1. About Us
1.1. poundawebsite Ltd is a registered company in England & Wales (Company number 13612876). Our registered address is poundawebsite Ltd, 27 Old Gloucester Street, London, WC1N 3AX. As a Data Controller, we are also registered with the Information Commissioner's Office (ICO). Our ICO Registration Number is ZB214556.
1.2. poundawebsite Ltd may be both a data controller and data processor of personal data. We have a designated Data Protection Officer who can be contacted in writing by Email - firstname.lastname@example.org.
2. What Information We Collect
2.1. Any personal information that you provide by filling in forms on our website. This includes information provided at the time of registering an account, purchasing services from us or requesting further services. We may also ask you for information when you report a problem with our site or the services you have purchased.
2.2. If you contact us by Email, letter or support ticket, records of the correspondence may be kept, including the originating IP address.
2.3. Details of transactions you carry out through our site and of the fulfilment and administration of your orders.
2.4. We also record technical data such as your operating system, browser type, referring / exit pages and URLs, number of clicks, domain names and pages viewed in our server logs. This information is used for marketing and security purposes.
2.5. We also record the last 4 digits of your card number or bank account in your client area, once you have provided it, for the purposes of facilitating your online orders and monthly/yearly renewals. Your complete card details, if you set up recurrent payment, are stored by our payment merchants, Paypal or Stripe. Direct Debit details are stored in full by Go Cardless for the purposes of continuing payments to us. Each company have their own privacy policies which we would encourage you to read in full.
2.6. In the circumstances where we are acting as a data processor, we shall only act on the instructions of our customer as the data controller. If you provide us with personal data about a third party (for example when registering a domain on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
3. How We Use Personal Data
3.1. To register an account for our clients.
3.2. To process any orders that you have placed with us and to prevent fraud in that process and in future/ongoing payments.
3.3. To handle customer service enquiries.
3.4. To ensure that content from our site is presented in the most effective way for you and for your computer/device.
3.5. To provide you with information, products or services that you request from us or which we feel may interest you, only where you have consented to be contacted for such purposes.
3.6. To carry out our obligations arising from any contracts entered into between you and us.
3.7. To allow you to participate in interactive features of our service, when you choose to do so.
3.8. To notify you about changes to our service.
3.9. To carry out marketing and statistical analysis within poundawebsite Ltd or on our behalf by our contractors.
3.10. For the avoidance of doubt, poundawebsite Ltd will never sell your personal data to third parties.
4. Automatic Decision Making
4.1. We may use the information provided by you to perform automatic decisions about the acceptance of orders you place. This helps us combat fraud and abuse, it helps to keep our costs competitive for genuine customers and we share details of fraudulent cases with our professional fraud prevention contractors, doing our bit to protect the webhosting industry more widely. More information is available about them below. Whilst we do not receive personal data from our fraud prevention contractors, we receive a risk score for applications reviewed based on the details that you have submitted. Such review may continue after you have placed your additional order in the course of payment for services. This also helps to prevent you being subjected to fraudulent transactions.
5. Where We Store Your Personal Data
5.1. The personal data that we collect from you will be stored on our servers in Hetzner's Secure Data Centres in Falkenstein, Nuremburg & Helsinki. Redundancy backups are stored within the same Network but in a differing Data Centre and IP subnet to the operational Network Operations Centre. All of our Data Centres are within the EEA. All of your data is encrypted using encryption keys and our Data Centres do not, therefore, have access. You can read more about the security of your data by visiting here(opens new tab/window).
5.2. All of our contractors including our second line support contractors are vetted and registered with the Information Commissioner's Office. It is poundawebsite Ltd's policy to undertake interviews with all suppliers to ensure that they have a thorough and comprehensive data protection and security strategy. It is in theirs and our interests to ensure that your data is protected to industry standards.
5.3. We use a number of services outside of the EEA to which we have to transfer personal data. For example, domain registration data needs to be sent to our domain registrar outside of the EEA, we work closely with our online chat service provider Tawk.to who are also based outside of the EEA (should you choose to use them to communicate with us on online chat) and our fraud checking systems are also based outside of the EEA.
5.4. We use professional fraud detection services for the purposes of fraud prevention. If your application for services has been flagged, you will be contacted with the next steps. Typically, you will be required to provide proof of your identity and they will make decisions on our behalf. Our supplier is outside of the EEA . We have ensured that they have appropriate security arrangements in place to ensure that your data remains safe and our supplier complies with the ISO 27001 standard. We do not divulge the identity of our Contractor as this would assist bad actors with circumventing our fraud detection policies.
5.5. By submitting your personal data, you agree to this transfer, storing or processing of data outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR and our data protection policies.
6. Data Retention
6.1. We only retain your personal data for as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
6.1.1. Invoice data is kept for a minimum of 6 years plus the current year as required by HMRC.
6.1.2. Log files are rotated every 12 weeks. However, anonymised data may be kept for longer.
6.1.3. poundawebsite Ltd infrastructure backups are kept for 12 months. Web Hosting data is kept for 30 days.
6.1.4. In the rare event backups containing personal information are restored after deletion, poundawebsite will make every reasonable effort to ensure data that has been forgotten is not inadvertently restored and ensure all traces of data are removed within a maximum period of 180 days unless additional data retention obligations apply.
7. Your Rights
7.1. Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
7.1.1. The right to request a copy of your personal data which we hold about you.
7.1.2. The right to request that we correct any personal data if it is found to be inaccurate or out of date. To update your data, please let our support team know, they will request proof of changes to prevent fraudulent activity on your account.
7.1.3. The right to object to our use of your personal data and request your personal data is erased where it is no longer necessary for us to retain such data. This is known as your right to be forgotten. Please note that there may be legal reasons as to why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
7.1.4. You have the right to ask us not to process your personal data for marketing purposes. We will invite you to opt in/out (before collecting your data) for such purposes. You can exercise your right to prevent such processing by following the Unsubscribe link at the bottom of any emails we send, by contacting our support team (through online ticketing or by Email, but not live chat) or in writing to us at poundawebsite Ltd, 27 Old Gloucester Street, London, WC1N 3AX.
7.1.6. The right to lodge a complaint with the Information Commissioner's Office. Please see https://ico.org.uk/concerns/ for further information. We are also registered with them under our company name, poundawebsite Ltd. Our ICO Registration Number is ZB214556.
8. Who We Share Your Information with:
8.1. By entering into this agreement, you agree to the processing of data by the third parties listed below. When we introduce any new, or change any existing third-party agreements, we will ensure this policy is updated at least 30 days before the new third party processes any data.
8.1.1. Payment Merchants (Facilitating our Credit and Debit Card and Direct Debit Payment Options:
220.127.116.11. Go Cardless (Paperless Direct Debits)
18.104.22.168. Paypal (Credit/Debit Card Payments)
22.214.171.124. Stripe (Credit/Debit Card Payments and our preferred payment merchant)
8.1.2. Domain Names
126.96.36.199. Tucows (OpenSRS)
8.1.3. SSL/TLS Certificates
188.8.131.52. Digicert (GeoTrust)
8.1.4. Internal Communication of Support Issues/Hosting Service Incidents
184.108.40.206. Including Adwords, Google Analytics, Youtube, Drive, Data Studio, Google My Business, Site analytics, targeting and exclusion from PPC advertising, purchasing data. Reporting on anonymised data.
8.1.6. Facebook & Instagram
220.127.116.11. Targeting and exclusion from Pay Per Click (PPC) advertising, purchasing data.
18.104.22.168. To offer registration and login integration - if you choose to utilise this facility, we would collect your name and Email address.
22.214.171.124. Targeting and exclusion from Pay Per Click (PPC) advertising
126.96.36.199. To offer registration and login integration - if you choose to utilise this facility, we would collect your name and Email address.
8.1.8. Microsoft: Bing and Office 365
188.8.131.52. Site analytics, targeting and exclusion from PPC advertising, purchasing data.
184.108.40.206. Sending email and email analytics.
220.127.116.11. Testing of site optimisations (All personal data is anonymised).
18.104.22.168. Newsletter signup forms and other modals.
We would ask that you please provide honest and accurate reviews about your experience with poundawebsite on Trustpilot to help us grow. In the first instance, please do contact us by raising a support ticket if you have any concerns or issues to give us an opportunity to resolve them.
8.1.13. Hetzner Online GmbH and Hetzner Group Subsidaries
8.1.14. Your personal data and any website data and Email accounts (and their contents) are stored in our secure data centre provided by Hetzner Online GmbH. All of your data, including personal data and web hosting data is encrypted and access is only possible through the use of secure encryption keys. They have no backdoor access. It is standard practice across all website hosting companies to use professional data centres in this way. You can find out more about their extremely high digital and physical security standards on their website by clicking here(opens new tab/window).
8.1.15. In order for website hosting companies to function, we need data centres - they are professionals in their field and ensure the integrity, safety, security and reliability of your data from outside the data centre and within it. Without them, most website hosting companies would simply not exist and they are an integral function for this reason. Hetzner Online GmbH are also responsible for our redundancy backups. All data stored in our data centres is stored within the EEA.
9. Data Breaches
9.1. In the unlikely event of a data breach, the affected individuals will be contacted within the timescales specified in the GDPR, it will be reported to the Information Commissioner by our suppliers and by ourselves, and a full report - highlighting any risks - will be provided by us to you as soon as practicably possible.
10.1. We may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
10.1.2. To estimate our audience size and usage pattern;
10.1.3. To store information about your preferences, and so allow us to customise our site according to your individual interests;
10.1.4. To speed up your searches;
10.1.5. To recognise you when you return to our site.
11. Third Party Links
11.1. Our website (but not your website) may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. We also provide a link to Animal Free Research UK at the top of our website in order to ask you to consider donating to them (there is no obligation to do so and we are in no way affilliated to them). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these or any of their policies. All of our payment merchants (Go Cardless, Paypal and Stripe) all have their own privacy policies too and these are also your responsibility to read and to ensure that you are happy with them. Please check these policies before you submit any personal data to these websites and more widely to ensure that you are satisfied.
12. Changes to This Policy
13. How to Contact Us About GDPR
13.2, If you are unhappy with our reply, you are within your rights to contact the Information Commissioner's Office:
Telephone: +44 (0)303 123 1113