Information about how Website Hosts UK approaches data protection, customer data and hosted services.
Last updated: 16 May 2026
Website Hosts UK is committed to protecting personal data and supporting compliance with the UK GDPR and applicable data protection laws.
This page explains how we approach personal data in connection with our website, billing systems, support services, hosting services, email hosting, VPS, VDS, domains and customer accounts.
This page is intended as general data protection information. Customers remain responsible for ensuring their own websites, hosted content, databases, applications and email use comply with applicable data protection laws.
Website Hosts UK may act as a data controller for personal data collected and used for our own business purposes, such as customer accounts, billing, support, fraud prevention, security, service administration and communications.
Website Hosts UK may act as a data processor where customers use our hosting services to store or process personal data inside websites, databases, email accounts, applications, VPS services or VDS services.
Where you use our services to host personal data belonging to your own users, customers, visitors or subscribers, you are normally responsible for deciding why and how that data is processed. In that case, you are generally the controller for that hosted content.
Customers are responsible for ensuring their own privacy notices, cookie notices, consent mechanisms, data protection records and processing activities are appropriate for their websites and services.
Depending on how you interact with Website Hosts UK, we may collect and process personal data such as:
We may also process technical data generated by the use of our services, such as access logs, mail logs, DNS records, resource usage, service status information and security events.
Under the UK GDPR, organisations need a lawful basis when processing personal data. Website Hosts UK may rely on different lawful bases depending on the purpose of processing.
| Lawful basis | Example use |
|---|---|
| Contract | Creating accounts, providing hosting, domains, email, VPS, VDS, billing and support services. |
| Legal obligation | Keeping records required by law, tax obligations, compliance requests and regulatory requirements. |
| Legitimate interests | Security monitoring, fraud prevention, service improvement, abuse prevention and business administration. |
| Consent | Optional marketing, cookies or other processing where consent is required. |
The ICO states that Article 6 of the UK GDPR sets out lawful bases and that at least one must apply whenever an organisation handles personal information. :contentReference[oaicite:1]{index=1}
Website Hosts UK may use personal data to:
We aim to process personal data only where it is necessary, proportionate and relevant to the purpose for which it is used.
Customers may store or process personal data through websites, databases, email accounts, applications, file storage, backups, VPS services or VDS services hosted with Website Hosts UK.
Examples may include contact form submissions, customer records, order details, mailing list data, website user accounts, analytics data, uploaded files, application data or email content.
Where customers use our services to process data for their own purposes, customers are responsible for ensuring that their use of the services complies with applicable data protection law.
Customers should ensure their websites have appropriate privacy notices, cookie notices, consent controls, security measures and data retention practices where required.
Website Hosts UK may use third-party providers and sub-processors to deliver services, process payments, manage billing, provide support tools, maintain infrastructure, detect fraud, monitor systems or provide live chat.
Where third-party services process personal data on our behalf, we aim to use providers that offer appropriate data protection, confidentiality and security commitments.
Customers using our services should consider whether they require a data processing agreement or additional contractual terms depending on the nature of the data they host or process.
Website Hosts UK uses appropriate technical and organisational measures designed to protect personal data and hosted services. Measures may include:
Customers are also responsible for securing their own websites, passwords, CMS installations, plugins, themes, applications, scripts, email accounts and server configurations.
Where customers operate VPS or VDS services, they are generally responsible for server-level security unless a managed service has been specifically agreed.
Website Hosts UK retains personal data for as long as necessary to provide services, manage accounts, comply with legal obligations, resolve disputes, enforce terms, maintain security and support business records.
Different categories of data may be kept for different periods. For example, billing records may need to be retained for legal or accounting purposes, while support records may be retained to help manage customer service history.
Hosted customer content is generally retained while the relevant service remains active, subject to backups, account status, suspension, deletion, cancellation and service-specific retention rules.
Depending on the circumstances, individuals may have rights under data protection law, including the right to:
Some rights may be limited where we need to retain data for legal, contractual, security, fraud prevention, accounting or legitimate business purposes.
If your request relates to data controlled by one of our customers through a hosted website or service, we may direct you to contact that customer as the relevant data controller.
If Website Hosts UK becomes aware of a personal data breach affecting data for which we are responsible, we will assess the incident and take appropriate action in line with applicable data protection requirements.
Where we act as a processor for customer-hosted data and become aware of a relevant security incident, we will take appropriate steps to support the customer where required.
Customers should promptly report suspected security incidents, compromised websites, exposed data, malware, phishing, unauthorised access or email compromise through support.
Some third-party services, support tools, payment processors, infrastructure providers or connected systems may process personal data outside the United Kingdom.
Where international transfers occur, we aim to rely on appropriate safeguards or transfer mechanisms where required by data protection law.
Customers should also consider international transfer requirements where their own websites, plugins, analytics tools, payment systems, email marketing services or third-party integrations process personal data.
To exercise your GDPR or data protection rights in relation to personal data controlled by Website Hosts UK, please contact:
info(at)websitehosts.uk
Please include enough information for us to identify your account, request or affected data. We may need to verify your identity before responding.
You also have the right to contact the UK Information Commissionerβs Office if you have concerns about how personal data is handled.
If you collect personal data through your own website, forms, shop, app, email or database, you are responsible for how that data is collected, used, stored and protected.
Website Hosts UK provides the hosting platform, but customers remain responsible for their own privacy notices, cookie notices, lawful basis, website security, data retention and user rights where they control the data.
Contact Website Hosts UK if you need help understanding how this information relates to your hosting account or services.
Contact Support View Privacy Policy