GDPR is obviously an important piece of legislation, not only for us, but for you, our customers.
As part of our GDPR preparations, we have created this FAQ to help you prepare for GDPR as well as reassure you about our own preparations.
Is my site compliant?
We are unable to confirm that your own site or business is compliant. We can give you as much information as we have about our systems and security, but you will need to make the decision for yourselves on your own compliance.
Where is our data located?
Our primary data centre is in Leeds (UK), and has in it:
All our Premium Hosting packages
Our stand-alone mailboxes
Our Hosted Exchange mailboxes
All our customer details
All our Resellers’ client details
Our secondary data centre is in the EU, and has in it:
Some of our Hybrid Servers
Most Dedicated Servers purchased after 2016
How secure is our data with you?
All personal data, both your own and that of our customers, is supplied to us through controlled processes that are protected by appropriate measures, including encryption.
Access to your data is subject to audits and access logging, and is restricted based on the business need.
All staff that have access to your data, or will be collecting data, have been fully trained on respecting customers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.
How physically secure are your data centres?
By having our own data centres, we have built in a secure and resilient network infrastructure and do not rely on third-party solutions.
Our data centres are staffed 24 hours a day every day of the year, with extensive physical security measures, including strict access control and CCTV.
What are you doing about processing Reseller customer data?
We are aware that, for some of our Reseller customers, we are the Data Processor, with the Reseller being the Data Controller. We are preparing a contract to assist our Resellers in their compliance with the obligations required by Article 17 of the Data Protection Directive 95/46/EC, and this will be available to our customers by the 25th of May.
Many of the elements needed for GDPR for Hosting are already in place, or are in the process of being added.
If your customers ask for an export of their data, we can do so for all our customers’ data from the Hosting Control Panel.
If your customers want their data deleted, we can do so for all our customers’ data from the Hosting Control Panel.
Customers can be added to a mailing list within Buduweb Cpanel. After May 25th, they will not be automatically added, and will have to opt-in to our mailing list.
Essential emails, such as invoices, password resets, and billing information, will be sent to customers regardless of their choice in the mailing list.
What is your own GDPR policy?
Buduweb compiles with all data protection laws applicable to its operations. GDPR is an evolution of privacy law, and not a drastic departure from the laws and regulations that currently govern our day-to-day operations. We welcome the changes as another step towards maintaining the privacy of our customers, and we’re working towards compliance as appropriate and necessary.