Data Processing Guide

Hosting Ireland has always demonstrated its commitment to customer data privacy and protection by ensuring compliance to data protection law and legislation.

New European Union legislation, GDPR (General Data Protection Regulation), comes into force on the 25th May 2018 and sets out regulations for the handling of Personal Identifiable Data. This document outlines the responsibilities of Hosting Ireland and Customers for the various products and services that Hosting Ireland provides.

Personal Identifiable Data

Hosting Ireland provides domain name registration, shared hosting, vps cloud servers, dedicated servers and a range of addon products to support hosting services. In order to provide these services and fulfil its obligations Hosting Ireland will require personal data, such as:

Hosting Ireland is the controller for this ‘Personal Data’ and will retain such data for as long as is required to fulfil its obligations and thereafter for a maximum of six years as required by applicable laws and revenue regulations.

This is outlined further in our Privacy Policy

Customer Data

Customers host data, referred to as ‘Customer Data’, on platforms controlled by Hosting Ireland, however Hosting Ireland does not have visibility or control of ‘Customer Data’ and so in most instances are not considered to be the data controller, but rather Hosting Ireland is the processor.

‘Customer Data’ may include, but not limited to:

Hosting Ireland is not typically aware of the content of ‘Customer Data’ and therefore treats all customer data with the same respect and standards of control. While Hosting Ireland takes every step reasonable to ensure security of ‘Customer Data’, it is the direct customer’s responsibility to ensure such data is stored in a way which minimises the risk of compromise or disclosure. This includes using a solution specified with the appropriate level of security, for example using appropriate access-control, anti-virus/malware, firewalls, intrusion detection/prevention, encryption and placing data in the correct location.

Domain Name Registrations

Hosting Ireland registers and manages domain names on behalf of its customers through a variety of registries and registry resellers. Hosting Ireland does not control this data and collection of this data is a contractual requirement of ICANN (Internet Corporation for Assigned Names and Numbers) and specific domain registries including country code registries. Under the GDPR, Hosting Ireland is a “processor” of this personal data as we pass this on to the domain registrar/registry (the “controller) at your instruction.

Currently some personal data is made available on the public WHOIS database as this is a contractual requirement of the governing body ICANN. This requirement is being reviewed by the EU Commission. Most European country code registries including the IEDR (.ie registry) have phased out the publishing of personal WHOIS data. Certain country code domain registries outside of the EU will still publish WHOIS data as this is often mandatory if you require the domain name. In some instances WHOIS privacy proxy can be used to obfuscate information from public WHOIS. Each domain registry has its own Domain Registration and Privacy Policies which we advise you to read.

Shared Hosting

Hosting Ireland provides a range of shared hosting services which allows a customer to host a website, store database information and host email on a shared server (shared server means other customers are sharing resources on the same server). The responsibility for securing the data is shared between Hosting Ireland and the customer. Hosting Ireland is responsible for securing the shared hosting environment and deploys best practice security policies and processes. The customer is responsible for the content, passwords and access to the data. In addition, the customer is responsible for their own backups, and application security by keeping them up to date with the latest version etc (e.g. WordPress).

Cloud Servers (VPS)

The customer is responsible for the virtual machine content, backups and securing the content. Hosting Ireland is responsible for maintaining the security of the Hypervisor infrastructure, control panel and infrastructure backup. Hosting Ireland is also responsible for the physical security of the platform.

Some responsibilities are sometimes shared by both Hosting Ireland and the customer. Some scenarios require Hosting Ireland and the customer to manage and administer responsibilities together if specified. Hosting Ireland would then be responsible for patching and maintaining the Operating system, the customer would need to ensure that their solution and data is securely identified, labelled and correctly classified to meet any compliance obligations.

In order to manage the virtual machine for the customer, Hosting Ireland requires access via SSH key or password. In this scenario, Hosting Ireland has the responsibility to ensure there is no unauthorised access outside of the Hosting Ireland engineering team. Consent is sought prior to access and recorded.

Dedicated Servers

Hosting Ireland provides dedicated servers for configuration by the customer. The customer leases the server and has full control of the server and if required removes all access from Hosting Ireland. The customer has full responsibility for the data and content. Hosting Ireland is responsible for securing the physical access and where required ensuring firewalls are managed securely.

Managed Dedicated Servers

In order to manage the server for the customer, Hosting Ireland requires access via SSH key or password. In this scenario, Hosting Ireland has the responsibility to ensure there is no unauthorised access outside of the Hosting Ireland engineering team. Consent is sought prior to access and recorded.

SSL Certificates

Hosting Ireland are authorised resellers for SSL Certificates and collects Personal Identifiable Data (name, email address etc) on behalf of the SSL certificate authority in order to validate the registrant.

Website Builder

Hosting Ireland provides a website builder platform via the customer portal. The published website files are stored on Hosting Ireland’s servers, similar to shared hosting. However, the website creation and customisation tool is provided by Yola and therefore data is also stored on Yola’s servers.

Backup Services

The customer is responsible for ensuring the security of any passwords / urls provided for access to the backup portal as well as the management and scheduling of backups. Hosting Ireland is responsible for implementing operational controls to restrict unauthorised access to the backup servers and data.

Who Controls / Processes data and where
Product Controller Processor EU/EAA Approved Country
or Privacy Shield
Generic Domains Registry
Country Domains Country Registry *
Other Domains Specific Registry
Shared Hosting Customer
Cloud Server Customer
Dedicated Servers Customer
SSL Certificates Supplier
Website Builder Customer
Backup Services Customer

* Specified country domain names only

Client GDPR Responsibilities

Any personally identifiable data that is uploaded, managed or hosted on Hosting Ireland’s hosting platforms, known as ‘Customer Data’, is the responsibility of the customer and as such the customer is the Controller. As the Controller of the data the customer too has the responsibility for meeting GDPR regulations.

This document is not intended to be exhaustive, but rather provide an overview of Hosting Ireland data processing within the framework of GDPR.

For more information please see our GDPR – Data Processing FAQ

Download Hosting Ireland's GDPR – Data Processing Guide