CFTS Documentation

Privacy Notice

1. INTRODUCTION

CFTS is committed to protecting personal data and operating in a transparent, secure and responsible manner.

This Privacy Notice explains how we collect, use, store and protect personal data in connection with our services.

2. WHO WE ARE

CFTS provides hosting and related technical services. Infrastructure is operated within the United Kingdom, Uganda and EU.

For privacy-related enquiries, contact: Email: support@cfts.co

3. OUR ROLE

In most cases, CFTS acts as a Data Processor on behalf of its clients (Data Controllers).

  • Clients determine the purpose and means of processing personal data within hosted environments.
  • CFTS processes data only in accordance with documented client instructions.

4. DATA WE PROCESS

Depending on service use, we may process:

  • Contact information (name, email, phone)
  • Support ticket content
  • Account and authentication data
  • WHMCS account data (excluding payment card information)

We do not store payment cardholder data.

5. PURPOSE OF PROCESSING

Personal data is processed for:

  • Provision of hosting services
  • Technical support and incident management
  • Security monitoring and access control
  • Legal and regulatory compliance where required

6. DATA STORAGE & TRANSFERS

Infrastructure is hosted within the UK and Uganda.

Encrypted backups may be stored outside the UK depending on operational requirements.

Appropriate technical and organisational safeguards are applied, including encryption at rest and in transit.

7. DATA RETENTION

Data is retained only as long as necessary for service provision, legal compliance, or operational security.

Backup retention follows defined schedules:

  • Daily retention (short-term)
  • Weekly and monthly rotation
  • Yearly retention where operationally required

Upon service termination, live production data is deleted immediately.

8. SECURITY MEASURES

CFTS applies layered security controls including:

  • Encryption (TLS 1.2+)
  • Full disk encryption
  • Encrypted backups
  • Network segmentation
  • Firewall and intrusion controls
  • Multi-factor authentication
  • Log monitoring and retention
  • Incident response procedures

9. DATA SUBJECT RIGHTS

Where CFTS acts as a Data Processor, data subject rights requests must be directed to the relevant Data Controller.

Where CFTS acts as a Data Controller (e.g. internal business records), data subjects may request:

  • Access to personal data
  • Rectification - Erasure
  • Restriction of processing
  • Objection where applicable

Requests may be submitted via support@cfts.co.

10. BREACH NOTIFICATION

In the event of a confirmed personal data breach, affected clients will be notified without undue delay in accordance with applicable law.

11. COOKIES & TRACKING

CFTS does not knowingly deploy non-essential tracking mechanisms. Any required operational cookies are limited to those necessary for service functionality.

12. CHANGES TO THIS NOTICE

This Privacy Notice is reviewed periodically and updated where necessary to reflect operational or regulatory changes.

SUMMARY

CFTS applies structured governance, encryption, access control, and defined retention practices to protect personal data and main