General Data Protection Regulation (GDPR)
As a web host, Envision Online are committed to addressing EU data protection requirements applicable to us as a data processor. These include:
Data processing: Our ability to fulfil our commitments as part of article 28 of the Regulation as a data processor to our customers, is a part of our compliance with GDPR. You, the data controller, are using a third-party such as ourselves to process personal data.
Because of this requirement, we have assessed our existing data protection policies and practices and made the necessary changes.
Data sharing: The data our customers store with ourselves is theirs, however for certain services such as domain registrations we will be guided by ICANN and Nominet rules & regulations
What is the General Data Protection Regulations, 2018 (GDPR) and how does it affect me?
The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange. For more information you can read the policy documents accessible on my website.
We do not sell, distribute or lease your personal information to third parties.
How We Collect Information About You
1/ When you provide information to us by phone, email, text message, instant message, social media, or through our website.
2/ From your use of our website using cookies, and simular technology. Google Analytics, Facebook Pixel Tracker
We do not collect information from third parties.
Your Personal Information
The informaton we hold on clients and suppliers are:
- Business Address
- Phone Number
- Email Address
- Website Address
We store this information in Sage Instant Accounts software & Email. We use password protection to prevent unauthorised access to the accounts. Only those with a need to know basis have access to these software packages.
We do not store any bank details for clients or suppliers.
Our website may also collect the following information:
IP Address, information from cookies, information about your computer or device (eg browser, screen size), geoprahical location from where you accessed the website based on your IP address.
All design work for our websites is performed inhouse. Therefore your data is not exported and shared with other third party suppliers.
Data Controller and Data Processor
- A controller is a person or an organization that decides what data is collected and how it’s used.
- As a data processor, a person or an entity processes the data on behalf of the controller.
We operate as a data controller when clients provide consentual personal information when placing a new order.
Disclosure of your personal information to third parties
We only disclose your information to third parties necessary to run our business. This include the accountantcy work. When the accounts are reconsiled, the backup files are deleted within a couple of weeks.
How long will you hold my information?
As a web developer and host provider, we hold your data for 7 years for the primary purpose of accounting purposes for the HMRC. Information entered into a website when creating an account can be accessed by the client and erased themselved. Alternavity we can put you in contact with the business owner of the website so the data can be removed.
What if I don’t want my records to be held for that long?
Under the GDPR you can make a request in writing to us for all your records to be deleted. Any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on.
Why do you need to record this information?
We store your information no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for accountcy purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business)
How do we secure your data
We use appropriate technical and organisational measures. For data tranfered by website or email, encrypt transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology, only granting access to your information where necessary.
We only record client and suppliers details for accountantcy purposes.
As part of our business we develop websites for our clients. All data stored on our website and our clients websites use md5 hashing algorithm to encrypt the data. The databases and WordPress websites we develop also have unique and seperate passwords to prevent unauthorised access to any data..
Do we sell your information to third parties
No, we do not sell your information to any third parties.
Our Role As A Data processor
While Envision Online may provide you with assistance to help ensure your business is compliant, it is your responsibility to ensure that your site is compliant with GDPR.
Envision Online may store confidential client data for you on our website. While we will do our best to ensure that the website is secure and follows best practices, we accept no liability for data loss or security breaches. It is up to you to ensure that your site complies with GDPR.
Should there be an issue with your website, we may have to access your clients data to identify and resolve the problem. This might involve processing your clients data. We will not use the data other than to provide you with the service you need
You are entitled to know what information we hold about you. If you want to know what information we store, please contact us and we shall provide you with the information you request. Should any of this personal data be incorrect, please let us know and we will amend it accordingly.
If you would like us to delete any data we hold about you, please contact us and we will delete your personal information.
Please note that while we will remove what data it is possible to do so, we are required to keep some data, such as invoices for accounting purposes.
It may also not be practical to delete data in some cases, such as when the data is stored in a location that is not normally accessible to us. In these cases we will ensure that we do not process your data and remove it upon access.
If you make a deletion request, we can tell you what we have removed and what data we are unable to remove for legal or practical reasons.
If you have any questions about this policy, please contact the data controller Peter Mayhew