Eco Web Hosting Security and Data Processing Agreement

1.1 The customer agreeing to these terms (“The Customer”), and Enix Ltd trading as Eco Web Hosting (“Eco Web Hosting”), have entered into an agreement under which Eco Web Hosting has agreed to provide hosting, data processing service, and related technical support to The Customer.

1.2 The GDPR makes written contracts between controllers and processors a general requirement. These terms are designed to ensure that processing carried out by a processor meets all the requirements of the GDPR, they reflect the agreement, in regard to the terms governing the processing and security of Customer Data, between Eco Web Hosting and The Customer.

The following definitions will be used throughout this document.

Customer Data

means data provided by or on behalf of Customer or Customer End Users via the Services under the Account.

Customer Personal Data

means the personal data contained within the Customer Data. The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in these terms have the meanings given in the GDPR.

Data Incident

means a breach of Eco Web Hosting security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Eco Web Hosting. “Data Incidents” do not include unsuccessful attempts to compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks.

Notification Email Address

means the email address(es) designated by Customer in the Customer Control Panel, or in the Order Process to receive certain notifications from Eco Web Hosting.

Support Ticket System

means the ticket system we use to offer technical support and communication available in your Eco Web Hosting account support portal you will be notified via your Notification Email Address when an update is made.

Term

means the period from the Terms Effective Date until the end of Eco Web Hostings provision of the Services, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Eco Web Hosting may continue providing the Services for transitional purposes.

These Terms will take effect on the Terms Effective Date and, even in the event of expiry of the Term, will remain in effect until, and automatically expire upon, deletion of all Customer Data by Eco Web Hosting as described in these Terms.

4.1 Processor and Controller Responsibilities

The European Data Protection Legislation applies to the processing of Customer Personal Data and the parties acknowledge and agree that:

• Eco Web Hosting is a processor of Customer Personal Data under the General Data Protection Regulation
• The Customer is a controller or processor, as applicable, of that Customer Personal Data under the General Data Protection Regulation.
• Each party will comply with the obligations applicable to it under the General Data Protection Regulation with respect to the processing of that Customer Personal Data.
• The types of personal data include data relating to individuals provided or uploaded to Eco Web Hosting via the Hosting Service, by (or at the direction of) Customer or by Customer End Users.

4.2 Authorisation by a Third Party Controller

The Customer confirms that The Customer’s instructions and actions in regard to that Customer Personal Data, including its engagement of Eco Web Hosting as another processor, have been authorised by the relevant controller under the General Data Protection Regulation.

5.1 The Customers Instruction

By entering into these Terms, The Customer instructs Eco Web Hosting to process Customer Personal Data in order to:

• provide Hosting Services.
• Process data as specified via Customer’s use of the Customer control Panel (including other functionality of the Services).
• Process data as documented in these Terms.

5.2 Eco Web Hosting Compliance with Instructions

Eco Web Hosting will comply with the instructions described under “The Customer’s Instructions”.

6.1 Deletion By Customer

Eco Web Hosting will enable The Customer to delete Customer Data during the Term via instruction in writing, by phone or via the use of Customer Control Panel. Confirmation of deletion will be made in writing via support ticket. Infrastructure backups may remain on Eco Web Hosting servers for up to 30 days after this request.

6.2 Deletion on Cancellation

On expiry of the Term, The Customer instructs Eco Web Hosting to delete all Customer Data (including existing copies) from Eco Web Hosting systems. Infrastructure backups may remain on Eco Web Hosting servers for up to 30 days after this request.

7.1 Eco Web Hosting Security Measures

Eco Web Hosting will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure

7.2 Staff Security Compliance

Eco Web Hosting will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and sub processors including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality.

7.3 Data Incidents

7.3.1 Incident Notification

If Eco Web Hosting becomes aware of a Data Incident, Eco Web Hosting will:

• Notify The Customer of the Data Incident promptly and without undue delay after becoming aware of the Data Incident.
• Take reasonable steps to minimise harm and secure Customer Data.

7.3.2 Details of Data Incident

Data Incident notifications will include details of the Data Incident including steps taken to mitigate the potential risks and steps Eco Web Hosting recommends The Customer take to address the Data Incident.

7.3.3 Delivery of Notification

Notifications of any data incident will be made via the Support Ticket System. Notification of a support ticket update will be sent to the Notification Email Address provided by the customer. It is the responsibility of the customer to ensure that this email address is kept current and up to date.

7.3.4 No Assessment of Customer Data

Eco Web Hosting will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. The Customer is solely responsible for complying with incident notification laws applicable to The Customer and fulfilling any third party notification obligations related to any Data Incident.

7.3.5 No Acknowledgement of Fault

Notification of or response to a Data Incident will not be construed as an acknowledgement of fault or liability.

7.3.6 Audit Rights

Eco Web Hosting will provide all information necessary to demonstrate compliance and allow for and contribute to audits, including inspections, requested by The Customer, carried out by the ICO https://ico.org.uk/

Eco Web Hosting will inform The Customer immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

8.1 Consent to Sub Processors

The Customer specifically authorises the engagement of Eco Web Hosting third-party suppliers as Subprocessors. In addition, The Customer generally authorises the engagement of any other third parties as Subprocessors.

8.2 Process to Engage New Subprocessors

Eco Web Hosting will provide notice via this policy of updates to the list of sub processors that are utilised or which Eco Web Hosting proposes to utilise to deliver its Services. Eco Web Hosting undertakes to keep this list updated regularly to enable The Customer to stay informed of the scope of subprocessing associated with the Eco Web Hosting Services.

The Customer can object in writing to the processing of its Personal Data by a new subprocessor within thirty (30) days after updating of this policy and shall describe its legitimate reasons to object. If The Customer does not object during such time period the new subprocessor(s) shall be deemed accepted.

If The Customer objects to the use of a subprocessor pursuant to the process provided under the DPA, Eco Web Hosting shall have the right to resolve the objection through one of the following options (to be selected at the sole discretion of Eco Web Hosting):

• Eco Web Hosting will cease to use the subprocessor with regard to Personal Data or;
• Eco Web Hosting will take the corrective steps requested by The Customer in its objection and proceed to use the subprocessor to process Personal Data or;
• Eco Web Hosting may cease to provide or The Customer may agree not to use (temporarily or permanently) the particular aspect of an Eco Web Hosting Service that would involve use of the subprocessor to process Personal Data or;
• Eco Web Hosting may cease to offer services to The Customer entirely

The list of Eco Web Hosting third party sub processors is maintained here.

In the case of any complaint regarding our handling of your data, our privacy policy or our adherence to it, please contact our data protection officer listed below. This individual will carry out a full investigation on your behalf in the event that you feel there is a problem.

Name Elliot Pearse
Address 16-18 Barnes Wallis Road, Segensworth East, PO15 5TT
Email Address privacy@hostpresto.com