GDPR • Privacy Policy • Last updated: 2025-09-06

Privacy Policy

How we collect, use, share, and protect your personal data under GDPR (EU/EEA), UK GDPR, and Swiss data protection law.

Applies to EEA / UK / CH usersprivacy@YOURDOMAIN.TLD

Overview

This Policy explains what personal data we process when you visit YOURDOMAIN.TLD, use our services (e.g., game servers, panel, web hosting), or contact us. It also explains your rights and how to exercise them.

  • We process only what we need, for clear purposes, on valid legal bases.
  • We don’t sell personal data.
  • We secure data with encryption, access control, and audits.
  • You can access, delete, port, or object to processing where applicable.

Data Controller

Company
COMPANY_NAME_LLC_OR_GMBH
Website
YOURDOMAIN.TLD
Address
STREET_AND_NO, ZIP CITY, COUNTRY
Email
privacy@YOURDOMAIN.TLD
Phone
+00 000 000000
Data Protection Officer
NAME / CONTACT (or “Not applicable”)

Key Definitions

  • Personal data: any information relating to an identified or identifiable person.
  • Processing: any operation performed on personal data (e.g., collection, storage, use, deletion).
  • Controller: decides why and how personal data is processed.
  • Processor: processes data on behalf of the controller.

What We Collect

Account & Billing
  • Name, username, email
  • Billing address, VAT, invoice metadata
  • Payment tokens/IDs (card data with provider only)
Service Operation
  • Server IPs/ports, subusers, SFTP/SSH access logs
  • Panel actions (create/stop server, configs)
  • Uptime/health telemetry
Diagnostics & Security
  • HTTP/server logs (IP, UA, timestamps, status)
  • DDoS/Firewall events
  • Fraud/abuse indicators
Support & Communications
  • Tickets, emails, chats
  • Attachments (error logs, configs, screenshots)

Where Data Comes From

  • Directly from you: account signup, orders, tickets.
  • Automatically: logs, cookies/consent, uptime checks.
  • Third parties: payment, email delivery, analytics (if enabled).

Purposes & Legal Bases (Art. 6 GDPR)

PurposeExamplesLegal Basis
Provide services
Provisioning, panel, uptime, subusers
Art. 6(1)(b) – Contract
Security & abuse prevention
DDoS mitigation, access logs
Art. 6(1)(f) – Legitimate interests
Billing & accounting
Invoices, VAT, receipts
Art. 6(1)(c) – Legal obligation; 6(1)(b) – Contract
Support & communication
Tickets, email replies
Art. 6(1)(b) – Contract; 6(1)(f) – Legitimate interests
Marketing (opt-in)
Newsletters, updates
Art. 6(1)(a) – Consent

Where we rely on legitimate interests, we balance them against your rights and expectations.

Recipients / Processors

ProcessorPurposeRegionSafeguards
DATACENTER/HOSTING
Compute, networking, storage
EU/CH
DPA; SCC if outside EEA
EMAIL PROVIDER
Transactional & support emails
EU/US/UK
DPA; SCC
PAYMENT PROVIDER
Payment processing
EU/US/UK
DPA; PCI-DSS; SCC
ANALYTICS (optional)
Usage analytics (consent)
EU/US
DPA; IP anonymization; SCC

We sign Data Processing Agreements (DPAs). A detailed, current list is available on request.

International Transfers

If data is transferred outside the EEA/UK/CH, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum). Copies are available upon request.

Retention

CategoryTypical Retention
Account data
Life of account + 12 months
Billing/Invoices
10 years (local law may vary)
Server/Access logs
30–180 days (security/diagnostics)
Support tickets
24 months (or on request)

We keep data only as long as needed or required by law.

Cookies & Tracking

We use essential cookies for login/session and security. Optional analytics/marketing cookies (if any) are used only with your consent. You can change preferences anytime on our Cookies page.

TypeExamplesRetention
Essential
session_id, csrf_token
Session / up to 12 months
Analytics (optional)
page_view, referrer
14–26 months
Preference
lang, theme
6–12 months

Marketing Communications

We send newsletters or offers only with your explicit consent. You can unsubscribe anytime using the link in the email or by contacting us.

Automated Decisions / Profiling

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. We also do not conduct profiling for marketing without consent.

Security Measures

  • Encryption in transit (HTTPS/TLS) and at rest where applicable
  • Role-based access, least privilege, MFA for staff
  • Backups, monitoring, DDoS protection
  • Vendor DPAs and periodic security reviews

Your GDPR Rights (Arts. 12–23)

Access & Portability
  • Request a copy of your data
  • Receive it in a portable format
Rectification & Erasure
  • Fix inaccurate data
  • Request deletion (“right to be forgotten”)
Restriction & Objection
  • Limit processing in certain cases
  • Object to processing based on legitimate interests
Consent & Complaints
  • Withdraw consent at any time
  • Complain to your supervisory authority

How to Exercise Rights

Email us at privacy@YOURDOMAIN.TLD or use our contact form.

Request my data (DSAR)Delete my dataRectify my dataObject to processing

We may need to verify your identity. We aim to respond within 30 days (extendable by 60 days for complex requests).

Complaints

You have the right to lodge a complaint with your local supervisory authority (EEA/UK/CH), in your place of residence or work.

Changes & Contact

We may update this Policy to reflect legal, technical or business changes. We will publish the new version with an updated date.

General contact
contact@YOURDOMAIN.TLD
Privacy contact
privacy@YOURDOMAIN.TLD