This policy was last updated: November 2020

To view this policy in PDF format, please click here

FyfeWeb Ltd, henceforth, shall be referred to as the "Company", "we", "us", "our", "FyfeWeb", "FyfeWeb Limited" or "FyfeWeb Hosting" in this Agreement. FyfeWeb Ltd is a registered company in England & Wales, with company number '12162548' of registered address '44 Ashfield Park, Whickham, Newcastle Upon Tyne, United Kingdom, NE16 4SQ'. We are a member of the Information Commissioner's Office (ICO) Data Protection Public Register, identifiable via the registration number 'ZA543527'.

FyfeWeb Ltd. respects your privacy and believes in utmost transparency when it comes to the security, protection and integrity of all information that is in our possession. For this reason, we have complied what information we collect, information we do not collect, what we do with the information that is collected, how long we retain such information and what we do to protect and secure this data. Furthermore, UK Law requires that where a website uses cookies or equivalent technologies, the website operator must make certain disclosures in relation to the use of the cookies. The General Data Protection Regulation 2018, or GDPR, will also apply where cookies use involves the processing of Personal Data will be disclosed in this Privacy Policy. By visiting, using or otherwise consuming our websites and/or Services provisioned and/or operated by the Company, you confirm that you have agreed to our Terms of Service as well as our entire legal framework and have read & understood this privacy policy.

Key Definitions

- Data controller: A data controller is a person, company, or other body that determines the purpose and means of personal data processing
- Data processor: A processor is responsible for processing personal data.
- Data subject: A person whom data concerns
- Personal Data: Information which can personally identify a person (often referred to as "personally identifiable information" or "personal information")
- User/Client/Customer: To whom the company provides a service
- Web Visitor: Someone who visits a website operated by the company
- Account: This refers to any Customer Accounts on Company systems
- Service: This refers to the Service provisioned by the Company to the Customer
- Unless the context requires a different interpretation: (a) the singular includes the plural and vice versa (b) references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Agreement (c) a reference to a person includes firms, companies, government entities, trusts and partnerships (d) the Term 'including' does not exclude anything not listed (e) "including" is understood to mean "including without limitation" (f) reference to any statutory provision includes any and all modifications or amendments of it (g) the headings and sub-headings do not form part of this Agreement

1.0 - Scope

This Privacy Policy applies to all websites, emails, applications, Services, tools, APIs and/or processes (processes which may include: support operations, payment processing, Service provisioning etc.) that are conducted or are accessible in any format, medium or means by FyfeWeb Ltd.

2.0 - Data Controller

FyfeWeb Ltd, 44 Ashfield Park, Whickham, Newcastle Upon Tyne, United Kingdom, NE16 4SQ.

3.0 - How this policy applies to you

This Privacy Policy describes what we do with Personal Information that we collect and/or are provided for use for our own purposes (i.e. where we are a Controller), such as your Account information (when a new Account is created or when existing Account information is updated) and information about how you use and interact with our Services, including information you submit through web forms on our website(s) or by email as well as certain information relating to our Customer's end users. We also host and process user Content for our Customers. Our Customers either conduct matters themselves or they instruct us what to do with their Content, and we follow their instructions. This privacy policy does not describe what we do with Customer Content on our Customer's instructions (i.e. as their Processor). If you are an end user of one of our Customers and want to know how they handle your information, you should check their privacy policy.

4.0 - What information we collect

We collect a range of Personal Information regarding the Customer. This includes:

- Information you provide in order to register for an Account or purchase a Service (this includes email address, first name and last name, company name, postal address, telephone number and payment information.)
- Your marketing & newsletter preferences;
- The emails and other communications that you send or otherwise contribute to us, via platforms such as Customer support enquiries, email or by posts to our public communication areas including our blog
- Information you share with us in connection with surveys, contests or promotions;
- Information from your use of our Sites and Services and/or users' Sites. This includes: Internet Protocol (IP) addresses, information about your browser, network and device (such as browser type and version, operating system, internet Service provider, preference settings, language and other regional settings), information about how you interact with the Service and our users' Sites and Services (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors)
- Other information you submit to us directly or information we may obtain from or through your use of third-parties.

The types, or categories of data collected includes:

- Identity Data: Including your user ID, title, full (legal) name, username, security questions and password.
- Contact Information: Including your billing address, email history, email address(es), contact telephone numbers and physical postal address.
- Marketing Data: Including your marketing and email newsletter choices and any statistical/analytical data collected from your use of our website(s) and/or Services.
- Financial Information: Includes any online payment addresses (i.e. email addresses associated with online payment accounts such as PayPal), bank account details, card details and billing address(es)
- Technical Information: includes IP addresses and the hostname from login attempts, browser type and version, time zone and location of browser, operating systems and technology used to access our website and/or the service as well as usage statistics and information of your use of the service.

5.0 - How we collect information

We obtain Personal Information from various sources. This is done in at least three different ways:

- The Customer provides it to the Company - such as by registering for an Account
- We record some of it automatically when you use our websites, Services - including with technologies like cookies and analytics
- We receive some of it from third parties - such as payment processors PayPal or Stripe.

We've described this in more detail below:

5.1 - User-provided Information
Before you use our Services, we ask you for information to create an Account, which includes at least your name and email address to register and manage your Account. We also maintain your marketing preferences and the emails and other communications that are exchanged or those that are otherwise contributed, such as Customer support enquiries. Sometimes we require you to provide us with information for contractual or legal reasons. For example, we may ask you to select your jurisdiction when you sign up for our Services to determine if, and how much, tax we need to collect from you or whether you are accessing the Site most local/applicable to your geographic region. We'll normally let you know when information is required, and the consequences of failing to provide it (if there are any). If you do not provide Personal Information when requested, you may not be able to use our Services - as intended - if that information is necessary to provide you with the Service or if we are legally required to collect it.

5.2 - Information collected from your use of our Sites/Services
When you use our Services and visit our websites, we collect aggregated information about your activity and interactions, and such information includes your Internet Protocol (IP) address(es), your device information (manufacturer and model etc.) and browser type, what pages on our Sites you visit, and for how long as well as identifiers associated with your devices. Should use our Public DNS Servers, we collect a limited amount of pseudonymised source and destination usage of such DNS servers, which are pruned on a regular basis. If you are an end user of our clients, we may also get information about your interactions with their Sites, though this in anonymous, aggregated or pseudonymised form which does not focus or identify you on an individual basis. We use this data to evaluate, provide, protect and/or improve our systems, networks and Services (including by developing new products and Services). Some of this information is collected automatically using cookies and similar technologies when you access and/or use our systems or Services and our Customer Sites or Services. We let our users control what cookies and similar technologies are used through usage of our Sites and Services - except those we need to use to provide the Site or Services in question properly (such as for performance or security related reasons). Some of this information is similarly collected automatically through your browser or from your device.

5.3 - Information collected from your usage of third-party Services
We have enabled our users to utilise an optional third-party Single Sign-on (SSO) Service, to sign in to their account and to pay their invoices. Users can use Google's "Sign in with Google" platform which creates an account if users don't previously have an existing account or signs them in if they have an existing account - and information provided to us from usage of this Service includes: date/time information, whether authentication was successful or not and the address registered with their Google Account when users use this Service. To find out what information is collected from using this, please refer to Google's Privacy Policy: https://policies.google.com/privacy. We also utilise two external payment Processors, who process user payments on our behalf: PayPal & Stripe. Their privacy policies can be found below: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full & https://stripe.com/gb/privacy. We also operate an internet speed test server. If you use the speed test server hosted by FyfeWeb, Ziff Davis Ireland Limited, trading as Ookla International ("Ookla International"), shall collect and will share with FyfeWeb information related to the usage of our server. This includes: speed test dates & time, partial IP addresses, country, region, city, latitude & longitude (of the IP Address used in the test, not the user's location), user agent, connection type, ISP information, amount of data downloaded and uploaded (in Kbps) as well as ping (in ms), jitter and your unique test ID. For more on the information that Ookla International collects from your use of the Service, please visit: https://www.ookla.com/privacy.

6.0 - Information we do not collect

We do not collect a range of information other providers collect by default. The Company does not actively partake in the automatic collection of age information (date of birth) without a valid, legal requirement to do so - which may include reasons or obligations in regards to subject access requests, abuse, security or safety. Since we only collect age information in certain circumstances, the Company does not knowingly collect, process or maintain the information of any individual under the age of consent. If the Company uncovers a case where a user is under the age of consent, their Service or Account will be subject to suspension pending conformance with age requirements or receipt of parental consent. We do not knowingly process Special Category Data outside of recruitment or employment processes/related departments. These sub-categories specifically include genetic data, racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, criminal offence data, religious or philosophical beliefs. In the event that we collect, store or process special category data, we will have a valid reason for processing under Article six (6) and a separate condition listed in article nine (9) of the General Data Protection Regulation (GDPR) as well as ensuring our Data Protection & Security standards, which are in-place, are actively supported, updated and maintained.


7.0 - How we use collected information

We use information provided by Customers and collected via use of our websites and Services to complete the following:

- Account Management
- Provisioning & Maintaining a Service
- Communicating with Customers
- Marketing, Surveys & Promotions
- Tailoring Services to the Customer
- Ensuring the Availability & Security of our Systems & Services
- Policy and Agreement Enforcement
- Compliance with the Law

We process your information for the above purposes when:

- Consent: When you have consented to the processing of your Personal Information in a legal capacity. Once you have Consented, you have the right to freely withdraw it.
- Performance of a Contract: We need your Personal Information to provide you with Services and products requested by you, or to respond to your enquiries so we can perform our Contract with you or take steps at your request before entering into a Contract.
- Legal Obligation: We have a legal obligation to process your Personal information, such as to comply with applicable tax and other government regulations or to comply with court orders, national security notices or any other legally binding law enforcement request.
- Legitimate Interests: We have a legitimate interest in processing your personal information to: to improve the quality and availability of the Service, to provide the Service and to analyse and improve the safety and security of our websites, systems, networks and Services - we do this as it is necessary to pursue our legitimate interests in ensuring FyfeWeb is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam, abuse and attack.
- Capacity & Threat Management: To anonymise and subsequently store anonymised information collected from sources listed within this policy for threat, analytical and security purposes.
- Protecting us, you and others: To protect the interests of ourselves, you and third parties

8.0 - Disclosure of Information

Disclosure of any information, including both personally identifiable and non-personally identifiable information, is heavily questioned and assessed. All information is treated in the strictest confidence. We never sell any data and we do not share your information for any reason other than the purposes listed in this policy. On occasion, your information may be disclosed in the following ways:

- Affiliates: We may share anonymised statistical information with Affiliates
- Customers: We may share pseudonymised statistical data with our Customers in relation to the type of Service they have purchased
- Partners: We may share anonymised information in relation to the Company
- Service Providers: We may, on occasion, share information to some of our Service providers - where they are our processor.
- Following the law: We will only disclose your information in response to a valid, lawful request by law enforcement or government officials - for purposes such as to meet national security or law enforcement investigation requirements. Upon receipt of a valid judicial court order from British authorities - or a valid request from foreign states through Mutual Legal Assistance (MLA) - that compels us to disclose information about a specific Customer or User (or if our team have good faith belief that there is a genuine reason to disclose such information: i.e. there is a significant risk to life) will only then information be disclosed. This would be done after we have conducted our own internal assessments to ensure such requests are not overly broad, procedurally deficient and in all intent and purposes, valid. We also reserve the right to disclose information to law enforcement or government officials should we detect or reasonably suspect illegal activity has been taking place under your Account and/or Service. All requests and disclosures are noted in our Transparency Report and we always endeavour to inform our Customers of any requests for their information prior to any disclosure, where permitted by law. This means that, despite our best endeavours, we cannot wholly guarantee notice of any kind, due to the likelihood of FyfeWeb being legally prohibited from doing so, usually where such disclosures would jeopardise a criminal investigation. However, should any confidentiality requirements be rescinded, that were accompanied with an initial request, we will provide immediate notice to the Customer about such disclosures.
- Payment Processors: In order for us to process your Payments, some information which includes your name, email address and invoice information is sent to our payment processors.
- Business transfers: If we're involved in a reorganisation, merger, acquisition or sale of some or all our assets, your personal information may be transferred as part of that deal. Should this ever occur, we will ensure that you are notified before any transfer of data, all data if transferred is done in accordance with the applicable laws and the receiving Party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.

9.0 - Your Rights

As a data subject, you have a number of rights. You have the right to:

- Right to be informed: you have the right to know what personal information is collected, used, shared or sold. (We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.)
- Right of Access: you have the right to obtain a copy of the data we hold about you;
- Right to Erasure: you have the right to ask the Company to delete the data we hold about you;
- Right to to Rectification: you have the right to request the Company to change incorrect or incomplete data;
- Right to restrict processing: you have the right to request the Company to stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Right to Object: you have the right to object to the processing of your data, where the above does not apply;
- Right to data portability: you have the right to obtain a copy of machine-readable information, which can be used with another service;
- Rights in relation to automated decision making and profiling: you have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.

You can also elect not to receive marketing communications by changing your preferences in our client area or by clicking the management/unsubscribe link within any of our marketing emails you receive. If you are an End User of one of our client's Sites, you should contact them to exercise your rights with respect to any information they hold about you. If you would like to exercise any of the rights listed in this policy, please contact our Legal & Compliance Department via email at privacy@fyfeweb.com.

Please note that if you exercise your right to erasure, for technical reasons, there is likely to be a delay in deleting your personal Information from our systems when you ask us to delete it. We will retain some, (i.e. Payment/Tax details) Personal Information in order to comply with the law, protect our and others' rights, resolve disputes or enforce our legal agreements or policies, to the extent permitted under applicable law.

10.0 - Where we store & how we protect your information

We are extremely committed to Data Sovereignty, as we know this is important for a large proportion of Customers. Currently, all data processed by the Company, is done solely in the United Kingdom. Occasionally, some Services within our portfolio requires us to transfer personal data outside of the UK and EEA. Domain name registration data needs to be sent to our domain registrars whom of which reside outside of the EEA, in the United States. As a result, we maintain industry recommended safeguards and have mutually signed data processing and transfer agreements to ensure compliance with the law and to outline our commitment to data privacy and security. We have a team dedicated to keeping personal information safe. We maintain stringent administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse and any other unlawful form of processing of, the personal information in our possession. We employ security measures such as using sophisticated firewalls to protect against intruders, building redundancies throughout our network (so that if one node goes down, another can cover for it where possible) and testing for and protecting against vulnerabilities. Furthermore, all our infrastructure is enclosed in secure racks in secure Tier 3, ISO-accredited data centres around the United Kingdom. In the very unlikely event that we were required to send any other form of data to a third country, it will always be done in a secure manner using industry recommended safeguards and mutually signed data processing and transfer agreements. By submitting your personal data for Services which require such exportation of data, you agree to the transfer, storing or processing of data outside the EEA when we have a legitimate reason to do so - i.e. Domain Name Purchases.

11.0 - Information Retention

We retain personal information regarding you and your use of the Services for as long as your Account is active or for as long as needed to provide you or our users with the Services. We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, to protect us in the event of disputes and to enforce our agreements and to protect our and others' interests. The precise periods for which we keep your personal information vary depending on the nature of the information in question, your use of the Service and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an Agreement or other matter, whether the personal information has been aggregated or pseudonymised, and other relevant criteria. For example, the period we keep your email address is connected to how long your account is registered, while the period for which we keep a support message is based on how long has passed since the last submission in the thread - but sometimes we archive support communications for training and quality purposes. As Users may have a seasonal site or come back to us after an account becomes inactive, we don't immediately delete your personal information if your services expire, suspend or cancel due to inactivity. If you cancel all services, we keep your personal information for a reasonable period of time, so it will be there for you if you come back. Please note that in the course of providing the Service, we collect and maintain aggregated, anonymised or de-personalised information which we may retain indefinitely.

12.0 - Reseller Customers & User Information

Our Customers who have a Site or Server which use FyfeWeb Systems and Services are responsible for what they do with the personal information they collect, directly or indirectly through FyfeWeb, about their End Users. This section is directed to such Customers. (a) Your relationship with end users: If you're one of our Customers, you will collect personal information about your end users. For example, during checkout you may ask your end users to provide their name, address, email address and payment information so that you can complete their orders. You may also use cookies and similar technologies to analyse usage and other trends. You're solely responsible for complying with any laws and regulations that apply to your collection and use of your end users' information, including Personal Information you collect about them from us or using FyfeWeb's functionality or cookies or similar technologies. We're not liable for your relationship with your end users/web visitors or how you collect and use personal information about them (even if you collect it from us or using our system's functionality or cookies or similar technologies) and we won't provide you with any legal advice regarding such matters. (b) End user payment information: Your End users' payment information may be processed via third party eCommerce Payment Processor which you integrate your account, in accordance with such eCommerce Payment Processors' terms and policies. We don't collect or knowingly store your End Users' payment information, nor do we collect or knowingly retain personal information about them either.

13.0 - Cookies

To enrich and perfect your online experience whilst using our Sites and Services, FyfeWeb may use "Cookies", similar technologies and Services to evaluate whether you are logged in, a returning visitor and store your preference changes you make on your computer. A cookie is a string of information that a website stores on a visitor's device, and that the visitor's browser provides to the website each time the visitor returns. FyfeWeb uses cookies to help us identify and track visitors, their usage of our websites, and their website access preferences. FyfeWeb visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our websites, with the drawback that certain features of our websites may not function properly without the aid of cookies. We do not and have no plans to serve or personalise adverts for our Customers or users at any time in the future. Cookies that we operate are primarily strictly necessary, as they pertain to the fundamental operation of our Sites except for circumstances where we may have implemented analytics. You hereby acknowledge and agree to FyfeWeb's use of cookies - else, please disable cookies within your browser, however this may render our Sites unusable. Furthermore, our Customers (who process Personal Data) must publish their own privacy and cookie policy and comply with the law.


14.0 - Data Protection Complaints

For all complaints regarding data protection, please in the first instance contact our Data Protection Officer via privacy@fyfeweb.com. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner's Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

15.0 - Changes to our Legal Framework

Like all organisations, we occasionally make major overhauls and changes to our Legal Framework. We endeavour to provide, but cannot wholly guarantee, notice to our Customers within seven (7) days prior to changes taking effect.