Effective Date: 23
November 2023
Company Registration Number: 15304392
ICO Registration Reference: ZB820226
Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
Contact Email: info@alovhost.com
1. Introduction
This Data Processing Agreement ("DPA")
forms part of the Terms & Conditions and applies when Alovhost
Ltd. ("Alovhost", "we", "us") processes
personal data on behalf of customers ("you", "data
controller") in compliance with:- UK
General Data Protection Regulation (UK GDPR)
- Data
Protection Act 2018 (UK)
- Applicable
international data protection laws
By using our services, you agree to this DPA, which
governs how we process, store, and protect your data.
2. Definitions
For the purposes of this DPA, the following
definitions apply:- "Controller"
– The customer (you), who determines the purposes and means of processing
personal data.
- "Processor"
– Alovhost Ltd., which processes personal data on behalf of the
controller.
- "Data
Subject" – Any individual whose personal data is
processed.
- "Personal
Data" – Any information relating to an
identifiable individual, as defined under UK GDPR.
- "Processing"
– Any operation performed on personal data, such as collection, storage,
use, or deletion.
- "Sub-processor"
– Any third party engaged by Alovhost to process personal data on behalf
of the controller.
3. Scope & Purpose of Processing
3.1 Processing Details
Alovhost processes personal data only as necessary to provide hosting,
VPS, domain, and related services. Processing activities include:
Storing website and customer account data
Managing email and support communications
Processing payments through third-party providers
Securing services and preventing fraud
3.2 Duration of Processing
Alovhost will process personal data only for as long as necessary to
fulfill service obligations, unless otherwise required by law.
3.3 Nature & Types of Personal Data
We process the following categories of personal data:- Account
Data: Name, email, phone number, address
- Payment
Data: Billing details (processed via third-party payment
gateways)
- Technical
Data: IP address, browser type, device identifiers
- Usage
Data: Login timestamps, service usage logs
Sensitive data (e.g., biometric, health,
political, or religious data) is not collected or processed.
3.4 Categories of Data Subjects- Customers
using Alovhost services
- End
users accessing customer-hosted websites
- Any
individual interacting with our services
4. Obligations of Alovhost (Processor)
Alovhost agrees to:
Process data only on written instructions from the controller.
Ensure data confidentiality by restricting access to authorized
personnel.
Implement appropriate security measures to prevent data breaches.
Assist the controller with GDPR compliance (e.g., handling data subject
requests).
Delete or return all personal data after termination of services, upon
request.
5. Obligations of the Controller (Customer)
As the data controller, you agree to:
Ensure personal data is collected lawfully and with proper consent.
Provide clear privacy notices to data subjects.
Respond to data subject requests (e.g., deletion, access, corrections).
Use Alovhost’s
services in compliance with GDPR and applicable laws.
Notify Alovhost of any unauthorized or unlawful processing activities.
6. Security Measures
Alovhost implements industry-standard technical and
organizational security measures to protect personal data:
Security Measure |
Description |
Encryption |
Data encrypted in transit (SSL/TLS) and at rest. |
Access Control |
Role-based access to personal data, with authentication
controls. |
Monitoring |
Continuous security monitoring & threat detection. |
Regular Backups |
Secure backups to prevent data loss. |
Incident Response |
Rapid response & mitigation in case of data breaches. |
7. Sub-Processors & Third-Party Providers
7.1 Use of Sub-Processors
Alovhost may engage third-party service providers ("sub-processors") to assist in delivering services. These include:
- Hosting
& Data Centers: Infrastructure providers for hosting
services.
- Payment
Processors: PayPal, Stripe, CryptoMus (for secure
payments).
- Security
& Monitoring Services: Tools for detecting
fraud, abuse, and cyber threats.
- All sub-processors must comply with UK GDPR and sign data protection agreements with Alovhost.
- A list of current sub-processors is available upon request.
If you object to a sub-processor, you must notify Alovhost in writing within 30 days. If a resolution cannot be reached, you may terminate the service without penalty.
8. Data Subject Rights & Assistance
Alovhost assists controllers in complying with UK GDPR rights of data subjects:
Right |
Assistance Provided |
Right to Access |
Providing copies of stored personal data. |
Right to Rectification |
Allowing corrections to inaccurate data. |
Right to Erasure (Right to be Forgotten) |
Deleting personal data upon verified request. |
Right to Restriction |
Limiting processing when legally required. |
Right to Data Portability |
Providing structured data exports. |
Right to Object |
Ceasing processing upon valid objection. |
9. Data Breach Notification
If a personal data breach occurs that may affect data subjects, Alovhost will:
Notify the controller without undue delay (within 72 hours if required by law).
Provide details of the breach, including affected data, risks, and mitigation actions.
Assist in regulatory reporting to the ICO (Information Commissioner’s Office) if necessary.
10. International Data Transfers
- Personal data may be transferred outside the UK (e.g., to hosting providers).
- All transfers comply with UK GDPR, using safeguards like Standard Contractual Clauses (SCCs) or adequacy decisions.
- If you require specific details, contact info@alovhost.com.
11. Data Retention & Deletion
- Alovhost retains personal data only as long as necessary for service fulfillment.
- After termination, data is deleted or anonymized within 60 days, unless required by law.
- The controller may request early deletion via email.
12. Audit & Compliance
Customers may request an audit to verify Alovhost's compliance with this Data Processing Agreement (DPA), subject to the following conditions: