GDPR Compliance
File Sanctuary takes privacy and data protection extremely seriously, and as such, we strive for full compliance with the new GDPR (General Data Protection Regulations) legislation in Europe.
We realise that GDPR compliance is a critical issue for our customers too, and we understand that you need to ensure our compliance in order to satisfy your own compliance requirements.
As such, we’ve put together this page to help you learn more about our GDPR compliance, and to answer any frequently asked questions regarding how GDPR affects you, and how we can help.
We will be regularly updating and adding to this page as we continue to improve our documentation and processes.
Last updated: December 30, 2020
As such, we’ve put together this page to help you learn more about our GDPR compliance, and to answer any frequently asked questions regarding how GDPR affects you, and how we can help.
We will be regularly updating and adding to this page as we continue to improve our documentation and processes.
Last updated: December 30, 2020
We have now updated our Terms of Service, Acceptable Use Policy, and Privacy Policy with regards to GDPR.
We have prepared a standardised Data Processing Agreement, and any customers requiring such an agreement can request one by contacting our Data Protection Officer.
Aaron B. Russell is File Sanctuary’s Data Protection Officer, and can be reached here.
File Sanctuary undergoes at least quarterly third party vulnerability scanning on systems holding customer account information. File Sanctuary also performs its own vulnerability scans at least monthly on a much wider range of its systems.
Vulnerability scan reports contain extremely sensitive and detailed technical information. As such, we cannot share these reports.
- Customer Portal account (billing, support, etc): Customer data is located within the UK.
- WordPress Hosting and Web Hosting: Customer data is located within the UK.
- Cloud Servers and Cloud Hosting: Customer data is located within the UK.
- Broadband, Phone Lines, and Leased Lines: Customer data is located within the UK.
- Backblaze Computer Backups: See the Backblaze Privacy Policy for more information.
- rSnapshot Server Backups: Customer data is located within the UK.
- Comet Server Backups: Customer data is located within the UK.
- Microsoft Office 365: See the Microsoft Privacy Policy for more information.
- Datto Office 365 Backups: See the Datto Privacy Policy for more information.
- F-Secure Protection Service: See the F-Secure PSB Privacy Policy for more information.
- F-Secure Freedome VPN: See the F-Secure Freedome VPN Privacy Policy for more information.
- F-Secure Radar: See the F-Secure Radar Privacy Policy for more information.
As a Data Processor, File Sanctuary commits to informing customers of incidents that have or likely have impacted on their data within 72 hours to allow you to comply with your responsibilities as a Data Controller.
As a Data Controller, File Sanctuary will inform the ICO within 72 hours of any data breach that may have impacted on our Data Subject’s data protection rights and, where appropriate, we will also directly contact those individuals potentially impacted.
As a Data Controller, File Sanctuary will inform the ICO within 72 hours of any data breach that may have impacted on our Data Subject’s data protection rights and, where appropriate, we will also directly contact those individuals potentially impacted.
No. As your Data Processors, we ensure that the network and hosting platform are safe. What you choose to do with your account on our self-service hosting platform is down to you as the Data Controller.
Therefore, you are responsible for the data you choose to store on your website. It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your website software is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.
We can help you make changes that might be necessary in order to reach full compliance. If you need assistance, please create a support ticket.
Therefore, you are responsible for the data you choose to store on your website. It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your website software is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.
We can help you make changes that might be necessary in order to reach full compliance. If you need assistance, please create a support ticket.
No. As your Data Processors, we ensure that the network and cloud platform are safe. What you choose to do with your Cloud Servers on our self-service cloud platform is down to you as the Data Controller.
Therefore, you are responsible for the data you choose to store on your Cloud Server (even if you have Server Management). It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your server (and all software installed on it) is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.
We can help you make changes that might be necessary in order to reach full compliance, and if you have Server Management you get upto 1 hour a month of engineer time included each month for any changes you may require. If you need assistance, please create a support ticket.
Therefore, you are responsible for the data you choose to store on your Cloud Server (even if you have Server Management). It is down to you to ensure that you’re keeping your control panel/SFTP/SSH/FTP/email passwords safe, your server (and all software installed on it) is secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your website collects, and that it is being stored in an appropriate manner.
We can help you make changes that might be necessary in order to reach full compliance, and if you have Server Management you get upto 1 hour a month of engineer time included each month for any changes you may require. If you need assistance, please create a support ticket.
No. As your Data Processors, we work with Microsoft to ensure that the network and platform are safe. What you choose to do with your Office 365 account on the self-service cloud platform is down to you as the Data Controller.
Therefore, you are responsible for the data you choose to store on your Office 365 account. It is down to you to ensure that you’re keeping your account passwords safe, that your computers are secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your business collects, and that it is being stored in an appropriate manner.
Therefore, you are responsible for the data you choose to store on your Office 365 account. It is down to you to ensure that you’re keeping your account passwords safe, that your computers are secured, as well as to ensure that you’re compliant with GDPR in terms of the types of data your business collects, and that it is being stored in an appropriate manner.
Yes! We offer solutions for centrally managed antivirus, enforced software update deployment, and regular vulnerability scanning of devices within your office network, as well as for any Cloud Servers you have with us. Please create a support ticket to learn more about how we can help.
Have questions not answered above? Contact our Data Protection Officer for more information.