Select Page

Privay Policy

 

At VARiHOST, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.

This Privacy Notice, inclusive of our General Terms of Service, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.

For clarity, VARiHOST may be both data controller and data processor for your personal data under certain circumstances.

We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.

 

Data Protection law will change on 25 May 2018

This Privacy Policy sets out your rights under the new laws.

 

Who are we?

VARiHOST is a provider of web hosting services, based in London. VARiHOST have a registered office at Suite 36, 88-90 Hatton Garden, London, EC1N 8PN, United Kingdom and company number 4080318. Richard Thomas is the registered Data Protection Officer for VARiHOST.

 

How the law protects you

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance, and to contact you for customer service and support purposes.

 

How do we collect personal data from you?

We receive information about you from you when you use our website, complete forms on our website, if you contact us by email or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up/register a customer account, or when you inform us of any other matter.

If you provide us with personal data about a third party (for example when registering a domain on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.

Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.

 

What type of data do we collect from you?

The personal data that we may collect from you includes your name, address, email address, phone numbers and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.

Please be aware that any video, image, or other content posted, uploaded or otherwise made available by you onto your website, whether published content or not, is not subject to our Privacy Notice.

We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content.

 

Where is our data located?

We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.

Our primary data centre is in Leeds (UK), and has in it:

  • All our Basic, Plus, Extra, WordPress, Managed WordPress (MWP) and Reseller packages
  • Our Virtual Private Servers
  • A majority of our Hybrid Servers
  • Our legacy Dedicated Servers
  • Our stand-alone mailboxes
  • A majority of our Hosted Exchange mailboxes
  • All our customer details
  • All our Resellers’ client details

Our secondary data centre is in the EU, and has in it:

  • Some of our Hybrid Servers
  • Most Dedicated Servers purchased after 2016

Email data:

  • Gmail / Google Apps user data shared with Google in the EEA.
  • Some Exchange email shares data with third party infrastructure in the EEA.
  • Standard email all UK based.

Most of our third-party partners are considered Data Processors, and we, or our customers, are the Data Controller.

All information you provide to us is stored on our secured servers.  By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.

As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Any sensitive data (payment details for example) are encrypted and protected by our payment/merchant providers (PayPal and GoCardless)

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.

 

How do we use your data?

We use information about you in the following ways:

  • To process orders that you have submitted to us;
  • To provide you with products and services;
  • To comply with our contractual obligations we have with you;
  • To help us identify you and any accounts you hold with us;
  • To enable us to review, develop and improve the website and services;
  • To provide customer care, including responding to your requests if you contact us with a query;
  • To administer accounts, process payments and keep track of billing and payments;
  • To detect fraud and to make sure what you have told us is correct;
  • To notify you about changes to our website and services;
  • To inform you of service and price changes.

 

Support Ticket data

We use a third party support ticket system (https://freshdesk.com), which handles collection of ticket information via online form. The information you provide here is essential for us to provide effective and efficient support for the services we provide. Freshdesk provide their own Privacy Statement for the data they collect and store on our behalf: https://www.freshworks.com/privacy/

 

How secure is our data with you?

All personal data, both your own and that of your customers, is supplied to us through controlled processes that are protected by appropriate measures, including encryption.

Access to your data is subject to audits and access logging, and is restricted based on the business need.

All staff that have access to your data, or will be collecting data, have been fully trained on respecting customers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.

 

How physically secure are your data centres?

The data centres we use are in a secure and resilient network infrastructure and do not rely on third-party solutions.

The data centres are staffed 24 hours a day every day of the year, with extensive physical security measures, including strict access control and CCTV.

 

Retention periods

We will keep your personal data for the duration of the period you are a customer of VARiHOST. We shall retain your data only for as long as necessary in accordance with applicable laws.

On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.

 

Who has access to your personal data?

Here is a list of all the ways that we may use your personal data and how we share the information with third parties. For clarity, we have grouped them into the specific products and services that we offer:

 

Domains

We process your data for administration, billing, support and the provision of services. Your data (Registrant) may be sent to the domain registrar outside of the EEA.

 

Webhosting, VPS & Dedicated servers

We process your data for administration, billing, support and the provision of services

 

Email hosting

We process your data for administration, billing, support and the provision of services. Additionally, to provide customer domain and connection details and use email addresses to provide the service.

  • Gmail / Google Apps user data shared with Google in the EEA.
  • Some Exchange email shares data with third party infrastructure in the EEA.
  • Standard email all UK based.

 

SSL certificates

We process your data for administration, billing, support and the provision of services. Additionally, to provide details of the certificate owner to the certificate authority for its authentication and use. Our SSL certificates are generated by Starfield Technologies, who have a Privacy Centre here.

 

Third Parties

For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.

We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.

 

Is my site compliant?

We are unable to confirm that your own site/s or business is compliant. We can give you as much information as we have about our systems and security, but you will need to make the decision for yourselves on your own compliance.

 

Your rights

In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.

You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.

Our Privacy Notice shall be made clear to you at the point of collection of your personal data.

You can view, edit or delete your personal data through the VARiHOST Customer Control Panel.

You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services, you will have the choice not to choose these by ticking the relevant boxes situated on the pages either at sign up or in your control panel.

We will not contact you for marketing purposes unless you have given us your prior consent.

 

Accessing and updating your data

You must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, e-mail address and payment details are kept up to date at all times. You must do this by updating your personal details within your VARiHOST Customer Control Panel.

You have the right to access the information we hold about you. Please email your requests to admin@vari.host so that we can obtain this information for you.

 

Use of cookies

Our cookies policy is available to view here https://www.vari.host/terms-conditions/

 

Links to other sites

VARiHOST may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.

 

Liability

We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions: https://www.vari.host/terms-conditions/

 

Data Breaches

In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.

 

Contact us

Please e-mail any questions or comments you have about privacy to us at admin@vari.host

 

Your right to make a complaint

You have the right to make a complaint about how we process your personal data to the Information Commissioner:

https://ico.org.uk/concerns/

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113