PSCS Wiki

User Tools

Site Tools

Trace:
faq:gdpr_hosted_vpop3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
faq:gdpr_hosted_vpop3 [2018/05/25 13:02] paulfaq:gdpr_hosted_vpop3 [2018/11/14 10:45] (current) – external edit 127.0.0.1
Line 2: Line 2:
  
 Also see [[GDPR for VPOP3]] as most of that applies to the VPOP3 hosting service as well. Also see [[GDPR for VPOP3]] as most of that applies to the VPOP3 hosting service as well.
 +
 +This Data Processing Agreement is part of our hosted VPOP3 service terms. You can view the revision history by clicking on the 'clock' icon to the right.
  
 As a hosted service provider, we are classed as a "Data Processor" under the GDPR regulations. As a hosted service provider, we are classed as a "Data Processor" under the GDPR regulations.
Line 14: Line 16:
   - **The exception to the above statement** is if we have to access data to mitigate a serious problem. The usual circumstance for this is if one of your user's accounts is being used for sending spam, we will proactively check the outgoing message queue on your server to check if messages being sent are spam. We will notify you if this has happened. We do not look at individual message contents except at your request, but may look at the list of subject lines, and sender & recipient email addresses. These are not recorded or stored at all, except at your request. Again, these accesses are logged.    - **The exception to the above statement** is if we have to access data to mitigate a serious problem. The usual circumstance for this is if one of your user's accounts is being used for sending spam, we will proactively check the outgoing message queue on your server to check if messages being sent are spam. We will notify you if this has happened. We do not look at individual message contents except at your request, but may look at the list of subject lines, and sender & recipient email addresses. These are not recorded or stored at all, except at your request. Again, these accesses are logged. 
   - In our company, only the senior technical support person (Paul Smith) has access to any of the data held on your hosted server.   - In our company, only the senior technical support person (Paul Smith) has access to any of the data held on your hosted server.
-  - In the case of a data breach due to our fault we will contact the account contact we have for you with the details of the breach.+  - In the case of a data breach due to our fault we will contact the account contact we have for you within 24 hours of discovery of the breach with the details of the breach as known at that time, with follow-up information later, as discovered.
   - Note that usernames & passwords are set by you, or at your explicit request. If we set passwords we will choose secure passwords, but they may be reset to less secure passwords by you or your users. In this case, there may be a data breach because of a discovered password. We will inform you if we discover this happening, but this is not our fault.   - Note that usernames & passwords are set by you, or at your explicit request. If we set passwords we will choose secure passwords, but they may be reset to less secure passwords by you or your users. In this case, there may be a data breach because of a discovered password. We will inform you if we discover this happening, but this is not our fault.
   - We strongly recommend that you use SSL/TLS in email clients/apps when collecting and sending messages to the hosted service, especially on mobile devices. We have found that most cases of accounts being hacked are due to devices being used on public Wifi networks without using SSL/TLS. In this case, the logins can be eavesdropped on and usernames/passwords discovered.    - We strongly recommend that you use SSL/TLS in email clients/apps when collecting and sending messages to the hosted service, especially on mobile devices. We have found that most cases of accounts being hacked are due to devices being used on public Wifi networks without using SSL/TLS. In this case, the logins can be eavesdropped on and usernames/passwords discovered. 
Line 22: Line 24:
   - We do not have a Data Protection Officer because we are not required to do so under the GDPR regulations. If you want to contact us about data protection issues, contact support@pscs.co.uk   - We do not have a Data Protection Officer because we are not required to do so under the GDPR regulations. If you want to contact us about data protection issues, contact support@pscs.co.uk
   - Your data is not transmitted to other organisations/people except at your direct instruction. If you address an email to an external user this is classed as an "direct instruction". In this case your message data will be transmitted to other mail servers/companies as necessary for the message to reach the addressee. If you log in to your email account to view or send email from another organisation, then that is also classed as an "explicit request". In these cases, we believe that we have not "engaged" these other organisations as further Data Processors under GDPR Article 28 (2), so there is no need for prior written authorisation or contracts, and no continuation of liability once the data has left our control.   - Your data is not transmitted to other organisations/people except at your direct instruction. If you address an email to an external user this is classed as an "direct instruction". In this case your message data will be transmitted to other mail servers/companies as necessary for the message to reach the addressee. If you log in to your email account to view or send email from another organisation, then that is also classed as an "explicit request". In these cases, we believe that we have not "engaged" these other organisations as further Data Processors under GDPR Article 28 (2), so there is no need for prior written authorisation or contracts, and no continuation of liability once the data has left our control.
 +  - Upon termination of the contract we will delete all your data within one week of termination where the termination was explicitly requested by you, or one month if not (eg on non-payment of an invoice). If you require it to be deleted sooner, please ask. We only store the data for this time after termination as a courtesy in case you need to recover the data or change your mind and decide to continue with our service. 
 +  - We will provide reasonable assistance to you to help you to meet your GDPR obligations. Note that you have almost as much access to your data as we do (except for backups) so we will not, for instance, search through emails to delete personal data on request, but we will advise/assist you to do so yourselves. 
 +  - We will allow for audits/inspections by you or an auditor mandated by you. Because we are a data processor for many companies we will, by necessity, have to limit access by the auditor to prevent access to data controlled by other data controllers. We will require reasonable prior notice so that we can ensure that suitable staff are available, and have to limit the on-site time allowed to 2 hours per audit, and one audit per 12 month period. If more audits than that are required then we will charge our standard hourly rate of £50 + VAT per hour.
  
faq/gdpr_hosted_vpop3.1527249756.txt.gz · Last modified: 2018/11/14 10:44 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki