GDPR COMPLIANCE

Updated: April 2018
On the 25thof May 2018 the European data protection legislation that replaces the existing 1995 EU Data Protection Directive will come into force. This legislation is known as General Data Protection Regulation (GDPR).
GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

Where Expert Tech IT acts as a Data Processor
For the purpose of the GDPR regulation Expert Tech IT Ltd will act as a data processor for any data that has been provided, uploaded or transferred to our servers. Any client uploading this data will be classed as the data controller.

Where Expert Tech IT acts as a Data Controller
For the purpose of the GDPR regulation Expert Tech IT Ltd will act as the data controller for any data that was provided during the ordering and general account management process. This includes any data held for marketing purposes.
Data Physical Locations

Data provided to Expert Tech IT for website hosting is stored solely in the UK at the following locations.

Primary Data Centre
UK Dedicated Servers Limited
Unit 21 West Park
211 Torrington Avenue
Coventry
West Midlands
CV4 9AP

iomart
(Manchester, United Kingdom)

Secondary Data Centre
Host Dime
New London House
6 London St
London
EC3R 7LP

Personal Data Digital Location
UK Dedicated
3 Centro
Boundary Way
Hemel Hempstead
Hertfordshire
HP2 7SU

Office Location
Cardiff House
Cardiff Road
Barry
CF63 2AW

Microsoft services
Visit their website to see where you data is stored:
https://products.office.com/en-us/where-is-your-data-located?geo=All

Acronis Cloud Backup
Visit their website to see where your data is stored:
https://www.acronis.com/en-gb/articles/gdpr/

Mail Channels
Visit their website to see how your data is stored:

Type of Data
GDPR legislation applies to any data that can identity a living person including but not limited to email address, postal address and phone number.

Data Processing Agreements
Our data processing commitments are set within the Privacy Policy. These have been updated from feedback with clients and guidance from regulators. More recently it has been updated to include GDPR legislation.

Deleting Data
Any data you delete from our servers will be deleted immediately or should you have backups then within 30 days. On cancellation of services, data will be destroyed within a maximum period of 180 days. Any customer data may be retained for up to 6 years to satisfactory legal obligations. Expert Tech IT may keep your email address on file should you opt into our marketing materials.

Data Breach
Under GDPR it is the responsibility of the data controller (the Expert Tech IT client) to report a data breach to the Information Commission although Expert Tech IT, as the data processor, will assist in the breach notification.

Glossary
Data Subject A living person or individual
Data Controller The organisation that collects and determines how the information will be processed, i.e. a Nimbus Hosting client.
Data Processor An organisation that receives information from the data controller, i.e. Expert Tech IT Ltd.
Personally Identifiable Information (PII) Information that can identify a living individual
Supervisory Authority The authority responsible for enforcing the regulation within a specific territory. In the UK it will be the Information Commission’s Office (ICO).
Individual Rights The rights that empower the individual.
Data Breach Intentional or accidental loss / damage to information.