On 25th May 2018, the European General Data Protection Regulation (GDPR) will come into force. This act aims to help protect your personal data and introduces new obligations for businesses that deal and process data on you. GDPR will replace the UK’s Data Protection Act 1998.

Definitions

Personal Data

Any information relating to an individual and can be used to identify that individual. Examples of personal data are name, email address, location data.

Processing

Any operation which is performed on personal data, whether automated or manual. Examples of processing include recording, organising, storing.

Data Controller

The organisation, person or body that determines how personal data is processed.

Data Processor

The organisation, person or body that processes personal data on behalf of the controller.

As a hosting company we have different responsibilities, depending on the situation, in its role as data processor and as a data controller.

Nutty About Hosting as a Data Processor

When you use our services and store personal data on our infrastructure, we are classified as the data processor and you are classified as the data controller.

Unless required to do so by law we do not share or provide access to any of your data with third parties. Neither do we use your data for our own purposes.

Data Location

All your data is kept within the UK. We own our server hardware and this is co-located in an Iomart data centre in Manchester which is ISO27001 compliant - https://www.iomart.com/about-iomart/uk-data-centres/

Data Security

All our hardware and software are kept up to date with the latest security patches.

Our technical support teams remote access is restricted by IP and any service is accessed only to maintain our service level agreements or if an issue is reported by the client.

Data centre staff have access to the physical hardware but they only do so when instructed by our technical support team.

All staff are trained and know their responsibilities under GDPR.

We do not currently employ any third party contractors. If this were to change we would inform you if any subcontractor were to process any data.

Data Breaches

We will report any data breach within 48 hours of it coming to our attention.

We are committed to helping you meet your own GDPR obligations.

Nutty About Hosting as a Data Controller

This covers the personal data we hold about our customers and how we process that data. This generally covers data for billing, managing accounts, sales and commercial management.

We will only collect the minimal amount of data that is necessary to allow our systems to operate and that is required by UK law. We will only hold on to this data to meet our legal requirements set out by UK law.

We will only use the data we collect for the purpose it has been collected for.

Once any contractual relationship ceases any associated personal data, which is not required by UK law, will be anonymised after 3 months.

We will not transfer any data to third parties apart from those we use to carry out our service obligations to you, including but not limited to, payment of services, accounting and notifications.

Data Protection Officer

We are registered with the ICO - https://ico.org.uk/ESDWebPages/Entry/Z3471356

If you have any further questions or requests regarding our GDPR compliance then please send them to Chris Mortimer, Nutty About Hosting Ltd, 3 Long Rydon, Stoke Gabriel, Totnes, Devon TQ9 6QH

For further information visit the ICO website - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr