yourfriends@filesanctuary.net
01642 688 088 | Login

GDPR Compliance


File Sanctuary takes privacy and data protection extremely seriously, and as such, we strive for full compliance with the new GDPR (General Data Protection Regulations) legislation in Europe.

We realise that GDPR compliance is a critical issue for our customers too, and we understand that you need to ensure our compliance in order to satisfy your own compliance requirements.

As such, we’ve put together this page to help you learn more about our GDPR compliance, and to answer any frequently asked questions regarding how GDPR affects you, and how we can help.

We will be regularly updating and adding to this page as we continue to improve our documentation and processes.

Last updated: June 7, 2018

Are File Sanctuary's Terms of Service and Privacy Policy updated for GDPR?
We have now updated our Terms of Service and Acceptable Use Policy with regards to GDPR. We are currently working on an updated version of our Privacy Policy and hope to have it ready within the next couple of weeks.
Can File Sanctuary provide us with a Data Processing Agreement?
We have prepared a standardised Data Processing Agreement, and any customers requiring such an agreement can request one by contacting our Data Protection Officer.
Who is File Sanctuary's Data Protection Officer?
Aaron B. Russell is File Sanctuary’s Data Protection Officer, and can be reached at dataprotection@filesanctuary.net.
Does File Sanctuary perform regular vulnerability scanning?
File Sanctuary undergoes at least quarterly third party vulnerability scanning on systems holding customer account information. File Sanctuary also performs its own vulnerability scans at least monthly on a much wider range of its systems.
Can File Sanctuary share the results of its most recent vulnerability scan?
Vulnerability scan reports contain extremely sensitive and detailed technical information. As such, we cannot share these reports.
Where is customer data located?
  • Customer Portal account: Customer data is located within the UK.
  • Web Hosting: Customer data is located within the UK.
  • PV Cloud Servers: Customer data is located within the UK.
  • HVM Cloud Servers: Customer data is located within the UK.
  • EN Cloud Servers: Customer data is located in the country requested by the customer during the order process.
  • Livedrive: See the Livedrive Privacy Policy for more information.
  • F-Secure Protection Service: See the PSB Privacy Policy for more information.
  • F-Secure Freedome VPN: See the Freedome VPN Privacy Policy for more information.
  • F-Secure Radar: See the Radar Privacy Policy for more information.
What will File Sanctuary do in the event of a leak?
As a Data Processor, File Sanctuary commits to informing customers of incidents that have or likely have impacted on their data within 72 hours to allow you to comply with your responsibilities as a Data Controller.

As a Data Controller, File Sanctuary will inform the ICO within 72 hours of any data breach that may have impacted on our Data Subject’s data protection rights and, where appropriate, we will also directly contact those individuals potentially impacted.
I have a website with File Sanctuary that stores data about my customers. Is File Sanctuary responsible for ensuring compliance?
No. As your Data Processors, we ensure that the network and hosting platform are safe. What you choose to do with your account on our self-service hosting platform is down to you as the Data Controller.

Therefore, you are responsible for the data you choose to store on your website. It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your website software is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.

We can help you make changes that might be necessary in order to reach full compliance. If you need assistance, please create a support ticket.
I have a Cloud Server with File Sanctuary that stores data about my customers. Is File Sanctuary responsible for ensuring compliance?
No. As your Data Processors, we ensure that the network and cloud platform are safe. What you choose to do with your Cloud Servers on our self-service cloud platform is down to you as the Data Controller.

Therefore, you are responsible for the data you choose to store on your Cloud Server (even if you have Server Management). It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your server (and all software installed on it) is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.

We can help you make changes that might be necessary in order to reach full compliance, and if you have Server Management you get upto 1 hour a month of engineer time included each month for any changes you may require. If you need assistance, please create a support ticket.
Can File Sanctuary help me keep my office network GDPR compliant?
Yes! We offer solutions for centrally managed antivirus, enforced software update deployment, and regular vulnerability scanning of devices within your office network, as well as for any Cloud Servers you have with us. Please create a support ticket to learn more about how we can help.

Have questions not answered above? Contact our Data Protection Officer for more information.