Obligations as GDPR Data Processors

VTSHosting Ltd falls under the classification of a Data Processor as we process and store the data of clients (Data Controllers) as part of our hosting service.

Our servers are located in Maidenhead and Leeds

Our back up servers are locatedin Zurich

We process some email via Spam Experts who are located within the EU

Choice of who we use as sub processors

We only appoint sub processors e.g. for our server management or to outsource data backups that have demonstrated full GDPR compliance

Restrictions on Sub-Contracting

Under the terms of the GDPR, we do not subcontract out any part of our service without the consent of the Data Controllers who are using our service since GDPR came into effect.

The contractual obligations supplied by any sub contracted processors must reflect the same contractual obligations between ourselves as processors and the controllers.

Data Processing Agreement

We can only process personal data on behalf of the controller where a contract is in place between us that outlines the service provided and the terms on us as your Data Processor . We have to ensure that we are only acting on the documented instructions of the controller.

Security

Under the terms of the GDPR, we are required to implement appropriate security measures

These include restricting access to our servers to specific location based IP addresses and approved data centre staff.

It also involves data auditing of all server administrative actions to create a full audit trial.

Data Breach

We must inform controllers of any data breach without any undue delay after becoming aware

Keep records of our processing activities

We must maintain records on several things such as processing purposes, data sharing and retention.