Where is user data stored and how can it be removed?
In circumstances where BML provide your website hosting, data for your live website is stored in the site database. This is located on a physical server based in a UK data centre.
In terms of accessing user data to delete, you can generally delete stored contact form entries using the normal admin area of the site. This means you can easily remove data for anyone who requests it. You may be advised to delete this data regularly, as it will have been emailed to you anyway. If you don’t have explicit consent from currently stored contacts then it makes sense to remove them well ahead of the deadline.
Copies of user data may also be held on local development and staging servers as part of our normal development process. If a data removal is requested, we will also remove any relevant data that may be held on those machines, along with data held on the machines of any relevant suppliers we have contracted.
We also backup the web server daily, keeping a 30-day history of all information on a separate secure server. If a user requests that their data should be removed, then we will also need to remove the relevant backups where their data may also appear. You will need to instruct us to do this as part of your removal request process.