GDPR - Statement of Compliance

Protecting our customer's data is a priority for Inventive Hosting. As the General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 this document clarifies our compliance with GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a new pan-European regulation, which comes into effect on 25 May 2018, replacing the 1995 EU Data Protection Directive. On the same day, the UK's Data Protection Bill will also pass into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.

Is Inventive Hosting compliant with GDPR?

Yes, we comply with the requirements of GDPR.

What personal data do we process?

The personal data we use to provide our services may include: name, home address, business address, email address and IP addresses used to access our servers. We do not hold any financial details as payments are processed through our payment gateways (Stripe and Paypal).

How do we use the data we collect?

We process personal data in order to provide our customers with our hosting services. This may include contacting you for customer service and maintenance issues. For marketing services you will need to opt in to receive marketing emails. We do not sell or otherwise forward this data to any other parties.

Where do we store the data we collect?

Where your data is stored on our own servers, it is stored on our own server hardware or leased hardware from our data centre providers.

This hardware is located, in the UK, at the ISO27001 Custodian Data Centre in Maidstone Kent or the ISO27001 Gyron Centro data centre in Hemel Hempstead.
Recent backups are stored in the Hetzner data centre (also ISO27001 certified) in Germany.

Older backups are stored with Amazon AWS in the UK (ISO 27001, 27017, and 27018 certified). None of your data is stored or transferred outside Europe and therefore not transferred outside the EEA.

The data centres we use have at least the following physical security measures in place.

■ Dual palisade steel fencing
■ Experienced 24/7 on-site security personnel
■ Motion detectors
■ Internal and external HD CCTV
■ Physical access control and surveillance

Digital Measures

■ ISO 9001 and ISO 27001 certified
■ Stringent hardware firewall protection
■ Proprietary digital security protocols and techniques
■ Intelligent DDos protection

Security - Maintaining security

All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems.

This means that any security patches are applied to our systems as a matter of priority (within 4 hours for cPanel patches being released and within 24 hours for WHMCS security patches being released).

Where we have an agreement in place with our customers to do so, we also maintain the security of our customer's own servers or hosted applications.

Access to servers

Remote admin access to our servers is strictly restricted to key personnel within our Technical Support team. SSH access to all our servers are restricted to our office or data centre IP addresses and SSH password access is disabled, SSH access is only provided via secure keys.

Data centre staff have physical access to the servers, but we have strict protocols in place to ensure they only do so, if requested by a member of our technical support team and such a request will only be in cases when they need to carry out a visual check of a server or carry out physical maintenance on the server itself.

All our office PC's have enterprise level of Anti Virus and firewalls installed as well as up to date operating systems which are patched on the same day when security patches are released.

Third party services

Other than the data centres who host our servers Inventive Hosting does not use any third party suppliers or services that would have access to, or process, any data you process on our servers.
Office Security

All our office PC's have enterprise level of Anti Virus and firewalls installed as well as up to date operating systems which are patched on the same day when security patches are released. All Laptops used in the office only have SSD drives installed which are also encrypted.

The system which is used to hold our customers contact, support and billing details is restricted to our office IP and 2 factor authentication is enabled.


Inventive Hosting employees

Our employees are trained and made aware of their responsibilities under GDPR. This includes their responsibilities with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee handbooks.

Data breaches

In the unlikely event of a breach (as defined in the GDPR) we will notify our customers and ICO within 48 hours of the breach coming to our attention.

We help you to comply with GDPR

Our approach to our own compliance also helps you comply with your own GDPR compliance requirements. This statement should go some way to explain our approach to GDPR compliance. By using our services, you can be assured that your use is GDPR compliant.

Furthermore, if required we will assist you or the ICO with any query relating to the GDPR compliance of our services.

Who is our Data Protection Officer.

Our DPO is Daljeet Singh and can be contacted via email on dal@inventivehosting.co.uk


Who should I contact if I require further information?

If you have any queries relating to how Inventive Hosting processes personal data, please contact us on support@inventivehosting.co.uk.