Gdpr

c_burton_bch · July 1, 2019, 10:37am

Hello,

I have been through the knowledge base and seen that it was discussed but not an answer.

Is the data stored on infinity free GDPR compliant?

I am a teacher working in a school and have created a website for student homework.

I have put student names in a mySQL database.

Does infinity free have access to that database and if so do they have an official statement saying they do nothing with the data?

thanks

Chris

Ergastolator1 · July 1, 2019, 10:39am

The data stored on InfinityFree is GDPR compliant. InfinityFree’s community may not touch the database and they don’t touch the data too. So you may be safe with your data, even if it’s stored in a MySQL database.

c_burton_bch · July 1, 2019, 10:41am

Is there an official statement from InfinityFree stating such? this is what my data manager is hoping to see.

Ergastolator1 · July 1, 2019, 10:45am

Their Privacy Policy says what data they collect, who can use the service, etc, but… [continues in the later post]

c_burton_bch · July 1, 2019, 11:05am

Those 3 terms just state that InfinityFree are not responsible for x, y and z. It doesn’t say what it does with the database I made.

I also looked at the privacy policy which is excellent at saying how it will use my details but not the data i store in a database.

Thanks

Ergastolator1 · July 1, 2019, 11:26am

[continuation from the old modified post] …the data you store on the database may not be modified by anyone but you. This is a shared hosting; the credentials are not the same as other accounts, but the hackers can’t access your Control Panel because that may violate the Terms of Service. However, I would recommend, if the password is stored as a plain text, to encrypt it with the MD5 hash method to make sure hackers cannot steal them, and for your students to have passwords that have:

at least a caps letter;
at least a non-caps letter;
at least a number;
at least a symbol;
doesn’t have any of the students’ names.

c_burton_bch · July 1, 2019, 11:41am

I’m not worried about hackers.

InfinityFree owns the domain so I assume have access to the MySQL database i created on there.

Personally i am confident that InfinityFree will never look at my database and steal the students names i store on there. However, to be GDPR compliant i need to see a term or statement from InfinityFree specifically stating that they will not do anything with the data that is stored using their service.

I was hoping i could find that somewhere on their website

Thanks

Admin · July 1, 2019, 5:53pm

iFastNet controls the database servers, so both InfinityFree and iFastNet have basically full access to the contents of your database at any single time. But if you’re worried about that, you should get your own server and run the database on that. Whoever manages the database has access to the data in it, which is important to remember.

That said, I can make the following promises:

We will never look at the contents of your account without a good reason. A “good reason” could be to provide support or check for abuse. We respect the privacy and integrity of people’s websites.
We do not share the contents of your account with anyone else. You have access to your data and InfinityFree and iFastNet staff does. Nobody else gets access (unless the law says otherwise).

That said, am I correct to assume that you’re looking for a Data Processing Agreement, the GDPR legal document which describes what we do with the data you (the Data Controller) have collected? Because neither we nor iFastNet (they control the database servers, so their DPA largely dictates the contents of ours) has provided such an agreement.

I do believe that we process your data and the data you collect on your website website in a GDPR compliant way, I don’t have the legal documents to hand over to guarantee it.

system · August 30, 2019, 5:53pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.