WHAT YOU NEED TO KNOW

Protocol Internet Technology Limited t/a Hosting Ireland ('we and us") are committed to protecting and respecting your privacy.

This Policy (together with our terms and conditions and any other documents referred to on it) sets out how we process the Personal Data we collect from you or that you provide to us. Personal Data is a term used to describe data that allows you to be directly or indirectly identified.

Please read the following notice carefully to understand our views and practices regarding your Personal Data and how we will treat it. Protocol Internet Technology Limited is the data controller of your Personal Data provided or collected in connection with Hosting Ireland's products and services (the "services"). Protocol Internet Technology Limited registered office address is of Deltona House, Six Cross Roads Business Park, Waterford, X91TX8Y. Hosting Ireland is fully committed to data protection, is compliant with the Data Protection Acts 1988 and 2003 and is registered with the Data Protection Commissioner Ref 13183/A Hosting Ireland is part of a wider organisation called team.blue operating across the European Union and the UK, and together our vision is to provide reliable, best in class tools and products to better enable companies and entrepreneurs to grow their businesses digitally. Although this privacy policy is issued on behalf of Hosting Ireland we have included details of where your Personal Data may be shared with other organisations within our wider group.

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:

• Email address: dpo@hosting-irland.com
• Postal address: Hosting Ireland, Deltona House, Six Cross Roads Business Park, Waterford, X91TX8Y
• You have the right to make a complaint at any time to the Data Protection Commissioner (DPC). The DPC website which contains the processes for raising a complaint can be found here: https://www.dataprotection.ie. We would ask that where possible You contact Us at dpo@hosting-irland.com in the first instance so we can attempt to resolve any issues you may have

We will collect and process the following data about You:

Please note in limited circumstances it may be necessary to collect information from a third party, a cardholder or another member of your household. Please ensure that any third parties are made aware of this privacy notice and please ensure you obtain their permission before providing their information.

With regard to each of your visits to our site we will also collect the following information:

We use information held about you in the following ways:

• To help us identify you and the accounts you hold with us;
• To provide customer care;
• To enable us to review, develop and improve our services and website;
• To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• To carry out marketing and statistical analysis;
• To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • We will only contact you about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you would like to change your communication preferences to opt in or out of receiving specific communications, you can manage this in your Online Control Panel;
• To display targeted, or interest based, offers to you based on those services already purchased;
• To notify you about changes to our service; and
• To ensure that content from our site is presented in the most effective manner for you and for your computer.

In addition to the specific purposes for which we may process your Personal Data set out above, we may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person's Personal Data to us, unless we ask you to do so.

Hosting Ireland works alongside third parties (including business partners, service providers and fraud protection services) and we may receive information from them about you. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

To administer and provide Hosting Ireland services we may share your Personal Data in order:

• To help us identify you and the accounts you hold with us;
• To provide customer care;
• To enable us to review, develop and improve our services and website;
• To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• To carry out marketing and statistical analysis;
• To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • We will only contact you about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you would like to change your communication preferences to opt in or out of receiving specific communications, you can manage this in your Online Control Panel;
• To display targeted, or interest based, offers to you based on those services already purchased;
• To notify you about changes to our service; and
• To ensure that content from our site is presented in the most effective manner for you and for your computer.

We may disclose your Personal Data to third parties:

• In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets;
• If Hosting Ireland or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;
• If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of Hosting Ireland, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
• We will also share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations and policies when you register a domain name with us.

In order to provide you with certain domain extensions, we are required to send your Personal Data to the Registry responsible for that domain extension. The details of the Registry providing specific extensions can be found at https://www.iana.org/domains/root/db - the 'Root Zone Database'.

The Root Zone Database represents the delegation details of top-level domains (TLDs) which are classified as either generic (for example '.com') or at country-code level (for example '.ie'). The Registry or Registrar which we contract with to register the domains may publish your Personal Data in the online directory known as the WHOIS, unless you have previously purchased a Domain Privacy service from us.

For generic domains ending in .com .net and .jobs:

• Where Hosting Ireland is the Registrar listed on the WHOIS, we will not publish your Personal Data in in the online public WHOIS. As an ICANN accredited Registrar, we are required to adhere to the WHOIS policy set by ICANN.

For all Nominet domain registrations (.co.uk, .uk, org.uk, .me.uk):

• Your Personal Data will not be published to the public WHOIS.

For all .IE domain registrations (.ie):

• .ie registrations completed as a business entity will have contact details published to the public WHOIS in line with .ie Registry rules. If Personal Data is included in the domain registration, this will be published to the public WHOIS. Registrations for non-business entities will not be published to the public WHOIS.

Should the publishing of your Personal Data to the public WHOIS be enforced by ICANN, or should Nominet or .IE’s policy about the publishing of Personal Data to the public WHOIS change, we will advise you by updating this Privacy Policy.

Please note that the location of the TLD registry will determine where your Personal Data is transferred and this may include the transfer of your Personal Data to a domain name registry located outside of the UK and necessary for the registration of a country code domain name. We will ensure that the appropriate safeguards are implemented to ensure the protection of your Personal Data. We have provided further information about the appropriate safeguards at the bottom of this privacy policy.

All information you provide to us is stored on secure servers either in Ireland or owned by Namesco Limited (a company within our corporate group) located within the UK. You can access Namesco Limited's privacy policy here (you will see that it is very similar to ours, given that we are part of the same group of companies).

As of 31 December 2020, the UK will cease to be a member of the EU. Your Personal Data may in limited circumstances be transferred from the EEA to the UK and vice versa as described above. We will ensure a similar degree of protection is afforded to your Personal Data by ensuring at least one of the approved safeguards (as described below at the end of this policy) are implemented (commonly this will include the use of specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe) and to ensure that your Personal Data is treated securely and protected against unauthorised loss or damage.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

Where we have given you (or where you have chosen) a username and password which enables you to access certain parts of our site, you are responsible for keeping this username and password confidential. We ask you not to share this information with anyone.

Unfortunately, the transmission of information through the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised loss or damage.

Our websites and services are not directed at individuals under the age of sixteen (16). We will not intentionally collect or maintain information about these individuals. If you believe that we may have collected Personal Data from someone under the age of 16, please let us know by emailing dpo@hosting-irland.com. We will then take appropriate measures to investigate and, if appropriate, delete that information.

We will retain your Personal Data for as long as needed to provide you with the services or as long as needed to fulfil the purpose for which the Personal Data was originally collected. We may also be required to retain certain information by law and/or for legitimate business purposes (for example, VAT records).

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data and more information is set out below.

Please note you may instruct us at any time not to process your personal information for marketing purposes.

Your rights under data protection law include:

The right to access;

You have the right to ask us to confirm whether or not we process your Personal Data and, to have access to the Personal Data, and any additional information. That additional information includes the purposes for which we process your Personal Data, the categories of Personal Data we hold and the recipients of that Personal Data. You may request a copy of your Personal Data.

The right to rectification;

If we hold any inaccurate Personal Data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete Personal Data about you completed.

The right to erasure;

In certain circumstances you have the right to have Personal Data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those Personal Data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the Personal Data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.

The right to restrict processing;

In certain circumstances you have the right for the processing of your Personal Data to be restricted. This is the case where: you do not think that the Personal Data we hold about you is accurate; your Personal Data is being processed unlawfully, but you do not want your Personal Data to be erased; it is no longer necessary for us to hold your Personal Data for the purposes of our processing, but you still require that Personal Data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your Personal Data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

The right to object to processing;

You can object to us processing your Personal Data on grounds relating to your particular situation, but only as far as our legal basis for the processing: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your Personal Data unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

The right to data portability;

In relation to the information you have given us and that we hold electronically, you have the right to request that your Personal Data be moved, copied or transferred from one database, storage or IT environment to another. You can make a portability request at any time where we have relied on your consent to use your Personal Data, or we have processed your data as part of a contract you have with us.

The right to complain to a supervisory authority;

If you think that our processing of your Personal Data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

The right to withdraw consent; and

To the extent that the legal basis we are relying on for processing your Personal Data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

The right to object to direct marketing;

You can choose whether we process your Personal Data for direct marketing purposes. If you do not want us to process your Personal Data for direct marketing purposes, we will not process your Personal Data for this purpose. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data in your Online Control Panel.

If you wish to:

• Request access to, deletion of or correction of, your Personal Data, please contact us to arrange this at dpo@hosting-irland.com. We must make you aware that due to regulations which control the use of the internet, Registries such as Nominet and ICANN may not delete your information until a period of time has lapsed.
• Request that your Personal Data be transferred to another person. You can exercise this right by contacting us at dpo@hosting-irland.com and requesting that your Personal Data be transferred.

Please note we reserve the right to charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may additionally need to request specific information from you to help us confirm your identity.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

We use the term "Client" to describe a customer of Hosting Ireland Limited and to whom we provide our services under the terms of our contractual relationship.

Our Clients use the services to host, transmit or process data to our hosting platform and this information may include Personal Data that allows their own customers to be identified. We refer to this type of data as "Client Customer Data".

We only have a business or contractual relationship with our Clients and have no direct relationship with the individuals categorised as Client Customer Data.

We do not collect, view or share Client Customer Data except as outlined in the terms of our contractual agreement with the Client (the Service Agreement), or, in exceptional circumstances as required by law or by order of a court. Nothing contained in this Privacy Policy shall alter specific terms and conditions applicable to the Service Agreement.

In line with the Service Agreement, our Clients retain responsibility for compliance with relevant data protection legislation, which includes setting standards and maintaining security standards to ensure the security of all data they upload to our platform which may include Client Customer Data. The security, including encryption of data prior to transmission to our network and confidentiality of their accounts and access to our platform, remains the responsibility at all times of our Clients.

To find out how Client Customer Data is collected, stored and processed by the Client (including information on how to gain access to and/or to make changes to Client Personal Data) please contact the Client directly, or refer to the applicable Client Privacy Policy for more information. Any enquiries received, or requests made, relating to Client Customer Data will be passed to the Client at the earliest opportunity.

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

Whenever we transfer your Personal Data out of the EEA (including within our own corporate group of companies), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if the appropriate Standard Contract Clauses (SCCs) are in place which require them to provide similar protection to Personal Data shared between Europe and the US.
• We will implement supplementary measures where appropriate, including additional security measures to ensure adequate protection for Personal Data in line with our obligations as a responsible data controller.
• Hosting Ireland has appointed Namesco Limited of Acton House, Perdiswell Park, Worcester, Worcestershire, WR3 7GD, England, to act as its representative in the United Kingdom with regard to Data Protection matters.