Jump to page content

GDPR Statement

Data protection and information security are a central part of our business, Glow New Media welcomes the introduction of GDPR.

Last Updated 2nd August 2024

Glow complies with GDPR regulations, whilst also working closely with our customers and partners in order to meet our contractual obligations for our products and services. To ensure compliance, we have reviewed the sources of data we hold and process, in addition all our staff receive annual security awareness training.  We attained Cyber Essentials and in 2020 (renewed 2021, 2022, 2023 and 2024).  We attained IASME Governance in 2020 (renewed 2021 and 2022, it changed in 2023 to a different certification).

If you have any questions relating to our approach to data protection and security, please don’t hesitate to contact your Account Manager.

If Glow is producing or hosts your application (website / mobile app) then we are acting as a Data Processor on your behalf. The following statements should clarify how we process personal data

 

[1] Processing In line with your instructions

We will only Process Personal Data for the purposes of your contract with us or under your instructions.

 

[2] Staff

We take reasonable steps to ensure that our staff who process personal data are reliable, understand their responsibilities, only have access to data that is necessary and attend annual security awareness training.

 

[3] Security Measures

We adopt risk-based security measures to keep data secure. Typically, this involves IP restricted access to our servers, 2 factor authentication when possible, internal audits, staff training, network scanning of our internal infrastructure and more. Many security measures are required for Cyber Essentials and the IASME Governance Standard.

 

[4] Data Breaches

We have a security breach notification process. We will notify you if we become aware of a Personal Data breach. We will help you meet your obligations and assist in investigation, mitigation and remediation.

 

[5] Sub Processors

We may use sub processors to process your data. We will take reasonable precautions in appointing sub processors to ensure they comply with GDPR legislation. Please contact us if you need a list of Sub Processors.

 

[6] Data Subject Rights

We will help you to respond to requests to exercise Data Subject rights under the Data Protection Laws. We will notify you if we receive a request from a Data Subject about your data.

 

[7] Deletion

Typically, we will delete Personal Data within 30 days of cessation of Services.

 

[8] Audit Rights

Glow is happy for you to carry out reasonable audits to ensure that we comply with GDPR.

 

[9] Where do you store the data related to my application?

The majority of our applications and data are held in the UK. Our prefferred backup solution stores data in Berlin, Germany. We will only store your data in the UK, EEA, USA or countries that have appropriate safeguards and data subject rights inline with https://gdpr-info.eu/art-46-gdpr/.

 

[10]  Who should I contact if I have questions?

Contact your account manager or contact our team on info@glow-internet.com.

 

[11] Data Availability

Most websites are hosted on dedicated servers. These operate in a secure Data Centre with redundant internet connectivity, power supplies and backups.

 

[12] Data Encryption 

Please ensure that any personal data you send to us for the purposes of setting up your website is encrypted. 

 

[13] Your compliance

Whilst glow complies, your organisation is responsible for its own compliance. This means that you are responsible for specifying services which are adequate for your requirements and liabilities. 

 

Please let us know if you require a countersigned version of the above or if you have custom requirements