GDPR - FAQs

Statements and the information provided across our website about GDPR is based on our interpretation of the legislation. It is not legal advice. For concrete legal advice, you may wish to talk to a solicitor.

Free GDPR Review

Are the email servers located inside the EU?

We use Open X-Change (OX) IMAP Email Services. These are hosted in the U.S. & Europe, however with Encryption as standard for Open X-Change Email as well as their Privacy Shield Certification , their data security and general service adheres to the GDPR legislation.

Can my data be held outside of the EU?

EU customers can host data outside of the EU, as long as adequate legal mechanisms are in place. To help achieve this level of protection, our email service provider, Open X-Change, is certified under the EU & US Privacy Shield.

Is Toolkit Webmail compliant?

Yes. See the Open X-Change Privacy Policy or our Partners Page for more information on Open X-Change services and how they comply with EU GDPR legistation.

What information does your platform store?

Our platform stores all information sent through to/from us via email or directly entered through any websites Toolkit based enquiry form.

Is my email service Privacy Shield Certified?

Yes. You can read more about this at Open X-Changes Privacy Center directly.

What does the platform do behind the scenes with any data sent in via a form?

Nothing. Toolkit Websites does not use any of the data their clients store or collect through the Webmail, Website or CMS systems.

What type of cookies do our websites collect?

Our websites by default track Absolutely Necessary Cookies. For more information these type of cookies and other Analytic/Tracking cookies such as Google Analytics please see our Cookie page.

Does our website collect IP addresses of those who visit the site?

IP addresses of visitors to any websites we host are automatically logged by our web server. This data is used for no other purposes than to prevent spammers or targeted attacks on our server. Users visiting our websites are not personally identifiable through this data. We did previously log IP addresses for Toolkit user Logins & Contact form enquiries but these have since been removed for GDPR reasons.

What data does Google Analytics Collect?

As Google Analytics is a 3rd party service, we can't directly confirm this, however you can find Google's answer to this in their article: “How Google uses data when you use our partners' sites or apps”.

Do we need to gain explicit opt-in from users if we use Google Analytics?

No, not for a standard implementation of Google Analytics. Google collects a lot of data from every visit / visitor to your website but it does not store any personally identifiable information

Do I need consent for Google Analytics tracking cookies?

No, consent is not needed for non-privacy intrusive cookies like Google Analytics. Cookies set by a visited website counting the number of visitors to that website will not require consent.

Whois Information - Can I hide it?

Who Is searches sometimes show either client or Toolkit data (to protect our customers information). You can change or hide this information by putting the request to us in writing.

Is Broadcast Toolkit's own service?

No, Toolkit Broadcast is a white labelled service provided by Cake Mail. Cake Mail are a Canadian based firm who are PIPEDA compliant.

What is PIPEDA?

Personal Information Protection and Electronic Documents Act. It's a Canadian data privacy law which is recognized by the EU as providing an acceptable level of protection for customer data. When you obtain permission from EU users and their contacts to get their data you don't need to request further consent to export it to Cake Mail's Canadian servers.

Who is Toolkit Websites' DPO?

Our Data Protection Officers (DPO) are Marcus Green, Managing Director, and David Swan, Operations Manager.

What constitutes 'Personal Data' under GDPR?

According to the ICO, personal data is any information related to a person, that can be used to directly or indirectly identify that person.

Details that count as personal data have been extended to include online identities, such as:

  • work email address
  • personal email address
  • phone numbers
  • online identities/usernames
  • cookies
  • IP address
  • health records
  • biometric data
  • genetic data.

Read More about definitions in GDPR here.

Quick Links

© Copyright 2024 Toolkit Websites LtdWeb Design By Toolkit Websites