Privacy Policy

How we manage your data

Privacy Policy

Uniqu Ltd is committed to ensuring your safety and security while using our services.

Please read the following privacy policy carefully, and contact us if you have any concerns.

1. Scope

This Privacy Policy applies to services provided by Uniqu Ltd under the domain names uniqu.uk, warpuni.com and warphost.net.  All services provided by us are made available for customers to use within these domains, or any subdomains therein (e.g. status.uniqu.uk, server.warphost.net).  This policy applies to services and any other interactions with people.  As this policy applies to those interactions, anyone interacting with Uniqu’s services are deemed to have accepted this policy.  If you do not accept this policy, do not access services provided by Uniqu.

This policy does not cover services provided by any third party, who should have their own agreement with you, privacy policy or statement of terms relating to the use of your personal data. 

As an organisation providing hosting services to other organisations, our remit extends into Data Processing.  Such activity is referenced throughout this policy.

2. Information collected

a) We collect information from a number of sources.  To provide services to you, to handle support requests and to allow us to respond to general enquiries, you will have submitted some personally identifiable data to us.  This is considered to be account information.  You are free to submit as much or as little account information as required to operate your account.  

As we run loosely-coupled web sites under the domains mentioned in section 1, information you submit when registering on any of those websites will relate to the domain name in which you submit it.  For example, if you register an account at hosting.uniqu.uk, you only have a user account in that subdomain.  You may need to register an additional account within another domain or subdomain of Uniqu Ltd.  These additional registrations are considered in aggregate as account information, therefore a request to be forgotten is from you to us, not from you to one subdomain/website of ours, but not another.

b) In addition to account information, we collect usage data.  This includes:

  • Log data, which includes your IP address, operating system, web browser, geographic region and timezone
  • Metadata relating to use of our website(s) such as visit duration, pages requested, date and time of visit and referral page
  • We make use of cookies in your web browser which can help us both collect information, and store information on your machine.
  • Information you submit into one of our services and/or websites may be collected and attributed to your account information, or usage data.
  • Additional information provided to us that may relate to you, that we have obtained from elsewhere or that has been provided to us, such as during an event, from a survey, from any other activity in which you participate or submit data, or from any other communication, may be attributed to usage data or account information.
  • As a Data Processor, we also collect data uploaded to our servers.  For example, on our business tier of hosting services, we provided automated backups.  Therefore, one or more copies of the data stored on the hosting server are kept on the backup server.  For more information on this, see Data Retention. 

3. How information is used

Account information and usage data (collectively, “information”) is used in a variety of ways:

  • For the continued provision of services, our website(s) and for business operations
  • For regulatory, compliance or legal reasons
  • In communication with you
  • To help inform us when developing new products, services and features
  • For billing & other account management activity
  • When investigating security-related issues

In addition, as Data Processor we process and store the data submitted to us by our clients, and their clients, contacts and systems.  This processing is performed strictly according to instruction by our clients, and for no other reason.  This data is not analysed, inspected or profiled in any way, nor are any subsets of this data extracted, analysed or used for any purpose whatsoever.

 4. Data retention

Uniqu retains all data indefinitely, and a record of the retained data is kept.  If the data is deleted, we will have a record of this.  Otherwise, it is backed up in long-term storage, and periodically purged as part of our internal, long-term archival programme. 

5. Information security

Information is not shared with third parties, unless we, as a Data Controller, need to hand over the processing of that data.  An example is in the use of accounting systems, for which we use a third party and by necessity transfer information to that third party.  See section 8 International Transfers for more information.

We operate two tiers of information security: as a Data Controller, and as a Data Processor.   This reflects our dual positions as development agency, and hosting company, respectively.

We operate as a Data Controller in respect of the data we manage about our customers, suppliers and other contacts, including all account information, usage data, financial history, system information, design work, system schemas, source code and so on (contact data).

We operate as a Data Processor at two levels:

  • As an agency business, with its own computing resource for the processing, storage and retrieval of our own contact data; and
  • As a hosting business, providing the computing resource for the processing, storage and retrieval for our clients who host their contact data with us.  In this instance, our clients are the Data Controllers of the data hosted on our service(s). 

6. Understanding multi-agency arrangements 

If you are a direct hosting customer of Uniqu (specifically, if you buy hosting services from us), we are the Data Controller of that relationship’s data (i.e. our relationship with you), and we the Data Processor of the data sent to your designated hosting service(s).  

If you are an agency, and the hosting space you buy from us is not for your use but for the use of your client – say, an online retailer, we are the Data Controller in terms of your information, and we are the Data Processor for your client’s data.  Unless you have a special contractual arrangement with your client that makes you the Data Controller, your client is the Data Controller of that data hosted on our service(s), and you are the facilitator – an agent, who will have arranged the hosting on their behalf.  

Many web development agencies will have access to the full server or the full hosting environment that we provide.  In this situation, you (as an agency) will provide the software tools, scripts and so on, or will request that such software be installed in the server or hosting environment, in order to correctly process your client’s data.  We will still manage any data in relation to our account with you and keep records of your requests on behalf of your client. We and you accept that you are acting in good faith on behalf of your client(s).

7. Updates to this policy

Uniqu Ltd reserves the right to review and update this Privacy Policy and any other information or data policy periodically.  It is your responsibility to check this policy from time to time, and to contact us if you have any concerns about the actions we take as Data Controller or Data Processor, in relation to you, your data, or your client’s / clients’ data. 

8. Data Transfers

Uniqu attempts to collect, store and process all data in-house.  However, like millions of other small businesses, we sometimes need a little help.  

We use the Xero product (xero.com) for our financial accounting.  In order to process our financial records, it is necessary to share customer data with Xero, for the purposes of processing that data.  As such, we act as the Data Controller but Xero is our Data Processor in this regard.  We only submit data that is necessary to produce accounts which are to UK standard, and otherwise minimise the storage of any personal data.

However, for reference we link you to Xero’s privacy policy here: https://www.xero.com/uk/about/terms/privacy/ and it’s GDPR help page, here: https://www.xero.com/uk/campaigns/xero-and-gdpr/

Transfers of data to international domains are subject to the regulatory requirements of, and bilateral agreements relating to, those jurisdictions, such as the EU-US privacy shield.

In addition, we use Directli to process our Direct Debit mandates.  We share a limited set of customer data with Directli, who processes it in accordance with Data Protection Law in the UK.  Directli’s address is Directli Limited. Our address is Great Northern House, Great Northern Terrace, Lincoln, LN5 8HJ.  They can be found at https://www.directli.co.uk.

9. Data Protection Officer

Due to its size, Uniqu does not currently have an appointed DPO.  

However, in anticipation of company growth and of any enquiries relating to this policy or our data management, please contact dpo@uniqu.uk

10. Data Protection Authority

Uniqu Ltd is a company registered in England & Wales, no 4323680.  The Data Protection Authority in the UK is the Information Commissioner’s Office (https://ico.org.uk).  Uniqu is registered with the ICO.

11. Contact Us

To contact us, you can:


Last updated 20 July 2018

Unique knowledge, universal application:

Get our newsletter, and stay in the loop.

Subscribe

Serious Servers

Get speed, security and support, with our superb web hosting.

Engage

Creative Solutions

Have a problem, and no-one else can help? You should hire.. us!

Explore

Get Trading

Interested in ecommerce? Consult with us before making a costly mistake.

Expand

Be Unique. Be Universal. Be You.

Uniqu is a full-stack digital agency, providing design, development, hosting and support. Our holistic view on your digital communications means users can engage with your services and identify with your branding.