Our role as a data processor

While we may provide you with assistance to help ensure you are compliant, it is your responsibility to ensure that your site is compliant with GDPR.

As a website host, we may store confidential client data for you on our website. While we will do our best to ensure that the website is secure and follows best practices, we accept no liability for data loss or security breaches. It is up to you to ensure that your site complies with GDPR.

Since we may be storing your clients’ personal data on our servers, we are viewed as a data processor under the GDPR. For any personal data stored in your cpanel account, you should be able to directly manage, amend and remove this yourself. If you need help or advice accessing this data however, please contact us and we may be able to help you.

In addition to the data stored within your cpanel account, we also record data access to websites, such as IP address, access time, and URL requested. This is primarily to prevent hacking attempts and server misuse, and to troubleshoot any problems that might occur with our services. This data is generally anonymous, however it may occasionally contain personally identifiable information.

Should there be an issue with your website, we may have to access your clients data to identify and resolve the problem. This might involve processing your clients data. We will not use the data other than to provide you with the service you need.

Data access requests & deletion

Should you receive a data access request or a data deletion request, please inform us of the data requested or to be deleted. If you wish us to collate data you have access to, we may charge for this service, however if you request data from us as a data processor, we will provide it for free if possible.

Please note that we perform regular backups of the server that might contact personal data. These backups are primarily for restoration of the server in the case of a catastrophic server failure. It is not practical for use to individually delete personal data from these backups, since they are images of the entire server.

We believe that legitimate business interest is a reasonable grounds on which to process this data, however we also recommend that you keep a record of data removal requests so that you can correctly remove the data from the backup before performing any other processing should they ever be used.