HA Hosting Privacy Policy
High Availability Hosting Limited (HA Hosting), holds data on both its customers and potential customers, our Privacy Policy explains what data we collect and how we use it.
We have updated our Privacy Policy to ensure that we are inline with General Data Protection Regulation or GDPR.
Customer Data
HA Hosting collects and retains data about you when you enquire about or purchase a service.
Data we collect
- Customer and or Company names, addresses and telephone number(s).
- Employee names, email addresses and telephone numbers.
- Questions, queries, opinions and feedback you provide by our support ticket or email systems.
- Subscription preferences for emails, how you use our emails for example whether you open them and which links you click on.
- Your Internet Protocol (IP) address and details of which web browser you used.
- Information on how you use our web site and control panel area, using cookies and page tagging techniques.
This data can be viewed by authorised HA Hosting personnel and supplier organisations.
Where is Data Stored
We store your data on secure servers. Data in our Email, Customer Portal, SharePoint and CRM system is in the UK, Data in our accounting software is stored in America and New Zealand.
Data Protection Objectives
Necessary processing tasks are reviewed every month. System updates and processes are reflected within the full GDPR policy as data sets, also available upon request using the contact details on the main page.
Management access levels are unanimous for internal staff operating and supervising the support functions for storage and hosting services.
Beyond the physical perimeter of the building support staff can access the management network for all systems.
In some cases this access may require billing support, but it is unusual practice.
Physical security provisions are several electronic locks operated by pre-programmed fob only and allocated to staff on individual ID.
Password policies the standard strong password procedure.
CCTV and movement monitoring is installed on the building perimeter, behind sets of locked night gates.
CCTV also monitors the internal building, assisted by an alarm.
During regular working hours the electronic ingress system monitors numbers and ID of staff and visitors.
Data Shared for purchase of Domain Names
When a customer orders, transfers or renews a domain name it is a requirement of registration that contact information is provided. For UK domain names the registrar is Nominet. For all other “international” Domains we use we share information with a distributor who has a relationship with the registrar. The information foreach Domain Name is held in our Client Portal in a record specific to that Domain Name.
We are Data Controllers for this information and our suppliers are Data Processors, we will maintain agreements with these suppliers to ensure that Personal Data is treated in accordance with GDPR.
Data Shared for purchase of SSL Certificates
When a customer orders an SSL Certificate it is a requirement contact information is provided. We share information with a distributor who has a relationship with the provider.
We are Data Controllers for this information and our suppliers are Data Processors, we will maintain agreements with these suppliers to ensure that Personal Data is treated in accordance with GDPR.
Payment Gateways
All of HA Hosting’s payment gateways, WorldPay, GoCardless and PayPal may ask for personal information, however all the collection of and processing of this Data is carried out by the provider and not HA Hosting.
Fraud Prevention
If you sign up online the information you submit maybe shared with third party fraud prevention services.
We are Data Controllers for this information and our suppliers are Data Processors, we will maintain review the privacy policies of these suppliers to ensure that Personal Data is treated in accordance with GDPR.
SARs (Subject Access Requests)
Customers can directly edit the information held in our customer portal. This information flows through to both our accounting and CRM systems. SharePoint contains manually updated records for a few clients. Subjects have the right to obtain data that HA Hosting hold on their local and cloud storage services. Access requests can be made via telephone and by email contact with the responsible contact named at the beginning of this policy.
Data can be provided in the form of writing or via telephone conversation.
Data can be withdrawn at any point from the storage by means of service termination, but will remain in archive for the legal duration of six years.
The right to data portability is supported by standard formats such as PDF, MS office, open-source formatting and manual written email confirmation.
The right to complain must in the first instance be through support offered via contact page or email directly to [email protected]
If this cannot be resolved, the subject may escalate to the managing director.
Following unresolved dispute from this point, please refer to the terms and conditions included on the website to proceed with Trading Standards.
The right to restrict processing can be made with immediate effect any point of your choosing. Services and billing will be suspended until further action, but respective subject data will still remain on the company system for the legal basis of six years.
The right to rectification can be made with immediate effect following the discovery of any inaccurate information we hold.
This rectification may only be permitted by the subject themselves.
The right to erasure will be of automatic effect following the six years data retention.
SARs are logged on request.
Data Retention
Account information i.e. records of invoices and charges and need to be retained for six years for tax and accounting purposes. Account information i.e. records of invoices and charges and need to be retained for a set time for tax and accounting purposes.
Information for marketing activities is retained whilst relevant to HA Hosting and the subject.
Data that is no longer relevant will be deleted.
Data held in the client portal is automatically deleted after 6 years, which is the minimum time that we are required to keep VAT records.
Enquiries are not entered into a marketing or any otherwise communication unless requested by the subject.
Personally Identifiable Information, such as names and email address can easily be changed to be generic ones if required. e.g. the email addresses
could be changed to
Information for marketing activities is retained whilst relevant to HA Hosting and the subject. Data that is no longer relevant will be deleted.
Further information
If you need further information please email [email protected]