GDPR - Statement of Compliance
Protecting our customer's data is a priority for
Inventive Hosting. As the General Data Protection
Regulation (GDPR) comes into effect on 25 May 2018 this
document clarifies our compliance with GDPR.
What is GDPR?
The General Data
Protection Regulation (GDPR) is a new pan-European
regulation, which comes into effect on 25 May 2018,
replacing the 1995 EU Data Protection Directive. On the
same day, the UK's Data Protection Bill will also pass
into law, as the Data Protection Act 2018, effectively
implementing the GDPR into UK law.Is
Inventive Hosting compliant with GDPR?
Yes, we comply with the requirements of GDPR.
What personal data do we process?
The personal data we use to provide our services may
include: name, home address, business address, email
address and IP addresses used to access our servers. We
do not hold any financial details as payments are
processed through our payment gateways (Stripe and
Paypal).How do we use the data we
We process personal data in order to provide our
customers with our hosting services. This may include
contacting you for customer service and maintenance
issues. For marketing services you will need to opt in
to receive marketing emails. We do not sell or otherwise
forward this data to any other parties.
Where do we store the data we collect?
Where your data is stored on our own servers, it is
stored on our own server hardware or leased hardware
from our data centre providers.
This hardware is
located, in the UK, at the ISO27001 Custodian Data
Centre in Maidstone Kent or the ISO27001 Gyron Centro
data centre in Hemel Hempstead.
Recent backups are
stored in the Hetzner data centre (also ISO27001
certified) in Germany.
Older backups are stored
with Amazon AWS in the UK (ISO 27001, 27017, and 27018
certified). None of your data is stored or transferred
outside Europe and therefore not transferred outside the
The data centres we use have at least the
following physical security measures in place.
Dual palisade steel fencing
■ Experienced 24/7
on-site security personnel
■ Motion detectors
Internal and external HD CCTV
■ Physical access
control and surveillanceDigital Measures
■ ISO 9001 and ISO 27001 certified
hardware firewall protection
■ Proprietary digital
security protocols and techniques
■ Intelligent DDos
protectionSecurity - Maintaining
All our employees keep up to
date with all technical aspects of security and ensure
the ongoing security of our servers and systems.
This means that any security patches are applied to our
systems as a matter of priority (within 4 hours for
cPanel patches being released and within 24 hours for
WHMCS security patches being released).
have an agreement in place with our customers to do so,
we also maintain the security of our customer's own
servers or hosted applications.Access to
Remote admin access to our
servers is strictly restricted to key personnel within
our Technical Support team. SSH access to all our
servers are restricted to our office or data centre IP
addresses and SSH password access is disabled, SSH
access is only provided via secure keys.
centre staff have physical access to the servers, but we
have strict protocols in place to ensure they only do
so, if requested by a member of our technical support
team and such a request will only be in cases when they
need to carry out a visual check of a server or carry
out physical maintenance on the server itself.
All our office PC's have enterprise level of Anti Virus
and firewalls installed as well as up to date operating
systems which are patched on the same day when security
patches are released.Third party
Other than the data centres who
host our servers Inventive Hosting does not use any
third party suppliers or services that would have access
to, or process, any data you process on our servers.
All our office PC's have
enterprise level of Anti Virus and firewalls installed
as well as up to date operating systems which are
patched on the same day when security patches are
released. All Laptops used in the office only have SSD
drives installed which are also encrypted.
system which is used to hold our customers contact,
support and billing details is restricted to our office
IP and 2 factor authentication is enabled.
Inventive Hosting employees
employees are trained and made aware of their
responsibilities under GDPR. This includes their
responsibilities with regards to access, security and
processing of any personal data stored on our servers.
Security and data governance are covered in our employee
In the unlikely event of a breach (as defined in the
GDPR) we will notify our customers and ICO within 48
hours of the breach coming to our attention.
We help you to comply with GDPR
Our approach to our own compliance also helps you comply
with your own GDPR compliance requirements. This
statement should go some way to explain our approach to
GDPR compliance. By using our services, you can be
assured that your use is GDPR compliant.
Furthermore, if required we will assist you or the ICO
with any query relating to the GDPR compliance of our
Who is our Data Protection Officer.
Our DPO is Daljeet Singh and can be contacted via email
Who should I contact if I require
If you have any
queries relating to how Inventive Hosting processes
personal data, please contact us on