Hostex
Legal

GDPR Compliance

Last updated: December 17, 2024

Our Commitment to GDPR

Hostex is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of our users in the European Union and European Economic Area.

Data Controller and Processor

Depending on the context, Hostex acts as both a data controller and data processor:

  • Data Controller: For customer account data, billing information, and support communications.
  • Data Processor: For data that customers store on our servers through their hosting accounts.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our hosting services.
  • Legitimate Interest: Security monitoring, fraud prevention, and service improvement.
  • Legal Obligation: Tax records, legal compliance, and regulatory requirements.
  • Consent: Marketing communications and optional analytics.

Your GDPR Rights

Under GDPR, you have the following rights:

Right of Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure

You can request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing

You can request limitation of processing in certain circumstances, such as while we verify the accuracy of your data.

Right to Data Portability

You can request your data in a machine-readable format for transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Data Processing Agreements

We offer Data Processing Agreements (DPAs) to customers who require them. Contact our legal team at gdpr@hostex.co to request a DPA.

International Data Transfers

When transferring data outside the EU/EEA, we use appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Binding Corporate Rules where applicable

Security Measures

We implement technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required, and affected individuals without undue delay when there is a high risk to their rights and freedoms.

Data Protection Officer

Our Data Protection Officer can be contacted at:

  • Email: dpo@hostex.co
  • Address: Data Protection Officer, Hostex Inc., [Address]

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request through your account dashboard or email us at gdpr@hostex.co. We will respond within one month of receiving your request.

Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local supervisory authority.

GDPR Compliance | Hostex