VTSHosting Ltd as a Data Controller

We take our responsibilities to client data extremely seriously and we have detailed this below in a full review of our systems effective as of the 09/04/2018.

What information do we store and why do we store it? 

We process client data in several platforms outlined below.

We never sell or give away data to third party companies.

What information do we store and why do we store it? 

Client Accounts

We store essential account information only to allow us to maintain contact with you.

This includes business name, first name, surname, postal address, email, landline and mobile.

This information is only kept as long as required and once a client no longer holds any services or dealings with us, it is removed.

We also store the date your account was opened and your order/invoice history.

We do not store any payment information.

All passwords are fully encrypted.

Access to this information is locked to our office IP address only.

Support Tickets

All support tickets are kept and stored. These are hosted securely by Teamwork.com in Ireland. Support tickets only contain your name and email address and email text. We don't store passwords or other secure information within tickets. We keep old tickets to allow us to look back at any previous issues you may have had and how they were resolved.

Online/Telephone payments

We process online payments through Paypal and Paypal Pro.

Telephone payments are taken through Paypal Virtual Terminal and are entered into the Virtual Terminal system as they are given. We do not store them anywhere

All card data is entered directly on the Paypal Servers which are PCI compliant

Access to the business Paypal account is restricted to the office location only and we use two factor Authentication to authorise access

We do not store card details - any written details are securely shredded and recorded card details given oven the phone are deleted

You can read how they manage their data and their approach to GDPR here

Direct Debits

We process client Direct Debits for some clients via Go Cardless. They store name, address and bank sort code and account number. 

You can read how they manage their data and their approach to GDPR here

Company Emails

We use GSuite by Google to process our company emails.

Any emails containing passwords or other secure information are deleted

You can read how G-Suite manage their data and their approach to GDPR here

Phone Calls

We use Soho 66 to process our phone calls.

All calls are recorded, stored and processed within their network. We do this for training purposes and to be able to clarify supplied information

Should you wish for your call not to be recorded, then we can arrange to call you from a different number

We delete phone calls where a call has been made to make a payment or any other secure details are detailed in the call.

You can read how they manage their data and their approach to GDPR as soon as they make their statement available.

Cookies and Visitor Tracking

A cookie is a small text file which is placed on your computer by your browser.

Temporary Cookies

We use Temporary Session Cookies to manage your movement between pages and to handle the session of your visit. These are essential for the site to function correctly

They have a maximum lifetime of 100 minutes and are removed once expired

They contain no identifiable information and do not track your activities on other sites.

Analytical Cookies - Google Analytics

We use analytical cookies from Google Analytics to identify which pages are being used. These usually have names such as UTMA, UTMB, UTMC, UTMZ

This helps us analyse data about web page traffic and general visitor behaviour on our website in order to tailor it to customer needs.

We only use this information for statistical analysis purposes and it does not contain any personally identifiable information. We ensure this by using Google Analytics anonymizeIp function to ensure that the IP address of a visitor cannot be matched with analytical data.

Analytical Cookies - Tawk To

Tawk To is our live chat software detailed above. It uses cookies to track visitors returning to continue previous chats. They will be introducing an IP anonymize function as Google have in time for GDPR to maintain visitor anonymity.

Visitor Activity Recording - Smartlook.com

Smartlook is a tool that allows us to record visitor activity to help us understand how people interact with the website

It does not record sensitive information

Smartlook will be upgrading their systems for GDPR to allow individual recordings to be deleted on request - Read more here

How to request a copy of your data/data removal

We believe in complete transparency in line with the purpose of the GDPR and will endeavour to meet the following targets:

  • Respond to a request for an individual's data within 12 working hours and supply the data where possible within three weeks
  • Respond to a request for data to be removed within 12 working hours and complete the deletion subsequent to appropriate checks within three weeks with completion documention to prove this.

To make a data request, please click here

Our response policy in the event of an internal data breach

The immediate priority is to identify and isolate the breach by locking down all systems and resetting all system passwords

We would then reset all client passwords and check the logs to see if any client sites have been accessed because of the breach

We would notify all clients of the breach, explaining what had happened and what steps we had taken to prevent future occurrence.

If we detected that any client sites had been accessed as a result of the breach, then we would notify them and if the client has registered users on their site, we would recommend that all passwords are reset and that they contact their own clients to advise them of a data breach under their GDPR responsibilities.

If client websites had been accessed because of the breach of our system, we would then report the breach to the relevant authorities within 72 hours as per the GDPR Requirements