Policy Effective: May 25th 2018
Rochen Ltd. (herein referred to as “Rochen”, “we”, “our”, “ourselves”) is a United Kingdom private limited company (registration number: SC242971) with its registered office at: 11 Dudhope Terrace, Dundee, DD3 6TS, United Kingdom and is a provider of cloud, web hosting, content delivery network, internet security including SSL certificates, domain registrations and other related services (collectively or separately herein referred to as the “Services”) either by ourselves or in conjunction with partners and subsidiaries.
Rochen complies with the European Union General Data Protection Regulation (herein referred to as the “GDPR”) and is registered with the United Kingdom Information Commissioner’s Office (registration number: Z9105242).
Depending on your citizenship, residency and location the GDPR may provide you specific rights including: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and rights in relation to automated decision making and profiling.
Data Collection and Use
In order for Rochen to provide the Services there is a necessity to collect certain Personal Data from you. For example, we need to be able to invoice for the Services and for tax, fraud screening and other common business reasons must know who you are and where you are located. Rochen will from time to time also communicate with you, including via email, in regards to the Services. Personal Data we collect includes name, postal address, telephone number, email address, IP address and from time to time other information which could identify you (e.g. you may from time to time provide Personal Data to us through our ticketing system). In addition to using the Services, Rochen may also collect Personal Data from you if you contact us with an enquiry via phone, email or other common methods. By using the Services, contacting us and/or navigating our websites you Consent to Rochen collecting and processing your Personal Data.
Rochen are required by United Kingdom tax laws to keep your basic Personal Data for a minimum of six (6) years.
In most cases, where permitted, you may easily access as well as correct, update, suppress, export or delete Personal Data using the management tools or ticketing system in the My Rochen customer portal. You may also, if needed, submit a written request by email to: [email protected]. Rochen reserves the right to limit or deny certain requests where we deem them to be manifestly unfounded, excessive, or as otherwise permitted.
Rochen normally determines if you are located in the EU or EEA based on the “Country” you select during the checkout process or as otherwise provided to us. You may generally correct or update your location using the management tools in My Rochen customer portal. In the interests of simplicity and best practices Rochen applies the spirit of the GDPR worldwide.
Trusted Third Parties
In order for Rochen to provide the Services there is a necessity for Rochen to share your Personal Data with trusted third parties with whom we have partnered to integrate their services into our own. For example, in order to collect payment from you and perform fraud screening of your order Rochen needs to share your name, postal address, telephone number, email address and IP address along with card number with our merchant processing partner; or in order to register a domain name for you Rochen needs to share your name, postal address, telephone number and email address with our domain registration partner; or to issue certain types of SSL certificates Rochen needs to share your name, postal address, telephone number and email address with our SSL certificate partner. As you navigate our websites, Rochen needs to share your IP address with internet security and analytics partners. Rochen makes best effort attempts to ensure agreements to protect your Personal Data are in place with trusted third parties. By using the Services you Consent to Rochen sharing your Personal Data with trusted third parties for processing.
Privacy Shield Frameworks and International Transfers
Rochen maintains wholly owned subsidiaries outside of the EU and EEA including Rochen US, Inc. in the United States. In order to facilitate delivery of the Services, Rochen may from time to time transfer Personal Data to these subsidiaries and/or international trusted third parties. For example, an employee of Rochen US, Inc. may need to facilitate a technical support request for you. Rochen US, Inc. is working towards registration under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce's International Trade Administration (“USITA”). By using the Services you Consent to Rochen transferring and processing your Personal Data internationally.
If you choose to register a domain name with Rochen as part of the Services your Personal Data including name, postal address, email address and telephone number will be viewable to anyone publicly through a standard “WHOIS lookup”. It is advisable to purchase the optional extra “Domain WHOIS Protection” service in order to mask Personal Data from public view. Personal Data will still need to be shared with our domain registration partner in order to facilitate the registration of the domain name.
If you choose to use some types of SSL certificates with Rochen as part of the Services, such as an Extended Validation (“EV”) certificate, your Personal Data including name, postal address, email address and telephone number will be viewable to anyone publicly through the “certificate details” once the SSL certificate is installed. An “EV” SSL certificate is by design and purpose meant to show a visitor to a website who is operating such website.
You may manage your “communication preferences” in the My Rochen customer portal. You may also submit a written request by email to: [email protected].
While using the Services it is your responsibility to ensure you and your websites comply with the GDPR, just as it is is your responsibility to ensure compliance with other applicable laws and regulations. You must comply with the GDPR worldwide if you are processing the Personal Data of Data Subjects who are in the EU and EEA. For example, if you are a United States registered entity and are processing Personal Data for a Data Subject located in the EU then you must comply with the GDPR.
Rochen maintains servers in secure data centres worldwide, some of which are located outside of the EU and EEA. The Services allows for selection of data centre region during the checkout process as well through the My Rochen customer portal. If you are unsure which data centre region your account is served from, or would like to transfer between regions, Rochen’s support team can assist. Certain aspects of the Services, such as the content delivery network, are by their design and purpose, served by multiple worldwide data centres including outside of the EU and EEA.
During the course of using the Services, when data is uploaded to a Rochen server you may modify or delete data by logging into the account using common protocols and tools such as: SFTP, SSH or the file manager. After data has been modified or deleted the original data may continue to be retained in backup storage for up to ninety (90) days.
Data Processing Agreement (“DPA”)
In certain cases, under the GDPR, you may determine you are a “Controller” of Personal Data and you should be registered with a “Supervisory Authority”. While using the Services, Rochen may from time to time act as a “Processor” as well as a “Controller” to you. You may choose to execute a separate and optional Data Processing Agreement (“DPA”) with Rochen, if required, by submitting a written request by email to: [email protected].
Changes to Privacy Notice
Rochen reserves the right to change this Privacy Notice at any time and for any reason. If we make material changes we will notify you through our website, email or other appropriate means. We recommend periodically reviewing the Privacy Notice for changes.