Privacy Policy

Fonyo is a trading name of ITSec Limited, a private limited company registered in England And Wales. Company Number 4047064.

ITSec Limited ('We and Us") are committed to protecting and respecting Your privacy.

This Policy (together with our terms and conditions and any other documents referred to on it) sets out the basis on which any personal data We collect from "You", or that You provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding Your personal data and how We will treat it. By visiting You are accepting and consenting to the practices described in this Policy.

For the purpose of the General Data Protection Regulation ("GDPR"), the data controller is ITSec Limited of 89A London Road, Leicester, LE2 0PF. The information and data You provide in connection with the registration of the various services of ITSec (the "Services"), will be processed in accordance with the provisions of the GDPR.

We will comply with the GDPR. The GDPR states that the personal data We hold about You must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that We have clearly explained to You and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes We have told You about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes We have told You about.
  6. Kept securely.

Information We Collect From You

We will collect and process the following data about You:

Uses Made Of The Information

We use information held about You in the following ways:

Other Processing Activities

In addition to the specific purposes for which We may process your Personal Data set out above, We may also process any of Your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or in order to protect Your vital interests or the vital interests of another natural person.

Please do not supply any other person's personal data to Us, unless We prompt You to do so.

Information We Receive From Other Sources

ITSec works alongside third parties (including business partners, service providers and fraud protection services) and We may receive information from them about You. We will combine this information with information You give to us and information We collect about You. We will use this information and the combined information for the purposes set out above (depending on the types of information We receive).

Disclosure Of Your Information

You agree that We have the right to share Your Personal Data with:

Domain Registration Data In The Public Whois

In order to provide you with certain domain extensions, We are required to send your Personal Data to the Registry responsible for that domain extension. The details of the Registry providing specific extensions can be found at The Registry or Registrar which We contract with to register the domains may publish your Personal Data in the online directory known as the Whois, unless you have previously purchased a domain privacy service from us.

For domains ending in .com .net and .jobs where the Registrar listed on the Whois is our company partner Registrar:, their privacy policy will apply. You give your consent to register your domain with them under the terms of their business.

For all Nominet domain registrations (, .uk,, your Personal Data will not be published to the public Whois from 22 May 2018. For all IEDR domain registrations (.ie) your Personal Data will not be published to the public Whois from 11 May 2018.

Should the publishing of your Personal Data to the public Whois by our partner Registrar(s), be enforced by ICANN, or should Nominet or IEDR's policy about the publishing of Personal Data to the public Whois change, We will advise you by updating this Privacy Policy.

Where We Store Your Personal Data

All information You provide to Us is stored on our secure servers inside the European Economic Area ('EEA'). It will also be processed by staff operating inside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of Your order, the processing of Your payment details and the provision of support services. By submitting Your Personal Data, You agree to this transfer, storing or processing. ITSec Limited will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this privacy policy. Where We have given You (or where You have chosen) a password which enables You to access certain parts of our site, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect Your Personal Data, We cannot guarantee the security of Your data transmitted to our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.

Transfers Of Your Personal Data Outside The EEA

Your Personal Data may be transferred outside of the EEA in order to carry out the services We provide to you.

The lawful basis for this processing will either be: (a) on the basis of your informed consent; or (b) necessary for the performance, fulfilment and administration of a contract/order: (i) between you and ITSec; or, (ii) where, at your request, We act on your behalf to provide your Personal Data to a third party in order to enter into a contract with them (for example where We provide your contact details to a domain name registry outside of the EEA to assist you in the registration of a local country code domain name).

All transfers of Your Personal Data outside of the EEA will be protected by appropriate safeguards. Where Your Personal Data is transferred outside of the EEA, We will ensure that either (a) The European Commission has made an "adequacy decision" with respect to the data protection laws of the country to which it is transferred, or (b) We have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data in compliance with the GDPR.

Privacy Shield

To the extent that the EU-U.S. Privacy Shield remains in effect and enforceable under applicable EU laws, ITSec shall adhere to the framework and principles of the EU-U.S. Privacy Shield with regards to its processing of Your Personal Data.


Our websites and services are not directed at individuals under the age of thirteen (13). We will not intentionally collect or maintain information about these individuals. If you believe that We may have collected Personal Data from someone under the age of 13, please let us know by emailing We will then take appropriate measures to investigate and, if appropriate, delete that information.

How Long We Store Your Personal Data

We will retain your information for as long as needed to provide you with the Services or as long as needed to fulfil the purpose for which the Personal Data was originally collected. We may also be required to retain certain information by law and/or for legitimate business purposes (for example, VAT records).

Your Rights

You may instruct Us to provide You with any Personal Data We hold about you, provided Your request is not found to be unfounded or excessive, in which case a charge may apply.

We may withhold personal information that you request to the extent permitted by law.

You may instruct us at any time not to process your personal information for marketing purposes. The rights you have under the GDPR are:

If You wish to:


Our website uses cookies to distinguish You from other users of our website. This helps us to provide You with a good experience when You browse our website and also allows us to improve our site. For detailed information on the cookies We use and the purposes for which We use them see our Cookie Policy.

Personal Data Managed By Our Clients

"Client" is the customer of ITSec Limited to whom We provide the various Services our business offers.

"Client Customer Data" is the Personal Data belonging the parties with whom our Client has a relationship. We have no direct relationship with the parties whose Client Customer Data is processed by our Clients.

If you are aware that your Personal Data has been provided to a Client of ours who has a Service with us, then please read this section of our Privacy Policy.

Our Clients use the Service to host, transmit or process data on our hosting platform and this, may include personal data of their own customers with whom they have a contractual relationship (Client Customer Data).

In this instance, it is our Clients and not Us who define the process and policies by which Client Customer Data is collected and processed. We do not collect, view or share Client Customer Data except as outlined in the agreement We have in place with our Client to supply the Services, or as required by legislation. Nothing contained in this Privacy Policy shall alter specific terms and conditions applicable to the Service agreement.

In line with the Service agreement, our Clients retain responsibility for setting standards and for managing security of all data they upload to our platform and that includes Client Customer Data. The security, including encryption of data prior to transmission to our network and confidentiality of their accounts and access to our platform, remains the responsibility of our Clients.

To find out how Client Customer Data is collected, stored and securely managed, and the process outlining how to gain access and/or to make changes, please refer to the Privacy Policy of the relevant ITSec Limited Client to whom you have provided your details or contact them directly. If you contact us with a request about your Client Customer Data (for example, you may no longer wish to be contacted by one of our Clients), We will pass on that request at the earliest opportunity.

We provide the Services directly to our Clients, and have no direct relationship with the parties whose Client Customer Data is processed by our Clients. Our customers take responsibility for all Client Customer Data that they process and for complying with relevant data protection legislation.

Changes To Our Privacy Policy

Any changes We make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to You by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.


Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to Hannah Bushell, ITSec Limited of 2nd Floor, 89A London Road, Leicester, LE2 0PF.