Privacy Policy
This privacy notice explains who we are, the types of personal data we collect, how and why we process that data, your privacy rights, and how you can access, update or request the removal of your information. It also describes where and how your data is stored, and the procedures we follow to keep it secure. In particular, this notice sets out how The Webhosting Group Limited collects and processes your personal data when you visit our website, access your client area, purchase a product or service, or use our live chat service.
This page (together with the General Terms, Terms of Use, Acceptable Use Policy and any documents referred to within them) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read this notice carefully to understand our practices regarding your personal data and how we will treat it. This privacy notice supplements any other notices we may provide and is not intended to override them.
<Who We Are
The Webhosting Group Limited is the data controller and data processor responsible for your personal data (referred to in this notice as “we”, “us” or “our”). We take the security and privacy of your information seriously. Protecting our customers’ data has always been a core part of how we operate. We only collect and use personal data where it is necessary to deliver our products, services and websites (collectively, our “Services”).
We are registered with the Information Commissioner’s Office (ICO) under registration number ZB726556. If you have any questions about this privacy notice or concerns about how your data is handled, please contact us using the details below:
The Webhosting Group Limited
Head Office
c/o SWT, 55 Elm Road
Mannamead
Plymouth
Devon
PL4 7AZ
Email: privacy(at)thewebhostinggroup.com
If we are unable to resolve your concerns regarding data protection, you have the right to lodge a complaint with the Information Commissioner’s Office at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
What We Collect
We may collect personal data and personal information. “Personal data” means any information relating to an identifiable individual. It does not include data where the identity has been removed (anonymous data).
We work closely with a number of third parties, including service providers, business partners and fraud‑prevention services. We may receive information from them about you, which can include (but is not limited to) your IP address, device information, server logs, location data, and unique order or reference numbers. Some of these third parties may provide features that are integrated into our website. In certain cases, they may act as independent data controllers and will have their own privacy notices, which we strongly recommend you read.
We may share your personal data with third parties where it is necessary for the provision of our Services (for example, payment processing or domain registration). We only share the minimum information required, we ensure it is transferred securely, and we do not permit your data to be used for marketing purposes by those third parties.
We may collect, use, store and transfer different types of personal data about you, which we group together as follows:
• Identity Data: first name, last name, maiden name, username or other identifier, title, date of birth and gender.
• Contact Data: billing address, delivery address, email address and telephone numbers.
• Financial Data: card payment details (processed securely by our payment providers).
• Transaction Data: details of payments to and from you, and details of products and services you have purchased from us.
• Technical Data: IP address, login data, browser type and version, time zone setting and location, browser plug‑in types and versions, operating system and platform, and other technology used to access our website.
• Profile Data: your username, purchases or orders made by you, your preferences, feedback and survey responses.
• Usage Data: information about how you use our website, products and services.
• Marketing and Communications Data: your preferences for receiving marketing from us and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic information for any purpose. Aggregated Data may be derived from your personal data, but it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to understand how many users access a particular feature. If we ever combine or connect Aggregated Data with personal data in a way that could identify you, we treat the combined data as personal data and handle it in accordance with this privacy notice.
For the avoidance of doubt, we do not - and will never - sell or share your personal data with third parties for marketing or advertising purposes.
Your Responsibilities
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may be unable to perform the contract (for example, to supply products or services). In such cases, we may need to cancel a product or service, and we will notify you if this becomes necessary. You may review or update the personal details you have provided to us at any time.
How We Collect Your Data
We collect data from and about you through a variety of methods, including:
Direct Contact
You may provide us with Identity, Contact and Financial Data by completing secure forms or by communicating with us via phone, email or live chat. This includes personal data you provide when you:
• make a sales enquiry by telephone, email or live chat;
• apply for our products or services;
• create an account on our website;
• register or transfer a domain name;
• request marketing communications;
• enter a competition, promotion or survey;
• provide feedback.
Automated technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your device, browsing actions and usage patterns. We collect this information using cookies, server logs and similar technologies, which may evolve as new technologies become available.
Third parties or publicly available sources
We may receive personal data about you from various third parties and public sources, including:
• Technical Data from:
(a) analytics providers;
(b) affiliate network providers;
(c) advertising networks;
(d) search information providers.
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
• Identity and Contact Data from publicly available sources.
• Identity and Contact Data from data brokers or aggregators.
How We Use Your Data
We will only use your personal data where the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
• where we need to perform a contract for products or services;
• where it is necessary for our legitimate interests (or those of a third party) and your rights do not override those interests;
• where we need to comply with a legal or regulatory obligation.
When you make an enquiry through our website, live chat, email or other communication channels, any information you provide will be treated as freely given, specific and informed, enabling us to respond effectively to your enquiry.
Below is a description of the ways we plan to use your personal data and the legal bases we rely on to do so. Please note that we may process your personal data under more than one legal basis depending on the specific purpose for which we are using it.
| Purpose / Activity | Type of Data | Lawful Basis for Processing (including legitimate interests) |
|---|---|---|
| To register you as a new customer |
(a) Identity (b) Contact |
Performance of a contract with you |
|
To process and deliver your order, including: (a) Managing payments, fees and charges (b) Collecting and recovering money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts owed to us) |
|
To manage our relationship with you, including: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or complete a survey |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and understand how customers use our services) |
| To enable you to participate in a prize draw, competition or survey |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to understand how customers use our services, develop them and grow our business) |
| To manage and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (to run our business, provide administration and IT services, ensure network security, prevent fraud, and support business restructuring) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of that content |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to understand how customers use our services, develop them, grow our business and inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and overall experience |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to identify customer types, keep our website updated and relevant, develop our business and inform our marketing strategy) |
| To make suggestions and recommendations to you about goods or services that may be of interest |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Performance of a contract with you |
| To respond to a general enquiry or a careers enquiry |
(a) Identity (b) Contact |
(a) Consent (b) Necessary for our legitimate interests (to communicate with customers, partners and prospective applicants) |
Definitions
Legitimate Interest — our interest in operating, managing and improving our business. We consider and balance any potential impact on you before relying on legitimate interests as a basis for processing your data.
Performance of a Contract — processing your data where it is necessary to fulfil a contract for products or services you have requested.
Legal or Regulatory Obligation — processing your personal data where required to comply with applicable laws or regulatory requirements.
Marketing
We aim to give you clear choices regarding how your personal data is used, particularly for marketing and advertising. You may receive marketing communications from us if you have opted in to receive them.
Essential service emails — such as invoices, password resets, billing notifications and system‑related messages required to operate your account — will continue to be sent to customers regardless of marketing preferences.
Cookies
You can configure your browser to refuse cookies or to alert you when a website attempts to set or access cookies. If you disable or refuse cookies, some parts of our website may not function correctly or may become inaccessible. For more information about the cookies we use, please refer to our Cookie Policy.
Change of Purpose
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose that is compatible with the original one. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
Sharing with Trusted Third Parties
We may share your personal data with third parties that integrate with our Services, or with trusted service providers who perform functions on our behalf, such as:
• processing credit or debit card payments;
• conducting competitions or surveys;
• analysing our Services and customer demographics;
• communicating with you (for example, email or survey delivery);
• customer relationship management;
• delivering advertisements.
We only share the personal data necessary for these third parties to provide the services you have requested or to support our day‑to‑day operations. All third parties (including any subcontractors) are bound by strict data processing terms and are prohibited from using, sharing or retaining your personal data for any purpose other than the specific task they have been contracted to perform, unless you provide consent.
We may, in the future, sell, transfer or merge parts of our business or assets. We may also acquire or merge with other businesses. If such a change occurs, the new owners may use your personal data in the same way as set out in this privacy notice, in order to continue operating your account effectively.
Where Is The Data Stored?
All personal data you provide to us is stored securely on servers located within the United Kingdom. We may share your personal data within The Webhosting Group Limited and, where necessary, with trusted suppliers and service providers who support the delivery of our Services. This may occasionally involve transferring your data outside the UK.
Whenever we transfer your personal data outside the UK, we ensure that an appropriate level of protection is in place. We do this by ensuring at least one of the following safeguards applies:
• the destination country has been deemed by the UK Government to provide an adequate level of data protection; or
• we use specific contracts or standard contractual clauses approved for use under UK GDPR, which give personal data equivalent protection to that required in the UK; or
• the transfer is otherwise permitted under UK data protection law.
Some of our service providers (for example, domain registrars or technical partners) may operate globally. In such cases, we ensure that any international transfers they make on our behalf are protected by appropriate safeguards and contractual obligations.
Data Security
We follow recognised industry standards to store and protect the personal data we collect, both during transmission and once it is received. This includes the use of encryption where appropriate. We retain personal data only for as long as necessary to provide the Services you have requested, and thereafter only where required for legitimate legal or business purposes. Access to your personal data is restricted to employees, agents, contractors and trusted third parties who need it for operational purposes.
In the event of a data breach, we will comply with all obligations under applicable data protection laws, including notifying you and the relevant supervisory authority where required.
Please note that the transmission of information over the internet is not completely secure. While we take steps to protect your data, we cannot guarantee the security of information transmitted to us and any transmission is at your own risk. Once we receive your information, we use strict procedures and security measures to prevent unauthorised access.
Where you have chosen a password to access parts of our website, you are responsible for keeping it confidential. If an automated system generates a password for you, you must change it upon receipt to something known only to you. We do not know and cannot view your password, and we ask that you do not share it with anyone.
You are responsible for maintaining the security of any software, scripts or plugins you install on your hosting account. Out‑of‑date or unmaintained software can create vulnerabilities that may compromise your data. The use of “nulled” or unauthorised themes or plugins is strictly prohibited, as they pose significant security risks.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting or reporting requirements. When determining the appropriate retention period, we consider:
• the amount, nature and sensitivity of the personal data;
• the potential risk of harm from unauthorised use or disclosure;
• the purposes for which we process the data and whether those purposes can be achieved by other means;
• any applicable legal or regulatory requirements.
Individuals have the right to request the erasure of their personal data (the “right to be forgotten”). This right is not absolute and applies only in certain circumstances. Due to legal and accounting obligations, we must retain basic customer information (including Identity, Contact, Financial and Transaction Data) for six years after a contract ends or after an individual ceases to be a customer.
Lawful Basis
We rely on a number of lawful bases to process your personal data. For the effective running of our business, we may process data under our legitimate interests, ensuring that we balance those interests against your rights and freedoms. We also process your data where it is necessary for the performance of a contract to which you are a party, or where you have asked us to take steps to enter into such a contract.
We do not process your personal data where our interests are overridden by your rights, or where doing so would cause undue impact, unless we have your consent or are otherwise required or permitted to do so by law in order to comply with a legal or regulatory obligation.
Third Parties
We may share your personal data with a range of third parties where necessary for the operation of our business or the delivery of our Services. These may include:
• service providers acting as processors who supply IT, infrastructure and system administration services;
• professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, legal, banking, insurance and accounting services;
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers within the UK who require reporting of processing activities;
• external third parties who provide electronic or computing services, as listed below.
| Name | Type of Service | Type of Data Processed |
|---|---|---|
| Stripe Inc. | Payment Processor | Customer name, address and card information for secure payment processing. |
| MaxMind Inc. | Fraud Prevention & Geolocation Services | Customer name, address, email address and IP address for fraud verification and prevention. |
| Liquid 11 Limited | Communications Service Provider | Telephone number and call recordings for customer support and verification. |
| Nominet UK | .UK Domain Registry | Customer name, address and email address for domain registration and management. |
| ICANN | Global Domain Name Oversight | Customer name, address and email address for domain registration compliance. |
| Analytics & Performance Tools | Anonymous usage data for website performance and analytics. |
Domain Registration & Data Sharing
When you register a domain name through The Webhosting Group Limited or any of it's brands, certain information must be shared with the global domain name system. This is a normal and unavoidable part of how domain registrations work.
UK country‑code domains (such as .uk, .co.uk, .org.uk) are managed by Nominet and follow Nominet’s own data processing rules.
However, Welsh domains such as .wales and .cymru are operated by Nominet but still fall under the ICANN global gTLD framework. This means they follow the same international data‑sharing requirements as other non‑UK domains.
For all non‑UK domain registrations (including .com, .org, .net, .wales, .cymru and other gTLDs), the following details are required:
- Registrant name
- Registrant email address
- Registrant postal address
- Registrant phone number
These details are passed to:
- ICANN, the global body responsible for coordinating domain names
- The relevant domain registry for the TLD you choose (for example, the organisations responsible for .com, .org, .wales, .cymru, etc.)
- Our chosen domain registrar, who processes registrations on our behalf
Because the global domain name system is international by design, your data may be processed outside the UK/EU. This applies to all non‑UK domain providers and is necessary for the operation of the DNS.
We only work with registrars and registry operators who provide GDPR‑compliant safeguards, including:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs)
- Appropriate technical and organisational measures to protect your data
Your domain contact details are used solely for domain‑related operations such as registration, renewal reminders, transfer authorisation, and mandatory registry notifications. We do not sell or share your data for marketing purposes.
If you request a domain transfer or change of ownership, we may need to share additional information with the gaining registrar or registry to complete the request securely.
Third‑Party Links
Our website may contain links to third‑party websites, plug‑ins or applications. Selecting these links or enabling such connections may allow third parties to collect or share data about you. As we do not control these third‑party websites, we are not responsible for their privacy practices or the content they provide. We encourage you to review the privacy notices of any external website you visit, whether accessed directly or through links on our site.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including:
• Request access to your personal data — commonly known as a “data subject access request”. This allows you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
• Request correction of your personal data — you may ask us to correct any incomplete or inaccurate information we hold about you. In some cases, we may need to verify the accuracy of the new data you provide.
• Request erasure of your personal data — you may ask us to delete or remove your personal data where there is no valid reason for us to continue processing it. You may also request erasure where you have successfully exercised your right to object to processing, where we have processed your data unlawfully, or where we are required to erase your data to comply with legal obligations. Please note that we may not always be able to comply with your request for specific legal reasons, which will be explained to you at the time.
• Object to processing of your personal data — you may object where you feel the processing impacts your fundamental rights and freedoms. You also have the right to object where we process your data for direct marketing. In some cases, we may demonstrate compelling legitimate grounds for processing that override your rights.
• Request restriction of processing — you may request that we suspend the processing of your personal data in the following situations: (a) you want us to verify the data’s accuracy; (b) our use of the data is unlawful but you do not want it erased; (c) you need us to retain the data to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds.
• Request transfer of your personal data — you may request that we provide your personal data to you or to a third party in a structured, commonly used, machine‑readable format. This right applies only to automated information processed with your consent or for the performance of a contract.
• Right to withdraw consent — where we rely on consent to process your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn. If you withdraw consent, we may be unable to provide certain products or services, and we will advise you if this is the case.
You will not normally be charged a fee to access your personal data. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee or refuse to comply. We may also request additional information to confirm your identity and ensure your right to access the data. We aim to respond to all legitimate requests within 30 days. If your request is complex or you have made multiple requests, we may require more time; if so, we will notify you and keep you updated.
Please note that our Terms & Conditions require all customers to be over 18 years old. We do not knowingly collect data relating to individuals under 18.
Changes to this Privacy Notice and Your Duty to Inform Us of Changes
It is important that the personal data we hold about you is accurate and up to date. You must inform us of any changes to your personal data during your relationship with us.