Data Controller

HCI Data Ltd is a Data Controller of your personal data. HCI Data Ltd has less than 250 employees and is exempt from maintaining records of all processing activities.

HCI Data Ltd is also Data Processor. HCI Data Ltd is the Data Processor for HCI Data Ltd and the following will include the necessary disclosures for processing that data. HCI Data Ltd could be a Data Processor for its clients. See the section Data Processor for additional information.

How HCI Data Ltd Uses and Processes Your Personal Data

HCI Data Limited adheres to the six principles relating to processing of personal data as defined in the GDPR Chapter II - Article 5 - paragraph 1.

What are the six principles relating to processing of personal data? The six principles were put in place to make sure that your information is handled properly. They say that data must be:

lawfulness, fairness and transparency

In order to provide a client with services we need to obtain information that could include personal data. The information we process will include a name and/or job title, a postal address, an e-mail address and a telephone number. In GDPR terms, we are collecting and processing the necessary personal data in order to fulfil a contract. This web page details HCI Data Ltd's processing of your personal data to ensure tranparenency of data processing.

purpose limitation

Any personal data is only processed in connection with HCI Data Limited's business to

• provide quotations
• communicate with a client or a potential client who has initiated a request to HCI Data Ltd
• maintain records of a clients services that are provided by HCI Data Ltd
• issue invoices and statements of account
• remind clients when a service is about to expire and requires renewing or cancelling
• verify a client's identity before carrying out a client's instructions

If a client has a domain name HCI Data Ltd will send the information, as your agent, as required to the registrar for the domain. The registrars we use are:

• CSL Computer Service Langenbach GmbH
• Nominet UK
• JISC

data minimisation

We only ask for the amount of information that is required to

• contact you
• verify that you are who you claim to be
• quote for, or provide a specified service
• have confidence that you will pay any invoices issued for services provided by HCI Data Limited
• meet the requirements of other organisations (for example Domain Name Registrars) in connection with services that you have enquired about or ordered through HCI Data Limited

accuracy

From 2005 HCI Data Limited has been notifying clients and potential clients, at regular intervals, of the data we hold and requesting them to verify the information is correct

storage limitation

Any information that is no longer required for the purpose it was collected will be destroyed as soon as is practicable. Personal information (e.g. name and address) my appear on invoices and other documents. These documents may be kept for several years as required by Government bodies such as HMRC.

integrity and confidentiality

All data stored on computers can only be accessed with password protection. Passwords are only supplied to those employees who have to process the data.

Additional Rights

You have the right to request to see what personal information we have about you and the right to correct any inaccuracies

Personal Data Stored Outside the EU

Currently, all data is stored on computers located in England.

Special or Sensitive Personal Data

HCI Data Ltd does not request, store or process special or sensitive person data of its clients except that your voice could be recorded on a telephone answer machine. Audio recordings of voices are considered biometric data relating to physical, physiological or behavioural characteristics of individuals that can be used to uniquely identify them. HCI Data Ltd deletes voice recording as soon as the verbal information in the message is no longer required. This is usually after the call has been returned or the verbal instructions or request has been transcribed.

Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is only required when the processing is likely to result in a high risk to the rights and freedoms of natural persons (Article 35(1) of the GDPR).

More than 95% of HCI Data Ltd's clients are corporate bodies. This limits dramatically the amount of personal data collected and processed by HCI Data Ltd. The predominant personal data processed is the name of a person. Most addresses are business addresses as are telephone numbers and e-mail addresses. Therefore, the impact of a breach on the security of personal information is low.

Copies of data collected about individuals is kept in more than one physical location so it will be easy to provide individuals with a copy of the information HCI Data Ltd has collected.

Access to personal data is protected in a variety of ways. This includes encryption, passwords and physical security.

Due to the forgoing, HCI Data Ltd considers that the processing does not result in a high risk to the rights and freedoms of natural persons and, therefore, a more comprehensive DPIA is not required.

Eight Principles From the Data Protection Act 1998

These have been superseded by six data protection principles of the GDPR.

What are the eight principles of "good information handling"? The eight principles were put in place to make sure that your information is handled properly. They say that data must be:

fairly and lawfully processed

In order to provide a client with services we need to obtain information that could include personal data. The information we process will include a name and/or job title, a postal address, an e-mail address and a telephone number. In GDPR terms, we are collecting and processing the necessary personal data in order to fulfil a contract.

processed for specified purposes

Any personal data is only processed in connection with HCI Data Limited's business to

• provide quotations
• communicate with a client or a potential client who has initiated a request to HCI Data Ltd
• maintain records of a clients services that are provided by HCI Data Ltd
• issue invoices and statements of account
• remind clients when a service is about to expire and requires renewing or cancelling
• verify a client's identity before carrying out a client's instructions

If a client has a domain name HCI Data Ltd will send the information, as your agent, as required to the registrar for the domain. The registrars we use are:

• CSL Computer Service Langenbach GmbH
• Nominet UK
• JISC

adequate, relevant and not excessive

We only ask for the amount of information that is required to

• contact you
• verify that you are who you claim to be
• quote for, or provide a specified service
• have confidence that you will pay any invoices issued for services provided by HCI Data Limited
• meet the requirements of other organisations (for example Domain Name Registrars) in connection with services that you have enquired about or ordered through HCI Data Limited

accurate

From 2005 HCI Data Limited has been notifying clients and potential clients, at regular intervals, of the data we hold and requesting them to verify the information is correct

not kept for longer than is necessary

Any information that is no longer required for the purpose it was collected will be destroyed as soon as is practicable. Personal information (e.g. name and address) my appear on invoices and other documents. These documents may be kept for several years as required by Government bodies such as HMRC.

processed in line with your rights

You have the right to request to see what personal information we have about you and the right to correct any inaccuracies

secure

All data stored on computers can only be accessed with password protection. Passwords are only supplied to those employees who have to process the data.

not transferred to countries without adequate protection

Currently, all data is stored on computers located in England.

Data Processor

HCI Data Ltd is a Data Processor for HCI Data Ltd and some of its clients.

HCI Data Ltd as Data Processor for HCI Data Ltd

See above for any necessary disclosures of processing.

HCI Data Ltd as Data Processor for Clients

HCI Data Ltd could store personal data for clients. The most common form of personal data is e-mail addresses. An e-mail address of a domain hosted by HCI Data Ltd may be personal data. If e-mail forwarding is used then HCI Data Ltd may also be holding personal data in the form of the destination e-mail address. This is the major processing HCI Data Ltd performs on e-mail addresses. HCI Data Ltd also provides services to update e-mail forwarding which can result in the creation, amendment and deletion of e-mail addresses. Creation, amendment and deletion of e-mail addresses is controlled by the client.