Company information

Curly Hosting is a trading name of the sole trader, Chas Maguire.

What do we do with your data?

We only collect personal data that you have provide to us. This data will include: business name, business address, email address(es), phone number and domain name(s).

We only keep data that is necessary for us to be able to provide you with the products and services purchased from us.

We store it securely on our computers and devices and adhere to a highly secure password policy. We also use online data platforms, such as Google Docs, which are password-protected.

We take every effort to ensure your data is protected from malicious attack, accidental loss or unauthorised use.

Who do we share it with?

We will only share your details with 3^rd parties if:

1. We are under a duty to disclose or share it in order to comply with any legal obligation.
2. They are a trusted supplier (‘partner’) who needs this information to provide the service(s) you purchase from us. Those suppliers are listed below along with links to their privacy policy statements.
3. We sell, transfer or re-organisation of our business. In which case, the acquiring party of the business or part of it, may use your personal information in the same ways as we set out in this Policy

Password Policy

We have a robust password policy whereby:

• We encrypt all passwords used to gain access to your hosting accounts and our internal systems and store them in a secure app called LastPass (owned by LogMeIn Inc). logmeininc.com/legal/privacy
• We generate strong passwords which are long and randomized to make them harder to guess or hack
• We never disclose passwords to anyone other than people you authorise
• We avoid sharing passwords via email, wherever possible
• We never send URLs, usernames and passwords in the same message
• We generate random passwords for all our customers
• Our own passwords are complex are unique to each platform we log in to

Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We have external backups of some of your data.  The backup devices are located in the office and the information on them only accessible via the password-protected computers mentioned above.

Old equipment is disposed of safely, with the hard-drives removed and physically destroyed so that no data can be retrieved from them.

We regularly review our processes and policies to ensure we are always acting in your best interests. We will publish any updates to our policies direct to our website.

Hosting

We provide hosting as a ‘reseller’ which means your domain name, website and emails are hosted with one of the following companies:

• Fasthosts: Fasthosts Internet Limited. Company registration no. 3656438. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX., UK fasthosts.co.uk/terms/privacy-notice
• ICUK: ICUK Computing Services Ltd. Company registration no. 4319375. Registered office: Trinity Court, 34 West Street, Sutton, Surrey, SM1 1SH, UK. icuk.net/contact/policies_privacy.asp

Your website and emails are hosted in highly secure data centres within the UK which have access strictly limited to cleared personnel; are monitored by both CCTV and access control systems; and protected by highly experienced security guards on duty 24/7, 365 days a year.

These companies store contact information about you including your name, business name, business address, email address(es), phone number and domain name(s).  This information is required in order to manage and maintain your hosting services.

Domain Registration

Your details are also known to the domain authorities:

• ICANN: Internet Corporation for Assigned Names and Numbers. 12025 Waterfront Drive, Suite 300, Los Angeles, CA 90094-2536, USA icann.org/privacy/policy
• Nominet: Nominet Ltd. Company registration no. 3203859. Registered office: Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, UK. nominet.uk/resources/privacy-notice/

These are global organisations who control the ownership of domain names. They keep your contact information about you including your name, business name, business address, email address(es), phone number and domain name(s).  This information is required to ensure you retain ownership of your domain name(s).

Web development

We subcontract some of the graphic design and website development to our trusted partner. They may process your personal information (name and email address) for the purposes of developing, analysing, maintaining, supporting and testing our Site. Our main web development partner, who we have worked with for over 5 years, is based in the Philippines and adheres to our privacy policy and robust password policy.

Many websites built by Curly Hosting use WordPress as the ‘Content Management System’. We install an instance of WordPress on your hosting, so it is unique to you. Your personal details (name and email address) are only shared with WordPress to enable you to login and make changes to your own site.  Our WordPress installations use cookies to allow you access to the login screen and set certain preferences as a site ‘administrator’ or ‘contributor’.

We occasionally share content with you or our partners via the free version of WeTransfer, a secure file transfer service. They use cookies to save your preferences and some of your personal data (name, email address, IP address) which is kept encrypted and deleted after 12 months.  The data sent via WeTransfer is permanently deleted after 7 days.

• WeTransfer: WeTransfer B.V. Registration no. 34380998 Main office: Oostelijke Handelskade 751, 1019 BW Amsterdam, The Netherlands. https://wetransfer.com/legal/privacy

Where your website collects, processes or stores information about your customers, you are the “data controller” and therefore responsible for this data.  Because we are able to also gain access to this data we are considered the “data processor” and will do nothing to that data unless explicitly instructed by you to do so.  For an explanation of these terms please refer to https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/.

Financial information

We use an online accounting system called Nutcache to manage all our customer invoicing and payments. Their data centres are located in Laval, Quebec, Canada.

• Nutcache: Nutcache Technologies Inc, 1270, Dagenais Boulevard, West, Laval, Quebec, Canada, H7L 5E3 nutcache.com/privacy-policy/

Stored in this system are your contact details including your name, business name, business address, email address(es), phone number and domain name(s). Also, details of the products and services you’ve purchased from us, the invoices we’ve sent, and the payments you’ve made.

This system has tracking capabilities that allow us to see if an invoice has been sent, viewed or paid. We use this to help us collect monies owed to us.

We share our financial information with our accountants, EJBC, for purposes of preparing our year end accounts.

• EJBC: EJ Business Consultant Ltd. Company registration no 4586825,. Registered address: The Rectory, 1 Toomers Wharf, Canal Walk. Newbury. RG14 1DY, UK. ejbc.co.uk/index.php/homes/privacy-statement

Payments can be made online direct to our bank, or via PayPal. If made via PayPal what data you share with them is controlled by your acceptance of PayPal’s Terms and Conditions and outwith our control.

• PayPal: PayPal (Europe) S.a.r.l. et Cie, S.C.A. Registered head office at 22-24 Boulevard Royal L-2449, Luxembourg. paypal.com/en/webapps/mpp/ua/privacy-full

Email marketing

We occasionally send out messages via MailChimp.  These are not marketing messages but service updates or notifications of changes that you need to be made aware of. Your personal data imported into MailChimp will be your name and email address.  In this circumstance, we are the ‘data controller’ and MailChimp is the ‘data processor’.  Your data is stored on their servers in the USA.

• MailChimp: The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA https://mailchimp.com/legal/privacy/#contacts

Google Analytics

We use cookies on our website (www.curlyhosting.com) to gather data about visits to our site via Google Analytics.

• Google Analytics: Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. google.com/intl/en/policies/privacy/

It is possible to opt-out of Google Analytics via your browser, using the Google Analytics Opt-Out Browser Add-on, available using this link: https://tools.google.com/dlpage/gaoptout.

If you use our online form to send us a message, your data is transmitted to us via email and not stored anywhere else.

Email Support

In order to support you and solve problems we do occasionally have to log into your email accounts.  We ensure that this data is not accessed, downloaded or stored for longer than the time it takes to resolve the issue.  During that time, it is secure on our computer or network.

Keeping your details up to date

Please help us to keep your personal details up to date by promptly notifying us of any changes, for example if you change address or telephone number.  Do this by emailing privacy@curlyhosting.com

Data retention

If you are no longer a customer of ours, we keep your data for a maximum of 24 months, in case you wish to return to us for any reason.  We find this has been a help to customers in the past.  After this time, your details will be removed from all our systems.

Request to see data

If you wish to see what data we hold on you, please email privacy@curlyhosting.com and we will send you the records within a reasonable time period.

Right to be removed/forgotten

If you wish for your details to be removed, please email privacy@curlyhosting.com and we will comply within a reasonable time period.

Contact us

If you have any questions, comments or requests regarding this Policy please address them to Chas Maguire via:

Email:  privacy@curlyhosting.com

Postal:  Curly Hosting, Atwell Close, Wallingford, Oxfordshire, OX10 0LZ, UK.

Phone:  01491 714000