Last Modified - February 06 2023
This privacy policy will explain how our organisation uses the personal data we collect from you when you use our website and services.
The main things you’ll probably want to know are:
The answer to both of those is no, we do not sell your data and we do not provide your data to 3rd parties for their own marketing purposes either. This applies to data you provide to us and data you may store with us.
When you place an order with us we collect certain information from you to allow us to fulfill your order, to contact you with regards to the service(s) you have ordered and to comply with relevant law. We collect:
We keep this information on file for as long as you are a customer plus eight years, to allow us to comply with tax and accounting record keeping requirements (seven years) as well as retain a sensible level of backups of our system (12 months). When you cease to be a customer some information we hold can be removed from our systems before eight years, although it may still appear in older records e.g. invoices as it is hard coded into them when they are created.
If we ask for data where we require your consent to process it, you can freely grant and withdraw consent from within your control panel and also see what data we are holding in the system about you.
Depending on how you make payment to us we may collect certain information either from you directly or from the payment provider/method where you have given them the information whilst making payment:
When you use the contact form on our website we collect:
We use this information to answer your query and carry out sales activities. If you have consented to do so, then we will use your information to send you one of our newsletters or update emails. We will keep this information on file for one year, after which it will be deleted unless you have become a customer based on your contact with us.
This information is stored with our 3rd party CRM provider, Zoho Corporation.
We use data purchased from a data broker and obtained from LinkedIn to carry out marketing activities in a limited capacity, including:
The information we use includes:
The information we gather will be kept on file for one year, unless you become a customer at which point a different retention period will apply. If you ask us not to contact you in the future we will also need to retain your data to make sure we do not call you.
This information is stored with our 3rd party CRM provider, Zoho Corporation.
As part of our troubleshooting process, we may upon your request and action, connect to your computer so we can see your screen and/or control your system to configure your services. At all times you will be able to disconnect us from your system should you wish. As part of our audit trail, we log which machines we have connected to and when, this will include:
This information is stored with our 3rd party support system provider, Zoho Corporation.
When you submit a trouble ticket to us we will collect:
This information will be used to contact you to resolve your support request.
During the troubleshooting process you may provide us with other information, including that of other individuals; you consent that you have received their permission to provide us with it and we will handle it the same way we handle your data inline with this policy.
This information is stored with our 3rd party support system provider, Zoho Corporation.
You directly provide us with most of the data we collect. We collect data and process data when you:
We may also receive your data indirectly via our payment providers when you make a payment to us.
We collect your data so that we can:
When we process your order we may send your data to and use information from anti-fraud services. During the processing of your order it may be necessary to send your data to a 3rd party that is the provider of the service ordered e.g. When you order, we need to provide details to Acronis so we can provision your service. A list of 3rd parties and the products/services they relate to can be found under the section “3rd parties”
Our primary method of storing your data is within our billing portal and in our CRM (provided by Zoho Corporation), which you may access and view the data which we hold on you. Security updates are applied regularly.
Your data may also be in our email because you have contacted us via email or via our ticketing system, this could mean either Google G Suite or Microsoft Office 365 depending on the address emailed.
If we have produced quotes for you, provided written contracts or carried out other non-standard work for you then we may also have documents that contain your data stored in our online cloud storage via Google G Suite.
We do not provide your data to 3rd parties for their use except where it is necessary to enable us to provide the service(s) you have ordered.
If you pay us by credit card or direct debit then you will be providing your details to a 3rd party payment processor:
Depending on what services you purchase from us, we may collect and share your information with other providers to be able to provide you with the service(s) ordered:
If you contact us via email then your email will be processed by a 3rd party, Google Workspace. We use these email services internally, so your details may be held by these services on our behalf. We also make use of cloud storage services with Google Workspace for managing documents and other information that is not security sensitive.
For accounting purposes we use Xero, which holds a copy of some of your data given to us, such as on invoices we send out, payments you make to us etc. Our accountants, Cairns Accountants. also have access to this information for the purpose of compiling our accounts and providing professional advice.
We also use a suite of software from Zoho Corporation to manage various aspects of our business such as:
As this is a hosted service, they store and process the data on our behalf.
Ultimately our services are hosted in 3rd party facilities, for the most part we own all of our equipment but not the buildings they are housed in. These facilities are operated by:
The above providers act as data processors in so much as they house our equipment, run cloud instances for us or store backup data, which may or may not be encrypted depending on your selection. All facilities are ISO-27001 accredited.
A list of 3rd parties and the information we share with them/they process on our behalf can be found at the end of this document.
We will if required by law, provide information to law enforcement and security services if properly requested.
Our employees may access and process data about you from different systems, all of those systems have appropriate technical measures in place such as full device encryption, security software to prevent malware and viruses etc. All employee access to data is carried out over secure encrypted connections.
Unless specifically discussed with us, we do not have knowledge of what data you are processing and storing or your encryption keys, we act as a “mere-conduit”.
Whilst we provide the underlying platform that processing is carried out on, we take no active part in the collection or processing of any personal data or in making decisions about the lawfulness of the collection, this is your responsibility as data controller. Ultimately it is up to you to make sure that you select the appropriate level of protection within the system for your data or request appropriate technical measures from us to help you secure your data.
If for troubleshooting purposes you provide us with the personal information of one of your customers it is your responsibility to make sure that you have the correct legal basis for doing so. We will treat the data the same as we treat your data, in confidence. We will proceed on the basis that you have the correct legal basis for sharing the information with us.
During any troubleshooting we may have to access other personal information you may be storing e.g. file lists, computer details etc. depending on the specific problem that we are looking at. We will always do our best to minimise the need to do so, but it may not always be possible.
We do not routinely access data that customers are storing, the only time this may happen is in response to reports we may receive e.g. a phishing/fraud site is being hosted and we need to look at the account and disable the site, or a site is spreading malware etc. If we do access your account in this way then we will inform you. If we need to make a note of any data we have seen during a troubleshooting process it will be securely destroyed as soon as we have completed the troubleshooting process with you.
As part of your service we may deploy automated tools that check files for malware, viruses etc. and we may act on this information in the best interests of your service and that of other customers.
During our order process we may perform automated anti-fraud checks to defend against fraudulent orders.
Our systems run intrusion prevention tools that make automated decisions based on the IP address they see and the actions being performed, they use this information to decide if access to the services on our systems should be allowed.
We would like to send you information about products and services of ours that we think might be of interest to you. If you have agreed to this, you may opt out at a later date.
We do not directly provide your details to 3rd parties for marketing purposes. We do make use of tools from Google, Facebook and LinkedIn to manage and track our marketing activities if you consent to this via our website.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.
We use cookies in a range of ways to improve your experience on our website and services, including:
There are a number of different types of cookies, however, our website uses:
Our website will ask you about your cookie preferences and remember your choices. You can also set your browser not to accept cookies, and allaboutcookies.org explains how to remove cookies from your browser. If you block certain cookies then parts of our website will stop working.
The Protexia website contains links to other websites. Our privacy policy applies only to our website and services, so if you follow a link to another website, you should read their privacy policy.
We keep our privacy policy under regular review and place any updates in this document and on our website.
If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us: support@kdawebservices.com
Call us: 0800 542 9764
Or write to us:
KDA Web Services Ltd.
Unit 3, Twelve O’clock Court
Attercliffe Road
Sheffield
S4 7WW
United Kingdom
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Email: casework@ico.org.uk
Address: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Who | What & Why | Privacy Policy |
Splashtop Inc. | Computer ID e.g. Karl’s iPad - Audit IP Address e.g. 10.0.2.4 - Audit | https://www.splashtop.com/privacy |
Acronis | Name, Address, Telephone, Email Order processing Computer name, file lists, installed apps, websites accessed in policy violation Service functionality Computer detail, logs, installed apps Service functionality troubleshooting Backup data Service functionality | https://www.acronis.com/en-gb/company/privacy.html |
Nominet | Name, Address, Business name, Telephone, Email, Domain name Order processing | https://www.nominet.uk/resources/privacy-notice/ |
eNom | Name, Address, Business name, Telephone, Email, Domain name Order processing | https://www.enom.com/support/the-gdpr |
NetEarth One | Name, Address, Business name, Telephone, Email, Domain name Order processing | https://www.netearthone.com/support/privacy.php |
Domain Registrar Services Ltd. | Name, Address, Business name, Telephone, Email, Domain name Order processing | https://allthe.domains/terms/privacy-policy |
Rapid Web Services LLC | Name, Address, Business name, Telephone, Email Order processing | https://www.thesslstore.co.uk/privacypolicy.aspx |
Sophos | Name, Address, Business name, Telephone, Email Order processing Computer name, file lists, installed apps., websites accessed in policy violation Service functionality | https://www.sophos.com/en-us/legal/sophos-gdpr.aspx |
cPanel | May have access to your/our servers for troubleshooting purposes. Domain name Order processing | https://cpanel.net/privacy-policy/ |
Cloudlinux | May have access to your/our servers for troubleshooting purposes. | https://www.cloudlinux.com/privacy-policy |
OnApp | May have access to your/our servers for troubleshooting purposes. | https://onapp.com/legal/onapp-data-processing-terms/ |
Stripe | Name, Address, Business name, Telephone, Email Order processing Credit/debit card details Order processing, but given by you not us | https://stripe.com/gb/privacy |
Worldpay | Name, Address, Telephone, Email Order processing Credit/debit card details Order processing, but given by you not us | https://www.worldpay.com/uk/worldpay-privacy-notice |
Global Payments | Name, Address, Telephone, Email Order processing Credit/debit card details Order processing, but given by you not us via Worldpay | https://www.globalpaymentsinc.com/en-gb/privacy-statement |
PayPal | Name, Address, Telephone, Email Order processing Credit/debit card details Order processing, but given by you not us | https://www.paypal.com/en/webapps/mpp/ua/privacy-full |
GoCardless | Name, Address, Telephone, Email Order processing Bank details Order processing, but given by you not us | https://gocardless.com/legal/privacy/ |
Xero | Payment references, name, address, business name, payment references & purchase history. Accounting | https://www.xero.com/uk/about/legal/privacy/ |
Martin Milner & Co. | Name, address, business name, payment references & purchase history Accounting | |
Google G Suite | Any data that you have given to us, or emailed to us, in the process of creating support tickets, quote preparation, orders etc. | https://privacy.google.com/businesses/compliance/ |
Microsoft Office 365 | Any data that you have given to us, or emailed to us in the process of creating support tickets, quote preparation, orders etc. | https://privacy.microsoft.com/en-gb/privacystatement |
Let’s Encrypt | Domain name Order processing | https://letsencrypt.org/privacy/ |
Microsoft Azure | Backup data Service functionality | https://privacy.microsoft.com/en-gb/privacystatement |
Google Cloud Platform | Backup data Service functionality | https://privacy.google.com/businesses/compliance/ |
Zoho Corporation | Name, Company, Address, Telephone, Email, Live Chat, Contact Form, Support Tickets, Marketing & Sales, Business Administration & Order Processing IP Address - Partial Live Chat, Contact Form, Support Tickets, Remote Support Assistance Machine Name Remote Support Assistance Social Media Handles/Account Names Support Tickets, Marketing & Sales, Business Administration | https://www.zoho.com/gdpr.html |
Active Campaign | Name, Company, Telephone, Email Order processing workflow and signup emails | https://www.activecampaign.com/legal/privacy-policy |