This policy (together with our terms and conditions and any other documents referred to on it) sets out the basis on which any personal data We collect from “You”, or that You provide to Us, will be processed by Us. Please read the following carefully to understand our views and practices regarding Your personal data and how We will treat it. By visiting https://www.letshost.ie/ You are accepting and consenting to the practices described in this policy.
For the purpose of the General Data Protection Regulation (“GDPR”), the data controller is Digital Media Internet Services Limited trading as LetsHost (“LetsHost”) of 2nd Floor, 5 Ellis Quay, Dublin 7, D07C2YP. The information and data You provide in connection with the registration of the various services of LetsHost (the “Services”), will be processed in accordance with the provisions of the GDPR. LetsHost is fully committed to data protection, is compliant with the Data Protection Acts 1988 & 2003.
We will comply with the GDPR. The GDPR states that the personal data We hold about You must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that We have clearly explained to You and not used in any way that is incompatible with those purposes.
- Relevant to the purposes We have told You about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes We have told You about.
- Kept securely.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about You:
- Information You give Us. When making a purchase with LetsHost, We will collect Your contact information, which includes, name, address, telephone number, email, payment information and IP address. We may also retain records of your queries and correspondence in the event you contact us e.g. by email or support ticket.
- If you provide us with personal data about a third-party (e.g. when registering a domain on their behalf), you warrant that you have obtained the express consent from the third-party for the disclosure and use of their personal data.
The legal basis for this processing is the performance of a contract between you and Us and/or taking steps, at your request, to enter into such a contract.
- We may also collect information from the cardholder of another member of Your household.
The legal basis for this processing is consent, namely providing you with the Services you have requested.
- Information We collect about You. With regard to each of Your visits to our site We will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about Your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products You viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
The legal basis for this processing is our legitimate interests, namely monitoring and improving our Website and services.
- If You contact Us, We keep a record of that correspondence, for the purposes of communicating with you and record-keeping.
The legal basis for this processing is our legitimate interests, namely being able to contact you and keep our records up to date.
- Other information to help Us provide You with improved services;
The legal basis for this processing is our legitimate interests, namely our interest in the proper administration of our Website and business and improving the services We provide to You.
This data will be collectively referred to as “Personal Data”.
LetsHost will only process Personal Data where it is strictly necessary to provide the Services.
USES MADE OF THE INFORMATION
We use information held about You in the following ways:
- To help Us identify You and the accounts You hold with Us;
- To provide customer care;
- To enable Us to review, develop and improve Our services and Website;
- To carry out our obligations arising from any contracts entered into between You and Us and to provide You with the information, products and services that You request from Us;
- To carry out marketing and statistical analysis;
- to provide You with information about other goods and services We offer that are similar to those that You have already purchased or enquired about;
We will only contact You about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to You. If You would like to change Your communication preferences to opt in or out of receiving specific communications, You can manage this in Your Online Control Panel:
- To display targeted, or interest based, offers to You based on those products already purchased;
- To notify You about changes to our service; and
- To ensure that content from our site is presented in the most effective manner for You and for Your computer.
OTHER PROCESSING ACTIVITIES
In addition to the specific purposes for which We may process your Personal Data set out above, We may also process any of Your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to Us, unless We prompt You to do so.
INFORMATION WE RECEIVE FROM OTHER SOURCES
- LetsHost works alongside third parties (including business partners, service providers and fraud protection services) and We may receive information from them about You. We will combine this information with information You give to Us and information We collect about You. We will use this information and the combined information for the purposes set out above (depending on the types of information We receive).
DISCLOSURE OF YOUR INFORMATION
You agree that We have the right to share Your Personal Data with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
- Selected third parties including:
a) business partners, suppliers and sub-contractors for the performance of any contract We enter into with them or You;
b) advertisers and advertising networks that require the data to select and serve relevant adverts to You on other websites. Our third party partners may use technologies such as cookies to gather information about Your activities on this Site and other websites in order to provide You with advertising based upon Your browsing activities and interests, and to measure advertising effectiveness. If You wish to opt out of interest based advertising, click here. Please note You will continue to receive generic adverts;
c) analytics and search engine providers that assist Us in the improvement and optimisation of our site;
d) the requisite Registry for the domain name you have purchased (where applicable). The directory of all TLDs is available online here:
We will disclose Your Personal Data to third parties:
a) In the event that We sell or buy any business or assets, in which case We will disclose Your Personal Data to the prospective seller or buyer of such business or assets.
b) If LetsHost or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
c) If We are under a duty to disclose or share Your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of LetsHost, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
DOMAIN REGISTRATION DATA IN THE PUBLIC WHOIS
In order to provide you with certain domain extensions, We are required to send your Personal Data to the Registry responsible for that domain extension. The details of the Registry providing specific extensions can be found here. The Registry or Registrar which We contract with to register the domains may publish your Personal Data in the online directory known as the Whois. We are required to adhere to the Whois policy set by ICANN.
In order to register a domain name you may be requested, depending on the domain registry requirements, to supply personal information such as name, address, telephone number, email, identity document and utility bill. Under the GDPR, LetsHost is a “processor” of this personal data as we pass this on to the domain registrar/registry (the “controller) at your instruction. Depending on the top level domain you require the domain registry may be outside of the EU/EEA.
WHERE WE STORE YOUR PERSONAL DATA
Information You provide to Us is usually stored on our secure servers inside the European Economic Area (‘EEA’). Your personal data is processed in LetsHost Offices and Data Centre facilities located in Ireland (Dublin) and London (UK). The Security of your data is important to us and we take appropriate technical and organisational measures to protect it.
If you are based outside of the EEA and you have chosen to have your data stored in a data centre outside of the EEA we will inform you.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect Your Personal Data, We cannot guarantee the security of Your data transmitted to our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EEA
Your Personal Data may be transferred outside of the EEA in order to carry out the services We provide to you.
The lawful basis for this processing will either be: (a) on the basis of your informed consent; or (b) necessary for the performance, fulfilment and administration of a contract/order: (i) between you and LetsHost; or, (ii) where, at your request, We act on your behalf to provide your Personal Data to a third party in order to enter into a contract with them (for example where We provide your contact details to a domain name registry outside of the EEA to assist you in the registration of a local country code domain name).
All transfers of Your Personal Data outside of the EEA will be protected by appropriate safeguards.
Where Your Personal Data is transferred outside of the EEA, We will ensure that either (a) The European Commission has made an “adequacy decision” with respect to the data protection laws of the country to which it is transferred, or (b) We have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data in compliance with the GDPR.
PRIVACY SHIELD. To the extent that the EU-U.S. Privacy Shield remains in effect and enforceable under applicable EU laws, LetsHost shall adhere to the framework and principles of the EU-U.S. Privacy Shield with regard to its processing of Your Personal Data.
Our Websites and services are not directed at individuals under the age of sixteen (16). We will not intentionally collect or maintain information about these individuals. If you believe that We may have collected Personal Data from someone under the age of 16, please let Us know by emailing email@example.com.
HOW LONG WE STORE YOUR PERSONAL DATA
We will retain your information for as long as needed to provide you with the Services or as long as needed to fulfil the purpose for which the Personal Data was originally collected. We may also be required to retain certain information by law and/or for legitimate business purposes (for example, VAT records). After we have fulfilled our obligations, under Irish law, we are required to keep your documents for a further 6 years. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
YOUR PERSONAL DATA AND SECURITY
In line with our Information Security Policy LetsHost take all reasonable steps including appropriate technical and organisational measures to protect your Personal Data.
You may instruct Us to provide You with any Personal Data We hold about you, provided Your request is not found to be unfounded or excessive, in which case a charge may apply.
We may withhold personal information that you request to the extent permitted by law.
You may instruct Us at any time not to process your Personal Data for marketing purposes.
The rights you have under the GDPR are:
- the right to access;
You have the right to ask Us to confirm whether or not We process your Personal Data and, to have access to the Personal Data, and any additional information. That additional information includes the purposes for which We process your data, the categories of Personal Data We hold and the recipients of that Personal Data. You may request a copy of your Personal Data. The first copy will be provided free of charge, but We may charge a reasonable fee for additional copies.
- the right to rectification;
If We hold any inaccurate Personal Data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete Personal Data about you completed.
- the right to erasure;
In certain circumstances you have the right to have Personal Data that We hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for Us to hold those Personal Data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the Personal Data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
- the right to restrict processing;
In certain circumstances you have the right for the processing of your Personal Data to be restricted. This is the case where: you do not think that the Personal Data We hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for Us to hold your Personal Data for the purposes of our processing, but you still require that Personal Data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, We may continue to store your Personal Data. However, We will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- the right to object to processing;
You can object to Us processing your Personal Data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in Us; or the purposes of our legitimate interests or those of a third party. If you make an objection, We will stop processing your Personal Data unless We are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
- the right to data portability;
You have the right to request that your Personal Data be moved, copied or transferred from one database, storage or IT environment to another.
- the right to complain to a supervisory authority;
If You think that our processing of Your Personal Data infringes data protection laws, You can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of Your habitual residence, Your place of work or the place of the alleged infringement.
- the right to withdraw consent; and
To the extent that the legal basis We are relying on for processing Your Personal Data is consent, You are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- the right to object to direct marketing
You can choose whether We process Your Personal Data for direct marketing purposes. If You do not want Us to process Your Personal Data for direct marketing purposes, We will not process Your Personal Data for this purpose. You can exercise Your right to prevent such processing by checking certain boxes on the forms We use to collect Your Personal Data in Your Online Control Panel.
If You wish to:
- Request access to, deletion of or correction of, Your Personal Data. Please contact Us to arrange this at firstname.lastname@example.org and request a Data Subject Access Request Form. We must make You aware that due to regulations which control the use of the internet, Registries such as IEDR and ICANN may not delete Your information until a period of time has lapsed.
- Request that Your Personal Data be transferred to another person. You can exercise this right by contacting Us at email@example.com and request a Data Subject Access Request Form and request that Your Personal Data be transferred; and
- Complain to the Data Protection Commissioner (DPC). The DPC website which contains the processes for raising a complaint can be found here: https://www.dataprotection.ie/en/individuals/raising-concern-commission. We would ask that where possible You contact Us at firstname.lastname@example.org in the first instance so We can attempt to resolve any issues You may have.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If You follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before You submit any Personal Data to these websites.
PERSONAL DATA MANAGED BY OUR CLIENTS
“Client” is the customer of LetsHost to whom We provide the various Services our business offers.
“Client Customer Data” is the Personal Data belonging the parties with whom our Client has a relationship. We have no direct relationship with the parties whose Client Customer Data is processed by our Clients.
If you are aware that your Personal Data has been provided to a Client of ours who has a Service with Us, then please read ‘DISCLOSURE OF YOUR INFORMATION’ section above.
Our Clients use the Service to host, transmit or process data on our hosting platform and this, may include personal data of their own customers with whom they have a contractual relationship (Client Customer Data).
In line with the Service agreement, our Clients retain responsibility for setting standards and for managing security of all data they upload to our platform and that includes Client Customer Data. The security, including encryption of data prior to transmission to our network and confidentiality of their accounts and access to our platform, remains the responsibility of our Clients.
We provide the Services directly to our Clients, and have no direct relationship with the parties whose Client Customer Data is processed by our Clients. Our customers take responsibility for all Client Customer Data that they process and for complying with relevant data protection legislation.