Obligations as GDPR Data Processors
VTSHosting Ltd falls under the classification of a Data Processor as we process and store the data of clients (Data Controllers) as part of our hosting service.
Our servers are located in Maidenhead and Leeds
Our back up servers are locatedin Zurich
We process some email via Spam Experts who are located within the EU
Choice of who we use as sub processors
We only appoint sub processors e.g. for our server management or to outsource data backups that have demonstrated full GDPR compliance
Restrictions on Sub-Contracting
Under the terms of the GDPR, we do not subcontract out any part of our service without the consent of the Data Controllers who are using our service since GDPR came into effect.
The contractual obligations supplied by any sub contracted processors must reflect the same contractual obligations between ourselves as processors and the controllers.
Data Processing Agreement
We can only process personal data on behalf of the controller where a contract is in place between us that outlines the service provided and the terms on us as your Data Processor . We have to ensure that we are only acting on the documented instructions of the controller.
Under the terms of the GDPR, we are required to implement appropriate security measures
These include restricting access to our servers to specific location based IP addresses and approved data centre staff.
It also involves data auditing of all server administrative actions to create a full audit trial.
We must inform controllers of any data breach without any undue delay after becoming aware
Keep records of our processing activities
We must maintain records on several things such as processing purposes, data sharing and retention.