Privacy Policy

Privacy Policy for SmartHost Web Services Limited

Privacy Policy for SmartHost Web Services Limited

Effective Date: May, 2025  

This Privacy Policy reflects our current data protection practices and replaces all previous versions. 

SmartHost Web Services Limited (“SmartHost”), accessible at www.smarthost.ie, is committed to protecting the privacy of our visitors, customers, and users. SmartHost Web Services Limited, registered in Ireland, acts as the Data Controller for the personal data collected via this website and our services. This Privacy Policy outlines the types of information we collect, how we use it, our lawful bases for processing, how long we retain it, and how we secure it in accordance with industry best practices, applicable legislation, and our comprehensive Information Security Management System (ISMS).

1. Consent and Agreement

By continuing to use our website, you acknowledge that you’ve read and understood this Privacy Policy. 

  • For Website Use and Non-Essential Cookies: On your first visit, you’ll see a cookie consent banner allowing you to manage your cookie preferences. Your continued browsing signifies your understanding of how we use essential cookies and similar technologies as described here.
  • For Service Orders: When placing an order for our services, you’ll be required to explicitly accept our Terms of Service and this Privacy Policy by clicking a checkbox. This action signifies your consent to the processing of your personal data as described in this policy for the purpose of providing our services.
  • For Marketing Communications: Where required, we’ll get your clear and explicit consent for specific processing activities, such as sending marketing communications.

2. Information We Collect

We collect personal data in the following ways: 

  • Directly from you: When you register an account, contact us, or use our services. This may include your name, company name, address, email address, phone number, and any correspondence you send.
  • Automatically: When you visit our website or use our services, we automatically collect technical data such as IP address, browser type, operating system, referring URL, time of visit, pages visited, and session duration through cookies, server log files, and similar tracking technologies. This data helps us ensure the functionality and security of our services and analyse website performance.
  • From third parties: We may receive personal data from business partners, payment processors (e.g., Stripe for payment verification), and security providers (e.g., for fraud prevention and identity verification). When engaging any third-party service providers (including data processors), we ensure they comply with GDPR requirements and implement appropriate security measures. We enter into data processing agreements where required to define the scope and purpose of processing, and to ensure robust data protection and security safeguards are in place.

3. How We Use Your Information

We process your personal data to: 

  • Provide, manage, and support our hosting and domain services.
  • Authenticate access and manage customer accounts.
  • Communicate with you about service-related information, updates, and support issues.
  • Detect, investigate, and prevent fraud or abuse, and ensure the security and integrity of our systems.
  • Comply with legal, tax, and regulatory obligations.
  • Improve our website, systems, and customer support services.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on one or more of the following legal grounds: 

  • Your consent: Where you’ve given clear consent for us to process your personal data for a specific purpose (e.g., for certain marketing communications, or non-essential cookies). You have the right to withdraw your consent at any time, where consent is the legal basis for processing.
  • Performance of a contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract (e.g., providing hosting and domain services, account management).
  • Compliance with a legal obligation: Where processing is necessary for us to comply with the law (e.g., financial record-keeping, tax obligations, responding to legal requests).
  • Our legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests aren’t overridden by your fundamental rights and freedoms. Examples include improving our services, preventing fraud, maintaining the security of our systems, and managing our business operations efficiently. We always conduct a Legitimate Interests Assessment (LIA) before relying on this basis.

5. Log Files

We use server log files to help diagnose problems, monitor site usage trends, and maintain security. The information collected includes IP addresses, browser types, timestamps, and referring pages. While this data isn’t used to directly personally identify individuals, it can, in conjunction with other information, be linked to an individual. It primarily contributes to our overall security monitoring, troubleshooting, and operational analysis. 

6. Cookies and Tracking Technologies

Cookies are small data files stored in your browser. We use them to: 

  • Enable essential site functionality.
  • Remember user preferences.
  • Monitor site performance and usage statistics.

You can manage or disable cookies in your browser settings. For more detailed information on how we use cookies, please see our dedicated Cookie Policy. 

7. Data Security and Encryption

SmartHost implements robust technical and organisational measures, including those aligned with our Information Security Management System (ISMS), to ensure the security and confidentiality of your personal data. We continuously review and update our security practices to protect against unauthorised access, alteration, disclosure, or destruction, in line with industry best practices. 

  • SmartHost Customer Data (Billing and Account Details):
    • In Transit: All customer account information and related data (e.g., billing details, login credentials, communications with our support) are encrypted when being transferred, using modern standards like TLS 1.3 and AES-256.
    • At Rest: Your passwords are hashed and encrypted using secure algorithms. Payment information is handled securely by Stripe, a service that is PCI-DSS compliant, meaning SmartHost never stores any sensitive cardholder data directly on our systems. Our billing system also enforces secure data encryption and strict access controls.
  • Customer Content Data (Website Data, Emails, Databases on Our Servers):
    • Encryption in Transit: For website traffic, SmartHost provides free SSL certificates to help customers encrypt data in transit between their website and visitors. However, it is the customer’s sole responsibility to activate and correctly configure these SSL certificates, or any other encryption methods, to ensure their website data is encrypted during transmission. If SSL is misconfigured or not activated, data in transit will not be encrypted.
    • Encryption at Rest: Data stored on SmartHost’s shared hosting or virtual private server (VPS) environments, specifically website content, email content within mailboxes, and database content, is generally NOT encrypted at rest by SmartHost as a standard service.
    • Customer Responsibility for Content Encryption: It is the sole responsibility of the customer to ensure that any private or confidential data they store on their websites, within email accounts, or in databases hosted on our servers is suitably encrypted and protected at rest, if such encryption is required for their specific data or compliance needs. This includes implementing appropriate security measures within their applications and content.
  • General Security Measures
    • We store customer data (both SmartHost’s and your content) on servers with restricted access, protected by firewalls and continuous monitoring systems.
    • As part of our commitment to maintaining a robust ISMS, we regularly conduct technical compliance reviews, including vulnerability assessments and penetration testing, on our information systems to ensure the effectiveness of security controls protecting your personal data.

8. Data Retention

We retain personal data for as long as necessary to: 

  • Provide our services.
  • Comply with legal and regulatory obligations.
  • Resolve disputes and enforce agreements.

Account-related data, for example, may be retained for up to 7 years for financial record-keeping as required by Irish company and tax law. We maintain a data retention schedule to ensure data isn’t held longer than necessary. All records containing personal data are protected throughout their lifecycle, from collection to secure deletion or anonymisation, against unauthorised access, modification, loss, or destruction, in line with our ISMS. Data no longer needed is securely deleted or anonymised through appropriate methods. 

9. International Data Transfers

SmartHost Web Services Limited is based in Ireland, a member state of the European Union. We ensure that all personal data collected from you is processed and stored within the European Economic Area (EEA), upholding the highest standards of data protection as required by the General Data Protection Regulation (GDPR). 

10. Your GDPR Rights

You have the following rights under the General Data Protection Regulation (GDPR): 

  • Access: Request a copy of your personal data we hold about you.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data in certain circumstances (the “right to be forgotten”).
  • Restriction: Ask us to temporarily stop processing your data, under certain conditions.
  • Objection: Object to our processing of your personal data based on legitimate interest or for direct marketing purposes.
  • Portability: Request a copy of your data in a structured, commonly used, machine-readable format, and have the right to transmit that data to another controller.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been violated. In Ireland, the supervisory authority is the Data Protection Commission (DPC). Website: www.dataprotection.ie

To exercise your rights, please contact us using the details below. We maintain records of all requests and our responses. We’ll respond to your request without undue delay and in any event within one calendar month of receipt. In complex cases or if we receive a high volume of requests, we may extend this period by a further two months, but we’ll inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. 

11. Children’s Privacy

Our services are not directed at children under 18. We don’t knowingly collect personal data from anyone under this age. If we become aware that such data has been collected, we’ll delete it promptly. 

12. Special Categories of Personal Data

SmartHost doesn’t intentionally collect or process any ‘special categories of personal data’ as defined by GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person’s sexual orientation) unless you explicitly provide it for a specific service where such processing is necessary and lawful, or if required by law. 

13. Automated Decision-Making and Profiling

We don’t use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, as defined by GDPR Article 22. 

14. Third-Party Services

This policy doesn’t cover external websites or services linked from our site. We encourage you to read the privacy policies of those third parties. 

15. Data Breach Notification

In the unlikely event of a personal data breach impacting the confidentiality, integrity, or availability of your personal data, SmartHost is committed to assessing and addressing it promptly. Where the breach is likely to result in a high risk to your rights and freedoms, we’ll notify you and the Data Protection Commission (DPC) without undue delay, in accordance with our obligations under the GDPR. 

16. Business Transfers

In the event that SmartHost Web Services Limited is involved in a merger, acquisition, asset sale, or other business transaction, your personal data may be transferred as part of the transaction. In such cases, we’ll provide you with reasonable notice before your personal data is transferred and becomes subject to a different Privacy Policy. We’ll ensure that appropriate safeguards, consistent with our obligations under GDPR, are in place to protect your personal data during and after such a transfer. 

17. Changes to This Policy and ISMS Compliance

We may update this Privacy Policy to reflect changes in law, our business practices, or data processing activities. Updates will be posted on this page with an updated ‘Effective Date’. We’ll also notify you of any significant changes where required by law. 

We regularly review and update our Privacy Policy to ensure continued compliance with legal and regulatory requirements and to reflect changes in our data processing practices. We encourage users to review this policy periodically. 

Our Information Security Management System (ISMS), which includes our privacy controls, is subject to regular internal and external reviews to ensure its continued suitability, adequacy, and effectiveness as we work towards ISO 27001 certification. Compliance with our internal information security policies and standards, including those related to privacy, is regularly reviewed by relevant management. SmartHost maintains a documented process for identifying, reviewing, and ensuring compliance with all applicable legal, statutory, regulatory, and contractual requirements related to information security and privacy. 

18. Contact Us

If you have questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us: 

SmartHost Web Services Limited  
Email: support@smarthost.ie  
Phone: +353 (0)1 901 9700  
Website: www.smarthost.ie 

Data Protection Officer (DPO) / Data Protection Contact For any data protection queries, including exercising your rights, please contact our Data Protection Contact at: Email: management@smarthost.ie 

This website uses cookies.