Blacknight Internet Solutions Ltd. are a hosting company based in Ireland, currently providing a range of hosting services including Domain registration, shared hosting platforms, email platforms, SSL certs, dedicated hosting, co-location, Cloud services, IP transit, backup services & network services, and are therefore required to comply with EU general data protection regulations (GDPR) from May 2018.
Blacknight are certified to ISO 27001:2013 (Information Security) since January 2016 and undergo biannual external audits to maintain that certification. The ISO 27001:2013 standard provides our customers with a level of assurance that Blacknight takes the management of Information Security seriously and this document outlines our commitment to apply the same rigorous standards to Data Protection and Data Privacy in accordance with GDPR in the absence of any current Data Privacy compliance standards. We have been implementing a Data Protection Management System (DPMS) since May 2017, which incorporates
Blacknight’s DPMS is managed in conjunction with ISO by the technical manager. Any request for information, or data subject access requests should be made to firstname.lastname@example.org
Blacknight are currently registered with the office of the Irish Data Protection Commissioner as a Data Processor ref. no. 8053/a.
Blacknight only collects and retains data about individuals or organisations with our customers consent and for the services we offer and for billing purposes via the online website, control panels, and e-commerce site, or where provided directly by the end user for the purpose of contracting for the services we offer. Our customers who utilise those services may also collect and retain data (PII) for their own purposes and should refer to the “Matrix of Responsibility” document (which is published separately), for information on their own GDPR responsibilities.
In accordance with the following GDPR principles, this document sets out to outline in brief how we align our DPMS with those principles.
Blacknight collects personal information solely for the purpose of providing the services we offer and for billing and accounting purposes. At each point of collection, we will endeavor to provide full transparency as to the purpose, retention, transfer and use of such data.
The collection of data at our control panel(s) enable online purchasing of our services and any security sensitive data such as credit card information is encrypted in accordance with our PCI compliance obligations. We collect personal data (This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, telephone number and billing information. Such information is only collected from you if you voluntarily submit it to us.) We also collect non-personal data (information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website)
We do not share your personal information with Third Parties unless you have consented to it as required for the purpose of registering for any products we re-sell (such as SSL certs, Microsoft Office365, sitebuilder products and domain registrations) In those instances we currently have contractual agreements in place that ensure the 3rd party upholds it’s GDPR obligations with regard to data security and privacy.
The data use is limited to
Blacknight maintain a policy of data minimisation to manage the data we control such as voice recordings, expired accounts, personal data submitted for the purpose of registration for a service, employee information, and we have a published Data Retention Policy for internal use indicating the maximum period for which we can retain certain types of data.
For Irish Revenue purposes we are required to retain all invoicing and billing records for a minimum period of 7 years after which time any soft or hard copies of that data are securely destroyed in accordance with our ISO framework.
Where feasible Blacknight will make every possible effort to ensure the data we hold relating to a data subject is kept up to date and accurate. We may do this by periodically contacting the data subject via email with requests that the data is verified by the data subject. Blacknight reserve the right to suspend any services which were purchased under fraudulent pretense and forward any relevant data to An Garda Siochana.
The core tenets of ISO27001 are confidentiality, integrity and availability. Blacknight observe these core values and are regularly tested on them both externally and with internal audits. Blacknight’s management regularly review and assess its exposure to Data Security risk and mitigation and operate a continuous improvement process with regard to protecting ourselves and our customers.
Blacknight already implement appropriate technical and organisational measures as part of our ISO27001 framework and adhere to strict governance and /or codes of conduct guidelines from bodies such as ICANN, NCSC, PCI, ISPAI, Irish Data Protection Authority etc.