Arrowmail is a Limited Company registered in the UK which provides email and other related IT services.
About our services
We store the minimum amount of information required to operate customer accounts and are fully compliant with the General Data Protection Regulation (GDPR) legislation.
In respect to our customers’ email data we think that Arrowmail would be determined to be a Data Processor under GDPR legislation.
Whatever our status, we do have a responsibility to store our customers’ email data and the security or our customers’ data is paramount.
Here are some points with regard to this:-
We impose confidentiality obligations on all employees that have access to our company records or our customers’ email data.
We implement appropriate measures designed to ensure the security of all the data we store on behalf of our customers. These include:-
- Using UK datacentres with strong physical security
- Requiring multiple levels of strong passwords in order to gain administrative access to our servers.
- Only allowing administrative access to our servers from a small list of IP addresses managed and operated by Arrowmail.
Under normal circumstances we never access our customers’ email data, but we do have the ability to do so if this is required in the course of investigating a problem.
We will notify a customer within 24 hours of becoming aware of any security breach that may have led to unauthorised access to their data.
We don’t retain any backups of a customer’s data after they have deleted it, for any longer than the safety margin of 60 days for a deleted email and 7 days for a deleted mailbox.
Under the Data Retention (EC Direction) Act of 2009 we are obliged to store email metadata for all emails that pass in and out of our servers for a minimum of 12 months. This data shows who sent what, when, to whom and the Subject Line of each email but not the contents of the email body or any attachments.
We use commercial digital certificates to encrypt all connections between our servers and customers.
We also attempt to use encryption between our servers and external mail-servers, however, we can’t guarantee that emails will remain encrypted once they have left our system.
We only accept credit card payments using the 3rd party payment processing company PayPal.
This means that we don’t need, and are never in possession of, any credit card details.
We will cooperate with the appropriate authorities investigating criminal activities by allowing them access to our company and server records.
We will keep unsolicited communication between ourselves and our customers, not directly related to the operation of their account, to a reasonable minimum and confine it to advisories on changes to services, price structure or operational procedures.
We will never pass on any email address or any other information we hold about customers, to any 3rd party.
About this website