GDPR is obviously an important piece of legislation, not only for us, but for you, our customers.
As part of our GDPR preparations, we have created this FAQ to help you prepare for GDPR as well as reassure you about our own preparations.
Is my site compliant?
We are unable to confirm that your own site or business is compliant. We can give you as much information as we have about our systems and security, but you will need to make the decision for yourselves on your own compliance.
Where is our data located?
Our primary data centre is in Leeds (UK), and has in it:
- All our Starter Pro, Home Pro, Business Pro, and Reseller Pro packages
- All our Premium Hosting packages
- Our Virtual Private Servers
- A majority of our Hybrid Servers
- Our legacy Dedicated Servers
- Our stand-alone mailboxes
- Our Hosted Exchange mailboxes
- All our customer details
- All our Resellers’ client details
Our secondary data centre is in the EU, and has in it:
- Some of our Hybrid Servers
- Most Dedicated Servers purchased after 2016
SiteDesigner is produced by BaseKit, and they have their own data policy available here.
Our SSL certificates are generated by Starfield Technologies, who have a Privacy Centre here.
StopTheHacker is produced by Cloudflare and does store a small amount of customer data.
Most of our third-party partners are considered Data Processors, and we, or our customers, are the Data Controller.
How secure is our data with you?
All personal data, both your own and that of your customers, is supplied to us through controlled processes that are protected by appropriate measures, including encryption.
Access to your data is subject to audits and access logging, and is restricted based on the business need.
All staff that have access to your data, or will be collecting data, have been fully trained on respecting customers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.
How physically secure are your data centres?
By having our own data centres, we have built in a secure and resilient network infrastructure and do not rely on third-party solutions.
Our data centres are staffed 24 hours a day every day of the year, with extensive physical security measures, including strict access control and CCTV.
What are you doing about processing Reseller customer data?
We are aware that, for some of our Reseller customers, we are the Data Processor, with the Reseller being the Data Controller. We have prepared a contract to assist our Resellers in their compliance with the obligations required by Article 17 of the Data Protection Directive 95/46/EC, which is now available to download.
What about using HostPay?
Many of the elements needed for GDPR for HostPay are already in place, or are in the process of being added.
If your customers ask for an export of their data, you can do so from the individual Customer Information page or all your customers’ data from the Reseller Control Centre. Please see “How do I export my customers’ data?” in our Support Database.
If your customers want their data deleted, you can delete them individually from the individual Customer Information page in HostPay, or you can delete all your customers’ data along with your Reseller package. Please see “How do I delete my customers’ data?” in the Support Database.
Please remember that you need to ensure that you have no live domains, packages, or products in your account, or your customer’s account, before you delete the data.
All the fields within the contact information can be changed. If you discover that a field cannot be changed, please raise a ticket with our Customer Services team.
Your customers can be added to a mailing list within HostPay. After May 25th, they will not be automatically added, and will have to opt-in to your mailing list. It is your choice to decide what this mailing list is for.
Essential emails, such as invoices, password resets, and billing information, will be sent to your customers regardless of their choice in the mailing list.
You will need to ensure that your existing customers have chosen to opt into your mailing list before you email them.
HostPay does not set any trackers in your visitors’ browsers by default. If you have added a tracker, it is your responsibility to notify your visitors about the tracker and give them the option to opt out.
What is your own GDPR policy?
Heart Internet complies with all data protection laws applicable to its operations. GDPR is an evolution of privacy law, and not a drastic departure from the laws and regulations that currently govern our day-to-day operations. We welcome the changes as another step towards maintaining the privacy of our customers, and we’re working towards compliance as appropriate and necessary.
We store data as needed to manage and run your account, including for accounting, product configuration, and other reasons. You can see our Privacy Statement.
Where can I find out more?
Please read our previous blog article, A guide to GDPR and what to do to prepare, or visit ICO’s Guide to the General Data Protection Regulation (GDPR).