UK-focused hosting and infrastructure

Corporate information

Hosting and data protection

The customer normally determines what personal data is placed in its hosted websites, applications and systems. Depending on the service, BLCS Global or its infrastructure providers may process limited data on the customer’s behalf to deliver hosting, security, backup and support.

01

Roles depend on context

The customer usually controls hosted content, while BLCS Global may process limited data to provide the service.

02

Location considered early

Data-residency and transfer requirements should be stated before the architecture is agreed.

03

Contractual support

A data-processing agreement can be considered where the service relationship requires one.

01 / Corporate information

Customer and hosting responsibilities

Customers decide what personal data their websites and applications collect, why it is used and who can access it. They remain responsible for lawful notices, permissions, retention and application-level security. BLCS Global’s role is limited to the infrastructure and managed tasks set out in the service agreement.

  • The customer configures its application, users and business data unless expressly agreed otherwise
  • Administrative access should be granted only to authorised people
  • Sensitive workloads should be identified during scoping
  • Support access is limited to operational need, authorisation and legal obligations

02 / Corporate information

Sub-processors, location and security information

Datacentre, network, backup and communications providers may be used to deliver the selected service. The exact chain depends on product and location. Customers with contractual, regulatory or transfer requirements should raise them before order so a suitable design and documentation route can be assessed.

  • A UK location does not by itself satisfy every data-protection obligation
  • Cross-border access and supplier location may need separate consideration
  • Security controls are shared across infrastructure, application and customer processes
  • Incident and assistance obligations are defined in the applicable agreement

Who this information supports

Where this policy applies

The applicable order and service documents remain important where the enquiry or account relates to a purchased service.

Controllers hosting customer or employee data

SaaS businesses selecting infrastructure

Procurement teams reviewing supplier roles

Organisations with UK data-residency requirements

Clear answers

Frequently asked questions

These answers explain the public policy at a practical level. Account-specific matters should use the secure Client Area.

Is BLCS Global always the data processor?

No. The role depends on the activity. For hosted customer content BLCS Global may act as a processor, while for its own account, billing and enquiry records it may act as a controller.

Can we request a data-processing agreement?

Yes. The requirement should be raised during quotation so the service scope, parties, locations and sub-processing position can be reviewed.

Does BLCS Global inspect customer application data?

Routine service delivery does not require general inspection of customer content. Access may occur where authorised support, security response, platform operation or law requires it.

Continue exploring

Related infrastructure and guidance

Need clarification?

Raise a policy question through the secure form.

Contact BLCS Global