Definitions in this policy document:
The Provider ("We"/"Our"/"Ours") - "CiviHosting"
Site Visitors – any party that has visited this site and a site within the Provider network infrastructure, but is not in a legal agreement with the Provider
Personal Data – any piece of data that may serve to identify a specific person
Every computer connected to the Internet is assigned a set of numbers that serve as that computer's IP (Internet Protocol) address. When a visitor requests a page from any website within our network, our web servers automatically recognize that visitor's IP address. We use the IP logs to examine our traffic in aggregate, but do not collect and evaluate this information for individuals.
What are cookies?
A cookie is a small piece of data that is sent to your browser from a web server and stored on your computer's hard drive. We may send session ID cookies as well as persistent cookies. Session ID cookies terminate and are erased once you close your browser or log out, while persistent cookies are stored on your hard drive for longer periods. Cookies cannot damage your system. You can choose whether to accept cookies by changing the settings of your browser. You can reset your browser to refuse all cookies, or allow your browser to show you when a cookie is being sent. If you choose not to accept these cookies, your experience at our site and other websites may be diminished, and some features may not work as intended.
What other information do you request?
The personal information that we request and collect through online forms for ordering services and products include the following:
- Your name
- Your e-mail address
- Postal address
- Phone and fax numbers
- Domain name
For the provision of various types of services, the Provider may share personal data of the Customer with additional providers, such as:
- Domain registration providers
- SSL certificates issuers
- Support and infrastructure providers
The transfer of personal data under this article will be done ONLY for the provision of a service that the Customer has purchased, and excludes any type of marketing activities or data profiling.
Domain name registration and WHOIS
The Internet Corporation for Assigned Names and Numbers ("ICANN") requires collecting the following personal information during the domain name registration process:
- Your full name
- Mailing address
- Phone and fax number
- E-mail address
ICANN then requires all registrars to keep the above-mentioned information, as well as the creation and expiration dates of your domain name registration and the name server information associated with your domain name, available through a WHOIS service. Depending on the global registry (TLD), the WHOIS service might be either available to the general public, or accessible only for authorized authorities (a.k.a. Gated WHOIS). The Provider is not able to control how members of the public may use the WHOIS Information.
Will you disclose the information you collect to third parties?
The Provider will disclose personal information to third parties only when required for the provision of service (Additional Providers) or when required by law or in the good-faith belief that such action is necessary to:
- Conform to the edicts of the law or comply with a legal process served on the Provider site.
- Protect and defend the rights or property of our site, or its visitors.
- Identify persons who may be violating the law, the legal notice, or the rights of third parties.
- Cooperate with the investigations of purported unlawful activities.
The Provider will never use your name, account data, your trademark, or any data related to the hosting account, to advertise our own hosting services in any way. An exception to this could be cases in which we receive your explicit consent on this. Except in the cases listed above, the Provider will not share with third parties information whether a certain party is our customer or not. Please have in mind that information about the hosting service of a site could be obtained from other sources, such as the site IP address and its owner/maintainer.
What else should I know about my privacy when online?
Please keep in mind that whenever you voluntarily disclose personal information online - for example through e-mail, discussion lists, or elsewhere - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.
Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you're online.
Your consent to this agreement
Withdrawing your consent
The Provider cannot provide hosting and related services without access to your personal data listed in this document. Withdrawing your consent from this policy is not possible without the discontinuation of the services provided by the Provider. Even after the discontinuation of all services provided by the Provider, your data will still be kept for accounting, tax-related and other lawful purposes, as required by law.
Data Processing Statement
The purpose of this statement is to ensure the compliance of the services of the Provider with General Data Protection Regulation of EU (GDPR].
Additional definitions for the purpose of this statement:
- GDPR - General Data Protection Regulation of EU 2016/679 of the European Parliament
- Data Controller - an entity which determines the purposes and means of the processing of customer data. Full definition of Data Controller is determined by the GDPR.
- Data Processor - an entity which processes personal data on behalf of the controller. Full definition of Data Controller is determined by the GDPR.
The Provider acts as a Data Controller of all personal data of the Customer.
The Provider, as a maintainer of the infrastructure used for the provision of services to the Customer, has access to any data that the Customer stores on the Provider infrastructure, including personal data of other entities that the Customer stores on the server. As such, the Provider acts as a Data Processor for this data. The Provider cannot and will not act as a Data Controller of any data that the Customer stores on the infrastructure of the Provider.
With this Data Processing Statement, the Provider confirms the following:
Any Personal Data for which the Provider acts as a Data Processor will not be used by the Provider for any means other than for the provisioning of the ordered and paid services by the Customer. This includes any technical assistance needed for the provision of services. The Provider will never disclose any of this Personal Data to third parties, unless this is required by law.
The Provider has taken the needed measures to ensure the security of the server and network infrastructure. This includes the physical security at the locations where the infrastructure is located, as well as the software and network security of the devices used in the infrastructure. Information about specific security measures can be found on the Provider web page and/or related documents.
The Provider maintains active monitoring of their servers and network. Any possible breaches that could involve leakage of Personal Data to third parties will be immediately reported to the Customer, via the contact details provided by the Customer for the provision of the ordered services. NOTE: The website of the Customer, as well as related software maintained by the Customer, is not considered a part of the Provider infrastructure.
The Provider maintains monitoring on the site of any Customer. Any possible breaches spotted by this monitoring will be reported to the Customer, to the best of the Provider abilities.
All personnel of the Provider that has access to Personal Data has been properly trained and instructed on the manner it should work with it.
Except for the data listed in point 6, the Customer can manage/delete at their own discretion any other Personal Data they store on the infrastructure of the Provider.
To comply with the GDPR, the Customer, as a Data Controller of Personal Data of Site Visitors, must establish their own rules and practices regarding data processing.