Sales:
0800 817 4727
LiveChat
Contact Us
Blog
Customer Portal
Sales: 0800 817 4727
Contact Us
Toggle navigation
Solutions
Solutions
Web Hosting & EMail
Custom Hosting Solutions & Consultancy
Server Management
Managed Backup & Disaster Recovery
Website Design & Maintenance Services
Migration Services
Platforms
Platforms
StormCloud Enterprise
StormCloud Solo
AWS & Azure
Services
Security
Storm Security Centre
StormSecure
Penetration Testing
DDoS Protection
Threat Monitoring & Protection
Web Application Firewall
Security Audits
PCI Compliance
GDPR Optimised Hosting
SSL Certificates
IT Management
Remote Working & Office 365
Backup Solutions
DNS Management
CDN Services
Disaster Recovery
Server Monitoring
Web Acceleration
Virtual LANs
VPN
s
Migration Services
Server Management Options
Service Level Agreement
Hosting Solutions
Ultra High-Availability Hosting
Dedicated Servers
Database Hosting
SQL Server Hosting
Web Server Hosting
Exchange Server Hosting
Ecommerce Hosting
SaaS & Application Hosting
Secure Shared Network Drives
cPanel Hosting
ASP.NET Hosting
PHP Hosting
Web Hosting & Email
Windows Hosting
Linux Hosting
Reseller Hosting
Hosting Platforms
Magento Hosting
Kentico Hosting
WordPress Hosting
Umbraco Hosting
Drupal Hosting
Not sure what you need?
Get in Touch
Industries
Industries
Developers & SaaS Providers
Web Designers & Agencies
More...
Why Storm
Why Storm
About Us
The Storm Difference
Awards
Certifications
Giving Something Back
Datacentres
Environmental Responsibilities
Blog
Industries
Developers & SaaS Providers
Web Designers & Marketing Agencies
Retail & ECommerce
Legal
Healthcare
More
Legal
Managed Hosting Terms
Security & Privacy Practises
Our GDPR Statement
Data Processing Schedule
Our Privacy Policy
Careers
Our Culture
Working for us
Current Vacancies
Customer Success Stories
Elizabeth Shaw
YKK Europe
Mystery Shoppers
Legal for Landlords
Land Rover Series II Club
Signum International
View all
Blog
Contact Us
0800 817 4727
Customer Portal
Storm Internet's Security & Privacy Practices
1. Security Practices
Storm Internet is responsible for the security measures set out in the
Agreement
, and shall maintain and implement the following technical and organizational measures in relation to the security of the Customer Configuration. The Customer remains the primary system/account administrator and is responsible for the integrity, security, maintenance and appropriate protection of Customer Data by (i) selecting and purchasing appropriate security Services (ii) implementing appropriate encryption and logical access controls and (iii) maintaining appropriate application security controls. Certain Storm Internet services are available to help Customers meet these requirements.
1.1
Physical Security – Data Centres
. The following physical security controls apply to Customer Data residing in data centre or office premises either owned or leased by Storm Internet or a Storm Internet affiliate in connection with the provision of Services to the Customer (and expressly excludes third party hosting Services):
1.1.1 Servers and devices dedicated to your use as part of the Customer Configuration provided by Storm Internet will be located in a controlled access data centre (or portion thereof) either operated by or dedicated to use by Storm Internet or its Affiliate.
1.1.2 Storm Internet operates or audits the use of an electronic access control system which logs access to physical facilities, managed by a professional security guard force in line with its current processes.
1.1.3 Physical access to Servers and devices dedicated to your use will be restricted to Storm Internet employees or its agents who need access for the purpose of providing the Services. Access within data centre facilities is in zones and provisioned based on physical access rights required by a given individual.
1.1.4 The data centre will be staffed 24/7/365 and will be monitored by video surveillance, recording to a centralized location and viewed by the onsite security force.
1.1.5 Storm Internet limits access to our physical racks and Servers to authorized individuals by proximity- based access cards and biometric hand scanners or other approved security authentication methods.
1.1.6 Except as specifically stated in the Agreement, Storm Internet will not relocate the Customer Configuration from a Storm Internet date centre in one country to a data centre in another country without your express written permission.
1.1.7 Following the termination of the Agreement or a Customer Configuration, Storm Internet will wipe data from those hard drives and storage devices dedicated to your use prior to re-use.
1.2.
Security Controls Audits & Reporting
. Storm Internet shall engage qualified third party auditors to perform examinations of its systems and services in accordance with: the best practice recommendations of ISO 27002, for the purpose of auditing Storm Internet's compliance with ISO 27001 and/or equivalent industry standards.
1.3.
Administrative Controls
1.3.1
Screening
. Storm Internet will perform pre-employment background screening of its employees who have access to customers' accounts, and is committed to employee supervision, training, and management.
1.3.2
Storm Internet Access
. Storm Internet will restrict the use of administrative access codes for customer accounts to its employees and other agents who need the access codes for the purpose of providing the Services. Storm Internet personnel who use access codes shall be required to log on using an assigned user name and password.
1.3.3
Customer Access
. As the primary system administrator, the customer is responsible for the management of their accounts, including creation, change management, and termination, and enforcement of related remote working and password controls.
1.4.
PCI-DSS
. With respect to the security of cardholder data, as that term is defined in the Payment Card Industry-Data Security Standard, Storm Internet may possess or otherwise store, process or transmit on the Customer's behalf, Storm Internet agrees to provide (i) those physical, technical, and administrative safeguards described in the Agreement and (ii) the Services selected by the Customer and described in the Agreement; provided that the Customer remains responsible for ensuring all PCI-DSS requirements are met with respect to such cardholder data.
1.5.
Reports of and Response to Security Breach
. Storm Internet will report to you as soon as reasonably practicable in writing and in accordance with applicable law, of a material breach of the security of the Customer Configuration which results in unauthorized access to Customer Data resulting in the destruction, loss, unauthorized disclosure or alteration of Customer Data of which we become aware. Upon request, we will promptly provide to you all relevant information and documentation that we have available to us regarding the Customer Configuration in connection with any such event. Storm Internet shall be under no obligation to notify routine security alerts in respect of the Customer Configuration (including without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers, or similar incidents) save as otherwise specifically set out in the Agreement.
1.6.
Customer Data Return
. The Services enable you to retrieve, correct, or delete Customer Data. Depending on your Services, you may not have access to the Customer Configuration or Customer Data during a suspension of Services, or following the termination of the Agreement. You are responsible for retrieving a copy of your Customer Data prior to the termination of the Agreement Storm Internet may delete your Customer Data at any time following termination of the Agreement.
2. Privacy Practices
Customer and Storm Internet will comply with applicable laws in relation to their collection and processing of any Sensitive Data in the provision and use of the Services.
If and to the extent the EU Directive 95/46/EC or the EU General Data Protection Regulation (EU) 2016/679 (together with any transposing, implementing or supplemental legislation "GDPR") applies to the processing Personal Data (as defined therein): (a) Storm Internet will process Personal Data only in accordance with Customer's instructions except as required by applicable law, and Customer acknowledges that this Agreement, together with Customer's configuration and use of the Services represents its complete instructions to Storm Internet on the processing of such Personal Data.
Version 1.2 (Last updated 09/01/2019)
Online Support
0800 817 4727