ESG and Archiver on-premise

Libraesva is ISO27001:2022 certified for “software design, development and support in the security field” and for “provision of cloud services”.

In an on-premise installation of the Libraesva appliances, Libraesva provides you with the software, the security updates and the support services. You provide the infrastructure and the management.

In this configuration the data is stored on your own infrastructure and Libraesva does not have access to it.

The appliances do not provide to Libraesva any personal data. The emails and their metadata always remain on your own appliance within your own infrastructure.

Libraesva does not have any administrative right on your appliance. You get to decide what is stored, for how long and who has access to the data with which privileges.

Libraesva can gain access to your appliance only through the “remote support” feature.
The “remote support” is possible only if initiated by yourself through the web or console interfaces of the appliance. Libraesva cannot autonomously connect to the appliance, only through the active action of enabling the “remote support” connection, which can be done only by the administrator of the appliance.

The “remote support” is an exceptional measure that may be agreed, if necessary, with our support service during the management of a support ticket. Outside of this remote support context, we cannot access your appliance.

 

Libraesva ESG and Archiver as cloud services

If you are also buying from us the Libraesva cloud service, all of what has been said above about the on-premise setup applies to you, but there’s more.

When your appliance is in our cloud we are also providing the hosting service. Your appliance is still private and you retain all of the administrative rights, however in this case we also provide the infrastructure, therefore we are a processor in relation to the data.

We provide the cloud service through cloud infrastructure operators that adhere to the CISPE code of conduct. You can read in this code of conduct all of the details about the security and privacy of the infrastructure.

Libraesva is also certified according to the standard ISO27017:2015 (information security controls for cloud services) and to the standard ISO27018:2019 (protection of personal data processed in public clouds by data controllers).

Please note that our model is the “private cloud” model: you have your own virtual machine and your retain full administrative control over your appliance, just like in the on-premise scenario. Libraesva personnel can access data associated to customer appliances for the purpose of providing customer support, incident management, diagnose issues and in any circumstance where this should be needed in order to guarantee the service.

NOTE: On the Libraesva Archiver you can choose where to store the email archive. You can set-up data volumes outside of the infrastructure provided by Libraesva, for example you can use S3 or S3-compatible buckets as your email storage. In this case the data is not stored on Libraesva’s infrastructure.

 

Libraesva PhishBrain cloud service

PhishBrain is a cloud service provided by Libraesva through Libraesva’s cloud infrastructure and through cloud infrastructure operators that adhere to the CISPE code of conduct. You can read in this code of conduct all of the details about the security and privacy of the infrastructure.

Libraesva is ISO27001:2022 certified for “software design, development and support in the security field” and for “provision of cloud services”.

Libraesva is also certified according to the standard ISO27017:2015 (information security controls for cloud services) and to the standard ISO27018:2019 (protection of personal data processed in public clouds by data controllers).

Currently PhishBrain cloud service is hosted in Europe (Italy), UK (London), US (New York). Customers get to choose the region at account creation time.

Data submitted to phishing pages is not collected nor stored.

PhishBrain manages the following personal information of account administrators and recipients of phishing campaigns: name, email address, phone number (if provided), ip address of user actions on phishing campaigns (opening, clicking, submitting data).
Administrators are in charge of collecting consent from recipients.

 

Libraesva LetsDMARC cloud service

LetsDMARC is a cloud service provided by Libraesva through Libraesva’s cloud infrastructure and through cloud infrastructure operators that adhere to the CISPE code of conduct. You can read in this code of conduct all of the details about the security and privacy of the infrastructure.

Libraesva is ISO27001:2022 certified for “software design, development and support in the security field” and for “provision of cloud services”.

Libraesva is also certified according to the standard ISO27017:2015 (information security controls for cloud services) and to the standard ISO27018:2019 (protection of personal data processed in public clouds by data controllers).

Currently LetsDMARC cloud service is hosted in Europe (Italy), UK (London), US (New York). Customers get to choose the region at account creation time.

LetsDMARC manages the following personal information about the users of the service: name, email address.Such customer data is stored in the region the customer chooses to create the account in.

 

Data breach requirements for cloud services provided by Libraesva

When Libraesva provides the cloud service, Libraesva is the processor and the customer is the controller of the data.

As a processor, Libraesva must notify a data breach to the controller without undue delay after becoming aware of it (GDPR Art 33(2)).
If Libraesva becomes aware of unauthorized access to any customer personal data and such unauthorized access results in loss, disclosure or alteration of that data, Libraesva will notify the customer without undue delay. The notification will describe the nature of the security breach, the consequences of the breach and the measures taken or proposed in response to the incident.

Taking into account the nature of the processing and the information available to the processor, Libraesva will assist the controller in ensuring compliance with its obligations to notify data breach to the supervisory authority and data subjects (GDPR Art 28(3)(f)).

In the event of a data breach the client has the right to terminate immediately the contract.

 

Libraesva ESG features for the privacy

Libraesva ESG provides the following privacy-related features which you can take advantage of in your path towards the compliance to the GDPR.

  • Encryption: emails stored in ESG are encrypted with AES-256
  • “Right to erasure” or “right to be forgotten”: with a single operation you can easily erase all of the information about one user, both from the email archive and from the metadata
  • BEC (Business Email Compromise) protection engine: it prevents targeted attacks impersonating company managers (also called “whaling”)
  • DLP (Data Loss Prevention) engine: prevents accidental loss of sensitive information
  • Logging: all of the logs can be archived remotely in real time through the standard rsyslog protocol
  • Auditing: all of the sensitive information are logged in an non-erasable audit log
  • Email tracking prevention: removes beacons in emails that can track the phisical location of the reader and gather intelligence about working habits
  • Phishing and malware protection: over 90% of the data breaches start in this way

Libraesva Archiver features for the privacy

Libraesva Archiver provides the following privacy-related features which you can take advantage of in your path towards the compliance to the GDPR.

  • Privacy officer: if assigned to a tenant, the privacy officer authorization will be required for any access to personal data, including by system administrators
  • Encryption: the whole email archive can be encrypted with AES-256
  • “Right to erasure” or “right to be forgotten”: the administrator can delete all email related to an individual and purge the data from the storage
  • Auditing: a non-modifiable and non-deletable audit log logs all the data access operations from any user
  • Certified timestamping: RFC3161 certified timestamp is automatically applied to all archived email and verified every time an email is retrieved
  • Granular user role dfinition: user roles are defined as collections of over 80 capabilities and user roles can be created to match the company policies

 

Libraesva sub-processors

The sub-processors that are relevant to you depend on the Libraesva products and services that you use.

 Sub-processor Location of processing Purpose Relevancy
ExNetworks UK Datacenter UK cloud customers
Aruba SpA EU Datacenter EU cloud customers
UpCloud Ltd EU, UK, US, AU, SG Datacenter Cloud customers in EU, UK, US, AU, SG and other areas
Retelit SpA EU Datacenter EU cloud customers
Freshworks EU Technical support Ticketing service
Microsoft 365 EU Email and conferencing Direct communication

 

Libraesva certifications

Libraesva is ISO27001:2022 certified for “software design, development and support in the security field” and for “provision of cloud services”.

Libraesva is also certified according to the standard ISO27017:2015 (information security controls for cloud services) and to the standard ISO27018:2019 (protection of personal data processed in public clouds by data controllers).

Libraesva is also certified according to the standard ISO9001:2015 (quality management system).

You can download the current Libraesva certifications, all in one file, from this link.

Being a security vendor serving customers in critical industries with very stringent security requirements, by policy we do not share sensitive internal documents like network architectural diagrams, business continuity plans or any other document that includes details about network topology, security measures, internal processes, physical access protections, tools and software used for protecting our infrastructure.

Such information is available only during on-site audits which may be agreed upon at least 15 days in advance. Auditing will require an NDA and no documental information can be obtained in any case.

These policies are in place to protect our organization and our customers. Providing information that can be used by adversaries for assessing our attack surface and poses a risk to our customers. We are regularly audited and required to constantly prove the adherence to the most stringent security standards.

 

Libraesva product privacy policies

Your confidentiality is our top priority. To ensure that we protect your personal information effectively, every product or service provided by Libraesva comes with its privacy policy, detailing how we utilize personal information.

The privacy policy also provides insight into the rights at your disposal concerning your personal data.

 

 

 

Was this helpful?

7 Yes  2 No
Related Articles
  • Troubleshooting Outlook Add-in Authentication with Microsoft 365
  • Libraesva AI usage: technical implementation, governance, privacy and regulatory compliance
  • ESG API
  • Cluster Firewall ports requirements for workers (distributed setup)
  • Encryption at rest
  • Distributed setup

Didn't find your answer? Contact Us

Popular Article
  • Encryption at rest
  • Protocol number
  • Migration process from UkCloud due to liquidation
  • Cluster Firewall ports requirements for workers (distributed setup)
  • Quarantine Reports are not sent after a migration
Tag Cloud
active content blacklist Cluster Alert Cluster Error delisting delivery disk performance email esva file sandbox gdpr hypervisor ip address memory usage monitoring monitring performance privacy production quarantine disk quicksand rbl reputation retention time sandbox sanitize document security snmp template testing tnef uri sandbox url rewrite url sandbox winmail.dat zabbix

  Libraesva Cloud SLA

Libraesva AI usage: technical implementation, governance, privacy and regulatory compliance  

Products
  • Email Security Gateway
  • Email Archiving & Compliance
  • Phishing Awareness
Industry
  • SMB Companies
  • Large Companies
  • Education
  • MSP’s
Solutions
  • Microsoft 365
  • General Data Protection Regulation (GDPR)
  • Business Email Compromise
  • Migrate from Symantec
Resources
  • Email Security Tester
  • Company Website
  • Security Blog
  • Case Studies
  • Free Tech Webinars
Partners
  • Partner Portal
  • Become a Partner
  • Technology Alliances
Company
  • About Libraesva
  • Why Libraesva
  • News
  • Careers
  • Contact Us

LIBRAESVA SRL
Piazza Cermenati, 11
23900 Lecco - ITALY
VAT ID: 03442930131


LIBRAESVA LIMITED
Spaces, 83 Baker St
London W1U 6AG - United Kingdom
VAT ID: 274381685


LIBRAESVA INC
2608 2nd Ave, Suite 327
Seattle, WA 98121 - United States

  • (C) Libraesva 2024 - All rights reserved

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT

WordPress Download Manager

WordPress Download Manager - Best Download Management Plugin

Popular searches:GDPR, ESG 5 migration guide, "How to configure Libraesva ESG for Microsoft 365"