Frequently asked questions

Agustin gaute b Sh DA Al PL Kc
What is data sovereignty?

Data sovereignty means your organisation decides where your data is stored, which legislation applies to it and who has access. For organisations working with personal data or business-sensitive information, it also determines whether you comply with GDPR, and whether foreign governments can access your data through laws like the Cloud Act.

Does my data fall under the Cloud Act if it's stored in a European datacenter?

Possibly. The Cloud Act from 2018 allows the US government to request data from American cloud providers, even if that data is physically stored in Europe. A datacenter in Frankfurt under an American hyperscaler still falls under that law. That's why many European organisations choose a European cloud provider.

Which deployment models does Zeticon offer for MediaHaven?

3 options: shared cloud (shared server infrastructure, 4 upgrades per year), private cloud (dedicated infrastructure for one organisation, 2 upgrades per year), and on-premise (installation on your own server infrastructure). The SaaS variants run in ISO 27001 and ISO 9001-certified datacenters within the EU.

How does MediaHaven help you comply with NIS2 and GDPR?

MediaHaven includes role-based access control by default, logging of who viewed or modified which file, an audit trail for compliance reporting, and automated retention periods via classifications. Attach a 10-year retention period to a classification and the system archives or deletes automatically. Zeticon is also ISO 27001-certified, a standard that closely aligns with what NIS2 requires.

What does a Zeticon contract say about data ownership?

Every contract states explicitly that you as a client remain the owner of your data at all times. Zeticon uses a standard exit scenario that is discussed upfront. You can retrieve your data yourself via the API, or have Zeticon prepare and guide that process.

What does API-first mean at MediaHaven?

All functionality the MediaHaven frontend offers is also available via the REST API. You can build your own applications, access portals or integrations on top of the platform. Meemoo uses this for an education archive, Hogeschool Utrecht for integration with JW Player.

How do you avoid vendor lock-in when choosing an information platform?

Ask about 3 things upfront: an exit scenario in the contract, data ownership during and after the collaboration, and how much the platform uses open standards and APIs. Vendor lock-in sometimes comes from contractual terms, but just as often from knowledge that only sits with the vendor. Transparency throughout the process helps prevent that.

Can I move my data to another country if the geopolitical context changes?

Yes. Zeticon has the capability to move data between European datacenters, and outside Europe if needed. The choice depends on where the laws and standards best match your needs, and happens in consultation with you.

What falls under sovereignty beyond where your data is stored?

Data sovereignty covers location and legislation, but organisations that want to keep control of their information ecosystem look further. Who decides the pace of upgrades and new features? How open is the underlying technology, and can it integrate with other systems? Can you prove you comply with GDPR and NIS2? And what does the contract say if you ever want to leave? Each of those questions touches a different piece of the control you either have or don't.