GDPR - FAQs
Statements and the information provided across our website about GDPR is based on our interpretation of the legislation. It is not legal advice. For concrete legal advice, you may wish to talk to a solicitor.
Are the email servers located inside the EU?
We use Rackspace Apps Email Services. These are hosted in the U.S., however with Encryption as standard for Rackspace Email as well as their
Privacy Shield Certification
, their data security and general service adheres to the GDPR legislation.
Can my data be held outside of the EU?
EU customers can host data outside of the EU, as long as adequate legal mechanisms are in place. To help achieve this level of protection, our email service provider, Rackspace, is
Privacy Shield Certified.
Is Toolkit Webmail compliant?
Yes. See the Rackspace
for more information on Rackspace services and how they comply with EU GDPR legistation.
What information does your platform store?
Our platform stores all information sent through to/from us via email or directly entered through any websites Toolkit based enquiry form.
What does the platform do behind the scenes with any data sent in via a form?
Nothing. Toolkit Websites does not use any of the data their clients store or collect through the Webmail, Website or CMS systems.
What type of cookies do our websites collect?
Our websites by default track Absolutely Necessary Cookies. For more information these type of cookies and other Analytic/Tracking cookies such as Google Analytics please see our
Does our website collect IP addresses of those who visit the site?
IP addresses of visitors to any websites we host are automatically logged by our web server. This data is used for no other purposes than to prevent spammers or targeted attacks on our server. Users visiting our websites are not personally identifiable through this data. We did previously log IP addresses for Toolkit user Logins & Contact form enquiries but these have since been removed for GDPR reasons.
Do we need to gain explicit opt-in from users if we use Google Analytics?
No, not for a standard implementation of Google Analytics. Google collects a lot of data from every visit / visitor to your website but it does not store any personally identifiable information
Do I need consent for Google Analytics tracking cookies?
No, consent is not needed for non-privacy intrusive cookies like Google Analytics. Cookies set by a visited website counting the number of visitors to that website will not require consent.
Whois Information - Can I hide it?
Who Is searches sometimes show either client or Toolkit data (to protect our customers information). You can change or hide this information by putting the request to us in writing.
Is Broadcast Toolkit's own service?
No, Toolkit Broadcast is a white labelled service provided by Cake Mail. Cake Mail are a Canadian based firm who are PIPEDA compliant.
What is PIPEDA?
Personal Information Protection and Electronic Documents Act. It's a Canadian data privacy law which is recognized by the EU as providing an acceptable level of protection for customer data. When you obtain permission from EU users and their contacts to get their data you don't need to request further consent to export it to Cake Mail's Canadian servers.
Who is Toolkit Websites' DPO?
Our Data Protection Officers (DPO) are Marcus Green, Managing Director, and David Swan, Operations Manager.
What constitutes 'Personal Data' under GDPR?
According to the ICO, personal data is any information related to a person, that can be used to directly or indirectly identify that person.
Details that count as personal data have been extended to include online identities, such as:
work email address
personal email address
Read More about definitions in GDPR here.