Template for legal review. This document is a standard, UK GDPR-appropriate starting point. It is not legal advice. Replace every [placeholder] with your real details and have it reviewed by a qualified adviser before launch.
Legal
Privacy policy
How we collect, use, and protect personal data when you use our website and services.
Last updated
1. Who we are
Hostoza ("we", "us", "our") provides managed infrastructure operations. For the purposes of UK data protection law, we are the data controller for the personal data described in this policy.
- Registered company: [registered company name and number]
- Registered address: [registered address]
- ICO registration number: [ICO registration number]
- Contact: hello@hostoza.com
2. The data we collect
We only collect what we need to run our website, respond to enquiries, and deliver our services.
Information you give us
- Contact details — name, work email, telephone number, and company name — when you request an audit, contact us, or open a support ticket.
- The content of your enquiries, support requests, and any attachments you choose to send.
- Account and billing details when you become a customer.
Information we collect automatically
- Basic technical data needed to serve the website securely — such as your IP address, browser type, and the pages you view.
- We keep cookies to the essentials needed for the site to function. See our cookie policy.
Information we process to deliver services
When you are a customer, we operate the infrastructure you ask us to manage. The data held on those systems is processed under our Data Processing Agreement, where we act as your processor and you remain the controller.
3. How and why we use your data
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Responding to enquiries and audit requests | Legitimate interests; steps prior to a contract |
| Providing and supporting our services | Performance of a contract |
| Billing, accounting, and tax records | Legal obligation; performance of a contract |
| Securing and improving our website | Legitimate interests |
| Service updates and operational notices | Legitimate interests; performance of a contract |
| Marketing communications, where you opt in | Consent |
Where we rely on legitimate interests, we have considered your rights and have concluded that our use does not override them. You can object at any time using the contact details below.
4. Sharing your data
We do not sell your personal data. We share it only where necessary, with:
- Service providers who help us run our business — for example hosting, email, payment, and analytics providers — under contracts that require them to protect it.
- Professional advisers, such as accountants and lawyers, where reasonably required.
- Authorities or regulators where we are legally obliged to do so.
A current list of our key sub-processors is available on request and, for customers, in the Data Processing Agreement.
5. International transfers
We aim to keep personal data within the UK and EEA. Where a provider processes data outside those areas, we put appropriate safeguards in place — such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses — so your data keeps an equivalent level of protection.
6. How long we keep it
We keep personal data only as long as we need it for the purpose we collected it, or as long as the law requires. As a guide:
- Enquiry and contact records — up to [retention period] after our last contact.
- Customer and contract records — for the life of the contract and for as long afterwards as the law requires.
- Financial records — at least six years, as UK tax law requires.
7. Your rights
Under UK data protection law you have the right to:
- be informed about how we use your data;
- access a copy of the data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to our processing;
- data portability, where it applies;
- withdraw consent at any time, where we rely on it.
To exercise any of these rights, email us at hello@hostoza.com. We will respond within one month. There is normally no charge.
8. How we protect your data
Security is how we run every system we touch, including our own. We apply hardening, encryption in transit and at rest where supported, least-privilege access, and audited logging. You can read more on our security page.
9. Complaints
If you have a concern about how we handle your data, please contact us first so we can put it right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top shows the latest version. Material changes will be communicated to customers directly.
11. Contact us
For any privacy question, contact:
- Email: hello@hostoza.com
- Post: [registered address]
- Location: United Kingdom