Last Updated: 2018-05-20
'We' or 'Bubbly Clouds' refers to James Acres and the collection of services personally offered to you by James Acres from bubblyclouds.co.uk or bubblyclouds.com
'You' refers to any user(s) and customer(s) of our services
It is also designed to help you understand your own role as a data controller when you decide to run your own services using our products.
If you are a visitor and not a customer of ours, providing your personal data to us is not a contractual requirement. You can choose not to provide this information; however, you might not be able to gain access to our information, services or products.
When placing an order with us you enter a contract with us to become a customer of ours. In this scenario Bubbly Clouds has the legal basis to become a controller of the necessary personal data we are required to collect from you in order to provide you with the service you ordered, collect payment and keep you notified of renewals etc.
We are only data controllers of our own customers' data. Bubbly Clouds has the role of data processor when our customers use the products we provide to them to run their own services. Our customers are data controllers when using our products to provide their own services to their own users.
All our systems collect data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur.
Within 72 hours of becoming aware of a personal data breach we will notify the UK's ICO and if this is of high risk of adversely affecting individuals’ rights and freedoms we will notify those individuals.
If one of our sub-processors notify us about a breach that impacts our customer's data we will notify them.
When using our web hosting products. Bubbly Clouds customers are data controllers and Bubbly Clouds is a data processor in this scenario.
Our products can be used by our customers to store personal information about their own customers and users. As a customer of ours it is your responsibility to decide what data you expose to us. It is your responsibility to provide your users with the necessary means to retrieve, review, correct, or remove their personal data in a similar way to how we do this for you as a Bubbly Clouds customer.
Bubbly Clouds provides you with tools for you to monitor web server logs to detect suspicious activity, but as you are in control of your own application setup it is up to you to install your own monitoring to prevent and detect breaches. We can advise you how to do this, but we can't do this for you as the services we offer are unmanaged.
As a customer of Bubbly Clouds it is your responsibility to comply with all applicable laws and your internal policies relating to such personal data collection, and providing notices and obtaining any necessary consents from your users.
Bubbly Clouds does not control how our customers process data, configure their applications, and so on. It is up to the customer to maintain high security standards for the applications they configure and we require this in our Terms of Service.
You bear sole responsibility for maintaining the security of any environments maintained under your account(s). You are solely responsible for ensuring compliance with any and all applicable privacy guidelines and regulations for all jurisdictions in which you may operate with respect to appropriate practices for the collection, storage, and dissemination of personal information using your Bubbly Clouds service. In no event shall Bubbly Clouds be held liable for your failure to adopt and/or practice appropriate measures for safeguarding personal information stored within or transmitted through your Bubbly Clouds service.
|Type of Personal Data||Purpose(s) for Processing||Legal Basis for Processing|
Identity Data includes first name, last name, company name, email and username, and passwords (hashed).
Contact Data - includes billing/delivery address, email address and telephone numbers.
Financial Data - Card details, bank account and other payment details are collected and used by our third party payment providers on their own servers only, our servers do not come into contact with these details.
This is for purposes of completing your purchase with us so we can provide you with the service you ordered from us.
We will keep records of all our contact with you via email and via the support ticketing system. You can view our historical emails in your client area.
|Processing is necessary for the performance of a contract or to enter into such a contract with you.|
Marketing and Communications Data - includes your preferences in receiving marketing from us via email and your communication preferences.
Sending you news, information and special offers by email. We record a detailed log of all consent changes. You can opt in and out at any time via your client area.
|Your consent – which you can withdraw at any time from your self-service client area.|
Data you choose to host with us using our products
Usage Data includes information about how you use our website, products and services.
We do not use the data you host with us for any other purpose than to fulfil the contract you have with us and for us to meet our own legal requirements. The data is yours, you are responsible for it and you are the controller of all your own data.
For support purposes, when you request we support you give permission for us to view your data e.g. for diagnosing email delivery issues. We can impersonate your cPanel or portal login when you request us to support you. We automatically scan your data for security and legal issues.
Transaction Data - includes details about payments to and from you and other details of products and services you have purchased from us.
We require to collect payment from you in order to provide you with the product you ordered.
We require to store transaction logs for us to legally complete tax returns and financial record keeping.
Processing is necessary for the performance of a contract or to enter into such a contract with you.
The processing is necessary to comply with legal and regulatory obligations.
Technical Data - includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website, Requested pages, Referring Page, and other information which identifies your machine.
Logging includes client area access, intrusion prevention and web application firewall, access logs, error logs.
We are legally obliged for all our systems collect logging and diagnostic data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur.
When someone visits our websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Our use of Google Analytics makes use of IP Anonymization and we do not transfer any personally identifiable information, we do not use advertising integration.
The processing is necessary to comply with legal and regulatory obligations.
The processing is necessary to support our legitimate business interests.
As part of your contract with us we will contact you regarding updates to the services you have with us. This includes renewal and billing reminders, notification of maintenance and security issues, updates about changes to your products.
If you open a support ticket or email us we will contact you regarding this and notify you when the ticket you opened is closed.
All our billing is paperless, so you will receive invoices and receipts via email.
You will not receive updates and marketing about products you have not purchased unless you have opted in to join our mailing list.
Customer Data - on termination of contract, when you become an inactive customer with no active products or invoices, we retain customer data in our web based systems until the following tax year's tax return is completed by us unless it is requested for us to delete this sooner.
Backups of data - We keep backups over the past year to help us to restore any of your services in the event of a disaster caused by you or by us. We can erase individual accounts from our historical backups on request if they need to be erased sooner.
Analytics and logs of activity - We keep logs for at least the past year to help us comply with our legal obligations to prevent data breaches and to monitor usage. We cannot erase logs on request and by using our services you agree your usage will be logged.
Financial Records - We must legally keep financial records for 6 years from the end of the last company financial year they relate to. On termination of a contract we do not erase personal data from our financial records until after this time, but we do erase it from our web based systems.
Access and Rectify - You can access and rectify the majority of your personal information from our self-service client area. Anything you cannot see there you can contact us and we will be able to update records on your behalf and provide you with an export.
Export and Data Portability - We can generate a report to provide your account data in JSON format on request. Our Portal and cPanel also allow you to export most of your own data without needing to ask us. We can provide tools to help you export all data to switch providers on request.
Erasure - We will respond to all requests to erase data within one month, this will come with no fees unless it is unfounded or excessive. If you contact us and no longer want your details on record, we can erase these records on request. If you wish to terminate your contract with us we will erase data according to our data retention policy, but can do this quicker on request. Some data, such as financial records, we are legally obliged to keep for longer.
You will keep your data up to date via your self-service portal. If we learn of any changes we will update your account accordingly to keep your details up to date.
We will never request your password, you should never pass on your password to anybody, only you are permitted to sign into your Bubbly Clouds services with your password.
When signing up you will be assigned a password for setup purposes. Bubbly Clouds will need to email your initial setup password in plain text, for this reason once your account is setup we strongly recommend you login and immediately change your passwords which will be hashed and unreadable by us or anyone else. We never share setup passwords and you should never tell us or anybody else your password after setup, we will never ask you for this.
We provide Single Sign On so you can sign into your client area with a single email+password and use the portal to sign into any of your product cPanels without entering another password. This allows you to maintain one single set of secure credentials to access all your services with us.
Your personal information will be transmitted over an secure encrypted connection when you use our billing systems, portal, cPanel and other service from us.
Our system administrator's initial login has limited permissions which requires escalation to become root. Administration is only done on our servers from devices with hard drive encryption which are connected to secure private networks.
We have a strong understanding of Information Security. We use web application firewalls to block known attack request signatures, we use spam blacklists and virus checking to try to fight spammers delivering malicious material, we use 2 factor on all services which support it and rely on cryptographic keys instead of passwords where possible.
We have procedures to respond to security incidents caused by somebody either internal or external breaching a security invariant or negatively affecting system performance and integrity.
We take daily backups and regularly restore past backups to test our disaster recovery process.
All our own servers and backups are located in the UK.
We only partner with third parties to reliably deliver the services you purchased, we do not use third parties if it is not necessary for the product you have purchased.
We only use third parties who sub-process personal data who meet our data protection and compliance requirements for us to be compliant ourselves.
Domains use a WHOIS system, if you provide your data for that purpose you should ensure you only provide information you wish to be displayed publicly. SSL Certificates also have a subject portion which can publicly list your company details.
Login session cookies for our client area, cPanel and WHM. These cookies identify you as being logged in to the secure parts of our website for the duration of your visit. Our secure areas will not work unless cookies are enabled.
Bubbly Clouds will not intentionally collect or maintain, and requests that you do not provide, any information regarding your medical or health condition, sexual orientation, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.
If you host any material or information that is sensitive, such information and compliance with applicable privacy laws remains solely your responsibility.
Bubbly Clouds is not responsible for any sensitive information stored by you on its systems.
If you are under thirteen (13) years of age you must not sign up for any Bubbly Clouds products.
If you are a customer of Bubbly Clouds, you must not intentionally collect or maintain the data of anyone under thirteen (13) years of age.
Bubbly Clouds services are not designed for or directed to children under thirteen (13) years of age and Bubbly Clouds will not intentionally collect or maintain information about anyone under thirteen (13) years of age.