The new European Union General Data Protection Regulations (GDPR) will commence as of 25th May 2018, and will impact all organizations that hold or process personal data.
VI.NET is committed to the highest standards of information security, privacy and transparency. VI.NET ensures that a high priority is placed on protecting and managing all data and will comply with all applicable regulations and ensure that as a data processor all contractual obligations for our products and services are met.
At VI.NET we have been working hard to make sure we are compliant. We want to share with our customers some of the key points and commitments we are making.
VI.NET has four main areas of focus to prepare for GDPR which is being overseen by a dedicated internal team.
At VI.NET compliance is a responsibility shared across multiple areas within the business who are also adapting processes in preparation for GDPR.
The definition of a data processor under GDPR is a person or organization who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal development processing.
As a data processor (your data which is on our services) we commit to:
The definition of a data controller under GDPR is simply the organization (a legal person, agency, public authority etc) or the natural person which, alone or depending on the organization and personal data processing activity, in collaboration with others defines what needs to happen with the person’s data and plays an important role with regards to personal data protection.
As a data controller (the data we hold about you to provide you with the service you need) we commit to:
Where is my data held and is it ever transferred outside the EU?
As a data controller (the data we hold on you as a customer) your data is held in the location you signed up in (e.g. for VI.net it is held in the UK). If this sign-up was in the EU then all data is held and stored within the EU only.
As a data processor (the data you hold on our servers);
If your data is held on a VPS, dedicated server or managed solution it is held in the location you requested upon deployment of your service. If this is outside the EU then the data will also be held outside of it. If the location this information deployed to is inside the EU then the data is only stored where you requested - in the unlikely event of having to transfer this data outside of the EU adequate notice would be given to you and would only be in response to a very exceptional circumstance.
If your data is held as part of a shared hosting service it will be held in the geographical location of the brand you are signing up for (e.g. UK for VI.net).
If this is an ancillary service in some cases data may be held outside the EU but only in accordance with strict contractual obligations to satisfy GDPR regulation.
How does VI.NET secure my data?
We use a number of techniques and processes to ensure that data is secured, including but not limited to:
Effective Date: May 25, 2018