TERMS AND CONDITIONS

Terms of Service : Magento hosting

 

Our Magento hosting has been specifically tailored to offer the best value Magetno specific hosting environment possible.

 

This agreement is made between Dx3webs and the Client.

 

Applications.

Our shared hosting packages are for the specific application as purchased eg Wordpress, Magento. Each package is for a single installation of that application. No additional content is to be installed without seeking consent.

 

Email.

Our magento web servers are not intended to be used for email purposes above and beyond the normal transactional email produced and delivered by magento. The web servers will not be used to send any other email.  We are happy to provide 3rd party email services for all our clients either free or as part of a value added service.

 

If you are not sure if your actions will be in violation, please ask first: info@dx3webs.com.

 

Bandwidth.

In the case of your site exceeding the bandwidth limit in any given month we will; 1) seek to further optimize your site to reduce bandwidth use, 2) remove the limit for the current month, 3) report back to you at the end of the following month on your bandwidth after our changes. Should your site still exceed the bandwidth limit of your chosen package you will either agree to update to a new package or be charged 0.35p per gigabyte for excessive bandwidth use.

 

PCI Compliance

Our shared hosting solutions are not and cannot pass PCI scans. Therefore are not suitable for some payment methods, notably, Paypal Pro or Sagepay via Direct integration. You can use payment methods where payments are taken 'off server' eg Paypal standard, Paypal express, Sagepay via Form or Server integration. We are happy to configure VPS and dedicated servers to pass PCI scans.

Under no circumstances are any payment method that store Credit Card details direct on the server to be used without consulting us directly. Similarly API based payment methods eg Sagepay via Direct integration are almost certainly beyond your PCI scope and so are not supported.

Dx3webs will maintain PCI DSS compliance in-line with PCI DSS v3.2 SAQ-A equivalent service provision covering PCI DSS requirements 2.1, 8.1.1, 8.1.3, 8.2, 8.2.3, 8.5, 12.9 and 12.10.  Requirements 9 and 12.8 are outside Dx3webs PCI DSS scope.

SAQ-A eligibility criteria covering the scope of the Dx3webs PCI DSS service provision is as follows:

  • Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions.
  • All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers.
  • Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions.
  • Your company has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant.
  • Any cardholder data your company retains is on paper (for example, printed reports or receipts), and these documents are not received electronically.
  • All elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s)

 

Age:

 

The Client must be at least 18 years of age to obtain our service.

 

Abuse of the legal rights of others:

 

The Client agrees not to use their hosting account to abuse the legal rights of third parties.

 

Examples of unacceptable activities in this regard include posting private information about a person without their consent, infringing intellectual property rights, defaming a person or business, and knowingly making available code which will have a deleterious effect on third party computers.

 

 

Libel:

 

Dx3webs does not monitor the content of customer websites, nor does it have the practical capability to do so.

 

We may be notified that a libellous statement is being hosted on a customer website. However, this notification must (for each libellous statement) include a full link (URL) to the content in question, an explanation of why the content in question is libellous and a short quote from that content.

 

In the absence of this information, Dx3webs will not be considered to have been informed of a libellous statement. We will not engage in monitoring of, or searching for, any content hosted on our service at the behest of a third party that believes itself to have been libelled.

 

On notification of a libellous statement, our customer will be notified and given up to 24 hours to remedy the situation.

 

We reserve the right to remove any content about which a complaint of libel has been made, or to suspend or terminate a customer account hosting content about which a complaint of libel has been received.

 

Abuse of the law:

 

Dx3webs services may be used for lawful purposes only. Illegality includes but is not limited to: drug dealing; attempting without authorization to access a computer system; pirating (distributing copyrighted material in violation of copyright law, specifically MP3s, MPEG's, ROMs, and ROM emulators); gambling; schemes to defraud; trafficking in obscene material; sending a message or having content that is obscene, lewd, lascivious, filthy, or indecent with intent to annoy, abuse, threaten, or harass another person; threatening bodily harm or damage to individuals or groups; Linking to illegal material is also prohibited. Dx3webs reserves the right to check system files, email, and other data on our servers for illegal content and materials, or for any other reasons deemed necessary.

 

Pornography:

 

Pornography, or links to such material, even if legal, is not an acceptable use of Dx3webs servers. An exception can be made where necessary to support the sales of products within your catalog.

 

Abuse of Dx3webs Server Resources:

 

Our magento web server are provided for the exclusive use of running magento e-commerce application.  No other scripts or programmes are to be run without consent.

 

Dx3webs reserves the right to report illegal activities to any and all regulatory, administrative, and/or governmental authorities for prosecution.

 

 

Other Behaviour:

 

The following examples of unacceptable behaviour are non-exclusive, and are provided for guidance purposes. If you are unsure if your actions will be a violation of our policies please ask abuse@dx3webs.com

 

Server broadcast messages or any message sent on an intrusive basis to any directly or indirectly attached network Attempt to circumvent any user authentication or security of host, network, or Account. Accessing data not intended for the Account Holder.. Probing the security of any network.  Any activity, whether or not the intrusion results in the corruption or loss of data, will be investigated and proper action taken.

 

Client Responsibility:

 

The Client is responsible for all activity originating from the Account unless proven to be a victim of outside hacking or address forgery. The Client is responsible for securing their username/password. Use of Dx3webs's service requires a certain level of knowledge in the use of Internet languages, protocols, and software. This level of knowledge varies depending on the anticipated use and desired content of the Account used by the Client. The following examples are offered: Web Publishing: requires knowledge of HTML, properly locating and linking documents, FTP-ing web contents, graphics, text, sound, image mapping, etc. FrontPage web publishing: knowledge of the FrontPage tools as well as knowledge of the use of FTP. CGI-Scripts: requires a knowledge of the UNIX environment, tar & gzip commands, perl, CShell scripts, permissions, etc. E-mail: Knowledge of the use of e-mail programs to receive and send mail, the configuration of those e-mail programs, etc. The Client agrees that he or she has the necessary knowledge to create, maintain and use their Account for the purposes they intend. The Client agrees that it is not the responsibility of Dx3webs to provide this knowledge or support outside matters specific to Dx3webs's servers.

 

Data Processing Agreement:

 

 

This agreement is update 01-05-2018 and binds Dx3webs (company registration number : 08221801 ), a company registered in England and Wales, with regard to The Customer regardless of  the version of the Terms and Conditions previously accepted.


  1. Definitions

1.1 “data controller” means a data controller or controller (as the case may be) as defined by the Data Protection Legislation (and ‘controller’ shall be construed accordingly) ie The website owner.
1.2 .“Data Processing Agreement” means this agreement.
1.3 “data processor” means a data processor or processor (as the case may be) as defined by the Data Protection Legislation (and ‘processor’ shall be construed accordingly) ie Dx3webs Ltd
1.4 “Data Protection Legislation” means the GDPR for as long as it is directly applicable in the United Kingdom and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the United Kingdom, and then any successor legislation to the GDPR or the Data Protection Act 1998.
1.5 “Data Subject” means a data subject as defined by the Data Protection Legislation.
1.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.7 “Personal Data” means personal data as defined by the Data Protection Legislation.
  1. Generalobligations

2.1 Both Parties shall comply with all applicable requirements of the Data Protection Legislation. This clause 2.1 is in addition to, and does not relieve, remove or replace, a Party’s obligations under the Data Protection Legislation.
2.2 The Parties acknowledge that for the purposes of the Data Protection Legislation and this Data Processing Agreement, the Data Controller is the data controller and the Data Processor is the data processor. The Schedule to this Data Processing Agreement sets out the scope, nature and purpose of processing by the Data Processor, the duration of the processing and the types of Personal Data and categories of Data Subject.
2.3 Without prejudice to the generality of clause 2.1, the Data Controller will ensure that it has, at all times:
      2.3.1 a valid legal basis under the Data Protection Legislation for the processing of Personal Data under this Data Processing Agreement, including, without limitation, such processing by the Data Processor as instructed or permitted by the Data Controller under clause 3.1.1 and clause 3.2 of this Data Processing Agreement;
      2.3.2 where required by law (for example, as required for the transmission by electronic means of direct marketing communications under the Privacy and Electronic Marketing Communications Regulations 2003), valid consent (under the Data Protection Legislation) for such processing; and
      2.3.3 appropriate notices in place as required by the Data Protection Legislation to enable lawful transfer of Personal Data to the Data Processor for the duration and purposes of this Data Processing Agreement.
  1. Data Processing 

3.1 Without prejudice to the generality of clause 2.1, the Data Processor shall, in relation to any Personal Data processed in connection with the performance by the Data Processor of its obligations under this Data Processing Agreement:
    3.1.1process Personal Data only on lawful documented instructions from the Data Controller, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by European Union or European Union Member State law to which the Data Processor is subject; in such a case, the Data Processor shall inform the Data Controller of that legal requirement before processing Personal Data, unless that law prohibits such information on important grounds of public interest;
    3.1.2 ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
    3.1.3.take all measures required pursuant to Article 32 of the GDPR;
    3.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor;
    3.1.5 taking into account the nature of the processing, assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the GDPR;
    3.1.6 assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the processing and the information available to the Data Processor;
    3.1.7 at the choice of the Data Controller, delete or return all Personal Data to the Data Controller after the end of the provision of the services relating to processing, and delete existing copies unless European Union or European Union Member State law requires storage of Personal Data; and
    3.1.8 make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes the GDPR or other European Union or Member State data protection provisions.
 
3.2Where the Data Processor engages another processor for carrying out specific processing activities on behalf of the Data Controller, the Data Processor shall ensure that the same data protection obligations as set out in this contract or other legal act between the Data Controller and the Data Processor as referred to in paragraph 3 of Article 28 of the GDPR are imposed on that processor by way of a contract or other legal act under European Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Data Protection Legislation. Where the other processor fails to fulfil its data protection obligations, the Data Processor shall remain fully liable to the Data Controller for the performance of that other processor’s obligations.
 
3.3 Any contract or other legal act referred to in this clause 3 shall be in writing, including in electronic form.
 
3.4 The Data Controller agrees that it has considered the Data Processor’s obligations under Article 32 of the GDPR and considers that the Data Processor is in compliance with such obligations, in particular the obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the Data Controller’s processing of Personal Data.
 
3.5 Either party may, at any time on not less than one month’s prior written notice, revise clause 3 by replacing it with any applicable Data Controller to Data Processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Data Processing Agreement).
 
 
3.6 The Parties shall make such amendments to this Data Processing Agreement as are required to ensure that this Data Processing Agreement complies with any applicable legislation, including any applicable Data Protection Legislation from time to time.
 
3.7 Dx3webs shall notify Data Controllers without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include all information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Dx3webs.

 

Application Security Patches:

 

It is vital that all security patches for applications are applied in a timely manner. This includes security releases (SUPEE-XXXX Patches) by Magento and Wordpress. Ideally, your developer will apply these however, Dx3webs will, on a best endevours basis, apply patches on request.

 

Infected sites:

Clients will notify Dx3webs as soon as they are made aware of any breach in their site or on discovery of suspicious code. Dx3webs will notify clients of infected stores within 24 hours and disable public access to infected stores within 48 hours if there is no response from store owners.

 

Backups:

 

It is the Client's responsibility to maintain local copies of their web content and any other information held on their Account. If loss of data occurs due to an error of Dx3webs, Dx3webs will attempt to recover the data for no charge to the Client. If data loss occurs due to negligence of Client in securing their Account or by an action of the Client, Dx3webs will attempt to recover the data from the most recent archive.

 

IP Addresses:

 

Dx3webs maintains control and any ownership of any and all IP numbers and addresses that may be assigned to the Client and reserves in its sole discretion the right to change or remove any and all IP numbers and addresses.

 

Refunds:

 

If for any reason the Account Holder is not entirely satisfied with their hosting Account they may request that their Account be closed within an initial 7 day period of their order being placed. A full refund of any fees paid will then be issued. Beyond that initial 7 day period, all payments for hosting are non-refundable and service is provisioned for the period paid for.

 

Minimum Contract Periods:

 

The minimum contract period for shared hosting (standard or reseller) is 1 month. The minimum contract period for VPS or dedicated server hosting is 3 months, with a 30 day advance notice of cancellation required.

 

Cancellations made to VPS or dedicated servers within 30 days of a renewal due date will be billed for the extra cancellation period on a pro-rata basis.

 

Limitation of Liability:

 

Dx3webs shall not be responsible for any claimed damages, including incidental and consequential damages, which may arise from Dx3webs's servers going off-line or being unavailable for any reason whatsoever. Further, Dx3webs shall not be responsible for any claimed damages, including incidental or consequential damages, resulting from the corruption or deletion of any web site from one of Dx3webs's servers. All damages shall be limited to the immediate termination of service.

 

The Client acknowledges and agrees neither Dx3webs nor any of its members, shareholders, directors, officers, employees or representatives will be liable for any special, indirect, consequential, punitive or exemplary damages, or damages (including but not limited to damages for loss of profits or savings, loss of data, or loss of use) in connection with this agreement. If, despite the foregoing limitations, Dx3webs or any of its shareholders, directors, officers, employees or representatives should become liable to the Client or any other person in connection with this agreement for ANY REASON, then the maximum aggregate liability of Dx3webs, its members, shareholders, directors, officers, employees and representatives for all such things and to all such parties will be limited to the lesser of the actual amount of loss or damage suffered by the claimant or the amount payable by the Client to Dx3webs for one month of service under this agreement.

 

Dx3webs shall be the sole arbiter of what is and is not a violation of these acceptable use policies. Dx3webs reserves the right to terminate an Account at any time for non-compliance with the terms and conditions outlined above. Dx3webs reserves the right to delete all content and files upon Account termination. Dx3webs reserves the right to withhold any pre-paid funds for any Account removed for violations of these policies. Dx3webs reserves the right to refuse, cancel, or suspend service at our sole discretion.

 

Dx3webs reserves the right to change these terms and conditions without prior notice or warning. Non-enforcement of any part of these terms and conditions does not constitute consent.

 

Violations of these Policies should be referred to abuse@Dx3webs.co.uk

 

All complaints will be investigated promptly.

© 2016 Dx3webs Ltd. All Rights Reserved. | Company No. 08221801 | VAT No GB142 6020 55 | Terms & Conditions | Privacy Policy