Is Web Hosting Magic GDPR-compliant?
Yes, we have been fully compliant with GDPR since October 25th, 2018!
What exactly is GDPR?
The General Data Protection Regulation (GDPR) is the result of years of work by the European Union to unify and strengthen data protection for all citizens within EU borders.
GDPR gives you more control over how your data is used, while to us it constitutes a change of the legal environment in which we operate. That makes this change desirable and very beneficial to both parties, regardless of it being mandatory.
While a U.S based tech startup, our company has done everything to ensure that our product, policies, and procedures will be compliant with those regulations.
How does GDPR work?
First of all, GDPR affects and applies to every single organization that processes personal data of EU citizens, whether kept within the EU or outside of it. Any person-related information that can be used to identify is subject to GDPR regulation and its job is to ensure that processing any personal data (collecting, transferring, storage, and use) is made in the most secure way possible.
GDPR is in place to prevent any kind of data leakage or violation and will ensure that every company maximizes their security around customers' data.
We have customers in the E.U thus the effort to ensure that we are GDPR-complaint.
What has Web Hosting Magic done to be compliant?
We focused on giving you the tools to choose what you wish to do with the data and to what extent you wish to provide or process it. We went through the lengthy audit alongside our attorneys and GDPR advisors to ensure that we're fully compliant.
Our Commitments to the GDPR
Web Hosting Magic employs and works with security and privacy professionals in information, application, and network security. This expert team is tasked with maintaining the company’s defense systems, developing security review processes, building stronger security infrastructure, and precisely implementing our security policies.
We also have access to a team of lawyers, regulatory compliance experts, and public policy specialists who look after our privacy and security compliance.
Processing According to Instructions:Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions, as described in our GDPR-updated data processing agreements.
Personnel Confidentiality Commitments:Our employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Web Hosting Magic’s Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.
According to the GDPR, appropriate technical and organizational measures shall be implemented to ensure a level of security appropriate to the risk.
Web Hosting Magic operates a global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. Our partnership with Google & AWS ensures that this infrastructure is built to provide secure deployment of web hosting services, secure storage of data, secure communications between services, secure and private communication with customers over the Internet, and safe operation by administrators.
We have included data export commitments in our data processing terms, and updated them to reflect the GDPR. We are continuously working to enhance the robustness of the data export capabilities and make it even easier to download a copy of your business’ data securely from customer dashboard and control panels.
We also delete customer data for non-active customers who hasn't access their account after a set number of days. When we receives a complete deletion instruction from you, we will delete the relevant customer data from all of its systems within a maximum period of 180 days unless retention obligations apply.
Our data controllers use administrative console functionality to help access, rectify, restrict the processing of, or delete any data that users put on our systems. This functionality helps us fulfill their obligations to respond to requests from data subjects to exercise their rights under the GDPR.
Incident Notifications:Our system is designed to promptly inform you of incidents involving your customer data in line with the data incident terms in our GDPR-updated agreements and terms.
Our customers and regulators expect independent verification of security, privacy, and compliance controls. Web Hosting Magic and our data-center partners have undergo several independent third-party audits on a regular basis to provide this assurance.
Information Security Management:ISO 27001 is one of the most widely recognized, internationally accepted independent security standards.
Cloud Security:ISO 27017 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services.
Cloud Privacy:ISO 27018 is an international standard of practice for protection of personally identifiable information (PII) in Public Cloud Services.
Frequently Asked Questions
Q: What is the EEA?
A: The EEA (European Economic Area) is the area in which the Agreement on the EEA provides the free movement of persons, goods, services, and capital within the European Single Market, including the freedom to choose residence in any country within this area. The EEA was established on January 1st, 1994 upon the EEA Agreement having come into force.
Q: Is Web Hosting Magic responsible for the data processing on your hosting resellers end?
A: Web Hosting Magic is under no circumstances responsible for how our hosting resellers chooses to deal with this as it is their choice to either be compliant or not. However, we keep working with them so they too, can be compliant with GDPR.
If it happens n our system, we are. If it happens to our customers system, then Web Hosting Magic will not be responsible for the actions taken by our clients when it comes to GDPR as we simply provide a hosting platform for them to host their website and application.
Q: Where are your data and applications stored?
We provide data-centers in multiple regions and customers have the option of choosing where their data is hosted. The region the customer select during the order process is where his or her data is located and that include backups and everything else.
Q: Do you transfer data between data centers?
A: Nope. We do not unless specifically asked by the customer.
Q: Is your data encrypted both at rest and in transit?
A: Yes. Data transfer is always processed with encrypted protocols and takes place on a private secure server. Data at rest is also encrypted.
Q: Who can access my data? Under what circumstances does that happen and what do they see?
A: No unauthorized person has access to the data. Access is only granted to the team responsible for our hosting infrastructure and the technical team who may need access to the customer data to help him or her with technical issues. Access to those is highly monitored and tracked in our activity log, kept on a separate private server.
Q: Is your data ever moved outside of the EEA?
A: Any potential transfer of clients’ personal data is limited strictly to migration request by the customers and even this is done with appropriate level of personal data protection approved by the European Commission.
If you have any questions on this, please contact us via chat on our website or at firstname.lastname@example.org