Policy key definitions:
- "I", "our", "us", or "we" refer to the business, [Bayfair Ltd., trading as ITSimple].
- "you", "the user" refer to the person(s) using this website and our services.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner's Office.
- Cookies mean small files stored on a users computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases:
- We are exempt from registration in the ICO Data Protection Register as we only process personal data for our core business purposes.
Lawful basis: Consent
The reason we use this basis: You will have asked us, either by email, conversation, text or web form to provide you with services. Our services are also subject to the contract provided at www.itsimple.co.uk/terms.htm and with our website creation contract at www.itsimple.co.uk/contract.pdf
We process your information in the following ways: We provide web hosting, domain registration and associated services and process your data to enable you to use those services. We need to generate invoices for payment and record details of payments made.
Data retention period:
We hold data for a period of 7 years after you stop being a client. We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.
Sharing your information:
In order to develop your website and to provide you with associated services such as email forwarding and mailboxes, we need to have access to web servers and data systems. We hold any passwords and general information necessary to fulfil our work for you in secured password vaults. This is never shared with anyone external to our developers and subcontractors. We use a web based ticket system at itsimple.freshdesk.com so that you can generate support tickets and we can respond to you. This is provided by others and your use of these systems falls within their data protection and privacy rules.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in detail here;
- the right to be informed
- the right of access
We will provide you with the personal data we hold on you if you request it from us. You can do this by email us email@example.com
- the right to rectification
If the data we hold on you is incorrect, please let us know and we will correct it.
- the right to erasure
We will delete your data in accordance with the 'Data retention period' above.
- the right to restrict processing
We do not use your data for any purpose other than that which is necessary for us to provide you the services you receive from us.
- the right to data portability
We will provide the data we hold on you in a readable format is you request it. This may be a .csv or .txt file
- the right to object
If you object to receiving additional information from us, other than that which we need to send to provide the services you receive from us, we will stop sending that to you
- the right not to be subject to automated decision-making including profiling
We do not use these processes
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Data security and protection
We use secure data storage technologies and precise procedures to store, access and manage our business data information. Our methods meet the GDPR compliance requirement.
The provision of our services sometimes requires the transmission and digital storage of your data with others in order to provide you with a service - for example the registration of domain names whereby we use the details you provide us to register a domain on your behalf through our trusted Registrars. That data will then be used in turn by the Registry service (for example Nominet for .uk domains) so that your domain can be registered to you.
Unfortunately, the transmission and/or storage of information via the internet and in data centres can never be guaranteed as completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or on our trusted partners data servers; any transmission and storage is at your own risk. Once we have received your information, we and our trusted partners will use strict procedures and security features to try to prevent unauthorised access.
We take snapshot backups of websites so that, in the event of failure of a web server, we are able to attempt to restore your website in as short a time as possible, however the integrity of such backups cannot be guaranteed. You should not rely on these backups for your website provision in the event of a failure of your website, as the nature of failure of internet systems and infrastructure and the continued threat of malicious code and hackers can mean that these are rendered useless. We store those backups in a digital repository secured using encryption and strong passwords. Should you withdraw your consent for us to store your data, we will delete these backups as part of our deletion processes. We use only secure storage services and vaults that are digitally encrypted and secured using strong passwords.
Should your website suffer a data breach that we are made aware of by our trusted partners or monitoring technicians, we will:
- inform you that your website has suffered a data breach and, if possible, the extent of that breach. We will do this within 72 hours of any such breach. We may need to take your website offline as it is possible that it will have been the subject of a malicious hacker and we would want to lessen the exposure of our web servers to further such attack.
or if our systems suffer a data breach, we will:
- inform you that we have suffered a local data breach and the extent to which your data may have been exposed. We will log any and all data breaches within our Data Breach Log.
Email marketing messages
We do not engage in digital marketing and will not pass your information on to anyone who will.
Resources & further information