Skip to main content

Data Policy

Iconography and its staff comply with the General Data Protection Regulation, which is enforced from May 2018. This policy reflects that compliance.


At all times, Iconography acts on the behalf of its clients as a Data Processor. At no point does Iconography act as the Data Controller. For the avoidance of doubt, specific provisions laid out in your Project Technical Specifications and Terms and Conditions override this policy. 

In its role as Data Processor, Iconography follows certain procedures to fulfill its responsibilities. To do so, Iconography requires access to your data, but will not take a copy. 

Iconography will routinely access your website for ongoing maintenance or to provide training. As necessary for these purposes, our staff will be able to access all data stored on your website.

Iconography will never collect or retain any information relating to your business, your sales or your website's visitors. This includes any and all personal data relating to your customers. 

Data Processing

Iconography and its staff shall only process data for specified purposes. In general,* these processes include:

  • Maintenance and testing of the website
  • Providing training in the use of the website
  • The hosting of website and the storage of personal data
  • The temporary storage of backups which are taken of your website

* Additional purposes may be specified in your Order Confirmation or your Project Technical Specification

Access Restrictions

To process data for these specified purposes, only essential personnel shall have access to all information stored on your website. 

Access is restricted to individuals employed by Iconography that require it to fulfill their role.

Under no circumstances will access to your website be shared with any non essential persons. 


Iconography takes appropriate steps to ensure the reliability of staff and to provide appropriate training. All members of staff understand and are able to fulfill their responsiblities both under the GDPR and in fulfilment of this policy.


Iconography's websites are hosted on secure servers, located within the United Kingdom. Physical and electronic access to these servers is restricted to essential personnel. Should a client be permitted access, this access always will be restricted to their own data and their own website. 

The data centre is supported by uninterruptible power supplies, state of the art fire suppression, as well as physcial and electronic security. Security guards are on site 24 hours a day and all data is encrypted to ensure that it is properly protected at all times. 


Where clients supply Iconography with any data for the purposes of web development, this data shall be promptly destroyed once its purpose has been fulfilled. This includes any physical printouts, as well as PDFs, CSVs and any other electronic file. 

On the termination of a contract, all website data stored on our servers will be deleted. This will be done following the payment of all invoices. Certain information may be retained by Iconography for legitimate business purposes, but any personal data related to your customers will always be destroyed. 

Our Clients and the GDPR

IXO Commerce has been prepared with the GDPR in mind. It fulfills the requirements of the legislation and provides a safe, secure platform on which you can conduct business. However, it is your responsibility to ensure that you and your company are compliant with the GDPR. Where appropriate, Iconography shall provide assistance; we have produced a guide to help you.  Should you have any concerns, seek legal advice. 

Rights of the Data Subject

Under the GDPR, individuals have several rights, which organisations must fulfill upon request. 

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

Should any of your customers invoke these rights, Iconography will assist you in processing that request. In that event, please contact the office. 


In the event of a Data Breach (unauthorised access to personal data), Iconography shall inform all affected clients by email or by telephone within 48 hours.