GDPR Compliance
Last updated: May 17, 2026. WebGee Ltd.'s GDPR compliance framework defines how personal data is governed, accessed, ported, and erased across our hosting and cloud infrastructure operations.
Governance Principles
WebGee Ltd. processes personal data under UK GDPR and EU GDPR. All new orders require acceptance of our Terms of Service and Privacy Policy before account provisioning.
Self-Service Profile Control
The WebGee Client Area provides a self-service portal to view and update profile data — including name, email, postal address, phone number, and company details. Reseller clients may offer the same controls to their end users.
Communications & Marketing
Marketing, product updates, and status communications are sent only when you have registered and accepted our terms. You may unsubscribe from marketing lists via email links without affecting essential account or billing notifications.
- Client PortalOperational emails (status updates, billing, security) may be sent through the WHMCS client area as part of service delivery.
- HMRC RetentionPersonal information for clients with invoices in the past seven years may be retained for UK tax and regulatory distribution to HMRC.
Right to Erasure (Data Removal)
Under GDPR Article 17 (right to be forgotten), you may request programmatic deletion of personal information across WebGee active databases when eligibility criteria are met.
Data Erasure Framework (Article 17)
WebGee Ltd. enforces strict automated retention limits. Full deletion may proceed when the following criteria are met:
Contractual Fulfillment
Active infrastructure services or reseller licenses have been formally terminated and all outstanding invoices are settled.
Consent Withdrawal
Processing operations rely strictly on user consent, and that consent has been formally revoked.
Legal Precedent
Information is no longer required for regulatory compliance or accounting audits within UK jurisdiction.
- No active services on your account.
- No payments to WebGee within the last 7 years (HMRC statutory retention may still apply until elapsed).
- You are the original account owner.
Initiate a data removal request
Submit via the support ticketing system. We respond within 2 weeks and may require identity verification before final deletion confirmation.
Request data removal →Successful erasure completes with an automated email confirming personal information has been purged from our databases. No response to the initial ticket indicates processing is underway.
Access & Portability (Data Request)
Under GDPR Article 15, you may request a copy of personal data held by WebGee. All access requests undergo identity verification to prevent unauthorized data exfiltration.
Data Subject Access Requests (DSAR)
To ensure absolute security, DSARs follow a verified pipeline:
- Authentication Token
Initiate the request from your authenticated WebGee Console / Client Area, or via a verified support ticket tied to your account email.
- Review Window
Our compliance operations team reviews the request pipeline. Fully formatted JSON or CSV data extractions are delivered securely within 30 business days.
- Secure Routing
The exported package may include profile metrics, IP history telemetry, billing metadata indicators, and related account records in a machine-readable format.
Request your data export
For security, additional proof of identity may be required. Standard delivery formats include structured text or PDF review copies.
Request your data →Compliance contact
Questions about GDPR rights or data processing may be directed to our data protection team.
[email protected]Telemetry Storage Map
Personal Data Storage Blueprint
Structured overview of primary data vectors, application scope, and encryption layers across WebGee infrastructure.
| Data Vector | Practical Application Scope | Encryption Layer |
|---|---|---|
| Identity Metadata | Customer name, verified email endpoints, corporate address lines. | AES-256-GCM at rest |
| Network Telemetry | Server connection logs, edge API request headers, IP address footprints. | TLS 1.3 transit tunnels |
| Billing Profiles | Tokenized payment hashes, local VAT registers, transaction logs. | PCI-DSS node routing |
| Support Streams | Help desk transcripts, console tickets, emergency routing hotline metadata. | Secure database block |
HMRC-mandated retention (7 years)
- Full name, address, email, phone, country
- Company name and VAT number
- Order records, invoices, and transaction IDs with amounts and timestamps
Operational telemetry (6+ months, then purged)
- Control panel action logs
- Email and ticket logs with attachments
- API logs, abuse reports, and live chat transcripts
Sub-Processors & Nodes
WebGee may store and process data across multiple physical locations to ensure resilience and performance. Current infrastructure nodes include:
- London, United KingdomPrimary UK operations and corporate data residency.
- GermanyEU-region processing and redundancy.
- United StatesSelected infrastructure and third-party service nodes with appropriate safeguards.
Credential encryption standards
Stored passwords use CRYPT_BLOWFISH two-way encryption with per-user salts, zero hash clashing, and high-compute PASSWORD_BCRYPT iteration counts.