Hosting Ireland has always demonstrated its commitment to customer data privacy and protection by ensuring
compliance to data protection law and legislation.
New European Union legislation, GDPR (General Data Protection Regulation), comes into force on the 25th May
2018 and sets out regulations for the handling of Personal Identifiable Data. This document outlines the
responsibilities of Hosting Ireland and Customers for the various products and services that Hosting Ireland
provides.
Hosting Ireland provides domain name registration, shared hosting, vps cloud servers, dedicated servers and a range of addon products to support hosting services. In order to provide these services and fulfil its obligations Hosting Ireland will require personal data, such as:
Hosting Ireland is the controller for this ‘Personal Data’ and will retain such data for as long as is
required to fulfil its obligations and thereafter for a maximum of six years as required by applicable laws
and revenue regulations.
This is outlined further in our Privacy Policy
Customers host data, referred to as ‘Customer Data’, on platforms controlled by Hosting Ireland, however
Hosting Ireland does not have visibility or control of ‘Customer Data’ and so in most instances are not
considered to be the data controller, but rather Hosting Ireland is the processor.
‘Customer Data’ may include, but not limited to:
Hosting Ireland is not typically aware of the content of ‘Customer Data’ and therefore treats all
customer
data with the same respect and standards of control. While Hosting Ireland takes every step reasonable to
ensure security of ‘Customer Data’, it is the direct customer’s responsibility to ensure such data is stored
in a way which minimises the risk of compromise or disclosure. This includes using a solution specified with
the appropriate level of security, for example using appropriate access-control, anti-virus/malware,
firewalls, intrusion detection/prevention, encryption and placing data in the correct location.
Hosting Ireland registers and manages domain names on behalf of its customers through a variety of
registries and registry resellers. Hosting Ireland does not control this data and collection of this data is
a contractual requirement of ICANN (Internet Corporation for Assigned Names and Numbers) and specific domain
registries including country code registries. Under the GDPR, Hosting Ireland is a “processor” of this
personal data as we pass this on to the domain registrar/registry (the “controller) at your
instruction.
Currently some personal data is made available on the public WHOIS database as this is a contractual
requirement of the governing body ICANN. This requirement is being reviewed by the EU Commission. Most
European country code registries including the IEDR (.ie registry) have phased out the publishing of
personal WHOIS data. Certain country code domain registries outside of the EU will still publish WHOIS data
as this is often mandatory if you require the domain name. In some instances WHOIS privacy proxy can be used
to obfuscate information from public WHOIS. Each domain registry has its own Domain Registration and Privacy
Policies which we advise you to read.
Hosting Ireland provides a range of shared hosting services which allows a customer to host a website, store database information and host email on a shared server (shared server means other customers are sharing resources on the same server). The responsibility for securing the data is shared between Hosting Ireland and the customer. Hosting Ireland is responsible for securing the shared hosting environment and deploys best practice security policies and processes. The customer is responsible for the content, passwords and access to the data. In addition, the customer is responsible for their own backups, and application security by keeping them up to date with the latest version etc (e.g. WordPress).
The customer is responsible for the virtual machine content, backups and securing the content. Hosting
Ireland is responsible for maintaining the security of the Hypervisor infrastructure, control panel and
infrastructure backup. Hosting Ireland is also responsible for the physical security of the
platform.
Some responsibilities are sometimes shared by both Hosting Ireland and the customer. Some scenarios require
Hosting Ireland and the customer to manage and administer responsibilities together if specified. Hosting
Ireland would then be responsible for patching and maintaining the Operating system, the customer would need
to ensure that their solution and data is securely identified, labelled and correctly classified to meet any
compliance obligations.
In order to manage the virtual machine for the customer, Hosting Ireland requires access via SSH key or
password. In this scenario, Hosting Ireland has the responsibility to ensure there is no unauthorised access
outside of the Hosting Ireland engineering team. Consent is sought prior to access and recorded.
Hosting Ireland provides dedicated servers for configuration by the customer. The customer leases the server and has full control of the server and if required removes all access from Hosting Ireland. The customer has full responsibility for the data and content. Hosting Ireland is responsible for securing the physical access and where required ensuring firewalls are managed securely.
In order to manage the server for the customer, Hosting Ireland requires access via SSH key or password. In this scenario, Hosting Ireland has the responsibility to ensure there is no unauthorised access outside of the Hosting Ireland engineering team. Consent is sought prior to access and recorded.
Hosting Ireland are authorised resellers for SSL Certificates and collects Personal Identifiable Data (name, email address etc) on behalf of the SSL certificate authority in order to validate the registrant.
Hosting Ireland provides a website builder platform via the customer portal. The published website files are stored on Hosting Ireland’s servers, similar to shared hosting. However, the website creation and customisation tool is provided by Yola and therefore data is also stored on Yola’s servers.
The customer is responsible for ensuring the security of any passwords / urls provided for access to the backup portal as well as the management and scheduling of backups. Hosting Ireland is responsible for implementing operational controls to restrict unauthorised access to the backup servers and data.
Product | Controller | Processor | EU/EAA | Approved
Country or Privacy Shield |
Non-Approved Country |
---|---|---|---|---|---|
Generic Domains | Registry | ||||
Country Domains | Country Registry | * | |||
Other Domains | Specific Registry | ||||
Shared Hosting | Customer | ||||
Cloud Server | Customer | ||||
Dedicated Servers | Customer | ||||
SSL Certificates | Supplier | ||||
Website Builder | Customer | ||||
Backup Services | Customer |
* Specified country domain names only
Any personally identifiable data that is uploaded, managed or hosted on Hosting Ireland’s hosting platforms,
known as ‘Customer Data’, is the responsibility of the customer and as such the customer is the Controller.
As the Controller of the data the customer too has the responsibility for meeting GDPR
regulations.
This document is not intended to be exhaustive, but rather provide an overview of Hosting Ireland data
processing within the framework of GDPR.
For more information please see our GDPR – Data Processing FAQ