ALPHA INTERNET LIMITED – DATA PRIVACY NOTICE
Version 1.1.0 – Last updated 17th May 2019. Replaces all prior versions.
Alpha Internet Limited (“We”) are committed to protecting and respecting your privacy.
Alpha Internet Limited is the controller and responsible for your personal data (collectively referred to as “Company”, “we”, “us” or “our” in this privacy notice). Our registered address is Grosvenor House, 3 Chapel Street, Congleton, Cheshire, CW12 4AB, United Kingdom, our Company Registration Number is 11162310 and our Data Protection Officer’s email address is firstname.lastname@example.org.
We collect your information to enable us to provide you with our web hosting and domain registration services (collectively referred to as “Services”). Gnu Host provides services via its website, gnu-host.com (collectively referred to as the “Site”)
If you ever have any questions about our processes, the information we hold about you or your rights, you may reach our Data Protection Officer (“DPO”) by emailing them directly at email@example.com. This inbox is actively monitored – contacting this address will not open a ticket, you will receive a direct and personal reply. This enables us to deliver an experience that you can confidently trust.
This policy (together with our Terms of Service (https://gnu-host.com/terms/) and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who We Are
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our mailing list, purchase a product or service, participate in a competition or survey or contact us via phone, live chat, email or ticket.
This website is not intended for children and we do not knowingly collect data relating to children.
You must read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This privacy notice supplements the other notices and is not intended to override them.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice of every website you visit.
- Data controller – A controller determines the purposes and means of processing personal data.
- Data processor – A processor is responsible for processing personal data on behalf of a controller.
- Data subject – Natural person
- Categories of data: Personal data and special categories of personal data
- Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
- Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
- Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
The purposes of processing your personal data
We use your personal data for the following purposes:
- To maintain our own accounts and records;
- To inform individuals of news, events or activities;
- To improve and optimise the operation and performance of our Services;
- To diagnose problems and identify security risks, errors or required enhancements to our Site;
- Collect statistics about how individuals are using our Services;
- Understand how you use our Services, and what Services are most relevant to you;
You may give us information about you by filling in forms on our Site or by corresponding with us by phone, e-mail, ticket, live chat or otherwise. This includes information you provide when you register to use our site, subscribe to our service, visit a page on our website, place an order on our site, participate in a conversation with us via any contact method, enter a competition, promotion or survey, log in to your client account, pay an invoice, agree to our Terms and Conditions, opt in or out of marketing emails and when you report a problem with our site.
The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we may process the following categories of your data:
- Identity data, including title, full name, username, date of birth, gender security questions, password and marital status.
- Contact data, including billing address, postal address, email address, email history and phone numbers.
- Financial details, including card details, billing address and bank account details.
- Transaction data, including details of payments made to or from us relating to products or services purchased from us.
- Technical data, including IP addresses and hostname from login attempts, browser type and version, timezone and location of browser and operating system and technology used to access our website, as well as access logs to help diagnose errors in our system.
- Usage data, including information about how you use our service.
- Marketing details, including your marketing preferences and analytics profiles collected from your history of browsing our site.
All data we store has been obtained while you have been using our Site; we do not store data that has been obtained from external sources.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
What is our legal basis for processing your personal data?
- Consent of the data subject: this is when you consent to us processing your data, for example checking a box or clicking a button;
- Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract: this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- Processing necessary for compliance with a legal obligation: this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;
- Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject: this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
More information on lawful processing can be found on the ICO website.
Sharing your personal data:
Your personal data will be treated as strictly confidential and will be shared only with our trusted third-party service providers. Our third party service providers are only provided with data that is necessary for them to perform services on our behalf. We may share your personal data with our trusted third-party service providers for the following reasons:
- Processing payments;
- Serving advertisements;
- Conducting surveys or competitions;
- Performing analysis of our customer demographics, for example, live chat response time quality;
- Communicating with you, for example, email or phone.
The trusted third party service providers with whom we share your data with fall under one of the parties set our below:
- Internal Third Parties, or other companies operating alongside Alpha Internet Limited as joint controllers.
- External Third Party Service Providers, for example:
- Providers acting as processors who provide IT and System Administration services.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide banking, insurance and accounting services.
- Other organisations we work with to deliver our products and services.
- HM Revenue & Customs, regulators and other authorities acting as processors based in the United Kingdom who require the reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes.
The third-party service providers we may share your data with are listed below:
|Name||Service type||Data processed|
|Intuit Inc.||Accountancy Software||Customer details, including name, address and email address. Payment details including transaction ID.|
|Zoho||Accountancy Software||Customer details, including name, address and email address. Payment details including transaction ID.|
|Slack Inc.||Live Chat Service||Notification service used to notify staff of incoming live chat requests. Data may include customer name and email address.|
|Cloud storage, emails and analytics||Replications of customer data and occasional use of analytics tools.|
|Stripe||Payment processor||Customer name, address, email address, IP address and card details for the purpose of payment processing.|
|PayPal||Payment processor||Customer name, address, email address, IP address and card details for the purpose of payment processing.|
|Internet Domain Service BS Corp.||Domain name services||Customer name, address and email address.|
|NameSilo, LLC||Domain name services||Customer name, address and email address.|
|Nominet||Domain name services||Customer name, address and email address.|
|Trustpilot Inc||Reviews partner||Customer name, email|
|MaxMind Inc.||Fraud prevention||Customer name, address email address and IP address for the purposes of fraud detection and prevention.|
|Helpcrunch||Live chat||Customer name, email address, IP address and any information the customer provides during the conversation.|
|Yayyay Limited||Telecommunication provider||Customer phone number and occasional recording of phone calls.|
|Mailchannels Corporation||Outbound emails||All emails sent through our service are relayed through Mailchannels.|
|Ascent Performance Group Limited||Collections agency||Customer name and contact details.|
|Hetzner Online GmbH||Dedicated servers and backups||Backups of customer cPanel data|
|OVH||Dedicated servers and backups||Customer cPanel data|
How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Examples of why we may retain your data are: in case of any legal claims/complaints; for safeguarding purposes; to enable us to keep accounting records; to allow us to secure our servers and perform required maintenance.
Providing us with your personal data
Where we need to collect your personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
No fee required – with some exceptions
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee, usually £10, if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Transfer of Data Abroad
We may transfer your data outside of the EEA. Usually, this is to allow us to keep an external backup of your website and data. Whenever your data is transferred outside of the EEA, it is sent over an encrypted SSL connection to a secured server.
Automated Decision Making
We use Automated Decision Making to generate a Fraud Risk Score (“FRS”) for all clients, via our trusted third party service provider Maxmind. A high FRS can prevent an order from being process automatically. Each FRS is based on many factors, including your IP address, determined geolocation and email service provider. We cannot release all the factors affecting your FRS as this information could be used to circumvent our Fraud Prevention System, and therefore compromise the safety and security of all clients. If you have any concerns about this process, please contact us at firstname.lastname@example.org to arrange an alternative verification method.
We delete client accounts and all associated data including client details, service details and tickets after 36 months of no invoice or billing activity. You can request for your account to be deleted at any time by emailing email@example.com. Please note that if you have account credits, these will also be deleted after 36 months of inactivity.
Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Please keep us informed if your personal data changes during your relationship with us. It is important that the personal data we hold about you is accurate and current.
How to make a complaint
To exercise all relevant rights, queries or complaints regarding data protection, please in the first instance contact our Data Protection Officer at firstname.lastname@example.org. For more general enquiries, please contact email@example.com as usual.
Should you require your complaint to be escalated to a Company Director, please email firstname.lastname@example.org where your request will be personally reviewed and responded to by a Company Director.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Our ICO Registration Number is ZA323324.