Eurobesthosting Ltd collects and processes personal data as legislated in the General Data Protection Regulation (GDPR) (EU) 2016/679.
What we need?
Eurobesthosting Ltd is a Controller of the personal data you the Customer (data subject) provide us. We collect the following types of personal and non-personal data from you:
Personal Data: Name, Address, Telephone Number, Email, Payment information and IP address. We may also retain records of your queries and correspondence in the event you contact us e.g. by email or support ticket.
Non-Personal Data: Browser types and cookies
If you provide us with personal data about a third-party (e.g. when registering a domain on their behalf), you warrant that you have obtained the express consent from the third-party for the disclosure and use of their personal data
Why do we need it?
We need your personal data in order to provide you with the following services:
To provide services and fulfil our obligations to you our customers
To provide technical support and customer care
To process payments
To detect incorrect order details
To communicate with you our customers and consenting subjects regarding our services
To facilitate access for users on our website(s)
To provide you with information about products or services that you request from us
To review job applications
What we do with it?
Your personal data is processed in Eurobesthosting Ltd Offices in Ireland. The hosting and storage of your data takes place in our Data Centre located in the Netherlands (Nedzone) and Germany (Strato). The Security of your data is important to us and we take appropriate technical and organisational measures to protect it.
Your data will not be transferred to any third-party unless this is required for one of the following reasons:
In order to fulfil the service ordered and meet our obligations (for example to a fulfil a domain registration with a particular registry)
Irish law enforcement request, Court order or statutory requirement
Merger, acquisition of company or sale of company assets./li>
Any such third-party will have similar appropriate data protection policies.
We do not and never shall sell your personal data to third parties for marketing or advertising purposes.
How long do we keep it?
We will keep your personal data as long as is required to fulfil our obligations to you. After we have fulfilled our obligations, under Irish law, we are required to keep your documents for a further 6 years. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
What are your rights?
Under GDPR regulations should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to make reasonable requests to see this information, rectify it or have it deleted. Please contact us and request a Data Subject Access Request Form.
In the event that you wish to complain about how we have handled your personal data, please contact our Data Protection Officer at firstname.lastname@example.org or in writing at Eurobesthosting Ltd, Northumberland Road 22, Dublin 4, Ireland. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Data Protection Commissioner www.dataprotection.ie and file a complaint with them.
What about Cookies?
We may store some information on your computer in the form of a "cookie". A Cookie will permit us to maintain our service to match your needs, interests and preferences. You have a right to refuse to accept cookies.
A cookie is a small text file that is saved on your computer. Most web sites deliver cookies to provide visitors access to various functions on the website. Cookies can be long-lived or short lived. The long-lived cookie holds information and compares it with information you display when you return. Web sites that recognise you when you return and provide access codes automatically are examples of this. The short-term cookies are known as session cookies. These are stored temporarily during your visit and are not stored in your computer for long and are regularly deleted when you close your computer. Long lasting cookies can be deleted from "documents and settings" on your computer.
You can set your computer to block cookies by setting your browser to reject them. However, you may lose many functions that you at present take for granted. Cookies have become like unseen automatic servants - doing things repeatedly that would otherwise require our deliberate intervention.
What about our hosting services?
Under GDPR, a “controller” determines why and how personal data is processed. A “processor” processes personal data on behalf of the controller. Eurobesthosting Ltd has limited knowledge of the data that each customer processes via the hosting infrastructure (“Customer Data”). Eurobesthosting Ltd only processes Customer Data in accordance with the customer’s instructions. Therefore, Eurobesthosting Ltd is a processor of Customer Data hosted at Eurobesthosting Ltd; the customer is a controller and ultimately is responsible to the Data Protection Commissioner. Any content posted, uploaded, sent to or otherwise made available by you or your own data subjects on your hosting account is not subject to our Privacy Notice but is subject to our Terms and Conditions.
What about our domain name registration?
In order to register a domain name you may be requested, depending on the domain registry requirements, to supply personal information such as name, address, telephone number, email, identity document and utility bill. Under the GDPR, Eurobesthosting Ltd is a “processor” of this personal data as we pass this on to the domain registrar/registry (the “controller) at your instruction. Depending on the top level domain you require the domain registry may be outside of the EU/EEA.
Currently some personal data is made available on the public WHOIS database as this is a contractual requirement of the governing body ICANN. This requirement is being reviewed by the EU Commission. Most European country code registries including the IEDR (.ie registry) have phased out the publishing of personal WHOIS data. Certain country code domain registries outside of the EU will still publish WHOIS data as this is often mandatory if you require the domain name. Each domain registry has its own Domain Registration and Privacy Policies which we advise you to read.
Eurobesthosting Ltd has always demonstrated its commitment to customer data privacy and protection by ensuring compliance to data protection law and legislation.
New European Union legislation, GDPR (General Data Protection Regulation), comes into force on the 25th May 2018 and sets out regulations for the handling of Personal Identifiable Data. This document outlines the responsibilities of Eurobesthosting Ltd and Customers for the various products and services that Eurobesthosting Ltd provides.
Personal Identifiable Data
Eurobesthosting Ltd provides domain name registration, shared hosting and a range of addon products to support hosting services. In order to provide these services and fulfil its obligations Eurobesthosting Ltd will require personal data, such as:
Eurobesthosting Ltd is the controller for this ‘Personal Data’ and will retain such data for as long as is required to fulfil its obligations and thereafter for a maximum of six years as required by applicable laws and revenue regulations.
Customers host data, referred to as ‘Customer Data’, on platforms controlled by Eurobesthosting Ltd, however Eurobesthosting Ltd does not have visibility or control of ‘Customer Data’ and so in most instances are not considered to be the data controller, but rather Eurobesthosting Ltd is the processor.
‘Customer Data’ may include, but not limited to:
Content of Mailboxes
Anything uploaded or stored on Eurobesthosting Ltd services
Eurobesthosting Ltd is not typically aware of the content of ‘Customer Data’ and therefore treats all customer data with the same respect and standards of control. While Eurobesthosting Ltd takes every step reasonable to ensure security of ‘Customer Data’, it is the direct customer’s responsibility to ensure such data is stored in a way which minimises the risk of compromise or disclosure. This includes using a solution specified with the appropriate level of security, for example using appropriate access-control, anti-virus/malware, firewalls, intrusion detection/prevention, encryption and placing data in the correct location.
Domain Name Registrations
Eurobesthosting Ltd registers and manages domain names on behalf of its customers through a variety of registries and registry resellers. Eurobesthosting Ltd does not control this data and collection of this data is a contractual requirement of ICANN (Internet Corporation for Assigned Names and Numbers) and specific domain registries including country code registries. Under the GDPR, Eurobesthosting Ltd is a “processor” of this personal data as we pass this on to the domain registrar/registry (the “controller) at your instruction.
Currently some personal data is made available on the public WHOIS database as this is a contractual requirement of the governing body ICANN. This requirement is being reviewed by the EU Commission. Most European country code registries including the IEDR (.ie registry) have phased out the publishing of personal WHOIS data. Certain country code domain registries outside of the EU will still publish WHOIS data as this is often mandatory if you require the domain name. In some instances WHOIS privacy proxy can be used to obfuscate information from public WHOIS. Each domain registry has its own Domain Registration and Privacy Policies which we advise you to read.
Eurobesthosting Ltd provides a range of shared hosting services which allows a customer to host a website, store database information and host email on a shared server (shared server means other customers are sharing resources on the same server). The responsibility for securing the data is shared between Eurobesthosting Ltd and the customer. Eurobesthosting Ltd is responsible for securing the shared hosting environment and deploys best practice security policies and processes. The customer is responsible for the content, passwords and access to the data. In addition, the customer is responsible for their own backups, and application security by keeping them up to date with the latest version etc (e.g. WordPress).
Eurobesthosting Ltd are authorised resellers for SSL Certificates and collects Personal Identifiable Data (name, email address etc) on behalf of the SSL certificate authority in order to validate the registrant.
The customer is responsible for ensuring the security of any passwords / urls provided for access to the backup portal as well as the management and scheduling of backups. Eurobesthosting Ltd is responsible for implementing operational controls to restrict unauthorised access to the backup servers and data.
Client GDPR Responsibilities
Any personally identifiable data that is uploaded, managed or hosted on Eurobesthosting Ltd hosting platforms, known as ‘Customer Data’, is the responsibility of the customer and as such the customer is the Controller. As the Controller of the data the customer too has the responsibility for meeting GDPR regulations.
This document is not intended to be exhaustive, but rather provide an overview of Eurobesthosting Ltd data processing within the framework of GDPR.