GDPR Policy

What is GDPR and how will it affect you?

The new European Union General Data Protection Regulations (GDPR) will commence as of 25th May 2018, and will impact all organisations that hold or process personal data.

The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.

What is Steel City Digital doing to comply with GDPR laws?

Steel City Digital is committed to the highest standards of information security, privacy and transparency. Steel City Digital ensures that a high priority is placed on protecting and managing all data, and will comply with all applicable regulations and ensure that as a data processor all contractual obligations for our products and services are met.

At Steel City Digital we have been working hard to make sure we are compliant. We want to share with our customers some of the key points and commitments we are making.

Steel City Digital has four main areas of focus to prepare for GDPR which is being overseen by the management team.

  • Develop compliance plans and strengthen current platform.

  • Introduce programmes to support compliance.

  • Streamline organisational processes.

  • Provide services and solutions for customers in a compliant GDPR manner

At Steel City Digital, compliance is a responsibility shared across multiple areas within the business who are also adapting processes in preparation for GDPR.

What are Steel City Digital’s Commitments?

The definition of a data processor under GDPR is a person or organisation who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal development processing.

As a data processor (your data which is on our services) we commit to:

  • Processing data solely for the purposes of providing our services: Steel City Digital will never use this data for anything other than the essential operation of the service i.e. not for marketing or data mining.
  • Informing you should we ever use a subcontractor to process your personal data.
  • Reporting any data breach to you without undue delay (caused by our actions as a processor).
  • Helping you to meet your regulatory obligations by providing reasonable documentation about our services.
  • Securely storing your data and applying strict security standards and processes.

The definition of a data controller under GDPR is simply the organisation (a legal person, agency, public authority etc) or the natural person which, alone or depending on the organisation and personal data processing activity, in collaboration with others defines what needs to happen with the person’s data and plays an important role with regards to personal data protection.

As a data controller (the data we hold about you to provide you with the service you need) we commit to:

  • Only requesting and storing the personal data that is necessary for us to provide the service to you.
  • Not transferring this data to third parties, other than to companies associated with U Steel City Digital and if any data is transferred outside the EU only in accordance with strict corporate data rules that are in compliance with GDPR.
  • Only using that data for the purpose it was collected for; e.g. we do not sell your data on to other companies.
  • Securing this data with technical and procedural standards to ensure a high level of security.
  • Retaining this data for only as long as necessary.

GDPR FAQs

There are 6 principles within the GDPR framework, these are:

  • Lawfulness, fairness and transparency
  • Purpose limitations
  • Data minimisation
  • Accuracy
  • Storage limitations
  • Integrity and confidentiality

Where is my data held and is it ever transferred outside the EU?

As a data controller (the data we hold on you as a customer) your data is held in the UK. Data may be accessed from locations outside the EU for the purposes of providing essential services as part of the contract, but only in accordance with binding corporate data rules that are in compliance with GDPR.

As a data processor (the data you hold on our servers);

If your data is held on a VPS, dedicated server or managed solution, it is held in the location you requested upon deployment of your service. If this is outside the EU then the data will also be held outside of it. If the location this information is deployed to is inside the EU then the data is only stored where you requested - in the unlikely event of having to transfer this data outside of the EU adequate notice would be given to you, and would only be in response to a very exceptional circumstance.

If your data is held as part of a shared hosting service it will be held in the UK on one of our servers.

If this is an ancillary service, in some cases data may be held outside the EU but only in accordance with strict contractual obligations to satisfy GDPR regulation.

How does Steel City Digital secure my data?

We use a number of techniques and processes to ensure that data is secured, including but not limited to;

  • Vulnerability scanning
  • Two-factor authentication
  • Role-based access controls
  • Firewalls and ACLs
  • Static analysis
  • Network monitoring and intrusion detection
  • Patch management processes

Breach Notifications

Under the GDPR, Steel City Digital is required to report data breaches to the ICO (Information Commissioner’s Office) within 72 hours. As part of our procedures, appropriate communications will be made, including notifications to all affected parties

© Copyright 2018 - Steel City Digital Limited | Company registered in England and Wales number 10861635 - VAT reg - GB 281757670