This Privacy Policy explains how VelocityServers Ltd (“Velocity”, “we”) processes personal data as a Data Controller under the UK GDPR and Data Protection Act 2018.
1) Controller details
VelocityServers Ltd (Company No. 15965072)
Registered office: Suite Ra01, 195–197 Wood Street, London, E17 3NU, UK
Email: support@velocityhosting.co
You may contact us to exercise rights or ask questions.
2) Personal data we collect
Depending on how you use our Services, we may collect:
-
Account & identity: name, business name, address, email, phone, login identifiers, verification info.
-
Billing: invoices, payment status, transaction references (card details are handled by payment processors; we typically receive tokens/last4).
-
Service data: IP address, device identifiers, authentication logs, security events, support tickets, configurations.
-
Website data: cookie identifiers, analytics events (see Cookie Policy).
-
Customer Content: if you submit personal data within Content hosted by you, you control that data as controller; we generally act as processor for that Content.
3) How we use personal data (purposes)
-
Provide, secure, and operate Services and customer support
-
Create and manage accounts, authentication, and access control
-
Billing, payments, fraud prevention, and debt management
-
Service monitoring, incident response, abuse prevention (AUP enforcement)
-
Compliance with legal obligations and law enforcement requests
-
Service improvement, analytics, and performance optimisation
-
Marketing communications (where lawful and you can opt out)
4) Lawful bases (UK GDPR Article 6)
We process personal data under one or more lawful bases:
-
Contract: to provide Services and manage your account
-
Legal obligation: tax, accounting, regulatory, lawful requests
-
Legitimate interests: security, fraud prevention, network integrity, service improvement
-
Consent: certain cookies and marketing where required
5) Sharing and recipients
We may share personal data with:
-
Infrastructure/data centre/network providers (hosting, connectivity, DDoS mitigation)
-
Payment processors and billing platforms
-
Support and monitoring tools used to deliver Services
-
Professional advisers (legal, accounting)
-
Authorities where legally required
We require appropriate safeguards and confidentiality commitments from providers.
6) International transfers
Where personal data is transferred outside the UK, we use lawful safeguards such as the UK International Data Transfer Agreement (IDTA) or adequacy regulations, as applicable.
7) Retention
We retain personal data only as long as necessary for the purposes above, including:
-
Account and billing records: typically up to 6 years (UK tax/accounting).
-
Security logs: retained for a limited period, proportionate to risk and operational needs.
-
Support tickets: retained while relevant to support and legal defensibility.
8) Your rights
Subject to conditions, you have rights to:
-
access, rectification, erasure, restriction, objection, portability
-
withdraw consent (where processing is based on consent)
-
complain to the UK Information Commissioner’s Office (ICO)
9) Security
We implement technical and organisational measures designed to protect personal data (access controls, monitoring, encryption where appropriate). No method of transmission/storage is 100% secure; you remain responsible for securing your credentials and hosted applications.
10) Children
Services are not intended for children under 16. We do not knowingly collect children’s data.
11) Updates
We may update this policy from time to time. The latest version will be posted on our website with an updated effective date.