In this article, we aim to answer any questions you may have regarding the GDPR and one.com. When new information becomes available, we will update this page.
- What is the GDPR?
- What constitutes personal data?
- When is one.com acting as data controller?
- When is one.com acting as data processor?
- Where is my data stored?
- Some main guidelines you should follow regarding GDPR
As a customer, you have entrusted one.com with your personal data and process the personal data of your website visitors via our systems. We want to thank you for your trust in us and assure you that we will handle your personal data responsibly and comply with applicable regulations.
Our privacy policy explains the ways in which we process the personal data of our customers and website visitors.
We also make a Data Processing Agreement (DPA) available to our customers. If you are processing personal data on your own web space as a data controller, then you are legally required to conclude a DPA with us. If you are our customer, the data processing agreement is incorporated in the webhosting contract you have with us, and doesn't require any further action on your part.
What is the GDPR?
The 'General Data Protection Regulation' (GDPR) is an EU regulation that addresses the processing and free movement of personal data. It consists of data protection principles and requirements that must be adhered to when personal data is processed.
The purpose of the GDPR is to have the same data protection laws across all EU member states and to give its citizens more control over how and when their data is used, even if they are in a different country.
Although the GDPR is an EU regulation, any company that markets goods or services to EU residents or processes personal data of EU citizens is subject to the regulation, regardless of its location.
What constitutes personal data?
Personal data refers to any information that relates to an 'identifiable living individual', or a real person. This includes name, address, phone number, social security number, photos, credit card and health information that may be linked to the individual.
When is one.com acting as data controller?
one.com acts as data controller whenever we determine the purposes and means of the processing. This is, for example, the case when we ask for your contact details to register you as a customer, send you e-mails about the service or handle your personal data to provide customer support.
In our privacy policy, you can find an overview of all processing activities for which we are the data controller.
When is one.com acting as data processor?
If you process personal data through our systems, for example, when you handle the personal data of customers of your webshop or send emails from your domain, then you are the data controller for this processing activity. We only provide the technical means necessary for these activities, but we have no influence on how you decide to use the personal data.
In these cases, we act as a data processor and we will only process personal data under the Data Processing Agreement to provide the requested services as stated in the webhosting contract and to ensure a high level of security. When you subscribe to our services, a Data Processing Agreement is automatically incorporated into the webhosting contract, which you have accepted as part of the onboarding flow. This agreement between you as the controller and one.com as the data processor is legally required under the GDPR and sets out our respective obligations for the processing activities where we act as a data processor.
Please note that one.com in some cases may process personal data that you have stored on the web space hosted by one.com as a data controller to comply with requests from authorities and court orders as described in our privacy policy.
The DPA can be consulted here.
Where is my data stored?
All data of customers residing in the European Union is hosted in our data centres in Denmark within the European Union.
Some main guidelines you should follow regarding GDPR
- Make sure to check up on your responsibilities as a data controller.
- Don't process personal information you don't need.
- Ensure that any processing of personal data you do has a legal basis.
- Ensure that the people you process personal data about are informed of your processing activities through relevant privacy policies.
- Use encrypted protocols for web, mail and file transfers.
- Keep applications up-to-date.
- Restrict access to data.
- Don't store data any longer than needed, considering operations, financial and legal requirements.
Processing personal data means, for example, that your business collects, stores, records, organises, structures or deletes personal data. That data can be located in emails, web content, database content, etc.
It doesn't matter if you are using tools that we provide, like Website Builder, or if you upload the data yourself.
We don't monitor data you have stored on your web space or in emails. It is your own responsibility to comply with the GDPR and to check if you need a DPA with us.
The GDPR does not apply to the processing of personal data if it is done by a natural individual for purely personal or household activity. For example, if you only use one.com for your personal e-mail address and address book.