This version of our privacy notice was last updated on 19th May 2018. The GDPR deadline is 25 May 2018.
Our privacy notice will inform about who we are; how, why, and what kind of data we collect; what your privacy rights are regarding that data; where and how we store that data; how you can access or remove your data; and our data processing procedures. In particular, this privacy notice will give you information regarding how ECOHOSTING LIMITED collects and processes your personal data, this includes any data you provide through this website by visiting us, when you sign in to your client area or purchase a product or service and when you use the live chat interface.
ECOHOSTING LIMITED is the data controller and processor and is responsible for your personal data (herein referred to as ECOHOSTING LIMITED "we", "us" or "our" in this privacy notice). We take the security of your data very seriously. Protecting our customers’ information and their privacy has always been of the utmost importance to us. We only collect and use personal data as needed to deliver to you our products, services and websites (collectively, our "Services")
We are registered with the Information Commissioner's Office (ICO) registration number ZA265977. If you have any questions about this privacy notice or have any concerns, in the first instance please contact us by using these details :
The Data Protection Officer (DPO),
ECOHOSTING LIMITED Head Office
c/o SWT, 55 Elm Road
Email : firstname.lastname@example.org
If we are unable to effectively deal with your concerns regarding any data protection issues, you have the right to complain to the Information Commissioner's Office at the following address, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We may collect personal data and personal information. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We work closely with a number of third parties including businesses, service providers and fraud protection services. We may receive information from them about you including, but not limited to, your IP address, device-specific information, server logs, device information, location information, and unique order/reference numbers. We may use their features within our website, however, in some instances they may be acting as the data controller and they will have their own privacy notices over which we have no control. We strongly advise you to read these notices and understand them fully. We may pass your personal data to third parties for the provision of services (eg: payment processing). We will only ever share information about you that is necessary to provide the product or service, your personal data will be passed securely and will not be used for any marketing purposes.
We may collect, use, store and transfer your different types of personal data as follows:
- Identity Data : includes first name, last name, maiden name, identifier (username), title, date of birth and gender.
- Contact Data : includes billing address, delivery address, email address and telephone numbers.
- Financial Data : includes card payment details.
- Transaction Data : includes details about payments to and from you and details of products and services you have purchased from us.
- Technical Data : includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system/platform and other technology on the devices you use to access this website.
- Profile Data : includes your username and password, purchases or orders made by you, preferences, feedback and any survey responses.
- Usage Data : includes information about how you use our website, products and services.
- Marketing and Communication Data : includes your chosen preference to receive marketing information from us and your preferred communication method.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but will not reveal your identity directly or indirectly. For example, we may aggregate your Data Usage to calculate the percentage of users accessing a specific feature. If at any time we do combine or connect Aggregated Data with your personal data and as a consequence, it can identify you, we treat this data as personal data which will be used in accordance with this privacy notice.
For the avoidance of doubt, we do not and shall never sell or share your personal data with third parties for marketing or advertising purposes.
Where we need to collect personal data, whether by law or under the terms of a contract, and you fail to provide that data, we may not be able to perform the contract (eg: to provide you with goods or services). In any event such as these, we may need to cancel a product or service. If we do, we will notify you that this is the case. If you would like to review or change the details you have given us, you may do so at any time.
We collect data from and about you by using the various methods listed below :
You may give us your Identity, Contact and Financial Data by filling in secure forms or by corresponding with us by phone, email, live chat. This includes personal data you provide when you:
- have a sales enquiry via telephone, email or live chat;
- apply for our products or services;
- create an account on our website;
- register or transfer a domain name;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- give us feedback.
Automated technologies or other interactions
As you use our website, we may automatically collect Technical Data about your equipment and browsing actions. We collect this personal data by using cookies, server logs and other similar software and technologies which may change as new technologies are created.
Third parties or publicly available sources
We may receive personal data about you from various third parties and public sources as listed below:
- Technical Data from the following parties:
(a) analytics providers;
(b) affiliate network providers;
(c) advertising networks; and
(d) search information providers.
- Contact Data, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from publicly availably sources.
- Identity and Contact Data from data brokers or aggregators.
We will only use your personal data when legally allowed to do so. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract for products and services.
- Where it is necessary for our legitimate interests (or those of a third party) and where your legal rights do not override those interests.
- Where we need to comply with a regulatory or legal obligation.
In the case of making an enquiry via our website. live chat, electronic communication or directly, any information supplied will be considered freely given, specific and an informed indication of your wishes for that information to be used to enable the enquiry to be effectively dealt with.
Below is a description of the ways we plan to use your personal data and which legal basis we rely on to be able to do so. Please be aware that we may process your personal data for more than one legal basis.
Legitimate Interest : In the interest of our business, conducting and managing our business
Performance of Contract : Processing your data where it is necessary for the performance of a contract for us to suplly a product/service.
Comply with a legal or regulatory obligation : Processing your personal data where it is necessary for compliance with the law or regulation.
We endeavour to provide you with choices in relation to certain personal data uses, in particular regarding marketing and advertising. You may receive marketing communications from us if you have requested to do so. Essential emails, such as invoices, password resets, and billing information or any system related emails required to effectively run an account will be sent to customers regardless of their marketing selection.
Change of purpose
We will only use your personal data for the purposes for which we collected it. If we need to use it for any another reason, the reason must be related to the original purpose. In the unlikely event of a need arising to use your personal data for an unrelated purpose, we will notify you immediately and we will explain any legal basis which would allow us to do so. Please be aware that we may process your personal data without your knowledge or consent, in compliance with the above or whether required or permitted by law.
Sharing with trusted third parties
We may share your personal data with third parties with which we have partnered to integrate their services into our own Services, and with trusted third-party service providers as necessary for them to perform services on our behalf, such as:
- Processing credit card payments
- Conducting contests or surveys
- Performing analysis of our Services and customer demographics
- Communicating with you, such as by way email or survey delivery
- Customer relationship management
- Serving Advertisements
We only share your personal data as necessary, for any third party to provide the services as requested or as needed on to run our day to day operation. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited by law from using, sharing or retaining your personal data for any purpose other than the purpose for which they have been specifically contracted for (or without your consent). We may, in the future, choose to sell, transfer, or merge parts of our business and/or assets. On occasion we may acquire other businesses or merge with them. If any change to our business takes place, the new proprietors may use your personal data to continue to run your account effectively and as set out in this privacy notice.
All information you provide to us is stored to an accepted standard on our secured servers in our data centres within the EEA. We may share your personal data within ECOHOSTING LIMITED, and on occasion with our associates/suppliers where required (listed below). This may involve transferring your data outside the European Economic Area (EEA). We ensure your personal data is protected by requiring all 3rd parties to be compliant and by following the same rules when processing your personal data.
Whenever we transfer your personal data out of the EEA, we ensure compliance by making sure at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection for personal data shared between the Europe and the US.
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate. We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know for the purposes of day to day operations.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
As the transmission of information via the internet is never completely secure, we cannot guarantee the security of your data transmitted to us and any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone. Please be aware that out of date software (eg: scripts and plugins) uploaded or installed by you will need to be regularly updated and monitored by you to prevent intrusion. The use of nulled themes is forbidden as these are a considerable security risk to your website data.
Personal data will be retained for as long as is required to carry out the purpose(s) for which it was collected, including, but not limited to. legal or accounting requirements. To determine the appropriate retention period for personal data, we consider the following :
- the amount of data held:
- the nature and sensitivity of the personal data;
- any potential risk from unauthorised use or disclosure;
- the purposes for processing your personal data or whether we can achieve those same purposes by other means and any relevant legal requirements that apply.
Individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Accounting and Legal requirements mean that we'll need to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after after any contract ends or when the individual or party ceases to be a customer.
For the effective running of our business (Legitimate Interest) we use your data to give you the best service/product and the most secure experience we can. We make sure that we take your rights into consideration before we process your personal data for the performance of contract. Performance of contract means we'll process your data where necessary to perform a contract to which you are a party or where you are requesting such a contract to be created. We do not use your personal data where our interests are overridden by your rights or if it will cause a significant impact to you unless we have your consent to do so or are otherwise required or permitted to by law to comply with legal or regulatory obligation.
- Service providers acting as processors who provide IT and system administration services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities.
- External third parties who provide electronic / computing services, as listed below:
This website may include links to third-party websites, plug-ins and applications. Clicking any links or enabling connections to those third-party websites may allow those third-parties to collect or share data about you. As we do not have any control of these third-party websites we cannot be responsible for their privacy statements. We encourage you to read the privacy statement of any site you visit whether it be accessed directly by you or via one of the links on our website.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Request access to your personal data : (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that it is being processed lawfully.
- Request correction of your personal data : This enables you to have any inaccurate data we hold about you corrected. In some circumstances, we may need to verify the new data you provide.
- Request erasure of your personal data : This will allow you to ask us to delete or remove personal data where there is no valid reason for us to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information incorrectly or where we are required to erase your data to comply with legal requirements or local laws. Please note that on occasion, we may not always be able to comply with your request of erasure for legal reasons. We will notify you of such, if applicable, at the time of your request.
- Object to processing of your personal data : You may object to processing if you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. Where we are relying on a legitimate interest (or those of a third party) and have a ligitimate reason for doing so, we may have grounds to process your information which overrides your rights and freedoms.
- Request restriction of processing your personal data : This will enable you to request suspension of the processing of your personal data in the following apply: (a) if you want us to validate the data or it's accuracy; (b) where our use of the data is incorrect but you do not want us to erase it; (c) where you need us to hold the data as you need it to establish, exercise or defend legal claims even if we no longer require it; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds for it's use.
- Request transfer of your personal data : We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used format. Please note that this right only applies to automated information for which consent will have been initially been provided or where we used the information to perform a contract with you.
- Right to withdraw consent : You may withdraw consent at any time where we are relying on consent to process your personal data for legitimate purposes. This will not affect the legitimate processing carried out before any consent is withdrawn. If consent is withdrawn, we may not be able to provide certain products or services to you. We will inform you at the time of withdrawal if this is the case.
In the event of access requests, you will not have to pay a fee to access your personal data as this is provided to you via your secure client area at all times. If your request is manifestly unfounded, repetitive or excessive we reserve the right to charge a fee and this will be based on the administrative costs of complying with the request. We may also refuse to comply with your request in these circumstances. In certain situations, we may need to request specific information from you to help us confirm your identity and to ensure you have the right to access the personal data requested. We will try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request requires validation or if you have made a number of requests. In the case of any delay, we will notify you and regularly update you.
Please note, Terms & Conditions state that visitors must be over 18 to register or purchase a product or service. We do not knowingly collect data relating to visitors under 18.
Changes to the privacy notice and your duty to inform us of changes
It is important that any personal data we hold about you is accurate and up-to-date before the deadline and at any time after. You have a duty to inform us of any personal data changes during your relationship with us.