General Data Protection Regulation Policy.

Updated: April 2018

On the 25thof May 2018 the European data protection legislation that replaces the existing 1995 EU Data Protection Directive will come into force. This legislation is known as General Data Protection Regulation (GDPR).

GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

Where Nimbus Hosting acts as a Data Processor

For the purpose of the GDPR regulation Nimbus Hosting Ltd will act as a data processor for any data that has been provided, uploaded or transferred to our servers. Any client uploading this data will be classed as the data controller.

Where Nimbus Hosting acts as a Data Controller 

For the purpose of the GDPR regulation Nimbus Hosting Ltd will act as the data controller for any data that was provided during the ordering and general account management process. This includes any data held for marketing purposes.

Data Physical Locations

Data provided to Nimbus Hosting is stored solely in the UK at the following locations.

Primary Data Centre

Virtus Enfield
Crown Road
Enfield
EN1 1TH

Secondary Data Centre

BioPark
Broadwater Road
Welwyn Garden City
AL7 3AX

Personal Data Digital Location

Virtus Enfield
Crown Road
Enfield
EN1 1TH

Office Location

1 Centrus
Mead Lane
Hertford
SG13 7GX

Type of Data

GDPR legislation applies to any data that can identity a living person including but not limited to email address, postal address and phone number.

Data Processing Agreements

Our data processing commitments are set within the Privacy Policy. These have been updated from feedback with clients and guidance from regulators. More recently it has been updated to include GDPR legislation.

Deleting Data

Any data you delete from our servers will be deleted immediately or should you have backups then within 30 days. On cancellation of services, data will be destroyed within a maximum period of 180 days. Any customer data may be retained for up to 6 years to satisfactory legal obligations.

Data Breach

Under GDPR it is the responsibility of the data controller (the Nimbus Hosting client) to report a data breach to the Information Commission although Nimbus Hosting, as the data processor, will assist in the breach notification.

Glossary

Data SubjectA living person or individual
Data ControllerThe organisation that collects and determines how the information will be processed, i.e. a Nimbus Hosting client.
Data ProcessorAn organisation that receives information from the data controller, i.e. Nimbus Hosting Ltd.
Personally Identifiable Information (PII)Information that can identify a living individual
Supervisory AuthorityThe authority responsible for enforcing the regulation within a specific territory. In the UK it will be the Information Commission’s Office (ICO).
Individual RightsThe rights that empower the individual.
Data BreachIntentional or accidental loss / damage to information.
Nimbus Hosting
1 Centrus, Mead Lane Hertford Hertfordshire SG13 7GX GB 0203 005 9181 [email protected]
×