To protect the security and integrity of the Junovy Cloud Hosting platform by automatically detecting and quarantining malware in uploaded files. This processing activity is essential for preventing the spread of malware across shared hosting environments and protecting all platform users.
Scope
This DPIA covers automated file scanning for all files uploaded to Junovy Business Suite services, including:
Cloud Storage (file upload and synchronization)
Team Chat (file sharing in conversations)
Office Suite (document uploads)
Sites (media and asset uploads)
Nature of Processing
Scanning is performed using ClamAV, an open-source antivirus engine that uses signature-based malware detection. The process is entirely automated and operates at the point of upload, before files are stored or made accessible to other users.
Context and Necessity
Junovy operates a shared hosting platform where files from different users coexist on the same infrastructure. Malware in one user's files poses a genuine risk to other users and the platform itself. No less intrusive alternative exists that provides equivalent protection against file-based malware threats.
Data Processed
File Content: Scanned in memory against ClamAV signature database; not stored or retained after scanning
Internal: Junovy security team only (for quarantine management and incident response)
External: No sharing of scan results with third parties
User Notification: Users are notified when their file is quarantined
Data Retention
Scan Logs: 90 days (automated deletion)
Quarantined Files: 30 days (with appeal/appeal process documented), then automated deletion
File Metadata: Retained only with scan logs (90 days)
Necessity and Proportionality Assessment
Legal Basis
Article 6(1)(f) GDPR: Legitimate interest in protecting platform security and infrastructure
Article 32 GDPR: Mandatory security obligation for controllers to implement appropriate technical and organizational measures
Purpose Limitation
Scanning is strictly limited to malware detection. Files are not analyzed for content classification, profiling, sentiment analysis, or any other purpose beyond security. The scanner performs signature matching only and does not read or interpret file content.
Data Minimisation
Only cryptographic file hashes are stored (not file content)
No machine learning or artificial intelligence is used
No file content is retained after scanning
Only essential metadata required for security audit trail is kept
All non-critical scan logs are automatically deleted after 90 days
Accuracy
ClamAV signature database is updated multiple times daily by the ClamAV project maintainers. False positives are managed through a 30-day quarantine period and user appeal process, ensuring inaccurate detections can be reversed before permanent data loss.
Storage Limitation
Scan logs automatically purged after 90 days
Quarantined files automatically deleted after 30 days
File metadata retained only as long as scan logs exist
No indefinite retention of scanning data
Necessity Justification
The processing is necessary because:
Malware in shared hosting environments can impact all users on that infrastructure
No alternative exists that provides equivalent protection without file inspection
Even completely sandboxed files could be moved to other systems and cause harm
Article 32 GDPR explicitly requires controllers to implement security measures appropriate to the risk level
Standard industry practice for hosting providers is to implement file-level malware scanning
Balancing Test (Legitimate Interest Assessment)
Controller's Legitimate Interest
Protect the integrity and security of the hosted infrastructure
Prevent spread of malware across the platform
Comply with Article 32 GDPR security obligations
Meet industry security standards and best practices
Protect other customers from harm
Data Subject's Reasonable Expectations
Users uploading files to a commercial hosting platform can reasonably expect that the platform operator will implement standard security measures, including malware scanning. This expectation is formed by:
Industry norms: all major hosting providers perform file scanning
Contractual transparency: disclosed in Privacy Policy Section 4a
Service description: mentioned in Terms of Service Section 7.3
Common sense: shared infrastructure requires shared security measures
Impact on Data Subjects
Minimal impact. The processing:
Does not read or analyze file content
Does not create profiles or generate insights about the data subject
Is fully automated with no human review of file contents
Affects only files that are genuinely malicious (or false positives, managed via appeal)
Protects data subjects from malware risk themselves
Safeguards in Place
Purpose Limitation: Scanning restricted to security analysis; no content inspection
Access Controls: Only security team can access quarantine
Audit Logging: All quarantine actions logged with timestamp and user
False Positive Management: 30-day grace period before deletion; formal appeal process
Transparency: Disclosed in Privacy Policy and Terms of Service
Deletion Policy: Automatic data purging after 90 days
User Notification: Users informed immediately when file is quarantined
Conclusion of Balancing Test
The controller's legitimate interest clearly outweighs any impact on data subjects. The processing is essential for platform security, minimally invasive (signature-based, no content analysis), transparent to users, and protects the data subjects themselves from malware harm. The safeguards in place further reduce any residual risk.
Risk Assessment
Risk
Likelihood
Severity
Mitigation
False positives leading to data loss
Low
High
30-day quarantine grace period before deletion; documented appeal process allowing manual review; user notifications at each step
Scan results misused for profiling
Very Low
High
Strict purpose limitation in code; access controls limiting scan data to security team only; audit logging of all access; contractual restrictions
Unauthorized access to quarantined files
Low
High
Access restricted to authenticated security team members; encrypted storage of quarantined files; network segmentation; continuous audit trail of all access
Over-collection of scan metadata
Low
Medium
Automated 90-day retention limit on all scan logs; data minimisation design (hashes only, no content); regular audit of stored data
Scanner vulnerability exploited to bypass security
Very Low
High
ClamAV runs in isolated container environment; regular security updates; network sandboxing; upstream monitoring of ClamAV security advisories
Data Subject Rights
Right to be Informed
Data subjects are informed about file scanning through multiple channels:
Privacy Policy, Section 4a: "Security Scanning"
Terms of Service, Section 7.3: "Automated File Scanning"
Service Description: "Included Security Features"
User dashboard: Notification when a file is quarantined
Right of Access
Users may request scan logs related to their uploaded files. Requests should be directed to privacy@junovy.com and will be fulfilled within 30 days.
Right to Object
Users may submit written objections under Article 21 GDPR. However, security scanning may continue where the controller's legitimate interest (platform security) overrides the data subject's objection. Users will be notified of this determination.
Right to Erasure
Quarantined files are automatically deleted after 30 days. Users may request immediate deletion by appealing the quarantine decision at any time. Once deleted, scan logs are purged in accordance with the 90-day retention policy.
False Positive Appeals
Users who believe their file was incorrectly flagged may appeal within the 30-day quarantine period. The appeal process is documented in the Privacy Policy and includes manual review by the security team. If the flag is reversed, the file is restored immediately.
Consultation with Data Protection Authority
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens / AP) was not consulted as part of this DPIA. The assessment concludes that residual risks are acceptable after all mitigations are applied. The following factors support this determination:
Processing is legitimate under both Article 6(1)(f) and Article 32 GDPR
No processing of special category data (Article 9)
Extensive safeguards and access controls in place
Minimal impact on data subjects (no profiling, no content analysis)
High necessity (platform security) with no viable alternatives
Transparent to data subjects with documented appeal mechanisms
Automatic data deletion policies ensure no indefinite retention
Approval and Review
Approval
This DPIA has been reviewed and approved by William Drake, sole proprietor and Data Controller of Junovy.
Next Review
This DPIA will be reviewed and updated on 22 March 2027, or immediately upon any material change to file scanning practices, including:
Changes to scanning technology or methods
Expansion to new data categories
Changes to data retention policies
Incidents affecting the security of scanned data
Regulatory changes affecting the lawfulness of scanning
We use cookies to enhance your experience and ensure our website functions properly. By clicking "Accept", you consent to our use of cookies. Learn more about our cookie usage.