1. Our Commitment To Personal Data.

The protection of personal data should be your right. Our use of your personal data will always have a lawful basis.

It is our responsibility to do everything we can to protect your data.
Data should ONLY be collected when it is required to provide a certain product or service.

We will NEVER sell, share or disclose your personal data without your permission unless it is requested by warrant by law enforcement agencies.

2. Legislation We Abide By.

3001Web follows the guidelines and legislation of the following bodies

The UK Data Protection Act
The EU General Data Protection Regulation (GDPR) 2018

We follow the guidelines of the Information Commissioners Office the UK's official data protection body.
Registration number ZA316914

Further, we will abide by any Data Protection Legislation put into place by the UK legislation at any time.

All the legislation/regulators above impose strict practices when it comes to the processing and storing of your personal data. If you are not from the UK, the chances are we will meet the data regulations in your country, too, although it remains your responsibility to check this. If you wish to check on any aspect of your data protection rights you think may not be covered, you can contact our data protection officer, whose contact details can be found in section 9. However, we are unable to advise you on data protection outside of the UK.

3. Data Retention.

3001Web collects various kinds of information depending on the product or service ordered by our clients or visitors. In this section, we tell you what information we collect, why we collect it, how long we store it, and where we store it.

3.1 Account Information Data (Registration for any of our products or services)

What: We collect full legal name, postal address, email address, telephone number, and IP address when you register as a client at the time of registration.

Why: We collect this information to run your account, contact you about the service or product you bought, contact you with important information about our products or services, invoice or bill you and provide you with support.

How Long: Client data is stored for the life of the client account. After an account is closed, the data will no longer be used for processing. However, financial information (e.g., name, address, and any invoice details) will remain stored for the permitted period of time required by law. This is to comply with HMRC tax reporting, which is a statutory requirement, and so overrules any request to completely remove data.

Where: We store this information securely within a password protected software namely WHMCS on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.2 Client Mailing List

What: We collect your name, email address, IP address you signed up from, your consent to send the newsletter.

Why: We use this newsletter to communicate important issues to our clients regarding web hosting or products they have bought from us. This is an operational not a marketing mailing list so we highly recommend you stay subscribed to it. This is our main method of contact to keep you informed about important matters regarding your service with us. It is used for; Update and security notifications, operational notices regarding your products and services and to inform you of scheduled server maintenance. We do not use this list for explicit marketing, however, we may recommend products and services that may help you deal with or overcome a potential issue.

How Long?: For the life of your account with us or until you remove yourself. You can unsubscribe at any time and we will remove you from our client mailing list.

Where: This information is stored within our billing and support programme WHMCS on our servers.

3.3 Browser Tracking Information

What: What site you came from to get to our site, what link you clicked, what browser you use, what operating system you use, your geographical location, your IP address.

Why: Like a lot of websites we may use Google Analytics and other tracking software to track user interaction with our website. This helps us find out things like how many people visit our site, how they navigate around our site, the pages that are most visited. This data is stored on our website to provide us with traffic analysis. It helps us improve our site and our services. This information does not directly identify you as a person it is just behavioural data. Google may also record your IP address which could be used to identify you, however, they do not give 3001Web access to that information.

Google also uses cookies you can find details on that in the developer section of their site. Google is a third-party service provider see section 5.

How Long: This data is purged, at least, every 3 years. It is not personally identifying data so there is no way we can remove data about your visits as we do not know what part of the data is attributed to you.

Where: Basic tracking information we store on our own servers. All our servers encrypt data during transfer and employ the latest in server security. This data, however, does not personally identify you and is not classed as sensitive personal data.

Any Google based tracking is stored by Google on their servers. While this data may be used to track you Google does not give us access to that kind of information. See third-party providers.

3.4 Support Tickets

What: Your email address, your name, your contact telephone number, the text of your enquiry, any attachments you upload and our replies to your tickets.

Why: We store these details so that we can deal with your support or pre-sales enquiry requests.

How Long: Support tickets will be stored for a maximum of   3 years, but usually deleted, unless requested to do so, after 2 years This is to give you chance to refer back to the questions you ask and our answers. We may sometimes delete spam or duplicate tickets without notice.

Where: We store this information on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.5 Pre-Sales enquiries via ticket.

What: Your email address, your name, your contact telephone number, the text of your enquiry, any attachments you upload and our replies to your tickets.

Why: We store these details so that we can deal with your support or pre-sales enquiry.

How Long: These tickets will be deleted if we do not hear from you within 30 days or if you sign up for a product or service whichever is sooner.

Where: We store this information on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.6 Web Design Quote Form

What: Your email address, your name, your contact telephone number, the text of your enquiry, your answers to questions on the form, your current website URL, any attachments you upload.

Why: We store these details so that we may accurately put together a quote for the work which we will email to you.

How Long: Quotes are valid for 30 days and will remain stored for the permitted period of time required by law. This is to comply with HMRC tax reporting which is a statutory requirement and so overrules any request to completely remove data.

Where: We store this information in our WordPress powered website on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.7 Session Tracking

What: The time and date you log into our site, any actions you perform while logged in, the IP address you log in from.

Why: To monitor the security of our billing and support area and to help investigate any malicious attacks against our system. To track actions performed on your account in case of dispute.

How Long: This data is kept for a minimum of two years after which time it is deleted.

Where: We store this information on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.8 Email sending Log

What: Details of all emails that our billing and support area sends to your email address whether created automatically via automation or by one of our support staff.

Why: For your reference, so that we can prove communication if there is a dispute and also to monitor that our support system is working as it should.

How long: This data is deleted after three years or when your account with us is closed.

Where: We store this information on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.9 Local Storage Of Your Domain Names

What: Details of all domain names hosted with us or purchased from us that are attached to your hosting account.

Why: To help us administer your account and for auditing purposes.

How long: This data is deleted if you; a) Cancel a yearly domain purchased from us. b) Cancel a hosting product attached to the domain. c) Close your account with us.

Where: We store this information on our own servers. All our servers encrypt data during transfer and employ the latest in server security.

3.10 Remote Storage Of Your Domain Names With Our Registrars

What: Your domain name, your address, your telephone number, your name, payment method, credit card or other financial data.

Why: To facilitate the yearly rental of your domain name with one of our registrars (see third party services)

How long: This data is retained according to the policies of the appropriate registrar.

Where: We store this information in our account with the relevant registrar on their servers. See third-party providers for details on how they protect your data.

3.11  Backups Of Our Website And The Sites Of Our Clients

What: We take daily backups of every hosting account located on any of our servers, this includes our own site and it's billing and support section.

Why: For recovery purposes if a site gets damaged, hacked or in the case of hardware failure resulting in data loss.

How Long: These backups are kept for 7 days then automatically deleted as they are replaced by newer backups. They are stored securely in our Google Drive account and on a remote server.

Where: We store this information on our Google Drive account and on a remote server provided by our data centre. See third-party providers for details on how they protect your data.

3.12  Emails

What: We store emails either in our Gmail accounts or any of our 3001web.com email accounts.

Why: To be able to respond to your questions or carry out any tasks requested.

How Long: All emails whether sent directly or via the support area are stored for a period of 3 years in accordance with UK business email law. This is to keep records in case of a legal dispute.

Where: We store this information on our business email accounts on our own servers. All our servers encrypt data during transfer and employ the latest in server security. In the case of emails sent to our GMAIL account, the information is stored on the GMAIL servers. See third-party providers for details on how they protect your data.

4. Where We Store Your Data

4.1 Your Account Data (see 3.1 above)

All your account data is stored in our billing programme WHMCS on our server. The password data is encrypted in the database. The rest of the data is not. However, all communications between your computer and our database are encrypted using the latest SSL 256bit encryption to make data unreadable during transfer.

Our database is stored in our hosting account on our own private server which employs all the latest security to keep your data safe.  (See How We Protect Your Data.)

4.2 Mailing List Data

This is stored within WHMCS on our own server.

4.3 Payment Data And Financial Information

We DO NOT store this kind of information. This is stored securely by Paypal, Stripe, Go Cardless or your own bank. Your account details are not revealed to us other than your PayPal email address and details provided to us by Paypal. (see Third-Party Providers)

4.4 Your Website Data And The Data Of Your Clients

This is stored on the 3001Web servers provided by UK Dedicated Servers Limited a leading dedicated hosting provider. If your business is UK based your data is stored on our EU (EEA) servers. The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the EEA from the UK are permitted without additional safeguards.

If you are a US or Canadian client your data is stored on our Chicago servers. (see Third-Party Providers)

4.5 Our Website Backups And Backups Of Our Clients Websites

These are stored securely in our Google drive account and on remote FTP servers provided by our data centres.

5. Third-Party Providers And Data Processors

Some of the services we use may process, store or have access to your data to help us run our service to you. We have no control over their processing or data storage however they are all reputable and data protection focussed companies that have been vetted by us. The companies we use are as follows;

Paypal payment processing.
Go Cardless UK direct debit processing. 
Google 
Namecheap
UK Dedicated Servers LTD
Stripe

6. How We Protect Your Data

For UK clients we run our OWN EU servers we do not share resources with other hosting companies, we are NOT resellers. Our EU servers are reserved exclusively for the data of our own clients. Our server team make sure that our server security is always up to date.

For US or Canadian clients we operate a premium reseller server in the US

Data is encrypted when sent between the client and our servers using 256bit encryption provided by SSL certificates issued for our own site, ALL clients on our server and for the server itself by letsencrypt.org
Our servers have regular security checks and hardening performed on them by our server administration team.
Our servers contain (among others) the following security protocols;
cPHulk brute force protection to protect against brute force attacks
Mod Security
PHP open_basedir Protection
CageFS is enabled This provides filesystem-level protections for our users and server.
Apache Symlink Protection: CloudLinux protections are in effect ensuring each hosting account is caged and totally separate from other accounts on our servers.
Imunify 360 firewall is installed, and LFD is running on All US servers.
cpGuard firewall is installed, and LFD is running on All UK/EU servers.
System kernels are updated instantly as released.
The MySQL port is blocked by the firewall, effectively allowing only local connections.
Password strength requirements are strong at both server level and admin areas for individual sites.
Outbound SMTP connections are restricted.
Php versions upgraded regularly as soon as they are stable.
ALL client sites monitored for out of date or no longer supported plugins, themes and core code.
We INSIST that ALL clients keep their sites up to date or we WILL disable their accounts. We run business servers and do NOT compromise on security.
We provide two-factor authentication facilities for Cpanel and WordPress login.

Pseudonymisation is recommended by GDPR and ICO, however, developers of software like WordPress are still working on this. We will, of course, implement that as soon as it is available and stable.

7. Data Breaches

We will report any unlawful data breach of the 3001Web database or the database(s) of any of our clients or third party data processors. This will be reported to the ICO in the UK and to relevant official bodies in the case of our US servers. The report will be submitted within 72 hours if we can establish that personal data was accessed or stolen. In the event that personal data was accessed and in accordance with the GDPR rules we may also inform the data subject (you).

8. Name And Address Of The Controller

The controller for the purposes of the General Data Protection Regulation (GDPR) And The UK Data Protection Act (DPA) is:

3001Web

18 Thirlmere Ave

DN33 3EA Grimsby

United Kingdom

Phone: 01472 313120

Email: privacy@3001web.com

Website: https://3001web.com

9. Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Mr Gary McHugh

3001 Web

18 Thirlmere Ave

DN33 3EA Grimsby

UK

Phone: 01472313120

Email: privacy@3001web.com

Website: https://3001web.com

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

10. Cookies

Please see our cookie policy

11. Your Rights As A Data Subject

GDPR and DPA give you the following rights to do with the data we store on you.

The right to be informed.
Put simply you can ask our data controller why we store your information and what we use it for. However, that is openly discussed above.

The right of access
You have a right of access to that data to look at it. In the case of your main support and billing account, you have full access to that by logging into our client area. In the case of the logs, we keep when you access our site you can ask us to provide you with a copy of them. Please contact our data protection officer from the ticketing area of your client account.

The right to rectification
If any of the information we hold about you is incorrect you have the right to have it amended. In most cases this is possible by logging into our client area you can correct it yourself. Anything you cannot edit yourself you can ask our data controller to edit for you. Obviously, we will need to verify your identity before we edit any of your information. Please contact our data protection officer from the ticketing area of your client account.

The right to erasure (Right to be forgotten)
You have the right to have all data we have on you erased. This in the case of 3001Web would mean you closing your account with us and terminating all your services, as without that basic data we can not provide the services. There is SOME data that can NOT be erased even on request as we are required to keep it by statutory law in the UK. EG financial transactions and invoices which we are legally obliged to store in accordance with current legislation, which is currently 6 years. Statutory law trumps any privacy law in most countries. Please contact our data protection officer from the ticketing area of your client account if you wish to have your data erased.

The right to restrict processing
If you want to restrict us from processing information that is incorrect until it is corrected. If you close your account with us but would like us to still let you have access to the data for your accounting, in this case, it would be stored but not processed. When processing is unlawful and you oppose erasure and request restriction instead. If we no longer need your personal data but you require the data to establish, exercise or defend a legal claim. Please contact our data protection officer from the ticketing area of your client account if you wish to have data processing restricted.

The right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from 3001Web to another company in a safe and secure way, without hindrance to usability. Please contact our data protection officer from the ticketing area of your client account for a portable copy of your data.

The right to object
You have the right to object to the processing of your data for the following purposes;
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.

3001Web do not currently process data in any of these ways.

Rights in relation to automated decision making and profiling.
3001Web does NOT employ automated profiling in any way.

12. Lawful Basis For The Processing Of Your Data

We need to process your personal data to offer our services as a web host/design company in the UK. Your legal name and legal address are required to comply with UK tax laws which supersede data protection laws. Your contact details such as email or telephone numbers are required to be able to contact you urgently to maintain the security of your site and our servers which store your data and the data of our other clients.

13. Changes to this policy

This privacy policy was created by 3001Web on 17th March 2018. Last updated on 6^th May 2024. We may change this policy at any time. We will inform all clients of our updates to this policy in our "updates newsletter" if you are a client and have removed yourself from this mailing it is your responsibility to check this privacy policy regularly for changes.