On the 25th of May 2018 the European data protection legislation that replaces the existing 1995 EU Data Protection Directive will come into force. This legislation is known as General Data Protection Regulation (GDPR).

GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

GDPR aims to harmonise data protection laws across the EU and UK. The new regulations take into account the ever changing landscape of technology, and offer a global approach to data protection.

Where does iUVO store customer data?
Customer data for account purposes is stored on whose servers are based in the U.K at a company called Rackspace.

Where does iUVO host it’s websites?
Similar to many hosting companies, we lease a top-tier, third-party data hosting provider (Media Temple), a website and cloud hosting provider founded in 1998 currently with 200+ employees with servers located in the U.S. (MT) Terms of Service. (MT) Privacy Policy.

MT is owned by GoDaddy, who’s privacy policy can be viewed here.

As a iUVO client or web user your personal data is not shared with (MT) or GoDaddy.

If and when we process EU customer data in other territories, like the United States of America, we ensure “appropriate safeguards” are in place that are prescribed by GDPR – i.e., by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).

iUVO has no short term plans to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.

Protecting our customers’ data is fundamental to everything we do, we do not sell of share your data with anyone outside of the iUVO organisation.

Website Hosting Where iUVO Design LTD (iUVO) acts as a Data Processor

For the purpose of the GDPR regulation iUVO will act as a data processor for any data that has been provided, uploaded or transferred to our servers. Any client uploading this data will be classed as the data controller.

Where iUVO acts as a Data Controller

For the purpose of the GDPR regulation iUVO will act as the data controller for any data that was provided during the ordering and general account management process. This includes any data held for marketing purposes.

Data Physical Locations

Data provided to iUVO Hosting is stored at the following locations.

Customer Data Digital Location
iUVO, Basement Office, 110 Curtain Road, London, England, EC2A 3AH

Office Location
iUVO, Second Floor, 45 Grosvenor Rd, St Albans AL1 3AW

Primary Customer Website Hosting Data Centres (if you are a iUVO Hosting Customers)
EL-IDC3, El Segundo, CA, U.S.
VA-IDC4, Ashburn, VA, U.S

Type of Data

GDPR legislation applies to any data that can identity a living person including but not limited to email address, postal address and phone number.

Data Processing Agreements

Our data processing commitments are set within the Privacy Policy. These have been updated from feedback with clients and guidance from regulators. More recently it has been updated to include GDPR legislation.

Deleting Data

Any data you delete from our servers will be deleted immediately or should you have backups then within 30 days. On cancellation of services, data will be destroyed within a maximum period of 180 days. Any customer data may be retained for up to 6 years to satisfactory legal obligations. iUVO may keep your email address on file should you opt into our marketing materials.

Data Breach

Under GDPR it is the responsibility of the data controller (the iUVO Hosting client) to report a data breach to the Information Commission although iUVO, as the data processor, will assist in the breach notification.


Data Subject – A living person or individual
Data Controller – The organisation that collects and determines how the information will be processed, i.e. a iUVO Hosting client.
Data Processor – -An organisation that receives information from the data controller, i.e. iUVO
Personally Identifiable Information (PII) – -Information that can identify a living individual
Supervisory Authority – The authority responsible for enforcing the regulation within a specific territory. In the UK it will be the Information Commission’s Office (ICO).
Individual Rights – The rights that empower the individual.
Data Breach – Intentional or accidental loss / damage to information.

We're iUVO, digital geeks, innovative dreamers, marketing nerds, business strategists and creative wordsmiths.

Our approach is about effectiveness and aesthetics. We work from the inside out – understanding your business and any challenges you face, to create something compelling, that lets you engage and communicate more efficiently with your audience.