Data Protection

GDPR & Data Protection Act 2018 Compliance

Last updated: January 2025

Our Commitment

BareHost is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We implement appropriate technical and organisational measures to ensure the security and confidentiality of your data.

Data Controller Information

Data Controller: Bare Hosting
Address: Suite 454, 80A Ruskin Ave, Welling DA16 3QQ, UK
Email: dpo@barehost.co.uk
ICO Registration: ZB913632

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about processing activities.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data without undue delay.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including withdrawal of consent.

Right to Restrict Processing (Article 18)

You can request limitation of processing in specific situations, such as when accuracy is contested.

Right to Data Portability (Article 20)

You can request transfer of your data to another service provider in a structured, machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing at any time.

Data Security Measures

We implement comprehensive security measures including:

  • End-to-end encryption for data transmission (TLS 1.3)
  • AES-256 encryption for data at rest
  • Multi-factor authentication for administrative access
  • Regular security audits and penetration testing
  • Staff training on data protection principles and GDPR compliance
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery testing
  • Physical security controls at data centers
  • Network segmentation and access controls
  • Continuous monitoring and threat detection

Data Retention

We retain personal data only as long as necessary for the purposes outlined:

  • Account Data: Retained while account is active plus 7 years for legal compliance
  • Billing Records: Retained for 7 years as required by UK tax law and Companies Act
  • Support Communications: Retained for 3 years for service improvement and dispute resolution
  • Website Analytics: Anonymized after 26 months in compliance with GDPR
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Security Logs: Retained for 12 months for security monitoring
  • Backup Data: Automatically deleted according to retention schedules

International Transfers

Your data is primarily processed within the United Kingdom and European Economic Area. When international transfers are necessary for service provision, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

We never transfer data to countries without appropriate safeguards in place.

Data Breach Procedures

In the event of a personal data breach:

  • We will notify the relevant supervisory authority within 72 hours if the breach is likely to result in risk
  • Affected individuals will be notified without undue delay if high risk is involved
  • We maintain detailed records of all breaches and remedial actions taken
  • Regular breach response drills are conducted to ensure preparedness
  • Post-incident reviews are performed to improve security measures

Exercising Your Rights

To exercise your data protection rights:

  1. Contact our Data Protection Officer at dpo@barehost.co.uk
  2. Provide sufficient information to verify your identity (we may request additional verification)
  3. Specify clearly which right you wish to exercise and provide relevant details
  4. We will acknowledge your request within 48 hours
  5. We will respond within one month (extendable to three months for complex requests)
  6. There is no charge for most requests, unless they are manifestly unfounded or excessive

Complaints and Supervisory Authority

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority:

ICO Website: ico.org.uk
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Online: You can also report concerns online through the ICO website

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to identify and mitigate privacy risks. This includes new technologies, large-scale processing, and systematic monitoring activities.

Contact Our DPO

For all data protection enquiries, please contact our Data Protection Officer:

Email: dpo@barehost.co.uk
Subject Line: Data Protection Enquiry - [Your Request Type]
Address: Data Protection Officer, Bare Hosting, Suite 454, 80A Ruskin Ave, Welling DA16 3QQ, UK
ICO Registration: ZB913632
Response Time: We aim to respond to all enquiries within 48 hours