GDPR Information

GDPR compliance, ISO 27001 certification, and comprehensive data handling practices for our billing platform.

Last updated: 2025 Version: 2.0

GDPR

BaseServ Limited is committed to providing a secure hosting environment and transparency towards our customers, how we handle data and what data we collect.

All data is by default only accessible by staff at BaseServ Limited, unless we specify otherwise.

As long as you're a customer of BaseServ Limited, we log data such as your name, address, email address and telephone number. We also log your customer data, such as their name, address, phone number, email address, IP Address and last 4 digits of their card numbers. We also log login requests to various systems you access within the BaseServ Limited environments.

In case you agree to our data policy, the agreement is valid for the period you're a customer of BaseServ and has existing products with us.

Information such as invoices issued to you as a customer is kept even after terminating the products or ending your time as a customer at BaseServ Limited. You can, however, change your contact details to something "random" at our Client Area. In case you need a random email added to your account, please let us know by contacting support@baseserv.com.

If you would like your account fully deleted you will need to email our DPA Team by emailing dpa-support@baseserv.com.

Below you will find different sections regarding the various products and tools we use as a company to function; you can click each title to read more:

We log and maintain your client's data, we store their addresses, email address, phone number, company details, IP Address and login information. This is all stored in our secure databases.

We also save transaction details, such as price, line items, qty, addresses, payment details, transaction details, IP Addresses and sometimes recurring payment details.

When sending emails, the emails get sent via an external SMTP relay called Mailgun – Mailgun is an outgoing SMTP Relay solution used to send our invoices, account emails and password resets.

The Mailgun software stores sender address, the receiver address and the email subject of individual emails.

If you want to prevent transmitting any data via Mailgun, we advise you to use an alternative outgoing mail-server than ours.

Our databases are secured to make sure your data is safe. Only our server engineers have access to the database servers. No one on our staff have access to your data. This is all hosted on our encrypted servers.

Databases are permanently stored and are only removed once the customer deletes their BillingServ Account, the customer gets terminated, or you request our BaseServ Limited Support Staff.

Access logs and error logs only available to the BaseServ Limited staff.

There's no defined rotation policy for access or FTP logs; data gets removed during account termination or cleaned up by staff on a regular interval. Customers can contact BaseServ Limited's support department to request deletion of the logs.

Backups are stored on external backup servers managed by BaseServ Limited; data is backed up over a secure connection and is stored in encrypted storage which our staff can restore if you contact our support team at support@baseserv.com.

Backups include all data, including business data (Logos, images and invoices) databases, cronjobs, DNS zones, account statistics.

Backups do get rotated out automatically after termination of your account within one month or less.

In case you use our support, you at the same time have to agree our support department accessing the required information about your account to resolve the issue.

We might require access to files (web files, emails, cache files), databases, logs, backups, statistics and/or IP information about logged in accounts.

In case you do not allow us to access any of the data, be aware that resolution of your problem might get prolonged or not possible to resolve.

When you create a support ticket, ticket information gets stored in our support software (support.baseserv.com) indefinitely and temporary for less than 24 hours on our Email provider (GSuite).

Any emails coming from our support system gets sent via GSuite via secure connections.

Requesting deletion of data from our ticketing system requires you to contact support@baseserv.com.

We are partnered with a variety of Payment Gateways. When one of your clients checks out on our platform some of their personal data is shared with these third party payment gateways.

PayPal: We use the PayPal Standard & Pro API's to facilitate payments on your behalf. We send the clients name, address, email address, phone number and the purchase amount.

WorldPay: We use the WorldPay UK/US API's to facilitate payments on your behalf. We send the clients name, address, email address, phone number and the purchase amount.

Stripe: We use the Stripe API's to facilitate payments on your behalf. We send the clients name, address, email address, phone number and the purchase amount.

BluePay: Is only available for US Customers.

Merchant Focus: Is only available for US Customers.

GoCardless: We use the GoCardless API's to facilitate payments on your behalf. We send the clients name, address, email address, phone number and the purchase amount.

ISO 27001 Policy

1.3 ISMS POLICY

It is the policy of BaseServ Limited to maintain an information management system designed to meet the requirements of ISO 27001 in pursuit of its primary objectives, the purpose and the context of the organisation.

It is the policy of BaseServ Limited to:

  • make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system.
  • comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
  • provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met;
  • ensure that all employees are made aware of their individual obligations in respect of this information security policy;
  • maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on "risk".

This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.

To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by "Top Management" to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.

Scope of the Policy

The scope of this policy relates to use of the database and computer systems operated by the company in pursuit of the company's business of providing online billing/invoicing services to the SME, B2B and B2C sectors. It also relates where appropriate to external risk sources including functions which are outsourced.

Top Management

Jordan Smith

Company Director

Dated: 06/09/2025

Questions about GDPR or ISO 27001?

If you have any questions about our GDPR compliance, ISO 27001 certification, or data handling practices, please contact our team.

Contact Us