Privacy Policy & GDPR

Privacy Policy

Bytemark respects your right to privacy.  This privacy policy has been developed to inform you about the privacy practices followed by Bytemark in connection with its websites, products and services.  This privacy policy will inform you about what data is collected, how we use such data, where data is processed, how you may opt-out of your data being used, and the security provisions around storing your data and how to correct or update your data.

1. Data

In order to communicate with you and to provide our products, services and related support, it is necessary for Bytemark to transfer your personal data outside of the European Union. In such cases, the data controller for this data for EU residents is iomart Hosting Limited (registered in Scotland, company number C275629) trading as Bytemark (“Bytemark”), having its registered offices at 6 Atlantic Quay, 55 Robertson Street, Glasgow, G2 8JD. All questions or requests regarding the processing of data may be addressed to dpo@iomart.com

2. Collection of Personal Information

We collect information from you when you place an order for a Bytemark product, respond to a survey, fill out a form for pre/post-sales assistance, open a support ticket, start a free trial, or your use of social media. Bytemark is a domain registrar, web hosting and Kubernetes service provider. To fulfil requests for domain names, digital certificates or other products or services, you may be asked to enter your name, email address, physical address, phone number, credit card information and/or organisational details or other personal information.

2.1 domain name specific data

• As part of its duties as a domain name registrar, Bytemark is required to provide certain information about customers who register domain names with Bytemark to the relevant naming authority. This information will include personal data such as the customer’s name, address and telephone number.
• The relevant naming authority will make such information available to the public through publicly accessible directories of owners of domain names.
• It is a condition of the purchase of a domain name from Bytemark that the customer agrees to the transfer of his/her personal data to the relevant naming authority and agrees to the naming authority making that personal data available on a public database. Bytemark can provide its customers with details of the relevant naming authority on request.

3. Use of Personal Information

Your information, whether public or private, will not be sold, exchanged, transferred outside of our group company, or given to any other company for any reason without your consent, other than for the purposes specified in below:

3.1 To process applications for Bytemark products and services
Your information is used to provide our products and services and order processing as well as to conduct business transactions such as billing.

3.2 To improve customer service
Your information helps us to more effectively respond to your pre/post sales requests and provide technical support.

3.3 To send renewal notices
The email address you provide for order processing may be used to send you renewal notices for your services.

3.4 To send periodic emails
In addition, we may send you periodic company newsletters, new service updates, security updates, related product or service information, and status updates on maintenance windows or service availability.

3.5 To tell you about our products and services
We may send you information about our products and services that may be of interest to you based on your use of other Bytemark products and services.

4. Processing of Data and Consent

We will process your data for the purpose of performance of our contract with you or the legitimate interest of our business. In other cases, we will request your consent for the processing of the personal data you may submit. Your refusal to provide personal data to us for certain products and services may hinder us from fulfilling your order for those products or services. Also, if you deny or withdraw your consent to use personal data or opt-out of receiving information about Bytemark products and services this may result in you not being made aware of sales promotions, renewal notices, periodic company newsletters, new service updates, security updates, related product or service information, and status updates on maintenance windows or service availability.

5. Use of Cookies

Click here for details on how we use cookies.

6. Use of application logs for diagnostics or to gather statistical information

Our servers automatically record information ("Application Log Data") created by your use of our services. Application Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device and application IDs, search terms, and cookie information. We use this information to diagnose and improve our services. Except as stated in section 8 (Data Retention), we will either delete the Application Log Data or remove any account identifiers, such as your username, full IP address, or email address, after 12 months.

7. Sharing of Information and Transfers of Data

• We do not sell or trade your personal information to outside parties.
• Bytemark is a global organisation with business processes and technical systems in various countries. As such, we may share information about you within our group company and transfer it to countries in the world where we do business in connection with the uses identified in section 3 above and in accordance with this Privacy Policy. In these cases, personal data will be transferred to countries that do not provide an adequate level of protection under European law so we ensure your data is protected by entering into agreements containing standard contract clauses with each of our group companies a copy of which may be obtained by contacting us as outlined in section 15 below.
• We may also transfer your personal data to trusted third parties in order to serve purposes that are specified in section 3 above. In circumstances where data is shared with such third parties, they are required to agree to confidentiality terms. This prohibits such third parties from selling, trading, using, marketing or otherwise distributing Bytemark customer data.
• We may also release your information when we believe release is appropriate to comply with the law or protect our rights, property, or safety. It is our policy to notify customers of requests for their data from law enforcement unless we are prohibited from doing so by statute or court order. Law enforcement officials who believe that notification would jeopardise an investigation should obtain an appropriate court order or other processes that specifically precludes member notification.
• We may also disclose your personal information to third parties who may take over the operation of our website or business or who may purchase any or all of our assets, including your personal information. We will contact you using the details you provide if there is any change in the person controlling your information.

8. Data retention

• The personal information we collect is retained for no longer than necessary to fulfil the stated purposes in section 2 above or for a period specifically required by law or regulation that Bytemark is obligated to follow.
• Personal data used to fulfil verification of certain types of products such as SSL certificates and Domain names, and this data will be retained for a minimum of 10 years depending on the class of product or service and may be retained in either a physical or electronic format.
• Even if you request deletion or erasure of your data, we may retain your personal data to the extent necessary and for so long as necessary for our legitimate business interests or performance of contractual obligations.
• After the retention period is over, Bytemark securely disposes of or anonymises your personal information in order to prevent loss, theft, misuse, or unauthorised access.

9. Opting out; withdrawing consent

• If at any time you would like to unsubscribe from receiving future periodic emails, we include unsubscribing instructions at the bottom of each email.
• If Bytemark is processing your personal data based on your consent, you may withdraw your consent at any time by contacting us at one of the addresses shown below.

10. Access to your personal data

• You are responsible for providing Bytemark with true, accurate, current and complete personal information. You are also responsible to maintain and promptly update the information to keep it true, accurate, current and complete. You have the right to access and modify your personal data stored on Bytemark systems. You can request to access or modify your personal information by logging into your customer control panel. We may require you to provide identification in order to verify the authenticity as the data subject.
• If you provide any information that is untrue, inaccurate, not current or incomplete, or if we have reasonable grounds to suspect that such information is untrue, inaccurate, not current or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future services.

11. How we protect your information

• We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. All supplied sensitive/credit information is transmitted in an encrypted format via Secure Socket Layer (SSL).
• After a transaction, your transaction‐related information will be kept on file to meet audit requirements and facilitate renewals.
• Bytemark uses a reputable third party to process credit card payments and needs to provide credit card numbers and identifying financial data directly to the third-party credit card processor. Such information is shared securely.

12. Follow relevant laws

• Bytemark commits itself to protect the personal information submitted by applicants and subscribers for its public certification services. Bytemark declares to fully respect all rights established and laid out in European laws and operates within the limits of the: European Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

13. Your rights in compliance with the European Union rules on privacy

• You have the following rights established by law:
• We use the data you submit only for purposes identified in section 3 of this privacy policy.
• You have the right to review your personal data that Bytemark holds and check it for accuracy.
• You have the right to correct data in the case that errors may be found in our records.
• You have the right to request that any of your personal data be erased. i.e. right to be forgotten.
• You have the right to obtain and reuse use your personal data for your own purposes.
• You have the right to request that Bytemark restrict the processing of your personal data under certain circumstances.
• You have the right to object to our processing of your personal data.

14. Changes to our Privacy Policy

• If we make material changes to our privacy policy, we will inform customers by publishing a notice the availability of a new version on our online portals.

15. Contact Us

If you have any inquires, or questions regarding our privacy policy, please contact us at:

Data Protection Officer
6 Atlantic Quay,
55 Robertson Street
Glasgow
G2 8JD
Scotland
United Kingdom
dpo@iomart.com
+44 (0)141 931 6400

16. Our Office Locations

Correspondence Address.
iomart Hosting Limited t/a Bytemark, 2 Opus Avenue, York, YO26 6BL

Registered Address. 
iomart Hosting Limited t/a Bytemark, 6 Atlantic Quay, 55 Robertson Street, Glasgow, G2 8JD