GURU Cloud Customer Privacy Policy

Summary

The following describes what data we routinely and ordinarily collect and log as part of providing our service to you, as a GURU customer. Is it supplemental to the Privacy Policy located at https://www.guru.co.uk/support/privacy-policy

Your information

When you sign up for an account with GURU we will ask you for some essential information about you and/or your company. We need this information to provide your service. Additionally, as part of this sign-up process, you can select whether you’d like us to keep in touch about GURU in future - you can also change this preference at any time in your customer portal.

If you choose to pay by Credit/Debit card, you will be asked to provide information to WorldPay (https://www.worldpay.com/uk), this includes your name, address, email address, card payment details and any other information that WorldPay need in order to process payments on our behalf. This data is held by WordPay, you can view their Privacy Policy at https://www.worldpay.com/uk/worldpay-privacy-notice

If you choose to pay by PayPal, then you will be asked to provide information to PayPal. This will include your name, address, email address, card payment details and any other information that PayPal need in order to process payments on our behalf. You can view the PayPal Privacy Policy at https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

What will we do with your information

Upon placing an order we will use some of your details to perform a fraud risk assessment using MaxMind - this is NOT a credit check, it is simple a validation of the information you provide us. In doing this we will pass your email domain name (not your full email address), your IP address, your postal address (excluding your name), phone number and browser User Agent. We will also pass a one-way hashed version of your full email address (your email address cannot be seen from this). We will not share this information with anyone else.

MaxMind’s Privacy Policy can be found at https://www.maxmind.com/en/privacy_policy

If you register a domain name with us, we will pass the required ownership data to the domain registrar to ensure this is registered in your name. This will include your name, address, email address and telephone number.

Operationally we will use the information you provide to correctly identify you, bill your services and to inform you about important matters regarding your services. This is in addition to any marketing updates we may send you, only if you have opted in to these marketing updates.

What records do you keep

Support

When you contact our support team, by telephone, email or live chat, we will keep records of these conversations. We will retain these records indefinitely, as they form an integral part of our security and audit process.

Logs

When you access your support and customer portals, we will record logs of these activities. We will retain these records indefinitely, as they form an integral part of our security and audit process.

When you access your services, we will record logs of these activities. Normally we will retain this data for up to 12 months, but we reserve the right to retain for longer where necessary. If you provide others with access to these services, for example as a Reseller providing access to customers, logging of activities also applies to these services. Data logged includes IP addresses, request URLs, HTTP authenticated usernames, user agents and in some instances referring URLs. There is no intent to connect the data in these logs with individual users, or to track users, data is required for security and operational purposes.

When visitors access your websites and services, we will record logs of these requests. Normally we will retain this data for up to 12 months, but we reserve the right to retain for longer where necessary. If you configure your account to archive these logs, they will be retained for longer - this is your choice. Data logged includes IP addresses, request URLs, HTTP authenticated usernames, user agents and in some instances referring URLs. These logs are necessary for security and operational reasons.

We do our best to collect the minimal data necessary when recording logs of service activity. Sometimes, for security reasons, we need to record more specific data (such as reasons for security exceptions, or partial payloads of security incidents), this is only done where necessary and is not shared with anyone.

Access

Only GURU staff have access to the above data, which is only used as part of providing services to you. It is not routinely shared with any third parties.

Occasionally in diagnosing problems it is necessary to share log data with third parties, which again forms part of providing your service. Any partner we share log data with must meet our sub-processor requirements under the GDPR. We do not share the personal data you provide us when signing up to the service.

Third party services

In some instances, we may use third-party services to provide your GURU Services. These third parties may record their own logs, in a similar way GURU do in order to provide Services to you.