GDPR and Clientserv Ltd: Frequently Asked Questions
GDPR is obviously an important piece of legislation, not only for us, but for you, our customers.
As part of our GDPR preparations, we have created this FAQ to help you prepare for GDPR as well as reassure you about our own preparations.
Is my site compliant?
We are unable to confirm that your own site or business is compliant. We can give you as much information as we have about our systems and security, but you will need to make the decision for yourselves on your own compliance. If we maintain your site then rest assured we will be working with you towards your compliance. However, we are not solicitors and it is in your own best interest to check what needs to be done with someone with legally trained.
Where is our data located?
Our provider’s primary data centre is in Leeds (UK), and has in it:
- All our Hosting packages
- Our stand-alone mailboxes
- Our Hosted Exchange mailboxes
- All our client details
Our provider’s secondary data centre is in the EU, and has in it:
- Some Hybrid Servers
- Most Dedicated Servers purchased after 2016
We also have a server located in the EU and it:
- Has a back up of all the sites we host as an FTP download of any data that will download. Databases are only included if they are extracted into the hosted area.
StopTheHacker is produced by Cloudflare and does store a small amount of customer data.
We and our third-party partners are considered Data Processors with you our customer the Data Controller.
How secure is our data with you?
All personal data, both your own and that of your customers, is supplied to us through controlled processes that are protected by appropriate measures, including encryption.
Access to your data is subject to audits and access logging and is restricted based on the business need.
All staff that have access to your data, or will be collecting data, have been fully trained on respecting customers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.
How physically secure are the data centres?
Our provider has their own data centres which they have built in a secure and resilient network infrastructure and do not rely on third-party solutions.
Their data centres are staffed 24 hours a day every day of the year, with extensive physical security measures, including strict access control and CCTV.
What are you doing about processing customer data?
We are aware that, for some of our customers, we are the Data Processor, with the customer being the Data Controller. We are preparing a contract to assist our customers in their compliance with the obligations required by Article 17 of the Data Protection Directive 95/46/EC, which will be available to download as soon as it is complete.
What about using HostPay?
Many of the elements needed for GDPR for are already in place or are in the process of being added.
If you need export of your data, you can do so from your control panel. Where you can delete all files on our servers. You also need to contact us to purge any back ups we may have. This will not cancel any contract or outstanding invoice you have with us and we will retain details needed to persue this whilst needed.
Essential emails, such as invoices, password resets, and billing information, will be sent to your registed email address regardless of any choice in the mailing list.
What is your own GDPR policy?
Clientserv Ltd complies with all data protection laws applicable to its operations. GDPR is an evolution of privacy law, and not a drastic departure from the laws and regulations that currently govern our day-to-day operations. We welcome the changes as another step towards maintaining the privacy of our customers, and we’re working towards compliance as appropriate and necessary.
We store data as needed to manage and run your account, including for accounting, product configuration, and other reasons. You will be able to see our Privacy Statement once it has been updated.
Where can I find out more?
A web version of the full General Data Protection Regulation can be found HERE or visit ICO’s Guide to the General Data Protection Regulation (GDPR).