VTSHosting Ltd as a Data Controller
We take our responsibilities to client data extremely seriously and we have detailed this below in a full review of our systems effective as of the 09/04/2018.
What information do we store and why do we store it?
We process client data in several platforms outlined below.
We never sell or give away data to third party companies.
What information do we store and why do we store it?
Client Accounts
We store essential account information only to allow us to maintain contact with you.
This includes business name, first name, surname, postal address, email, landline and mobile.
This information is only kept as long as required and once a client no longer holds any services or dealings with us, it is removed.
We also store the date your account was opened and your order/invoice history.
We do not store any payment information.
All passwords are fully encrypted.
Access to this information is locked to our office IP address only.
Support Tickets
All support tickets are kept and stored. These are hosted securely by Teamwork.com in Ireland. Support tickets only contain your name and email address and email text. We don't store passwords or other secure information within tickets. We keep old tickets to allow us to look back at any previous issues you may have had and how they were resolved.
Online/Telephone payments
We process online payments through Paypal and Paypal Pro.
Telephone payments are taken through Paypal Virtual Terminal and are entered into the Virtual Terminal system as they are given. We do not store them anywhere
All card data is entered directly on the Paypal Servers which are PCI compliant
Access to the business Paypal account is restricted to the office location only and we use two factor Authentication to authorise access
We do not store card details - any written details are securely shredded and recorded card details given oven the phone are deleted
You can read how they manage their data and their approach to GDPR here
Direct Debits
We process client Direct Debits for some clients via Go Cardless. They store name, address and bank sort code and account number.
You can read how they manage their data and their approach to GDPR here
Company Emails
We use GSuite by Google to process our company emails.
Any emails containing passwords or other secure information are deleted
You can read how G-Suite manage their data and their approach to GDPR here
Phone Calls
We use Soho 66 to process our phone calls.
All calls are recorded, stored and processed within their network. We do this for training purposes and to be able to clarify supplied information
Should you wish for your call not to be recorded, then we can arrange to call you from a different number
We delete phone calls where a call has been made to make a payment or any other secure details are detailed in the call.
You can read how they manage their data and their approach to GDPR as soon as they make their statement available.
Cookies and Visitor Tracking
A cookie is a small text file which is placed on your computer by your browser.
Temporary Cookies
We use Temporary Session Cookies to manage your movement between pages and to handle the session of your visit. These are essential for the site to function correctly
They have a maximum lifetime of 100 minutes and are removed once expired
They contain no identifiable information and do not track your activities on other sites.
Analytical Cookies - Google Analytics
We use analytical cookies from Google Analytics to identify which pages are being used. These usually have names such as UTMA, UTMB, UTMC, UTMZ
This helps us analyse data about web page traffic and general visitor behaviour on our website in order to tailor it to customer needs.
We only use this information for statistical analysis purposes and it does not contain any personally identifiable information. We ensure this by using Google Analytics anonymizeIp function to ensure that the IP address of a visitor cannot be matched with analytical data.
Analytical Cookies - Tawk To
Tawk To is our live chat software detailed above. It uses cookies to track visitors returning to continue previous chats. They will be introducing an IP anonymize function as Google have in time for GDPR to maintain visitor anonymity.
Visitor Activity Recording - Smartlook.com
Smartlook is a tool that allows us to record visitor activity to help us understand how people interact with the website
It does not record sensitive information
Smartlook will be upgrading their systems for GDPR to allow individual recordings to be deleted on request - Read more here
How to request a copy of your data/data removal
We believe in complete transparency in line with the purpose of the GDPR and will endeavour to meet the following targets:
- Respond to a request for an individual's data within 12 working hours and supply the data where possible within three weeks
- Respond to a request for data to be removed within 12 working hours and complete the deletion subsequent to appropriate checks within three weeks with completion documention to prove this.
To make a data request, please click here
Our response policy in the event of an internal data breach
The immediate priority is to identify and isolate the breach by locking down all systems and resetting all system passwords
We would then reset all client passwords and check the logs to see if any client sites have been accessed because of the breach
We would notify all clients of the breach, explaining what had happened and what steps we had taken to prevent future occurrence.
If we detected that any client sites had been accessed as a result of the breach, then we would notify them and if the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.
If client websites had been accessed because of the breach of our system, we would then report the breach to the relevant authorities within 72 hours as per the GDPR Requirements
