These measures are also mentioned in Appendix 2 of our Data Protection Agreement (DPA) and here.
The Technical and Organizational Measures (TOMs) are in place to make sure that there is an appropriate level of protection for personal data, and more specifically, to protect the rights and freedoms for data subjects. Below, you will find detailed information about Hetzner’s TOMs.
For the next few sections of this article, the following is true:
- Dedicated servers/Cloud Servers: You/the Client are completely responsible for the management, maintenance and security of the server.
- Managed products: For these products, we at Hetzner take responsibility for the maintenance, administration, and security of your systems.
Physical access control
Physical access control defines who has physical access to a site, building, or room.
Measures |
Data centers | Admin buildings |
|---|---|---|
| Electronic physical entry control system with log | ✓ | ✓ |
| Documented distribution of access medium | ✓ | ✓ |
| Comprehensive video monitoring | ✓ | ✓ |
| Policies about how to handle visitors | ✓ | ✓ |
| High security perimeter fencing (with anti-climbing and anti-tunneling protection) around the entire data center park | ✓ | NA |
| Separate colocation area with lock-able racks and physical access control for enclosed cages | ✓ | NA |
TOMs details - Physical access control
Electronic physical entry control system with log: We strictly limit access to our data center parks, the data centers themselves, all other facilities and any administrative buildings . It is only possible to enter them via our access control system, which logs all access information.
Documented distribution of access medium: We issue access media such as keys only to authorized employees, subcontractors, and colocation customers. There is documentation for every time we give one of these people access media to ensure complete traceability. We centrally manage and regularly review the distribution of said media and the which above people have access rights to them. Colocation customers are responsible for managing and checking their own access media.
Comprehensive video monitoring: We continuously video monitor all relevant areas of our operations, including our high security perimeter fencing, access roads, entrances and exits, security airlocks, and server rooms. All movements are recorded and documented. We store and delete the video footage in accordance with our GDPR compliant deletion plan. In addition, we record images for all access attempts for our colocation customers (including entrances and exits and security airlocks). We log the images and relevant timestamps on our administration interface. The customer can also view these images.
Policies about how to handle visitors: We have written policies for how we handle external visitors. This guideline defines clear rules for how visitors should register for their visit, and get their visit authorized by us, about being escorted by our teammates during their visit, what kind of ID they may need for their visit, and what happens at the end of their visit. We familiarize first-time colocation visitors with these guidelines and any others relevant to them as part of their first visit.
High security perimeter fencing (with anti-climbing and anti-tunneling protection) around the entire data center park: All of our data center parks have high security perimeter fencing, which includes additional features to prevent intruders from climbing over or digging under the fencing.
Separate colocation area with lock-able racks: The colocation area is physically separated from our internal areas. Colocation customers can lock their colocation racks.
Electronic access control
The electronic access control defines who is allowed to log on to a system so that only authorized people have access to it.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| Individual customer accounts with numerous management options and access to the administration interface | ✓ | ✓ | ✓ | ✓ | ✓ |
| Traceable access logs and change logs for customer accounts | ✓ | ✓ | ✓ | ✓ | ✓ |
| Required passwords for customer accounts with defined minimum requirements | ✓ | ✓ | ✓ | ✓ | ✓ |
| Option for two factor authentication (2FA) for customer account | ✓ | ✓ | ✓ | ✓ | ✓ |
| Client has exclusive access to server | ✓ | ✓ | ✓ | NA | NA |
| Only authorized Hetzner employees have access, within the scope of the agreed service; via multi-level authentication and cryptographic protection. Access done for tasks ranging from infrastructure maintenance to complete server management depending on product. | NA | NA | NA | ✓ | NA |
| Individually configured firewall | NA | ✓ | ✓ | NA (see next line) |
✓ |
| Hetzner-managed firewall with 24/7 monitoring | NA | NA (see last line) |
NA (see last line) |
✓ | NA (see next line) |
| Virus scanner / Security tests | Client’s responsibility | ✓ | ✓ | rootkit tests | X |
| (Additional) measures the responsibility of the Client | ✓ | ✓ | ✓ | NA | ✓ |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares |
|---|---|---|---|
| Individual customer accounts with numerous management options and access to the administration interface | ✓ | ✓ | ✓ |
| Traceable access logs and change logs for customer accounts | ✓ | ✓ | ✓ |
| Required passwords for customer accounts with defined minimum requirements | ✓ | ✓ | ✓ |
| Option for two factor authentication (2FA) for customer account | ✓ | ✓ | ✓ |
| Client has exclusive access to server | NA | NA | NA |
| Only authorized Hetzner employees have access, within the scope of the agreed service; via multi-level authentication and cryptographic protection. Access done for tasks ranging from infrastructure maintenance to complete server management depending on product. | ✓ | ✓ | ✓ |
| Individually configured firewall | NA (see next line) |
NA (see next line) |
NA (see next line) |
| Hetzner-managed firewall with 24/7 monitoring | ✓ | ✓ | ✓ |
| Virus scanner / Security tests | Client’s responsibility | ✓ | ✓ |
| (Additional) measures the responsibility of the Client | NA | NA | NA |
TOMs details - Electronic access control
Individual customer accounts with numerous management options and access to the administration interface: Our customer account panel is available to you so that you can manage your customer data. You can use this panel to, for example, change your postal address or to generate a one-time password (OTP) so you can verify your identification if you need telephone support. All data transferred to and from the interface is encrypted. You can also use https://accounts.hetzner.com to access the administration interfaces for any products you have with us.
Traceable access logs and change logs for customer accounts: Our log system saves logins and administrative changes within the customer account. We store and save these in accordance with our company deletion plan and in compliance with the GDPR.
Required passwords for customer accounts with defined minimum requirements: You as a customer must set a password when you create a customer account with us, and must follow the security guidelines we have defined for that password. You can change your password at any time on the administration interface.
Option for two factor authentication (2FA) for customer account: You can activate two factor authentication on your account at any time so that you can better protect it.
Client has exclusive access to server:
Dedicated servers & Cloud servers:
Only the Client provides access to the server. In this way, the Client is also responsible for managing and implementing access control measures.
With our dedicated and cloud servers, you as the customer have the option of logging into your server via SSH from any location and, for example, doing maintenance work yourself on the server using the operation system that is installed on the server. Hetzner does not “see” or influence which applications or operations that you have set up on your server. The exception to this are applications or operations that we prohibit in our customer Terms and conditions.
Our log system stores all relevant access and administration processes, this data is stored and deleted in accordance with our GDPR compliant deletion plan.
We give you a first-time access password when we commission your server. Once we send you this password, we ask you to change it immediately to make it a unique and secure password. We do not know your new password.
Only authorized Hetzner employees have access within the scope of the agreed service via multi-level authentication and cryptographic protection:
(from pure infrastructure maintenance to complete server management, depending on the product)
We strictly limit access to the servers only to authorized employees, and they may only access the servers within the scope of the agreed services. Access to servers takes place exclusively via a multi-level authentication process and is secured by cryptographic protection mechanisms. The type and scope of access varies depending on the product:
Managed servers: For managed servers, employees get root access only to perform maintenance work and customer support.
Web hosting & Storage Shares: For web hosting packages and Storage Shares, employees only get access for to do platform and infrastructure maintenance; they do not access data or content that the customer has stored.
Storage Boxes: For Storage Boxes, employees only get access to the underlying hardware and network infrastructure. Also in this case, they do not have access to data or content that the customer has stored. But there is an exception, and that is if the customer gives the employees access.
Individually configured firewall:
Dedicated servers:
We provide a stateless firewall for our dedicated servers; it is configured on the switch port. You as the customer can define your own filter rules for incoming and outgoing traffic.
Cloud servers: We provide a stateful firewall for our Cloud servers. You as the customer can also define your own filter rules here for incoming and outgoing traffic.
Object Storage: You as the customer can create access control lists (ACLs) that allow you to individually control access to a Bucket a IP level and to restrict or block access to it if necessary.
Hetzner-managed firewall with 24/7 monitoring:
Managed servers, web hosting, Storage Shares, & Storage Boxes:
We will take care of security for these products, including the configuration and maintenance of the firewall for them. Our team of system administrators monitor these products 24/7.
Virus scanner / Security tests:
Managed servers & web hosting:
We use a centrally managed virus scanner solution for our managed servers and web hosting products. This allows us to simplify and standardize the management for all clients and security threads and to detect and mitigate any potential threats as quickly as possible.
Storage Shares & Storage Boxes: We perform rootkit checks for our Storage Boxes and Storage Shares. These checks check for any hidden malware (rootkits) in the system.
Internal access control
Internal access control defines which authorizations people have within a system. It defines what a user may see, change, or execute after accessing a system.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| Regular updates | Client's responsibility | Client's responsibility | ✓ For the underlying cloud infrastructure |
✓ | ✓ |
| Audit-proof, binding authorization procedure based on a roll and authorization policy | Client's responsibility | Client's responsibility | ✓ The cloud infrastructure is accessed |
✓ | ✓ |
| Maintaining, securing, and updating transferred data/software | Client's responsibility | Client's responsibility | Client's responsibility | Client's responsibility | Client's responsibility |
| (Additional) measures the responsibility of the Client | ✓ | ✓ | ✓ Regarding access to cloud servers |
NA | NA |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares |
|---|---|---|---|
| Regular updates | ✓ | ✓ | ✓ |
| Audit-proof, binding authorization procedure based on a roll and authorization policy | ✓ | ✓ | ✓ |
| Maintaining, securing, and updating transferred data/software | Client's responsibility | Client's responsibility | Client's responsibility |
TOMs details – Internal access control
Regular updates:
Cloud servers:
We perform routine security updates on the underlying cloud infrastructure so we can find and remove potential security vulnerabilities that bad actors may try to exploit.
Managed servers, web hosting, Storage Shares, Storage Boxes, Object Storage, & internal admin systems: We perform routine security updates on these systems so we can find and remove potential security vulnerabilities that bad actors may try to exploit.
Audit-proof, binding authorization procedure based on a roll and authorization policy:
Cloud servers:
Our employees gain access to the cloud infrastructure based on a defined approval process based on their our documented roles and rights plan. The access authorizations are checked regularly and are only granted for the required period of time. Every time that access rights are granted, changed, or revoked, it is documented in a complete and traceable manner.
Managed servers, web hosting, Storage Shares, Storage Boxes, Object Storage, & internal admin systems: Our employees gain access to these systems based on a defined approval process based on their our documented roles and rights plan. The access authorizations are checked regularly and are only granted for the required period of time. Every time that access rights are granted, changed, or revoked, it is documented in a complete and traceable manner.
Transfer control
Transfer control includes measures and procedures that makes sure that the use, access, and transport of physical data storage mediums are monitored and protected against unauthorized access.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| Defined process for deleting data from storage drives after contract is complete; implemented differently depending on product type | Client’s responsibility | ✓ | ✓ | ✓ | ✓ |
| Storage drives are physically destroyed if data cannot be successfully erased | Client’s responsibility | ✓ | ✓ | ✓ | ✓ |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares | Internal admin systems |
|---|---|---|---|---|
| Defined process for deleting data from storage drives after contract is complete; implemented differently depending on product type | ✓ | ✓ | ✓ | ✓ |
| Storage drives are physically destroyed if data cannot be successfully erased | ✓ | ✓ | ✓ | ✓ |
TOMs details – Transfer control
Defined process for deleting data from storage drives after contract is complete:
(Implemented differently depending on product type)
Depending on which product of ours you have purchased, we use several different automated deletion processes. After we have made sure that data has been completely deleted from the storage device, we re-use the storage device.
Dedicated servers: With our dedicated servers, we perform a residual free deletion using a hardware supported deletion method.
Cloud servers: With our Cloud servers, our system deletes the image as soon as you delete the cloud server. Depending on how long you used the product, we delay the ultimate deletion up to 48 hours in order to prevent any accidental deletion or data loss. After this period has passed, the image ultimately deleted using a hardware supported deletion method. Each customer is assigned their own unique image. Therefore, it is not possible to for other customers to restore your data.
Managed servers: Depending on which product you have purchased, we operate your managed server using underlying infrastructure based on our dedicated servers or on our Cloud environment. The deletion method, therefore, depends on what kind of underlying infrastructure your managed server runs on. (See the above information on Dedicated servers & Cloud servers.)
Web hosting: For our web hosting packages, we deleted your data 30 days after you cancel the domain.
Storage Shares & Storage Boxes: Storage Shares and Storage Boxes use their own ZFS dataset, which is erased when the instance is deleted. The freed-up storage space is then re-used in ZFS, and is overwritten with new data over time. Customers do not have access to the block level, so it is not possible to retrieve deleted blocks.
After you cancel a Storage Box, we wait 24 hours before ultimately deleting them. Storage Shares are different. When you delete a Storage Share, we keep them in a deactivated state for 30 days. After this period runs out, the relevant ZFS dataset and database are ultimately deleted. After that, it is not possible to restore them.
Object Storage: Our system stores the data on a Ceph-based distributed system. This distributed storage system distributes the data redundantly across several physical drives and nodes. When data is deleted, this happens using the Ceph cluster, which ensures that the data is removed from all storage nodes. After the data deletion process has started, the data blocks are overwritten by the distributed system or erased from the cluster. Because this system is based on distributed architecture, the data deletion process is asynchronous, but consistent, across all storage nodes.
Storage drives are physically destroyed if data cannot be successfully erased: If, when we review the wipe process, it becomes clear that we cannot guarantee that the data has been completely erased, we physically destroy the affected hardware at our data center in Falkenstein, Germany. When we transport the affected drives to Falkenstein, we store them in secure transportation containers. We destroy hardware based on standards defined by DIN 66399. The shredders that we use meet protection class 2 and correspond to security level H4 for hard disks and E3 for electronic media.
Isolation control
Measures for isolation control make sure that data for each different customer or application within a system are separated from each other when they are processed and stored.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| Physical or logical separation of data | Client’s responsibility | Client's responsibility | ✓ | ✓ | ✓ |
| Physical or logical separation of backup data | Client’s responsibility | Client's responsibility | ✓ | ✓ | NA |
| (Additional) measures the responsibility of the Client | ✓ | ✓ | ✓ | NA | NA |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares | Internal admin systems |
|---|---|---|---|---|
| Physical or logical separation of data | ✓ | ✓ | ✓ | ✓ |
| Physical or logical separation of backup data | ✓ | ✓ | ✓ | ✓ |
| (Additional) measures the responsibility of the Client | NA | NA | NA | NA |
TOMs details – Isolation control
Physical or logical separation of data:
Cloud servers, web hosting, Storage Shares, Storage Boxes, Object Storage, internal admin systems:
We store the data for these systems either physically (on separate data storage devices) or logically (using permissions systems and virtualization) and is separated from other data. This measure ensures that your data remains isolated and that no unauthorized access occurs and that your data does not get mixed with other data.
Physical and logical separation of backup data:
Cloud servers, web hosting, Storage Shares, Storage Boxes, internal admin systems:
With these systems, we also ensure strict separation when storing the data. We save backups on logically and/or physically separate systems.
Pseudonymization
Measures |
Colocation | Dedicated servers | Cloud servers | Managed servers | Web hosting | Storage Shares | Storage Boxes | Object Storage |
|---|---|---|---|---|---|---|---|---|
| Only the Client can access the server | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Confidentiality
Confidentiality measures make sure that personal data is protected from unauthorized access or disclosure while it is being processed and stored.
| Measure | General | Depends on product |
|---|---|---|
| Hetzner employees sign an agreement before they begin doing any work with personal data and promise to comply with data protection regulations. | ✓ | X |
| Hetzner employees regularly get training to raise awareness for and knowledge about data protection and information security. | ✓ | X |
| Encryption options for data transfers | X | ✓ |
TOMs details – Confidentiality
Hetzner employees sign an agreement before they begin doing any work with personal data and promise to comply with data protection regulations. All Hetzner employees are instructed that they may only process the Client’s personal data in accordance with the Client’s instructions. Before they begin working with customers’ personal data, they sign an agreement in which they promise to handle personal data in compliance with data protection regulations.
Hetzner employees regularly get training to raise awareness for and knowledge about data protection and information security. We teach our employees about data protection requirements before thy start working with customers’ personal data. In addition, all employees receive further and regular training courses so they are continuously aware about their responsibilities regarding data protection and data security. This training includes information about the Client’s right to issue instructions about their personal data.
Encryption options for data transfers: Hetzner provides its customers with several encryption options for data transfers, which can change depending on the product. We specify which encryption options are available for each product in the service descriptions for the main contract.
Integrity
Data integrity measures make sure that data and systems remain complete, uncorrupted, and correct while they are being stored or transferred.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| Changes to data are logged | Client’s responsibility | Client's responsibility | Client's responsibility | ✓ | ✓ |
| The Client is responsible for entering and processing data | ✓ | ✓ | ✓ | ✓ | |
| (Additional) measures the responsibility of the Client | ✓ | ✓ | ✓ | ✓ | ✓ |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares | Internal admin systems |
|---|---|---|---|---|
| Changes to data are logged | ✓ | ✓ | ✓ | ✓ |
| The Client is responsible for entering and processing data | ✓ | ✓ | ✓ | ✓ The Client can edit their data themselves using their customer account |
| (Additional) measures the responsibility of the Client | ✓ | ✓ | ✓ | NA |
TOMs details – Integrity
Changes to data are logged:
Managed servers, web hosting, Storage Shares, Storage Boxes, internal admin systems:
We log any changes to saved data with a time stamp in our file system.
Object Storage: We log any changes to saved data with a time stamp in our file system, or we indicate it using meta data related for objects.
The Client is responsible for entering and processing data:
Managed server, web hosting, Storage Shares, Storage Boxes, Object Storage, internal admin systems:
You as the customer are solely responsible for entering and editing your data. This includes not only data saved on the servers but also any data that you have entered on your customer account.
Availability and resilience
Availability measures focus on keeping the systems in continued working order. Resilience measures make sure that the data remains available even under exceptional circumstances.
Unmanaged products
Measures |
Colocation | Dedicated servers | Cloud servers | Storage Boxes | Object Storage |
|---|---|---|---|---|---|
| 24/7 technical support directly in data center | NA | ✓ | ✓ | ✓ | ✓ |
| Uninterruptible power supply using redundant UPSs and emergency power supply system | ✓ | ✓ | ✓ | ✓ | ✓ |
| Redundant and highly available network infrastructure | ✓ | ✓ | ✓ | ✓ | ✓ |
| Site-wide early warning fire system; direct connection to the local fire and rescue coordination center | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dynamic fire protection measures | ✓ | ✓ | ✓ | ✓ | ✓ |
| Regular training for emergencies and fire protection | ✓ | ✓ | ✓ | ✓ | ✓ |
| Redundant and energy-efficient cooling using direct free cooling and climate controls | ✓ | ✓ | ✓ | ✓ | ✓ |
| Cold-aisle containment | ✓ | ✓ | ✓ | ✓ | ✓ |
| Continuous monitoring of air temperature in server rooms and distribution cabinets | ✓ | ✓ | ✓ | ✓ | ✓ |
| Continuously active DDoS recognition | ✓ | ✓ | ✓ | ✓ | ✓ |
| Backup and recovery plan | Client’s responsibility | Client’s responsibility | ✓ depends on purchased services |
Snapshots depending on purchased services |
Redundant storage within the cluster system |
| Disk mirroring | Client’s responsibility | Client’s responsibility | Client’s responsibility | ✓ | ✓ |
| Monitoring | Client’s responsibility | Client’s responsibility | Client’s responsibility | ✓ | ✓ |
| Escalation process for faults and emergencies | See product description | See product description | See product description | See product description | See product description |
| Use of software firewall and port management | Client’s responsibility | Client’s responsibility | Client’s responsibility | ✓ | ✓ |
Managed products
Measures |
Managed servers | Web hosting | Storage Shares | Internal admin systems |
|---|---|---|---|---|
| 24/7 technical support directly in data center | ✓ | ✓ | ✓ | ✓ |
| Uninterruptible power supply using redundant UPSs and emergency power supply system | ✓ | ✓ | ✓ | ✓ |
| Redundant and highly available network infrastructure | ✓ | ✓ | ✓ | ✓ |
| Site-wide early warning fire system; direct connection to the local fire and rescue coordination center | ✓ | ✓ | ✓ | ✓ |
| Dynamic fire protection measures | ✓ | ✓ | ✓ | ✓ |
| Regular training for emergencies and fire protection | ✓ | ✓ | ✓ | ✓ |
| Cold-aisle containment | ✓ | ✓ | ✓ | ✓ |
| Continuous monitoring of air temperature in server rooms and distribution cabinets | ✓ | ✓ | ✓ | ✓ |
| Continuous active DDoS recognition | ✓ | ✓ | ✓ | ✓ |
| Backup and recovery plan | ✓ partially depends on purchased services |
Possible to restore specific files | RAID-based storage backend | ✓ daily backups of all relevant data |
| Disk mirroring | ✓ | ✓ | ✓ | ✓ with all relevant servers |
| Monitoring | ✓ | ✓ | ✓ | ✓ with all relevant servers |
| Escalation process for faults and emergencies | See product description | See product description | See product description | See product description |
| Use of software firewall and port management | ✓ | ✓ | ✓ | ✓ |
TOMs details – Availability and resilience
24/7 technical support directly in data center: We man our data centers 24/7/365 with our our technical support employees. They respond immediately on-site to any potential incidents.
Uninterruptible power supply using redundant UPS and emergency power supply system: Our uninterruptible power supply (UPS) guarantees that we have a constant, uninterrupted power supply, even if there is a power outage. The UPS system provides power for a temporary period of time until the regular power supply is restored, or until our emergency power supply system becomes active. The UPS system are set up in a redundant manner and two separate and parallel streams of power. In addition, our UPS system is connected to a battery supply which can power the data center’s operations for approximately 15 minutes. The emergency power supply provides longer-term power if there is an outage. This system is powered using diesel generators. They allow our data centers to continue to operate autonomously during longer power outages. Every data center building has its own emergency power supply. Each row of data center buildings has a central main tank which supply the separate emergency power supply tanks with fuel. Our staff regularly checks that the tank is full and will refill it if needed.
Redundant and highly available network infrastructure: Hetzner's network consists of several interconnected and redundant connections between the company's own data center locations and external POP locations. Within the data center, core routers connect the access routers, which in turn terminate the customer servers. The connection to the Internet is made via peering points, transit and private peerings (total capacity 20,780 Gbit/s). A current and detailed overview of the peering points, transit and private peerings is available on our website. This network infrastructure creates a highly available N-to-M link between the network nodes and the customers’ servers. We use the network hardware required to operate our systems both in our own data centers and at external POP and repeater locations.
Site-wide early warning fire system; direct connection to the local fire and rescue coordination center: We have equipped all of our data centers with an early warning fire system which consists of a system of aspirating smoke detectors. Our early warning fire system is in direct connection to local fire and rescue coordination center. And the system is connected to our internal monitoring system, which is responsible for detecting disruptions and triggering internal alarms. In addition, each data center has CO₂ hand-held fire extinguishers and mobile CO₂ extinguishers available and clearly marked so that we can react quickly and effectively in an emergency.
Dynamic fire protection measures: Fireproof doors separate all parts of our data center parks that are designated fire protection areas. If something triggers our smoke detector systems, the fire proof doors will automatically close to prevent the any possible fire from spreading to another section of the data center. To prevent a possible fire from jumping or leap-frogging from one data center building unit to another, there is a physical gap separating the buildings. In addition, transformers, medium-voltage stations and battery rooms are also isolated using firewalls and fire proof doors. If our system is triggered by a possible incident, ventilation ducts and cable ducts in the fire protection walls are protected with special barriers and self-closing fire dampers. The dynamic nature of our fire protection plan allows us to make structural changes that we can incorporate into our fire protection measures without any constraints.
Regular training for emergencies and fire protection: Our designated and trained fire protection officers and helpers have regular contact with the local fire fighters and participate in routine training and emergency drills.
Redundant and energy-efficient cooling using direct free cooling and climate controls: We use an environmentally friendly method of cooling our data centers, direct free cooling. This system uses the outside air to temper the data centers and to greatly minimize our energy consumption. This system’s N+2 redundancy ensures that our additional cooling units are operational and ready to use so that we can ensure that the servers remain cool even if there is a fault. Our raised floors are higher than average and therefore have a greater capacity for circulating air and optimizing the temperature. These raised floors allow us to efficiently direct and distribute the cooled air and to move warmer air away from the servers.
Cold-aisle containment: Our cold-aisle containment system prevents cold air from mixing with warm air by clearly targeting the direction of the cold air current onto the IT components that need cooling. This increases the efficiency of our cooling systems and minimizes energy consumption.
Continuous monitoring of air temperature in server rooms and distribution cabinets: We constantly and closely monitor the room temperature in the data centers as well as the temperature of the servers and distribution cabinets. The system can detect deviations in temperature in real time, allowing us to quickly take action if something becomes overheated. By monitoring our infrastructure so closely, we help to safeguard its stability and accessibility.
Continuously active DDoS recognition: Our continuously active DDoS recognition system constantly analyzes traffic and recognizes attacks early. It automatically filters out malicious traffic before it reaches its target in the system. Our anti-DDoS system is based on powerful hardware and sophisticated and complex filtering technology.
Backup and recovery plan:
Cloud servers:
As soon as you book a Backup on Cloud Console, our system makes automated daily backups of the virtual hard drive included in your cloud server package. You have access to the daily backups for seven days after they are made.
Managed Server: We make automated daily backups of your data with our managed servers. You have access to the daily backups for 14 days after they are made. Important note: For older managed server models, it might be necessary to have a backup-addon. Please contact our support team for additional information.
Web hosting: We make daily backups of the data on your web hosting account. Depending on what kind of web hosting package you have, you can access your backups for up to 14 days after they are made.
Storage Shares: We make automated snapshots of the data on your Storage Shares several times each day. You have access to the snapshots for seven days after they are made. Important note: Snapshots are not complete backups. We recommend that you perform a separate backup of your Storage Shares in addition to this.
Storage Box: Our Storage Boxes include a snapshot feature that you as the customer can use on your own. The larger your Storage Box is, the more snapshots you have access to. Important note: Snapshots are not complete backups. We recommend that you perform a separate backup of your Storage Boxes in addition to this.
Object Storage:
You can save your data in several locations by selecting multiple locations on your own. By doing this, you will create a copy of your S3-Buckets in a different data center.
Important note: Is this not a complete backup. We recommend that you perform a separate backup of your S3-Buckets in addition to this.
Internal admin systems: We perform daily automated backups of all relevant data to ensure that it is possible to quickly and reliably restore data in the event of data loss or a system fault. We regularly test our backup and recovery plan to make sure we can effectively and completely restore the data.
Disk mirroring:
Cloud servers, managed servers, web hosting, Storage Shares, Storage Boxes, internal admin systems:
We have configured our servers with hard drive mirroring (RAID 1) to ensure the availability and integrity of the data stored on these systems. RAID 1 saves all of the data on at least two drives in parallel so that if one drive fails, all of the data will still be available and the system will still operate without interruption.
Object Storage: The Ceph storage system uses distributed data replication to create a high level of fault tolerance and data accessibility. Using Ceph, the data is saved redundantly on several servers.
Monitoring:
Managed servers, web hosting, Storage Shares, Storage Boxes, Object Storage:
We continuously monitor all of our servers for these systems to ensure that they are operating smoothly. Our monitoring system can detect anomalies in real time and triggers warnings that go to our support team, who can then immediately take action to solve the problem. Our monitoring system makes certain that the data on these systems is highly available and stable.
Internal admin systems: We continuously monitor all relevant servers to ensure that they are operating smoothly. Our monitoring system can detect anomalies in real time and triggers warnings that go to our support team, who can then immediately take action to solve the problem. Our monitoring system makes certain that the data on these systems is highly available and stable.
Use of software firewall and port management:
Managed servers, web hosting, Storage Shares, Storage Boxes, Object Storage:
Using our software firewall, we monitor and filter the traffic for these systems based on internally defined rules. In additional we managed the port rules for these systems’ to minimize the use of their network ports as much as possible.
Managed servers, web hosting, Storage Shares, Object Storage:
We implement a combination of several security solutions to provide an additional level of protection to our infrastructure from common threats. These include:
• Virus scanners that recognize and mitigate malicious software
• Firewalls to prevent authorized access attempts,
• Encryption programs to safeguard sensitive data,
• . Spam filters that block unwanted or potentially malicious emails.
Procedures for regular testing, assessment, and evaluation
Regularly testing, assessing, and evaluating the data protection and security standards ensures that the measures stay in compliance with regulations and improve over time.
| Measure | General | Depends on product |
|---|---|---|
| Data protection information security management system (DIMS) | ✓ | X |
| Incident response management | ✓ | X |
| Data-protection-friendly default settings (privacy by default) | ✓ | X |
| Employment of a data protection and information security officer who is integrated into the operational processes | ✓ | X |
TOMs details – Procedures for regular testing, assessment, and evaluation
Data protection information security management system (DIMS):
Our DIMS ensures that we protect all data and information in accordance with statutory and regulatory requirements. It includes technical and organizational measures, as well as special training for our employees, all of which enables us to implement information security measures in our standard company operations.
Starting in 2016, Hetzner implemented and still maintains an information management system (ISMS), which is certified based on ISO 27001 standards. This certification process includes regular audits. You can find additional information here.
An external auditor reviews our implementation of the TOMs that we have defined in this document each year. Customers can access the audit reports free of charge and automatically using their account on our customer portal once they have completed a data protection agreement (DPA) with us. They can do that by going here.
Incident response management: We have an incident response management (IRM) system in place so we can react quickly and in the event of an incident and take appropriate action.
Data-protection-friendly default settings (privacy by default): When we develop software, we follow a general rule (privacy by default) to help safeguard users’ personal data.
Employment of a data protection and information security officer who is integrated into the operational processes: We at Hetzner Online GmbH employ both a data protection officer and information security officer. Both of them are highly involved in all relevant processes of our operations as part of our data protection and information security management systems.