What is the GDPR?
The EU General Data Protection Regulation (GDPR) became effective on 25th May 2018 bringing new global data protection for individuals of the European Union (EU). The GDPR replaces the EU Data Protection Directive and is intended to harmonize data protection laws throughout the EU with a single data protection law.
GDPR applies to all organizations established in the EU and any organizations that process the personal data of EU subjects in connection with offering goods or services in the EU. It applies to personal data relating to EU residents regardless of where that data is processed. It also defines the scope of EU data protection legislation.
The GDPR is founded on six principles for the processing of personal data. The regulation specifies that personal data shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Limited to what is necessary to meet the organization’s need
- Accurate and, where necessary, kept up to date
- Kept in a form that permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security of the personal data
What is Proteus doing?
Ensuring our products and services are designed in accordance with ISO27001 standards. Our existing standards mirror many of the security and privacy requirements of GDPR. Hostgator our hosting partner is also ISO27001 & SSAE16 compliant.
Ensuring all Proteus employees continue to undertake mandatory data handling training. All Proteus employees are required to participate in the training program even if their role doesn’t require them to handle customer data.
Ensuring our vendors continue to adhere to the same high standards of security and privacy as Proteus.
Is Proteus a Data Processor or Data Controller?
Proteus operates as both a Data Controller and Data Processor when considering GDPR compliance:
Proteus is a controller in respect of individuals interacting with our business such as website visitors, customers and prospective customers.
Proteus is also the processor in respect of our own data and that of our customers whose data we receive from users of our services. In some specific customer agreements, Proteus can also be a sub-processor.
What Personal Data does Proteus process for its customers?
Proteus processes customers’ Personal Data to provide products and services and for other limited purposes as defined in our Privacy Policy.
How does Proteus deal with Subject Access Requests (SAR)?
If the Subject Access Request relates to data processed, stored or hosted within our services, Proteus will refer the Subject Access Request to our customer – the data controller. Proteus will assist with requests made by our customers in relation to such Subject Access Requests.
Subject Access Requests received in relation to Proteus’ business will receive a response within 30 days of receipt. Subject Access Requests can be made at legal@proteus-uk.com or in writing to:
Attn: Legal
Proteus Marketing Communications Limited,
470 Bath Road
Bristol
BS4 3AP
As a customer of Proteus, do we need to take any action?
As a customer of Proteus, you are a data controller and Proteus is acting as a processor for your data. You should consider undertaking the following steps:
- You should ensure that your Terms of Service and/or Privacy Policy are up to date.
- Perform your own research, modelling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
- Obtain an updated Data Processing Agreement which is available upon request from legal@proteus-uk.com
Contact Us
If you have any questions about GDPR, please contact legal@proteus-uk.com.
Information Collected
We collect the following types of information from you to provide you with the products and services you purchased and for the purposes described below. We may collect any or all of the information via both automated means such as communications profiles or cookies.
Personal Information
The personal information we collect depends on the type of service, support, or sales inquiry, and may include your name, address, telephone number, fax number and email address, dates of service provided, types of service provided domain name. Any financial information collected will only be used to bill you for the products and services you have purchased and is not stored online.
Cookies and Tracking
Your Internet browser has the in-built facility for storing small text files – “cookies” – that hold information that allow a website to recognize your account. We use cookies to save your preferences and login information and to provide personalized functionality. We may use cookies to collect, store, and sometimes track information for statistical purposes to improve the products and services we provide and to manage our telecommunications networks. More specifically, we use different types of cookies for different purposes: (i) “required cookies” are necessary for our website to work properly, (ii) “performance cookies” allow us to analyse how visitors use our website so we can measure and improve the performance of our website, (iii) “functional cookies” allow us to remember choices you may have made on our website, and (iv) “advertising cookies” are used to present ads that are relevant to your interests. We may utilize cookies to track referrals from internal and external affiliates, as well as advertising campaigns. We may also use a third-party service provider to send emails that you have agreed to receive. Pixel tags and cookies may be used in those email messages to help us measure the effectiveness of our advertising and to enable us to provide more focused marketing communications to you. You can reject cookies by changing your browser settings but be aware that this will disable some of the functionality on the Proteus website.
Social Media
Our website includes social media features (such as the Facebook “Like” button). These features may collect your IP address and which page you are visiting on our website and may set a cookie to enable the feature to function properly. Social media features and widgets may be hosted by a third party or directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the feature.
Data and Information Submitted to Third Parties on Our Network
This Privacy Policy does not apply to data or personal information that may be submitted to, or collected by, third-party websites hosted by Proteus. Such websites and domain names are not owned or controlled by Proteus and as such, you should independently evaluate the privacy policies of those third-party websites before submitting any data or personal information to them.
Information Use
Personal Information
The information we collect is used for billing and to provide service and support to our customers. We may study this information to determine our customers’ needs and to promote certain products and services or additional support.
We take all reasonable precautions to prevent unauthorised access to your information. Accordingly, we may require you to provide additional forms of identity should you wish to obtain information about your account details. Proteus may also use the information you provide to email Proteus’s newsletter to the primary contact e-mail on file, or to contact you about other products or services that we think may be of interest.
Log Files
We use IP addresses to analyze trends, administer our site and servers, track access, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. However, it is possible that personal information about a customer may be included in the log files due to the normal functions of IP addresses and Web browsing.
Disclosing Information
Legal Reasons
We may access, preserve and share information about customers with companies, organizations, governmental entities or individuals outside of Proteus if we believe, in good faith, that the law requires us to do so. This may include, but is not limited to, responding to subpoenas, court orders or other legal processes (such as law enforcement requests). We may also access, preserve and share information about customers as necessary to: (i) establish or exercise Proteus’ legal rights or defend against any legal claim including threatened claims involving Proteus based on the anonymity of a domain name;
(ii) investigate, prevent, or take action regarding suspected fraud or other illegal activities; (iii) prevent death or serious physical harm to any person; or (iv) investigate violations of Proteus’ Terms of Service.
Your Options
Correcting/Updating Personal Information
If a customer’s information changes, or if a customer no longer desires our services, we will endeavour to provide a way to correct, update or remove that customer’s personal data in our records. In most cases, this can be achieved by emailing us at legal@proteus-uk.com.
Opt-Out
By default, customers will only receive invoices, system updates, Proteus newsletters and other mailings. Customers are able to opt-out from any mailing by using the unsubscribe link in any promotional email or as otherwise provided in the communication. Please note that customers may not opt-out of receiving important system notifications or emails about their accounts.
Data Security
Proteus uses technical security measures to prevent the loss, misuse, alternation or unauthorised disclosure of information under our control. Proteus uses security measures including and not limited to: physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Changes to this Policy
We reserve the right to revise, amend, or modify this Privacy Policy at any time and in any manner. However, if we plan to materially change how we plan to use previously collected personal information, we will provide you with advance notice prior to the change becoming effective and an opportunity to opt-out of such differing uses. We encourage you to periodically review this page for the latest information on our privacy practices.