General Data Protection Regulation (GDPR)

SirsteveHQ provides web hosting to clients worldwide, and we have a responsibility to protect each client and to provide the best services available.

What is the General Data Protection Regulation (GDPR)?

The European Union’s General Data Protection Regulation, or GDPR, is a regulation that comes into effect May 25, 2018.

The GDPR regulates the collection, processing, transport, and use of personal information about individuals in Europe. GDPR compliance cannot be “certified” as such since there is no certification process. Compliance with GDPR laws & regulations is not as straightforward as an organisation being either “compliant” or “non-compliant”.

What is SirsteveHQ doing to ensure data protection for all our customers?

SirsteveHQ is a Payment Card Industry Data Security Standards (PCI DSS) compliant provider and merchant. This standard helps create a secure environment by protecting cardholder data, thus reducing credit card fraud. We regularly perform internal security audits to maintain our PCI security certifications. Update: we switched to the safer tokenized payment method in 2021. As we no longer store payment card information on our platform, we no longer require PCI DSS compliance.

SirsteveHQ is Payment Services Directive (PSD2) ready and uses 3DS authentication to comply with PSD2 and SCA requirements.

All of our signup, login & support services are completed through a secure connection (HTTPS/SSL).

We use cryptography hash functions to protect your information. Your password is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from our servers.

In accordance with GDPR, our customers have the right to access their data or “be forgotten” (to be permanently deleted from our databases). To request either of these please use the following links:

GDPR Data Request

GDPR Ready Service Audit

In the absence of an official compliance GDPR certification, and therefore no definition of what compliance means, we have prepared a GDPR Ready Service Audit that will help service providers and customers reach a level of mutual trust and assurance.

Article 28 of the GDPR states “Where the processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.” Essentially, this means that all service providers must demonstrate compliance or their customers will put their own compliance at risk if using a non-compliant provider. Consequently, it is expected that it will become standard practice for customers to require evidence of GDPR compliance from third-party service providers. GDPR Ready is designed to help service providers understand what they need to do and provide the assurances their customers will demand.

Request a GDPR Ready Audit

GDPR Addendum

Any client wishing to hold Personal Data on their SirsteveHQ hosted environment will need to ensure they are complying with their own responsibilities as a Data Controller (both under the current Data Protection Act 1998, and under the GDPR once it applies).