Over a year ago,
- Our Data Processing Agreement (DPA), which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to.
Processing of your personal data
1. You Provide Minimum Data And Are In Control Of It
The first thing you need to know is that we collect the minimum data needed to provide our stellar service. When you sign up with
2. We Share Your Data With Secure Partners Only
To provide all services around your hosting account we share some of your data with external providers like domain registrars, SSL providers, and content delivery network (CDN) providers. All such partners are either natively GDPR-compliant themselves or have signed a special contract with us to meet our data protection standards.
3. You Control Your Email Subscription Preferences
If you’ve given us your express consent, we also use your email address to share tips, special offers, and to announce new products. This consent can be withdrawn or modified at any time through the “my details” section of your user area.
4. We Keep Only Aggregated Browsing Data
Processing of the data uploaded on your account
As a hosting
1. Transparent Security Measures
One of our main responsibilities as an entity processing information, uploaded on our servers by our customers, is to provide adequate security measures. The DPA has them listed in the form of an official document (Annex 2 of DPA).
2. Minimum Access Principle
The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.
3. We Provide Access To Secure Partners Only
Sometimes our partnering companies need access to the data uploaded on our servers so that we can provide our service. Our data center partners are an example of such a partnering company. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.
4. Any Personal Data Breach Is Timely Disclosed
Our DPA responsibilities include timely disclosure by DotSA, if a personal data breach is detected by us to have happened on the servers used by our clients. We are obliged to notify our affected customers within 72 hours.
5. Any End User GDPR Requests Are Appropriately Passed On
Also if DotSA receives a request by an individual, using a website hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll redirect them to the site owner.
6. Our DPA Helps You Become GDPR-Compliant
Our new DPA does not make sites hosted by us GDPR compliant on its own. Our customers, as site owners, are solely responsible to apply the GDPR principles in processing their European users’ personal information. However, even if you have done your part on making your website GDPR compliant, it will not be fully there, unless your hosting provider has a DPA. At DotSA we are proud to have this covered for everyone from day one of the GDPR launch.