Introduction

General Data Protection Regulation (GDPR) comes into force on 25th May 18. It concerns every company who processes the personal data of EU citizens. The regulation builds on existing data protection laws and broadens citizens power’s to access, remove, update and control how their data is processed by companies/Businesses such as Mac Uaid Enterprises. Companies/Businesses such as Mac Uaid Enterprises have extra responsibilities to this data under GDPR and within this statement, we clarify our position on the key points.
For more information about the GDPR, please see ​https://www.dataprotection.ie/docs/GDPR/1623.htm and http://gdprandyou.ie/. These websites have both been produced by the Data Protection Commissioner of Ireland.
Some of the more commonly known elements of the GDPR are The right to be forgotten, data portability and the right to rectification. We have outlined in specific KB articles how our systems can assist with these items. GDPR

Definitions:

​Personal data is described as “any information that relates to a living individual”. It also includes any data that can be used with other sets of data to identify an individual. Examples of personal data are name, PPS number, home or business address, online customer number or email address.
​“Processing” relates to operations carried out on personal data including collection, organising, recording, storing, structuring and using. Processing does not entail automated or computerised methods only but includes non-digital, paper-based systems or processes for data processing.
A “Data Subject” is the individual whose personal data is being processed
​A “Data Controller” is the organisation which determines how personal data is processed. Mac Uaid Enterprises is a data controller. Mac Uaid Enterprises customers are data controllers of the data they store on Mac Uaid Enterprises systems.
A “Data Processor” is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (for example, a third party company used to send out marketing materials or a courier service sending parcels on behalf of an online shop.

Mac Uaid Enterprises as a Data Controller

A data controller according to the GDPR is “the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”
Mac Uaid Enterprises collects information from all clients at sign-up for the sole purpose of provisioning the service selected and providing means to bill on a recurring basis. Mac Uaid Enterprises does not collect any data on individuals which is not required for the provision of these services and actively works to minimize the information we store which is classified as “personal data”. Mac Uaid Enterprises seeks to be transparent with our customers with respect to the personal data we collect at all times.
What we collect as part of our service:
Name, Company Name, Postal Address, Email address, Phone number, Payment preferences and information, IP address.
Account Management
As a result of a business sale, account ownership disputes and other account management queries, we may request identification from all parties engaged in the query. This will be to satisfy our requirement to verify account ownership. Data collected for this purpose is purged monthly and we will explain in advance why this is required.
Other
From time to time Mac Uaid Enterprises may request personal data from you as part of your relationship with Mac Uaid Enterprises and the services we provide. When we do ask for this information, we will inform you in clear terms why we are requesting this and will inform you of relevant retention periods for this information. In some cases, such as compliance with Irish revenue, some information must be kept for a period of 7 years. Put simply, Mac Uaid Enterprises do not want to store your personal data any longer than we must.
GDPR – Your responsibilities:
When you use Mac Uaid Enterprises services to store or process your personal data (including customer’s or user’s data), you are the data controller and we are the data processor. This is true for any personal data you place on the servers either directly, via a hosted website or by use of any of our other services.
The GDPR requires you, as a data controller, to ensure that any data processor services you use to process personal data are GDPR compliant. This means that when you use any of our services to process personal data you need to carry out due diligence on our services and ensure certain contractual terms are in place.
This GDPR statement helps you meet these GDPR regulatory requirements and offers you the assurance that we take GDPR and the security of your personal data as part of the everyday running of our services.
Our GDPR Promise
As an Irish business with customers within the EU, Mac Uaid Enterprises are committed to ensuring our business and processes are compliant with the new data protection rule.

Mac Uaid Enterprises as a Data Processor

A data processor according to the GDPR is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
You are the data controller for the data you store on the servers at the various locations we outlined below. This situation arises when you store personally identifiable data on your customers on the servers. In that situation, we are the data processor. We do not access your data on the servers and any processing is only related to the services we provide to you. We do not use the data you have placed on servers for any processing of our own.
We do not provide access to your data on our systems with any 3rd party save a case where we are instructed to by law. Such situations can include court orders or information requests from the relevant authorities. All such requests are handled within the current laws. Any such request will result in you as the data controller being notified.

Your Data’s location

LetsHost is our server provider and they operate datacentres in the following locations. However, datacentres outside of the EU are for specific customers who are not typically EU based citizens.
Dublin (Ireland)
London (UK)

Security

Each data centre letshost operates from has hardware security access including:
24/7/365 Manned Facilities
CCTV covering inside, outside and all entrances of DataCenters
Site and data room entrances are controlled by Perimeter Access Card (PAC) systems
Site access and all servers are remotely monitored using letshost systems.
Entrances Secured by electronic door access systems.

Maintaining Security

LetsHost maintains server security.
​LetsHost employees are kept fully up to date with all aspects of business security and ensure the ongoing security of our servers 24/7/365. Security patches and updates are applied to our systems as a matter of priority and any changes or updates to our own systems are done so with data protection and data privacy in mind. Where we have an agreement in place with our customers to manage this element of their service, we also maintain the security of our customer’s servers.

Data Breaches

In the unlikely event of a breach (as defined by the GDPR) Mac Uaid Enterprises will notify you within 48 hours of the breach coming to our attention. As required by the GDPR, LetsHost will report relevant breaches to the office of the Irish data protection commissioner.
GDPR / Data Protection Contact for Mac Uaid Enterprises
If you require any further information about Mac Uaid Enterprises GDPR compliance or wish to make a request under the GDPR, please use the details below and we will assist with your query.
General Queries: email info@MacUaidEnterprises.ie
For access requests, please write to us at:

GDPR Requests, Mac Uaid Enterprises, 77 Sir John Rogerson's Quay, Dublin 2, ​Ireland

Access requests do not carry a fee and will be replied to within 30 days.
Should we refuse your request, we will outline in detail why this is the case.
Should you wish to update any element of the data we have on file, you can do this through the functions available to you or as part of that request.
Should you wish to request your data be deleted, you can email us and request data deletion.