Last Updated: 24-05-2018
We aim to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) as well as our professional guidelines and requirements.
The data controller is WebDesires; who manages and protects data on behalf of the clients, however clients also have access to modify / change and remove data where possible.
All websites in some form or another collect data from their visitors and clients, however any data collected and/or stored on our services is the responsibility of the processor which is the owner of the website.
Website databases and email records is kept under the strictest confidence and is not accessed by WebDesires or any third party other than the hosting client and their team, we may only access data on your website for the purposes of development, diagnosis and/or correction of data with your consent – but we do not use any client data for any business, personal or marketing purposes. Due to this any GDPR issues you have with a website hosted and/or maintained by us is not our responsibility and is in fact the responsibility of that websites owner.
All data stored on the server is stored behind a firewall and antivirus, additionally smart monitoring and mod_security protect against breaches and unusual behaviour and alerts are sent immediately on any suspected breach. Additionally sensitive information such as passwords are MD5 and SALT protected or encrypted.
Services such as Have I Been Pwned? Can be used to check if your details have been compromised from any services you use on-line.
The categories of data we control are
- The code required to run the application(s) required on the hosting account.
- Any sort of information the clients website is coded to collect.
We never pass or share any data to any third-parties unless where requested if we are working alongside any other representatives you request us to work with such as with an SEO provider for example. We will always request the client’s approval before sharing any information with another representative.
The storage of data is as follows
- Data is stored in many means and is specific to the system the customer is using on their hosting account, further details must be sought from the developers and providers of such systems.
- All data is stored on RapidSwitch UK servers.
- Data is also transmitted securely to our Amazon AWS (London) backup service daily through a secure connection.
The lawful basis of controlling sensitive data are
- RapidSwitch (Hosting) – For the operation and purpose of intention of the designed application, whether by us or by third parties.
- Amazon AWS (Backups) – For the purpose of data backup and data retention for our hosting clients should the worst happen.
Please see GDPR Compliance for Amazon AWS.
Please see GDPR Compliance for RapidSwitch.
You have the following personal data rights
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (clinical records must be retained for a certain time period)
- The right to restrict processing
- The right to data portability
- The right to object
Further details of these rights can be seen in our Information Governance Procedures or at the Information Commissioner’s website.
Here are some practical examples of your rights:
- If you are hosting with WebDesires you have the right to withdraw consent for the storage of your systems and databases, you have a right to a copy of such information in a format that is transferable to another hosting provider.
- If you are not a client of WebDesires you must seek information from the website owner as we are not responsible for such data.
If you have any comment, suggestion or a complaint about your data processing, we take complaints very seriously. Contact us via any details below:
22 Avenue Road,
Heath Hayes, Staffordshire
Call Us: 0121 318 6336
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.