Zare White Logo

Privacy Policy

We take your data security seriously, so we operate a strict privacy policy to ensure that your data is processed and stored in a way that is in compliance with local laws.

Contact Us

Company name:
Hydra Communications Limited
Other trading names:
Zare, Nitrous Networks, Bandwidth Technologies, PrimeNodes
Office address:
Unit 1, Apex Court, Bradley Stoke, Bristol BS32 4JT
Phone numbers:
0800 080 3330 (UK); +44 0800 080 3330 (International)
Email:
[email protected]
Websites:
https://hydracom.co.uk, https://zare.com, https://nitrous-networks.com, https://www.bandwidth.co.uk, https://www.primenodes.com

Data Protection Officer

Name:
Harry Beasant
Company name:
Hydra Communications Limited
Office address:
Unit 1, Apex Court, Bradley Stoke, Bristol BS32 4JT
Email:
[email protected]
ICO Data Protection Register:
https://ico.org.uk/ESDWebPages/Entry/ZA272641

What personal data do we collect?

Most of the personal information we collect and process is provided to us directly by you when you use our website, sign up to use our services, or place an order with us. For example, your email address will be stored in order to verify your identity, during the sign-up process, and for billing.

As a proof of identity, we may also ask you to provide a passport or other ID card. This information is used solely for verifying your identity and is removed from our system within 48 hours.

We also receive personal data indirectly, such as your IP address (including your geo IP location and hostname), which are automatically collected and stored when you sign up online for our services, support, or place an order.

When you use our control panel, your actions are logged and stored along with your IP address, hostname, and browser. This happens during, for example, orders, sign-up, and power reboots/on/off.

When you visit one of our websites, small text files known as 'cookies' are stored on your device to ensure you get the best experience on that website. A notice about the use of cookies pops up whenever you access our websites, and you can choose to consent to, or set particular preferences for, these cookies.

Why do we collect your personal data?

Customer emails are automatically stored following an order or sign-up process, for information security and fraud prevention purposes. Additional contact details may also be collected for such purposes.

Likewise, IP address, location, and hostname details are automatically collected and processed to ensure informational tracking and security as well as for identity verification purposes.

Your name, address, and email are used by our third-party payment processors - Stripe and PayPal - in order to verify credit/debit card ownership and provide fraud protection.

What is the lawful basis for us processing your personal data?

Under the UK General Data Protection Regulation (GDPR), the lawful basis for us processing your personal data is that it is necessary for the performance of a contract (service/support, product order) or before entering into a contract (quote).

We also carry out some data processing - to the extent that it is strictly necessary only - for the legitimate interests of fraud prevention and network and information security.

What cookies do we use?

The list of current cookies stored by our services is detailed below. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know:

  1. Strictly necessary cookies
    1. _cfduid, __cf_bm (CloudFlare)
      1. Used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
    2. zare_session (Zare Manager)
      1. Used to store the unique session ID for each visitor and enables variables to be remembered and passed between page loads.
    3. csrf_zare_hash (Zare Manager)
      1. Used as a security identifier to prevent CSRF attacks on requests.
    4. __stripe_mid (Stripe)
      1. Used to identify and track payments between the user and the system.
  2. Analytical/performance cookies
    1. _ga, _gat, _gid - Universal Analytics (Google)
      1. This cookie allows us to collect anonymous information about our website visitors and statistics to help us develop and improve our website.
  3. Functionality cookies
    1. tawk_uuid_*, twk_idm_key, twk_token_*, tawk_uuid_propertyId, TawkConnectionTime (tawk.to)
      1. Third party cookie that tracks users so we can link multiple chat conversations together and be able to maintain a chat session to assist customers more effectively.
    2. cookieconsent_status - Cookie Popup Notice
      1. When set disables the notice that informs users about cookies being stored on our website so the popup will be hidden.

How do we store your personal data?

All data is stored in replicated databases at two locations in Europe and two in the United States: London, United Kingdom; Frankfurt, Germany; Los Angeles, United States; New York, United States.

Sensitive data such as passwords are automatically hashed and salted. Our databases are backed up offsite daily.

We employ the highest levels of encryption for stored passwords, including CRYPT_BLOWFISH one-way encryption; unique salts on a per-user basis, resulting in zero password hash clashing; and high compute time for the PASSWORD_BCRYPT/CRYPT_BLOWFISH algorithm.

How long do we keep your personal data for?

Under the UK GDPR and the Data Protection Act 2018, personal data that we collect and that may later be audited by HMRC must not be retained for longer than is necessary for its lawful purpose. The standard retention period for HMRC records is '6 years plus current'. When you no longer have any active services or orders with us and have opted to close your account, this retention period starts. After the HMRC '6 years + 1' retention period has elapsed, this personal data (e.g., personal identifiers, order records, invoices, transaction data) will be securely destroyed.

All other data is stored for 12 months before being purged from our databases. This includes, for example, general logging (actions carried out on the control panel), email logs, ticket attachments, tickets and replies, API logs, and abuse reports.

What are your rights regarding your personal data?

Based on our lawful bases for processing your personal data, you have certain rights under data protection law:

  • access - you have the right to ask us for copies of your personal information
  • rectification - you have the right to ask us to (a) rectify personal information you think is inaccurate and (b) complete information you think is incomplete
  • erasure - you have the right to ask us to erase your personal information in certain circumstances
  • restriction - you have the right to ask us to restrict the processing of your personal information in certain circumstances
  • objection - you have the right to object to the processing of your personal information in certain circumstances
  • data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising these rights. If you make a request, we have one month to respond to you.

Please contact us using the details provided at the start of this Privacy Notice if you wish to make a request. We may ask for additional proof of identity before we can hand over the requested data - this is a standard security procedure that we carry out from time to time.

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].

You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; 0303 123 1113; https://www.ico.org.uk.

Want more information, or to make sure we're the right fit for you?

Get in touch