On 25th May 2018, the European General Data Protection Regulation (GDPR) will come into force. This act aims to help protect your personal data and introduces new obligations for businesses that deal and process data on you. GDPR will replace the UK’s Data Protection Act 1998.
Any information relating to an individual and can be used to identify that individual. Examples of personal data are name, email address, location data.
Any operation which is performed on personal data, whether automated or manual. Examples of processing include recording, organising, storing.
The organisation, person or body that determines how personal data is processed.
The organisation, person or body that processes personal data on behalf of the controller.
As a hosting company we have different responsibilities, depending on the situation, in its role as data processor and as a data controller.
When you use our services and store personal data on our infrastructure, we are classified as the data processor and you are classified as the data controller.
Unless required to do so by law we do not share or provide access to any of your data with third parties. Neither do we use your data for our own purposes.
All your data is kept within the UK. We own our server hardware and this is co-located in an Iomart data centre in Manchester which is ISO27001 compliant - https://www.iomart.com/about-iomart/uk-data-centres/
All our hardware and software are kept up to date with the latest security patches.
Our technical support teams remote access is restricted by IP and any service is accessed only to maintain our service level agreements or if an issue is reported by the client.
Data centre staff have access to the physical hardware but they only do so when instructed by our technical support team.
All staff are trained and know their responsibilities under GDPR.
We do not currently employ any third party contractors. If this were to change we would inform you if any subcontractor were to process any data.
We will report any data breach within 48 hours of it coming to our attention.
We are committed to helping you meet your own GDPR obligations.
This covers the personal data we hold about our customers and how we process that data. This generally covers data for billing, managing accounts, sales and commercial management.
We will only collect the minimal amount of data that is necessary to allow our systems to operate and that is required by UK law. We will only hold on to this data to meet our legal requirements set out by UK law.
We will only use the data we collect for the purpose it has been collected for.
Once any contractual relationship ceases any associated personal data, which is not required by UK law, will be anonymised after 3 months.
We will not transfer any data to third parties apart from those we use to carry out our service obligations to you, including but not limited to, payment of services, accounting and notifications.
We are registered with the ICO - https://ico.org.uk/ESDWebPages/Entry/Z3471356
If you have any further questions or requests regarding our GDPR compliance then please send them to Chris Mortimer, Nutty About Hosting Ltd, 3 Long Rydon, Stoke Gabriel, Totnes, Devon TQ9 6QH
For further information visit the ICO website - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr