GDPR Policy

Last updated: January 2025

1. GDPR Compliance Commitment

UncleBTech is committed to full compliance with the General Data Protection Regulation (GDPR). As a UK-based hosting provider, we ensure that all personal data processing activities meet the highest standards of data protection and privacy.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To provide hosting services and fulfill our contractual obligations
• Legitimate Interest: For service improvement, security, and business operations
• Legal Obligation: To comply with tax, accounting, and regulatory requirements
• Consent: For marketing communications and optional services

3. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how it's processed and who it's shared with.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability (Article 20)

You can request your personal data in a structured, machine-readable format to transfer to another service provider.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

4. Data Protection Measures

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Staff training on data protection principles
• Incident response procedures for data breaches
• Privacy by design in all new services and features
• Regular audits of data processing activities

5. Data Processing Records

We maintain detailed records of all data processing activities as required by Article 30 of GDPR. These records include the purposes of processing, categories of data subjects and personal data, recipients of data, and retention periods.

6. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in high risk to individuals, we will also notify affected data subjects without undue delay.

7. International Data Transfers

Your data is primarily processed within the UK. Any transfers outside the UK/EEA are protected by appropriate safeguards such as adequacy decisions, standard contractual clauses, or binding corporate rules.

8. Data Protection Officer

While not legally required to appoint a Data Protection Officer, we have designated a privacy team responsible for ensuring GDPR compliance and handling data protection queries.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details below. We will respond to your request within one month, or inform you if we need additional time.

10. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.

11. Contact Information