Login
Login

Privacy Policy

Port 179 Ltd (The operator of bgp.tools) provides various services. Providing some of these services can result in bgp.tools processing personal data.

Because of this, our policy is to comply with applicable provisions of the Data Protection Acts and the General Data Protection Regulation (GDPR), and to make all reasonable efforts to keep personal data secure and up-to-date.

The GDPR makes a distinction between personal data that we collect for our own purposes, and personal data which we process on behalf of third parties, typically a customer. For the former class of data, Port 179 Ltd are the data controller; in the latter case, we are the data processor acting for a third-party data controller. It is the data controller who has ultimate responsibility for ensuring data is only processed for legitimate purposes, is kept secure, and is not retained longer than necessary.

When is Port 179 Ltd a data controller or a data processor?

  • We are the data controller for all systems that we use internally. For example billing systems, accounting, internal server logging.
  • We are the data controller for personal data in our server logs
  • We are the data controller for personal data that users submit to us (for example, you may submit phone numbers for us to use)
  • We are the data processor for data that users submit to our systems. This could include BGP data or other products that have long term data storage requirements

What information do we collect?

  • Contact information of anyone authorised to liaise with us on behalf of a customer. This information includes the contact’s name, organisation name, email address, postal address, phone number.
  • Details of payments made to us or by us. This may include the contact information of the card holder or account holder from whom a payment was received. It does not include the bank account number when paying by bank transfer or direct debit, nor does it include the card number when paying by credit or debit card.
  • Administrative records such as contact details, bank account details (where provided for electronic payment), accounting records, correspondence files and contact information for suppliers and others.
  • Access credentials (typically usernames and passwords) created by or provided to customers and other users in order to access our services.
  • A log of write operations performed while logged in, such as changing monitoring settings, or adding/changing/removing BGP sessions.
  • Server logs. Normally done for debugging traffic loads, sensitive details like password or payment details are never logged.
  • Any Correspondence you send in to the company or is sent by the company
  • User edit requests submitted either through email or via the website itself.
  • Network flow data (Typically samples of ethernet, IP, TCP/UDP headers) for data passing through or into our network. Full packet contents are not stored from these samples.

How long do we retain this data?

  • Correspondence may, at the company’s discretion, be held indefinitely.
  • Customer contact information is held until it is replaced by the customer (+ 30 days for backups), or until it has been 11 years since the customer had a active service
  • The amount and date of customer payments, the type of service or product purchased, and the applicable customer account number is retained indefinitely. (However internal accounts linking may be removed as stated in other parts of this document)
  • Server logs and Flow data are held for 90 days, however may be held for shorter times if the resources to store them are required elsewhere. In some cases, it is necessary to store logs for a longer period to comply with the Investigatory Powers Act or other legislation.
  • Account audit information is held until the customer account is no longer receiving service, plus 1 year.
  • Data provided for exports (Like MRT exports) are held at the company’s discretion, held indefinitely.

How do we use this data?

We use your contact information to contact you as necessary to provide the services or products you ordered, including when issuing invoices, to remind you when a product or service is about to expire, to inform you of any changes which may affect your account or the services we are providing to you, or to alert you to any problems with your account or services we are providing to you. We also use your contact information to identify you when you contact us.

If you have explicitly opted to receive such communications, we may also use your contact information to send you occasional informational or marketing materials about bgp.tools and our services and products. You may withdraw your consent at any time, either through our portal, by contacting us, or by using provided methods that may exist inside the marketing materials itself.

Access credentials are used to ensure only authorised persons can access our services. Passwords are always stored using a one-way hash.

We may use personal data to review and improve the services we offer. This may include analysing our logs to understand how our services are used, and reviewing past correspondence to understand what difficulties have arisen.

Disclosure of your data to third parties

Port 179 Ltd will not disclose your personal data except as described below.

  • We may enter enter into a contract with a third party to process data which may include your personal data. In such a situation, the third party will be acting as the data processor under us as data controllers, and the data processor will be based in the United Kingdom or European Economic Area.
  • Your data will be disclosed or shared if there a legal duty to do so, or as ordered by a competent court or law enforcement agency.
  • We may disclose, share or transfer your personal data to any future subsidiary company or holding company.
  • In the event that Port 179 Ltd sells all or substantially all of its assets to a third party, your personal data will be transferred to that party.

Our responsibilities as a data processor

We are a data processor of customer data using our services. Unless the customer has informed us, we do not in general know whether the data includes personal data, and if so whether is special category data as defined by the GDPR. However we assume by default that it will contain unspecified personal data.

Contact

If you have additional queries or need to contact us, You can reach us by email on admin@bgp.tools.


← All knowledge base articles