GDPR - Our Compliance

We understand the importance of securing our customers data. The GDPR legislation allows us to explain exactly how we do this. We've listed all of our services, platforms and third party providers on this page so our clients can see where their data is being held, who has access to it and what steps are beign taken to secure it.

You can also view our Privacy Policy for more information on how we handle, use and manage client information.

Our Data Protection Officers (DPO) are Marcus Green, Managing Director, and David Swan, Operations Manager. A DPO is responsible for data protection within a business.

Statements and the information provided across our website about GDPR is based on our interpretation of the legislation. It is not legal advice. For concrete legal advice, you may wish to talk to a solicitor.

Toolkit Office - CRM (TKO)

Toolkit Office (TKO) is an IP restricted, password protected, encrypted, bespoke CRM system built and maintained by ourselves. Toolkit Office allows us to manage all of our clients websites, accounts and emails whilst integrating with our database and Toolkit CMS services.

Access is only available to contracted Toolkit staff who follow strict company protocols based on data protection laws.

Email Hosting

Our Email Hosting Services are powered through Rackspace Email Apps services and as such all compliance and data related queries can be found on their Privacy Policy .

Rackspace Email Apps are based in the US and have Privacy Shield validation . This adheres to EU regulations as personal data can be held and transferred outside of the EU when an adequate level of protection for that data is guaranteed.

We do not store or have access to any mailbox passwords. The resetting of passwords is handled completely via automated texts, so our team don't even see your password when you reset it. We will never ask for Mailbox Logins.

Domain Hosting

Domain management, renewals and hosting services are held in a central Toolkit Websites Enom account. Enom are a worldwide domain provider who have recently taken steps to ensure their privacy policy adheres to the recent GDPR legislative changes .

Only directors at Toolkit Websites have direct access to our Enom account. Any changes to a domains contact details, hosting or registration must come in to us in writing and by a registered Toolkit account holder.

As of May 25th Enom will be applying a new ' gated WHOIS ' service for anyone searching for domains they manage. Enom will hide the contact information of the domain holder to ensure personal data is hidden from the public.

Website Hosting

All of our Websites are hosted through Rackspace Hosting services powered from their UK based, London Data Centre.

Rackspace have updated their Privacy Policy based on the GDPR legislation.

Website Forms

All forms and their content used on our websites are the responsibility of the website owner. Based on our interpretation of the GDPR we are advising clients who collect client data through Toolkit forms, and subsequently use it for marketing purposes, to ensure consent is being given through the form.

Marketing 'Opt-in' tick boxes are a simple way to achieving consent. To add this field on to a Toolkit Form please contact our Support Team .

All form enquiries are emailed using SSL over to the designated 'Contact Form Recipient' listed in The Toolkit.  Enquiries are also stored in the 'Enquiries' tab within The Toolkit where they can be reviewed, deleted and downloaded by registered Toolkit users.

If a form recipients email server does not have SSL/TLS encryption on their POP/IMAP services then the notification email will be received over the Internet in plain text.

Please note, if your website is not SSL Encrypted then the data completed within the form may be susceptible to third party interception. We recommend SSL Services on all Websites prior to the GDPR legislation coming into UK law.

Third Party Data

Toolkit Websites cannot be held responsible for services provided by or data collected by third party providers installed onto our sites at the request of or directly by the client or registered Toolkit Users. We have listed all our partners above, if you have any other third party services present on your website and would like to find out more information on them please do get in touch .

Booking services, interactive widgets, webmaster scripts and many other third party services are common place on our clients websites. For information on third party GDPR policies please contact the service provider directly.

The Toolkit (CMS)


The Toolkit stores all Form submissions via it's Enquiries module. Here they can be reviewed, deleted and downloaded by registered Toolkit users.

All form enquiries are also encrypted and emailed over to the designated 'Contact Form Recipient' listed in The Toolkit.

Members Area (Private Login Service)

The Toolkit stores all client data collected from the Member Sign Up form within it's Members area.

The Members Area allows Toolkit users to delete, edit (details, password, approval), approve, add, import, export and search all current members

Newsletter Sign Up

Newsletter sign ups are encrypted and emailed to the Newsletter Sign Up email contact and not stored anywhere on The Toolkit or Toolkit Websites Database.

The only record of historic Newsletter Sign Up's is via the inbox of the contact email address at the time of sign up.


Toolkit 'Users' are people with permissions to access a websites account and make changes using The Toolkit's editors and modules.

Users also automatically pass all security protocols so can email in changes/actions for our Support Team to carry out.

Users can be deleted either via The Toolkit or by emailing in the request to our Support Team (but from a registered user). Users have full access to all modules and client data stored within The Toolkit.


The Toolkit allows registered users to view all mailboxes and aliases in use on any and all domains within each Toolkit account.

Here Toolkit users can edit the SMS preferences for each mailbox and create brand new mailboxes (within their subscription allowances).

Mailboxes can only be deleted by Toolkit Staff after a deletion request is received in writing to .

Mobile SMS Details

All mailbox passwords are managed through a secure SMS service using the assigned mobile number against each mailbox.

The Toolkit allows users to change the mobile numbers against each mailbox however any changes will alert the principal contacts primary email address.

Passwords are at no time stored by Toolkit Websites or viewable by staff. All passwords are sent directly to the mobile number assigned and cannot be seen by anyone other than the mobile number owner.

Direct Debit (Eazi Pay)

Eazi Pay are a secure payment provider who help us process our quarterly Direct Debits.

Clients can manage and change their Direct Debit information through The Toolkit or have our Support Team make changes if a request is received in writing from a registered Toolkit user.

Eazi-Pay are committed to securing all client data passed from us to themselves. See their Privacy Policy for more information on this.

Quick Links

© Copyright 2024 Toolkit Websites LtdWeb Design By Toolkit Websites