This Document explains why and how we use and process your personal data.
2. Legal basis (why we process personal data)
3. Rights (your individual rights and how we implement those rights)
4. Privacy (how we collect, use and authenticate your personal data)
5. Storage (how we hold your personal information and protect against data loss)
6. Security (protecting yours and others personal information and services)
The purpose of our Data Protection policy is to ensure that we process your information according to regulations and guidelines whilst recognising and implementing such systems to ensure your individual rights regarding personal data are adhered to. Each section below explains clearly how we have achieved this.
The following is provided from the Information Commissioners Office
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
Article 5 of the GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. Legal Basis
GDPR Requires there must be a valid lawful basis to process personal data. There are six available lawful bases for processing. No single basis is “better” or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.
- Legal obligation
- Vital interest
- Public task
- Legitimate interest
Although there may be other areas and legal bases providing services the primary reason and purpose for processing your personal information is to fulfil our contract to you by providing services. Therefore, our primary legal basis is contract.
The contract in this case would be:
We provide hosting services for you
We provide a product or a service that requires us to generate an invoice.
You have asked us to provide a quote for a product or service.
Our secondary legal basis is consent in the case that you complete one of our contact forms in the form of a general enquiry or quotation.
We also process personal information under the legitimate interest basis and may contact you via email, telephone, in writing or by arranged visit to inform you of changes to your contract, issues or updated information that will be of interest or effect products or services or your business.
If you are enquiring about a new service or product we will ask for your consent to process this information to fulfil your request. This fall under the consent basis likewise if you are ordering a new product or service we will ask for your consent to process your information.
Further to this GDPR sets out the individuals rights which are:
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Let’s cover these one by one:
The right to be informed
How we use your personal data in relation to privacy is covered in the “privacy section”.
The right of access
We provide several options to access your personal data:
1.You can log on to your client area and update and personal details we hold.
2. you can request by email confirmation that we process your personal information, and a copy of what information we hold. We are obliged to provide this information within 30 days of the request although we will aim to provide the information much quicker. This may be subject to identification checks.
The right to rectification
We aim to ensure your personal data is correct and accurate and we may contact you to verify this, however you can update your details in your client area. You can also email us to update your personal information. This may be subject to identity verification. We are obliged to respond within 30 days however will aim to respond sooner.
The right to erasure
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
When the individual withdraws consent.
When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
The personal data has to be erased in order to comply with a legal obligation.
You have the right to request the erasure/ deletion of your personal data providing that there is no compelling reason for us to retain this information.
An example would be if we are still fulfilling a hosting contract and deletion of your account would undermine the performance of the contract.
Hosting Accounts that have expired / not renewed are suspended and then terminated and automatically removed along with all data / media including personal information this is usually within a 30-day period
Likewise, any account that there is no reason for us to keep those details for contract, invoicing. quotation or legitimate interest is removed from our system.
You can request this erasure at any time by email stating the reasons clearly. This may be subject to identity verification. We are obliged to respond within 30 days, but we aim to respond sooner
The right to restrict processing
You have the right to block or restrict processing of your personal data providing it does not undermine the original purpose of the personal data processing.
An example would be to request that we do not pass that information on to any other party unless legally obliged to do so.
You can request this restriction at any time by email stating the reasons clearly. This may be subject to identity verification. We are obliged to respond within 30 days, but we aim to respond sooner
The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
To comply with this, we provide the personal data in a structured, commonly used and machine-readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.
You can request this information at any time by email. this may be subject to identity verification. We are obliged to respond within 30 days, but we aim to respond sooner
The right to object
You have the right to object to us processing your personal information if there is no legal basis or consent has not been given or withdrawn.
An example may be that you no longer wish to receive information emails from us. We would still need to process your personal information to generate invoices or fulfil our contract with you for example.
You can inform us at any time by email stating the reasons clearly for objection. This may be subject to identity verification. We are obliged to respond within 30 days, but we aim to respond sooner
Rights in relation to automated decision making and profiling
Automated individual decision-making (making a decision solely by automated means without any human involvement); and
profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
We do not use machine automation in decision making such as profiling you the client nor obtaining personal information. We do however automate billing for services such as hosting accounts this is to improve the performance of your contract and to eliminate human error.
An example would be that if you have an annual or monthly hosting contract with us we automate the process of sending reminders and invoices to ensure that you are informed prior to your contract expiring and that you have means of renewing this contract in good time to avoid interruption of service. If we were not automating this procedure it may lead to additional costs and may lead to accidental suspension or termination of services.
We respect your privacy and only use the following methods to obtain your personal information.
1. You have contacted us and requested that we provide you with a quote for products and services.
2. You have ordered a product or service online
3. Someone with your consent has provided those details to us for providing information or to act as your agent. This may be subject to verification.
4. We believe that you have legitimate interest in us contacting you
The data collected is:
Nature of business
We do not collect any other data and we do not hold or store any credit or debit card information.
We only use your data for the sole purpose to perform the legal basis outlined in the legal basis section
We do not pass on your personal data to any other company or organisation unless legally obliged to do so. The legal basis was one of the following:
- Contract (you have a contract with us for a product or service)
- Quote (you have requested a quotation or information)
- Legitimate interest (we believe you have legitimate interest in us contacting you)
Personal information Authentication
When you enter information to log on to your personal client area or your website for example we encrypt that connection using 2048 bit SSL. This means that a secure connection has been made between you and the server. Those details are only readable by you and the server. We then match this information against the information and credentials we hold for you. A positive match will result in access.
We provide procedures to reset login credentials subject to identity verification.
Likewise any contact or enquiry form is also encrypted using SSL.
Personal information Data Storage
Your personal data is stored electronically on our private servers in Secure UK datacentres covered by ISO 27001 and is exclusive to clients of DeltaDIGITAL.
We provide multiple hard drives and servers to protect against hardware failure and have data backup and disaster recovery procedures to protect against data loss.
Access to this data is by Authorised users of Delta only and is secured by 2048 bit SSL and two factor authentication procedures.
Personal information Data retention
We will only keep your personal information on file as necessary to fulfil our contract or provide quotes / invoices or have information that we believe has legitimate interest.
Any individual informing us that they do not wish to retain a client relationship or receive information or quotes from us we will erase any personal data we hold on the individual within 30 days.
We use session cookies to retain log in information for accessing your client area for example. These cookies expire when the session is over (when you close your browser) we do not keep or store this information past this session nor pass any identifiable information on to a third party.
We collect analytical data anonymously (no personal data is captured) to help us improve services such as our website, provide more relevant content to visitors and to help visitors find content and information more easily.
Ip addresses are captured on the server for similar reasons and may be used in security protocols such as blocking ip addresses that attempt to gain unauthorised access
We do not pass this information on to any other third party unless legally obliged to do so.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website.
You can opt out of being tracked by Google Analytics by visiting:
We have several main protocols to secure and protect the safety and privacy of our clients.
We consistently endeavour to provide quality of service and the smooth operation of our servers.
This means regular updates and maintenance to our infrastructure, security patches and updates to software /scripts and protocols. We conduct regular antivirus and malware scans across our hosting
We use 2048 bit SSL in communications between your computer the internet and our servers and websites. This encrypts all data passing between those points.
Firewalls log ip addresses anonymously and will block those ip addresses attempting anything that breaks those firewall rules such as attempting to gain unauthorised access.
We will inform you of any interruption in service due to updates required.
Although we monitor accounts on servers and take every reasonable precaution to ensure the integrity of our servers and packages it is the responsibility to those who have hosting accounts to ensure they have scanned any files, data or media for viruses and malware before uploading to the hosting package. If any package is thought to have a negative impact on the running of our servers, systems or any other account we will suspend that account and unless rectified the account will be removed.
Likewise any account sending large volume email or spam will be immediately suspended and terminated if not rectified. It is the responsibility of account holders to ensure that the computers used to either upload data, media or files or have a hosted email accounts are virus and malware free to the best of their knowledge and ensure that an appropriate up to date antivirus program is installed on their computer.