What is GDPR?

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and will replace the Data Protection Act 1998. Ensuring the protection of individuals and businesses has always been our top priority. Under GDPR, data protection becomes an obligation for all organisations.

Under the GDPR, businesses processing personal data must ensure they have the proper controls in place for the processing and security of this data. All businesses will need to control how the data is stored, that it is kept up to date, it is accessible, can be transferred and deleted upon request. Processing of data will include the collecting, recording, organisation, structuring, storage, adaptation and profiling.

Businesses will no longer be able to claim ownership of customer data; instead they will be custodians of it. Ownership of personal data will lie solely with the data subject. For UK Customers your data is encrypted and stored in the UK across ISO 27001 certified UK data centres along with UK based technical support.

Meeting GDPR requirements

At Backup Everything we are analysing all our systems, including log files and backend databases for personal information and documenting our findings. We will follow this with the required analysis in line with GDPR core principles. Based on this  information we are putting processes in place in order for us to quickly retrieve personal information, enabling us to fulfil requests and to meet the GDPR requirements; allowing clients to have access to what personal data we hold, the right to be ’forgotten’ and details of what we process.

The categories of personal data that Backup Everything hold about clients are:

• Name, address, telephone number and email address of clients
• Login name (not password or encryption key)
• Financial data (credit/debit card details (Stripe) / direct debit) for payment of services)
• Backup set details
• IP addresses
• Backup reports
• Records of user actions on our admin portal
• Tickets and other communication

Backup Everything does not process personal data for any purpose other than to deliver the service and will be ready to meet GDPR compliance requirements by the law’s effective date.

How secure and protected is your data?

Secure 128-bit SSL Communication

All communications between our Backup Server and your computer are transported in a 128-bit SSL (Secure Socket Layer) channel. Although your backup files travel through a public network (the internet) they can only be displayed as unrecognisable characters. All of your files are first zipped and encrypted with your defined encrypting key before they are sent to our backup servers. The encrypted data is then replicated from our main servers in a London Data Centre to our second Data Centre in Bournemouth for additional redundancy and security.

256 AES Encryption

The encrypting key used to encrypt your files resides only on your computer and is known only to you. It is never transmitted anywhere across the network. Therefore, even the system administrators will not be able to decrypt and view the content of your files stored on the backup server without your permission. This unfortunately means that if the encryption key is lost, we will be unable to help you restore your files.

Ensure PII data portability

For backed up data in our service, Backup Everything provides multiple ways for data recovery. Administration and user PII such as user names, are accessible for customers from the web login. Backup Everything data restores ensures that customer data is available anytime, anywhere. Account cancellation procedures automate the removal of account details programmatically.

Approach to Data Security

At Backup Everything we are committed to protecting your personal information. Our service has a combination of technical, administrative and physical controls to ensure your personal information stays safe. Our service protects against anticipated threats to the security, integrity and confidentiality of this information and monitors any unauthorised access or use. To ensure we comply Backup Everything will ensure:

• The files you store using our service are yours, not ours.
• You can always get your files / information back.
• We have no rights to your files if you terminate the service.
• We have strict security policies in place.
• All files are encrypted; therefore Backup Everything is unable to view this data.
• All data is protected and stored in ISO 27001 UK Data centres for UK Customers

Privacy Policy

Introduction

The purpose of this policy is to explain how BACKUP EVERYTHING collects, protects, and uses personal data to enable us to provide a high quality of service that would be expected from a secure data storage company.

Data protection and privacy laws of the European Union (EU), EU Member States, require BACKUP EVERYTHING to provide you with certain information applicable to its collection of your personal data. BACKUP EVERYTHING is committed to ensuring that any personal data supplied by its customers or otherwise generated by its business activities is collected and processed fairly and lawfully.

Data protection and privacy laws of the European Union (EU), EU Member States, require BACKUP EVERYTHING to provide you with certain information applicable to its collection of your personal data. BACKUP EVERYTHING is committed to ensuring that any personal data supplied by its customers or otherwise generated by its business activities is collected and processed fairly and lawfully.

What Types of Personal Data Does BACKUP EVERYTHING Collect?

BACKUP EVERYTHING needs certain personal data to enable it to provide its products and services to its customers and end users. The data collected will generally include: company name, postal address, individual contact names, telephone number and email address also contact names for delivery, installation, support and invoicing. We do not store any financial or credit card information; BACKUP EVERYTHING has a certificate of validation in compliance with requirements of the PCI DSS.

How Does BACKUP EVERYTHING Obtain Personal Data?

BACKUP EVERYTHING obtains personal data in several ways, including from orders placed by customers, (whether by telephone, e-mail, Internet or by website application form), from enquiries made by existing customers and potential customers (including information gathered at marketing events and via the Internet) and from vendors, contractors or applicants for employment. A name, address (postal and e-mail) and telephone number are the most important pieces of information, particularly for customers, but also for job candidates. We may request other information, based on, for example, the service(s) being ordered or promoted. BACKUP EVERYTHING also obtains data from resellers who pass on data to the company about their end users.

Use of Cookies

BACKUP EVERYTHING may also use “cookies” and similar technology to obtain information about your visits to our websites or your responses to e-mail from us – both individually and in an aggregated form that does not identify you. These reporting tools tell us about parts of our websites or e-mails in which you showed an interest or took some action and help us improve the quality and usefulness of our sites. At BACKUP EVERYTHING, we primarily use cookies to determine what services or promotions are of interest to you. While cookies help us improve your experience while visiting our website you have the option to block them through your Internet browser or other commercially available software. However, doing so may make some of our sites’ features unavailable to you.

How Does BACKUP EVERYTHING Use the Personal Data it Holds?

BACKUP EVERYTHING uses the personal data it collects to provide a service to its customers. Such uses include enabling your account, billing, technical support, product development, fraud detection and prevention, regulatory or law enforcement requirements.

In addition, BACKUP EVERYTHING will also use data to improve on the level and type of service BACKUP EVERYTHING offers to its customers. As part of this interest in improving the service provided, BACKUP EVERYTHING may also process personal data for the purposes of customer use analysis and reporting.

Direct Marketing

BACKUP EVERYTHING may also use your personal information to contact you regarding additional products and services.

To Whom Does BACKUP EVERYTHING Disclose Personal Data?

BACKUP EVERYTHING will pass personal data internally in order to fulfil sales and support obligations as well as to finance to enable invoicing. As a general rule, BACKUP EVERYTHING does not disclose personal data to unaffiliated third parties except, as communicated to you during your service order, where such disclosures would be necessary for BACKUP EVERYTHING to provide the service to you. Such necessary disclosures would occur in accordance with applicable laws and may include:

– instances where BACKUP EVERYTHING has contracted with third parties to assist in providing services to BACKUP EVERYTHING customers, including such elements as delivery, installation and systems support;

– where BACKUP EVERYTHING is under an obligation by law to disclose personal data; or where we believe that a disclosure is necessary to identify, contact or bring legal action against individuals who may be endangering public safety or interfering with BACKUP EVERYTHING property or services, or with our customers’ or others’ use of them.

How Does BACKUP EVERYTHING Protect the Personal Data it Holds?

BACKUP EVERYTHING takes customer confidentiality and security very seriously. We have implemented the appropriate technical and organisational security measures to protect your personal information, including internal security procedures that restrict access to and disclosure of personal data within BACKUP EVERYTHING.

We also use encryption, firewalls and other technology and security procedures to help protect the accuracy and security of your personal information and prevent unauthorized access or improper use. For example, you will note that while using some features of the website and online services, you will need to submit a password or some other type of authenticating information.

BACKUP EVERYTHING will also actively investigate and cooperate with law enforcement agencies regarding any allegations of abuse or violation of the system.

Data Protection Rights

You may access, update, correct, rectify or delete your personally identifiable information, and may change your marketing preferences at any time by contacting Customer Service through the telephone phone number or email address on your website, www.backupeverything.co.uk

Please note, however, that choosing to delete some types of personal information may prevent us from supplying certain services to you as a customer, vendor or partner, or responding to your queries as a job applicant or contractor.

In order to better protect you and safeguard your information, we take steps to verify your identity before granting access or making corrections to your information.

Contact Details

For questions regarding this policy, please contact BACKUP EVERYTHING, details as follows:

Backup Everything Limited
Diamond House,
179-181 Lower Richmond Road,
Richmond,
TW9 4LN
Telephone number: 0345 055 9207
Email: support@backupeverything.co.uk

Policy Updates

As part of BACKUP EVERYTHING’s commitment to compliance with data privacy requirements, and to reflect changes in its operating procedures, BACKUP EVERYTHING may update the terms of this policy from time to time. The details in this document replaces any similar terms and/or updates previous terms in customer and partner contracts previously sent.

Document Date – 17th May 2018, V1.0