This policy was last updated: November 2020
To view this policy in PDF format, please click here
FyfeWeb Ltd, henceforth, shall be referred to as the "Company", "we", "us", "our", "FyfeWeb", "FyfeWeb Limited" or "FyfeWeb Hosting" in this Agreement. FyfeWeb Ltd is a registered company in England & Wales, with company number '12162548' of registered address '44 Ashfield Park, Whickham, Newcastle Upon Tyne, United Kingdom, NE16 4SQ'. We are a member of the Information Commissioner's Office (ICO) Data Protection Public Register, identifiable via the registration number 'ZA543527'.
- Data controller: A data controller is a person, company, or other body that determines the purpose and means of personal data processing
- Data processor: A processor is responsible for processing personal data.
- Data subject: A person whom data concerns
- Personal Data: Information which can personally identify a person (often referred to as "personally identifiable information" or "personal information")
- User/Client/Customer: To whom the company provides a service
- Web Visitor: Someone who visits a website operated by the company
- Account: This refers to any Customer Accounts on Company systems
- Service: This refers to the Service provisioned by the Company to the Customer
- Unless the context requires a different interpretation: (a) the singular includes the plural and vice versa (b) references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Agreement (c) a reference to a person includes firms, companies, government entities, trusts and partnerships (d) the Term 'including' does not exclude anything not listed (e) "including" is understood to mean "including without limitation" (f) reference to any statutory provision includes any and all modifications or amendments of it (g) the headings and sub-headings do not form part of this Agreement
1.0 - Scope
2.0 - Data Controller
FyfeWeb Ltd, 44 Ashfield Park, Whickham, Newcastle Upon Tyne, United Kingdom, NE16 4SQ.
3.0 - How this policy applies to you
4.0 - What information we collect
We collect a range of Personal Information regarding the Customer. This includes:
- Information you provide in order to register for an Account or purchase a Service (this includes email address, first name and last name, company name, postal address, telephone number and payment information.)
- Your marketing & newsletter preferences;
- The emails and other communications that you send or otherwise contribute to us, via platforms such as Customer support enquiries, email or by posts to our public communication areas including our blog
- Information you share with us in connection with surveys, contests or promotions;
- Information from your use of our Sites and Services and/or users' Sites. This includes: Internet Protocol (IP) addresses, information about your browser, network and device (such as browser type and version, operating system, internet Service provider, preference settings, language and other regional settings), information about how you interact with the Service and our users' Sites and Services (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors)
- Other information you submit to us directly or information we may obtain from or through your use of third-parties.
The types, or categories of data collected includes:
- Identity Data: Including your user ID, title, full (legal) name, username, security questions and password.
- Contact Information: Including your billing address, email history, email address(es), contact telephone numbers and physical postal address.
- Marketing Data: Including your marketing and email newsletter choices and any statistical/analytical data collected from your use of our website(s) and/or Services.
- Financial Information: Includes any online payment addresses (i.e. email addresses associated with online payment accounts such as PayPal), bank account details, card details and billing address(es)
- Technical Information: includes IP addresses and the hostname from login attempts, browser type and version, time zone and location of browser, operating systems and technology used to access our website and/or the service as well as usage statistics and information of your use of the service.
5.0 - How we collect information
We obtain Personal Information from various sources. This is done in at least three different ways:
- The Customer provides it to the Company - such as by registering for an Account
- We record some of it automatically when you use our websites, Services - including with technologies like cookies and analytics
- We receive some of it from third parties - such as payment processors PayPal or Stripe.
We've described this in more detail below:
5.1 - User-provided Information
Before you use our Services, we ask you for information to create an Account, which includes at least your name and email address to register and manage your Account. We also maintain your marketing preferences and the emails and other communications that are exchanged or those that are otherwise contributed, such as Customer support enquiries. Sometimes we require you to provide us with information for contractual or legal reasons. For example, we may ask you to select your jurisdiction when you sign up for our Services to determine if, and how much, tax we need to collect from you or whether you are accessing the Site most local/applicable to your geographic region. We'll normally let you know when information is required, and the consequences of failing to provide it (if there are any). If you do not provide Personal Information when requested, you may not be able to use our Services - as intended - if that information is necessary to provide you with the Service or if we are legally required to collect it.
5.2 - Information collected from your use of our Sites/Services
When you use our Services and visit our websites, we collect aggregated information about your activity and interactions, and such information includes your Internet Protocol (IP) address(es), your device information (manufacturer and model etc.) and browser type, what pages on our Sites you visit, and for how long as well as identifiers associated with your devices. Should use our Public DNS Servers, we collect a limited amount of pseudonymised source and destination usage of such DNS servers, which are pruned on a regular basis. If you are an end user of our clients, we may also get information about your interactions with their Sites, though this in anonymous, aggregated or pseudonymised form which does not focus or identify you on an individual basis. We use this data to evaluate, provide, protect and/or improve our systems, networks and Services (including by developing new products and Services). Some of this information is collected automatically using cookies and similar technologies when you access and/or use our systems or Services and our Customer Sites or Services. We let our users control what cookies and similar technologies are used through usage of our Sites and Services - except those we need to use to provide the Site or Services in question properly (such as for performance or security related reasons). Some of this information is similarly collected automatically through your browser or from your device.
5.3 - Information collected from your usage of third-party Services
6.0 - Information we do not collect
We do not collect a range of information other providers collect by default. The Company does not actively partake in the automatic collection of age information (date of birth) without a valid, legal requirement to do so - which may include reasons or obligations in regards to subject access requests, abuse, security or safety. Since we only collect age information in certain circumstances, the Company does not knowingly collect, process or maintain the information of any individual under the age of consent. If the Company uncovers a case where a user is under the age of consent, their Service or Account will be subject to suspension pending conformance with age requirements or receipt of parental consent. We do not knowingly process Special Category Data outside of recruitment or employment processes/related departments. These sub-categories specifically include genetic data, racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, criminal offence data, religious or philosophical beliefs. In the event that we collect, store or process special category data, we will have a valid reason for processing under Article six (6) and a separate condition listed in article nine (9) of the General Data Protection Regulation (GDPR) as well as ensuring our Data Protection & Security standards, which are in-place, are actively supported, updated and maintained.
7.0 - How we use collected information
We use information provided by Customers and collected via use of our websites and Services to complete the following:
- Account Management
- Provisioning & Maintaining a Service
- Communicating with Customers
- Marketing, Surveys & Promotions
- Tailoring Services to the Customer
- Ensuring the Availability & Security of our Systems & Services
- Policy and Agreement Enforcement
- Compliance with the Law
We process your information for the above purposes when:
- Consent: When you have consented to the processing of your Personal Information in a legal capacity. Once you have Consented, you have the right to freely withdraw it.
- Performance of a Contract: We need your Personal Information to provide you with Services and products requested by you, or to respond to your enquiries so we can perform our Contract with you or take steps at your request before entering into a Contract.
- Legal Obligation: We have a legal obligation to process your Personal information, such as to comply with applicable tax and other government regulations or to comply with court orders, national security notices or any other legally binding law enforcement request.
- Legitimate Interests: We have a legitimate interest in processing your personal information to: to improve the quality and availability of the Service, to provide the Service and to analyse and improve the safety and security of our websites, systems, networks and Services - we do this as it is necessary to pursue our legitimate interests in ensuring FyfeWeb is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam, abuse and attack.
- Capacity & Threat Management: To anonymise and subsequently store anonymised information collected from sources listed within this policy for threat, analytical and security purposes.
- Protecting us, you and others: To protect the interests of ourselves, you and third parties
8.0 - Disclosure of Information
Disclosure of any information, including both personally identifiable and non-personally identifiable information, is heavily questioned and assessed. All information is treated in the strictest confidence. We never sell any data and we do not share your information for any reason other than the purposes listed in this policy. On occasion, your information may be disclosed in the following ways:
- Affiliates: We may share anonymised statistical information with Affiliates
- Customers: We may share pseudonymised statistical data with our Customers in relation to the type of Service they have purchased
- Partners: We may share anonymised information in relation to the Company
- Service Providers: We may, on occasion, share information to some of our Service providers - where they are our processor.
- Following the law: We will only disclose your information in response to a valid, lawful request by law enforcement or government officials - for purposes such as to meet national security or law enforcement investigation requirements. Upon receipt of a valid judicial court order from British authorities - or a valid request from foreign states through Mutual Legal Assistance (MLA) - that compels us to disclose information about a specific Customer or User (or if our team have good faith belief that there is a genuine reason to disclose such information: i.e. there is a significant risk to life) will only then information be disclosed. This would be done after we have conducted our own internal assessments to ensure such requests are not overly broad, procedurally deficient and in all intent and purposes, valid. We also reserve the right to disclose information to law enforcement or government officials should we detect or reasonably suspect illegal activity has been taking place under your Account and/or Service. All requests and disclosures are noted in our Transparency Report and we always endeavour to inform our Customers of any requests for their information prior to any disclosure, where permitted by law. This means that, despite our best endeavours, we cannot wholly guarantee notice of any kind, due to the likelihood of FyfeWeb being legally prohibited from doing so, usually where such disclosures would jeopardise a criminal investigation. However, should any confidentiality requirements be rescinded, that were accompanied with an initial request, we will provide immediate notice to the Customer about such disclosures.
- Payment Processors: In order for us to process your Payments, some information which includes your name, email address and invoice information is sent to our payment processors.
9.0 - Your Rights
As a data subject, you have a number of rights. You have the right to:
- Right of Access: you have the right to obtain a copy of the data we hold about you;
- Right to Erasure: you have the right to ask the Company to delete the data we hold about you;
- Right to to Rectification: you have the right to request the Company to change incorrect or incomplete data;
- Right to restrict processing: you have the right to request the Company to stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Right to Object: you have the right to object to the processing of your data, where the above does not apply;
- Right to data portability: you have the right to obtain a copy of machine-readable information, which can be used with another service;
- Rights in relation to automated decision making and profiling: you have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
You can also elect not to receive marketing communications by changing your preferences in our client area or by clicking the management/unsubscribe link within any of our marketing emails you receive. If you are an End User of one of our client's Sites, you should contact them to exercise your rights with respect to any information they hold about you. If you would like to exercise any of the rights listed in this policy, please contact our Legal & Compliance Department via email at firstname.lastname@example.org.
Please note that if you exercise your right to erasure, for technical reasons, there is likely to be a delay in deleting your personal Information from our systems when you ask us to delete it. We will retain some, (i.e. Payment/Tax details) Personal Information in order to comply with the law, protect our and others' rights, resolve disputes or enforce our legal agreements or policies, to the extent permitted under applicable law.
10.0 - Where we store & how we protect your information
We are extremely committed to Data Sovereignty, as we know this is important for a large proportion of Customers. Currently, all data processed by the Company, is done solely in the United Kingdom. Occasionally, some Services within our portfolio requires us to transfer personal data outside of the UK and EEA. Domain name registration data needs to be sent to our domain registrars whom of which reside outside of the EEA, in the United States. As a result, we maintain industry recommended safeguards and have mutually signed data processing and transfer agreements to ensure compliance with the law and to outline our commitment to data privacy and security. We have a team dedicated to keeping personal information safe. We maintain stringent administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse and any other unlawful form of processing of, the personal information in our possession. We employ security measures such as using sophisticated firewalls to protect against intruders, building redundancies throughout our network (so that if one node goes down, another can cover for it where possible) and testing for and protecting against vulnerabilities. Furthermore, all our infrastructure is enclosed in secure racks in secure Tier 3, ISO-accredited data centres around the United Kingdom. In the very unlikely event that we were required to send any other form of data to a third country, it will always be done in a secure manner using industry recommended safeguards and mutually signed data processing and transfer agreements. By submitting your personal data for Services which require such exportation of data, you agree to the transfer, storing or processing of data outside the EEA when we have a legitimate reason to do so - i.e. Domain Name Purchases.
11.0 - Information Retention
12.0 - Reseller Customers & User Information
13.0 - Cookies
14.0 - Data Protection Complaints
For all complaints regarding data protection, please in the first instance contact our Data Protection Officer via email@example.com. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner's Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
15.0 - Changes to our Legal Framework
Like all organisations, we occasionally make major overhauls and changes to our Legal Framework. We endeavour to provide, but cannot wholly guarantee, notice to our Customers within seven (7) days prior to changes taking effect.