Privacy and Legal Centre
Updated May 2018
Welcome to the HUB Privacy and Legal Centre. Here you will find details and answers to all privacy and data-related subjects, as well as our terms and conditions of business.
Business Privacy and Data Guide
We have compiled a short guide to help you understand how HUB ensures your data is secured and protected. Click on the icons to proceed to each section.
Read through our docs for things that protect not only us but you too.
Processes for GDPR requests
We’ve set up the internal infrastructure to ensure all GDPR-related data requests can be responded to and handled appropriately.
Updated Data Protection Addendum
We’ve updated our GDPR-compliant Data Protection Addendum (“DPA”), and made it available for you to sign here.
Agreements with third-party vendors
As always, HUB will never sell, rent, or lease your information (name, address, email, etc.) to any third party. Any vendor we use to provide services will also be held accountable to GDPR.
Security Event / Data Breach Notifications
As a data processor, HUB is obliged to notify the respective data controller on the discovery of the breach of data protection security.
HUB would also request that client controllers inform HUB immediately on discovery of a data breach relative to data hosted or processed by HUB.
Please email firstname.lastname@example.org detailing the incident.
HUB is the trading name of MPSWORKS Ltd, a company registered in the UK with the registration number 09012800, whose primary place of business is:
The Clarence Centre
St. George’s Circus
London SE1 6FE
HUB can be contacted in the following ways:
Telephone: 020 3865 8077
Email General: email@example.com
Email Support: firstname.lastname@example.org
HUB undertakes the business of:
- Website Design and Development
- Application Design and Development
- Digital Marketing, therein; the bulk delivery of marketing emails, digital production of advertising content, and content marketing
- Website and Application Hosting
- Managed Support
HUB is engaged as an agency by businesses who wish to purchase the aforesaid business services. Clients pay for these services through an adhoc, project-based or recurring fee (through which HUB services are retained either over a fixed period of time or indefinitely).
HUB undertakes to handle the data made available by clients whereupon the client as a Data Controller employs HUB as a Data Processor. This data ranges from graphics and video content files such as layered Photoshop documents, to specific data sets including personal details of client customers.
HUB undertakes to host data made available by clients on the Internet whereupon specific steps are taken to developmentally and architecturally secure that data and selectively serve and execute that data through a web browser or otherwise enabled online interface (e.g. a mobile app).
Staff and Employment
HUB employs Software Developers, Systems Administrators and Database Administrators amongst other operational and design staff, on both a permanent and freelance basis.
All staff are committed via an employment or delivery contract to non-disclosure and confidentiality.
Client Data Privacy
In order for you to use our Services, HUB will ask you for some of your personal data (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. Those who purchase Services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions.
HUB utilises both bespoke and framework driven development. HUB websites are delivered using the following content management systems:
- WordPress – https://en-gb.wordpress.org/about/security/
- Umbraco – https://umbraco.com/media/1108/whitepaper-umbracosecurity.pdf
HUB bespoke application development is primarily undertaken using the Laravel PHP framework.
Technical detailing on Laravel security measures is available here:
HUB database development is undertaken using the MySQL database framework and Microsoft SQL Server database framework.
MySQL Security Documentation is available here:
HUB is engaged by clients to host their data on the Internet via websites and applications that HUB may or may not have designed and developed. HUB does not own the data centres in which this data is stored, and chooses to extend the data hosting services of the following companies:
- Amazon Web Services in England and Ireland on which HUB utilises the EC2, S3 and RDS services. To learn more about AWS and how HUB extends GDPR Enablement through them:
- WP Engine (extending Google Cloud Services)
Read about Data Protection and Privacy from WP Engine here:
Upon a client engaging HUB to develop a website or application, or host either, HUB is defined as a Data Processor whereupon the client is the Data Controller and instructs HUB to process data on their behalf.
If the client is also a Data Processor, HUB may be engaged as a third-party sub-processor or data importer depending on the requirements.
Data processor activities must be governed by a binding contract with regard to the controller (the client).
The HUB Data Protection Addendum is available to download and sign here:
The binding obligations on the processor must cover the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller.
There are a number of specific requirements including that the personal data is processed only on documented instructions from the controller, and requirements to assist the controller in complying with many of its obligations. The data processor has an obligation to tell the controller if it believes an instruction to hand information to the data controller breaches the GDPR or any other EU or Member State law.
Contexts for this data processing may include, but are not limited to:
- Ecommerce websites whereupon user data is stored.
- Promotional websites whereupon opportunity data (‘leads’) are captured.
- Applications and apps wherein user data / personal data is stored.
User data, on request of the client, may be synchronised or imported in to other software for the purpose of communication and marketing. HUB uses the following platforms on behalf of clients:
- Campaign Monitor
HUB employs the appropriate security measures on an application / software level and architectural level (hosting environments).
What is appropriate is assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, the state of the art, the costs of implementation and the nature of the processing. These measures may include pseudonymisation and encryption.
HUB undertakes regular testing of the effectiveness of security measures.