Processes for GDPR requests
We’ve set up the internal infrastructure to ensure all GDPR-related data requests can be responded to and handled appropriately.
Updated Data Protection Addendum
We’ve updated our GDPR-compliant Data Protection Addendum (“DPA”), and made it available for you to sign here.
Agreements with third-party vendors
As always, HUB will never sell, rent, or lease your information (name, address, email, etc.) to any third party. Any vendor we use to provide services will also be held accountable to GDPR.
As a data processor, HUB is obliged to notify the respective data controller on the discovery of the breach of data protection security.
HUB would also request that client controllers inform HUB immediately on discovery of a data breach relative to data hosted or processed by HUB.
Please email [email protected] detailing the incident.
Thereafter, HUB will follow the guidelines determined by the Information Commissioner’s Office (ICO) as detailed here.
We have compiled a short guide to help you understand how HUB works, and how we ensure your data is secured and protected. Click on the icons to proceed to each section.
HUB is the trading name of MPSWORKS Ltd, a company registered in the UK with the registration number 09012800, whose primary place of business is:
The Clarence Centre
St. George’s Circus
London SE1 6FE
HUB can be contacted in the following ways:
HUB undertakes the business of:
HUB is engaged as an agency by businesses who wish to purchase the aforesaid business services. Clients pay for these services through an adhoc, project-based or recurring fee (through which HUB services are retained either over a fixed period of time or indefinitely).
HUB undertakes to handle the data made available by clients whereupon the client as a Data Controller employs HUB as a Data Processor. This data ranges from graphics and video content files such as layered Photoshop documents, to specific data sets including personal details of client customers.
HUB undertakes to host data made available by clients on the Internet whereupon specific steps are taken to developmentally and architecturally secure that data and selectively serve and execute that data through a web browser or otherwise enabled online interface (e.g. a mobile app).
HUB employs Software Developers, Systems Administrators and Database Administrators amongst other operational and design staff, on both a permanent and freelance basis.
All staff are committed via an employment or delivery contract to non-disclosure and confidentiality.
In order for you to use our Services, HUB will ask you for some of your personal data (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. Those who purchase Services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions.
HUB utilises both bespoke and framework driven development. HUB websites are delivered using the following content management systems:
HUB bespoke application development is primarily undertaken using the Laravel PHP framework. Technical detailing on Laravel security measures is available here: https://laravel.com/docs/4.2/security
HUB database development is undertaken using the MySQL database framework and Microsoft SQL Server database framework.
MySQL Security Documentation is available here: https://dev.mysql.com/doc/refman/8.0/en/security.html
HUB is engaged by clients to host their data on the Internet via websites and applications that HUB may or may not have designed and developed. HUB does not own the data centres in which this data is stored, and chooses to extend the data hosting services of the following companies:
If the client is also a Data Processor, HUB may be engaged as a third-party sub-processor or data importer depending on the requirements. Data processor activities must be governed by a binding contract with regard to the controller (the client).
The HUB Data Protection Addendum is available to download and sign here: Access Addendum
The binding obligations on the processor must cover the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller.
There are a number of specific requirements including that the personal data is processed only on documented instructions from the controller, and requirements to assist the controller in complying with many of its obligations. The data processor has an obligation to tell the controller if it believes an instruction to hand information to the data controller breaches the GDPR or any other EU or Member State law.
Contexts for this data processing may include, but are not limited to:
User data, on request of the client, may be synchronised or imported in to other software for the purpose of communication and marketing. HUB uses the following platforms on behalf of clients:
HUB employs the appropriate security measures on an application / software level and architectural level (hosting environments).
What is appropriate is assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, the state of the art, the costs of implementation and the nature of the processing. These measures may include pseudonymisation and encryption.
HUB undertakes regular testing of the effectiveness of security measures.