Uniqu Ltd is committed to ensuring your safety and security while using our services.
As an organisation providing hosting services to other organisations, our remit extends into Data Processing. Such activity is referenced throughout this policy.
2. Information collected
a) We collect information from a number of sources. To provide services to you, to handle support requests and to allow us to respond to general enquiries, you will have submitted some personally identifiable data to us. This is considered to be account information. You are free to submit as much or as little account information as required to operate your account.
As we run loosely-coupled web sites under the domains mentioned in section 1, information you submit when registering on any of those websites will relate to the domain name in which you submit it. For example, if you register an account at hosting.uniqu.uk, you only have a user account in that subdomain. You may need to register an additional account within another domain or subdomain of Uniqu Ltd. These additional registrations are considered in aggregate as account information, therefore a request to be forgotten is from you to us, not from you to one subdomain/website of ours, but not another.
b) In addition to account information, we collect usage data. This includes:
- Log data, which includes your IP address, operating system, web browser, geographic region and timezone
- Metadata relating to use of our website(s) such as visit duration, pages requested, date and time of visit and referral page
- Information you submit into one of our services and/or websites may be collected and attributed to your account information, or usage data.
- Additional information provided to us that may relate to you, that we have obtained from elsewhere or that has been provided to us, such as during an event, from a survey, from any other activity in which you participate or submit data, or from any other communication, may be attributed to usage data or account information.
- As a Data Processor, we also collect data uploaded to our servers. For example, on our business tier of hosting services, we provided automated backups. Therefore, one or more copies of the data stored on the hosting server are kept on the backup server. For more information on this, see Data Retention.
3. How information is used
Account information and usage data (collectively, “information”) is used in a variety of ways:
- For the continued provision of services, our website(s) and for business operations
- For regulatory, compliance or legal reasons
- In communication with you
- To help inform us when developing new products, services and features
- For billing & other account management activity
- When investigating security-related issues
In addition, as Data Processor we process and store the data submitted to us by our clients, and their clients, contacts and systems. This processing is performed strictly according to instruction by our clients, and for no other reason. This data is not analysed, inspected or profiled in any way, nor are any subsets of this data extracted, analysed or used for any purpose whatsoever.
4. Data retention
Uniqu retains all data indefinitely, and a record of the retained data is kept. If the data is deleted, we will have a record of this. Otherwise, it is backed up in long-term storage, and periodically purged as part of our internal, long-term archival programme.
5. Information security
Information is not shared with third parties, unless we, as a Data Controller, need to hand over the processing of that data. An example is in the use of accounting systems, for which we use a third party and by necessity transfer information to that third party. See section 8 International Transfers for more information.
We operate two tiers of information security: as a Data Controller, and as a Data Processor. This reflects our dual positions as development agency, and hosting company, respectively.
We operate as a Data Controller in respect of the data we manage about our customers, suppliers and other contacts, including all account information, usage data, financial history, system information, design work, system schemas, source code and so on (contact data).
We operate as a Data Processor at two levels:
- As an agency business, with its own computing resource for the processing, storage and retrieval of our own contact data; and
- As a hosting business, providing the computing resource for the processing, storage and retrieval for our clients who host their contact data with us. In this instance, our clients are the Data Controllers of the data hosted on our service(s).
6. Understanding multi-agency arrangements
If you are a direct hosting customer of Uniqu (specifically, if you buy hosting services from us), we are the Data Controller of that relationship’s data (i.e. our relationship with you), and we the Data Processor of the data sent to your designated hosting service(s).
If you are an agency, and the hosting space you buy from us is not for your use but for the use of your client – say, an online retailer, we are the Data Controller in terms of your information, and we are the Data Processor for your client’s data. Unless you have a special contractual arrangement with your client that makes you the Data Controller, your client is the Data Controller of that data hosted on our service(s), and you are the facilitator – an agent, who will have arranged the hosting on their behalf.
Many web development agencies will have access to the full server or the full hosting environment that we provide. In this situation, you (as an agency) will provide the software tools, scripts and so on, or will request that such software be installed in the server or hosting environment, in order to correctly process your client’s data. We will still manage any data in relation to our account with you and keep records of your requests on behalf of your client. We and you accept that you are acting in good faith on behalf of your client(s).
7. Updates to this policy
8. Data Transfers
Uniqu attempts to collect, store and process all data in-house. However, like millions of other small businesses, we sometimes need a little help.
We use the Xero product (xero.com) for our financial accounting. In order to process our financial records, it is necessary to share customer data with Xero, for the purposes of processing that data. As such, we act as the Data Controller but Xero is our Data Processor in this regard. We only submit data that is necessary to produce accounts which are to UK standard, and otherwise minimise the storage of any personal data.
Transfers of data to international domains are subject to the regulatory requirements of, and bilateral agreements relating to, those jurisdictions, such as the EU-US privacy shield.
In addition, we use Directli to process our Direct Debit mandates. We share a limited set of customer data with Directli, who processes it in accordance with Data Protection Law in the UK. Directli’s address is Directli Limited, Great Northern House, Great Northern Terrace, Lincoln, LN5 8HJ. They can be found at https://www.directli.co.uk.
9. Data Protection Officer
Due to its size, Uniqu does not currently have an appointed DPO.
However, in anticipation of company growth and of any enquiries relating to this policy or our data management, please contact firstname.lastname@example.org
10. Data Protection Authority
Uniqu Ltd is a company registered in England & Wales, no 4323680. The Data Protection Authority in the UK is the Information Commissioner’s Office (https://ico.org.uk). Uniqu is registered with the ICO.
11. Contact Us
To contact us, you can:
- For general enquiries, email email@example.com
- Fill out our contact form
- Telephone us: +44 (0) 1252 560855