Privacy policy applied to user data and information

Privacy Policy

 

Data confidentiality

Table of Contents

I. General information
II. Categories of personal data requested and processed
III. Processing purposes
IV. The length of time we keep / process the data
V. Disclosure of personal data
VI. Transfer of personal data
VII. The rights you receive
VIII. Control, access and security
IX. Special preferences related to minors
X. Social Media
XI. Processor
XII. Document validity

I. General information

S.C. Awesome Projects S.R.L., hereinafter referred to as Hostico, as the personal data controller, author, owner, and administrator of hostico.ro, respects the right to privacy and the security of processing personal data of each person who visits and/or uses the services provided by this website, and is committed to protecting their data and personal information. This document applies to the hostico.ro website, hereinafter referred to as the "Website".

Hostico is registered as a personal data operator with the National Authority for the Supervision of Personal Data Processing, under registration number 30701.

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR), which replaced Law 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, Hostico is obliged to administer the personal data you provide to us about yourself, a family member, or another person in a safe manner and only for the purposes and period specified in this document, as well as the personal data visible in the context of using this website.

Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

This Policy applies to all electronic devices used to access the Website. If you do not agree with the terms and conditions related to their use (as outlined in this document regarding the protection of personal data, as well as in the Cookie Policy and the Terms and Conditions regarding confidential information), please do not use the website.

II. Categories of personal data requested and processed

The website is structured in a way that allows visitors to browse and use it without the need to disclose any personal information. During each visit/use of the website, the server collects and temporarily stores basic information in the form of electronic logs, such as the IP address, browser used, referring domain (through which the visitor reached the website), access times, visit duration, and visited pages. Except for the IP address, none of this traffic data represents identifiable information. They are stored solely for statistical/analytical purposes to improve the services and, of course, to prevent fraud or abuse of the computer system. These data are not disclosed to any individual or legal entity outside of Hostico in any form, except for processing carried out by competent authorities for the purposes of prevention, detection, investigation, criminal prosecution, and combating offenses or for the execution of penalties. Any other information is provided strictly voluntarily by the visitor/user, and there is no obligation to provide personal data to Hostico. Although some services offered by Hostico cannot be used without providing certain data, their transmission is strictly voluntary.

a) Visitor of the Website

  • the data provided in the sections involving the completion of a form :
    Direct Mode: Name, Email
    Indirect mode: IP
  • the data provided in interacting with Hostico team members by using the online support system :
    Direct mode: Name, Email
    Indirect mode: IP

b) Client of the Website

  • data provided when creating a client account or making an order:
    Surname
    First Name
    Secondary contact*
    Email
    Secondary Email*
    Address
    Postal address
    Phone
    Social Security Number (individuals) **
  • In case of a company:
    Company Name
    Contact Person's Information: First and Last Name
    Registration Number at the Trade Registry Office
    Tax Identification Number (TIN) / Unique Registration Code (URC)

Indirect: IP
* - optional
** - necessary for registering certain domain extensions

III. Processing purposes

Our general principles regarding the processing of personal data belonging to website visitors (considered as clients of any of the services available on the website) and visitors to the website are outlined below:

a) Visitor of the Website

  • to respond to requests submitted through the forms available on the website
  • to respond to requests submitted through the online support system
  • to monitor traffic and improve the user experience on the website

Regarding Clients or potential Clients, the data and documents provided by them during the conclusion or subsequent performance of the contract will be processed exclusively in accordance with applicable legal provisions, including the General Data Protection Regulation (GDPR).

The data and documents provided by Clients will be used solely for the purpose of executing the contract between Hostico and the respective Client and will not be transferred to unauthorized third parties or disclosed in any form, except as provided by law or with the express consent of the Client.

b) Client of the Website

We use the personal data and documents provided by Clients for the following purposes:

  • Execution of the contractual relationship between the Client and Hostico, including the acceptance, validation, invoicing, and activation of the order placed on the website, as well as informing the client about the order status.
  • Fulfillment of legal obligations incumbent upon Hostico in the context of services provided through the website, including tax and archiving obligations.
  • Communication of information regarding the network status and any maintenance/interruptions in the provision of services.
  • Sending commercial communications about the services offered by Hostico through distance communication means (email, SMS) if you have given your consent in this regard.

The processing of data for the purposes mentioned above is based on the contract concluded between the Client and Hostico, as defined in our Terms and Conditions, and is necessary for compliance with legal obligations. Refusal to provide data may result in Hostico's inability to comply with legal obligations and, therefore, the inability to provide services through the website. The processing of data for marketing purposes is based on the consent provided if you choose to provide it by checking the corresponding box at the time of account creation or subsequently, through the client account.

Providing data for any of the situations mentioned above is voluntary but necessary for the use of the aforementioned services and the conclusion of a contract between the client and Hostico. Refusal to provide data may result in the impossibility of carrying out the contractual relationship between the client and Hostico.

c) General

The processing of data is based on the legal basis of Hostico's legitimate interest in ensuring the proper functioning of the website and constantly improving the visitor's experience on the website, including addressing comments, questions, or complaints.

The purposes of data processing include:

  • Administration and improvement of the services provided.
  • Conducting business activities such as sales of services, market research/studies, and statistics.
  • Advertising, marketing, and promotional activities of SC Awesome Projects SRL, including promotional campaigns, tracking and monitoring of service sales and consumer behavior.
  • Provision of post-sales customer relationship services, including informing users/clients about the evaluation of the services offered (including service evaluation on the website).

IV. The length of time we keep / process the data

As a fundamental principle, Hostico will process personal data only for the period strictly necessary to achieve the processing purposes mentioned above. We adhere to the principle of data minimization and will not retain data longer than necessary based on the purposes for which they were collected.

In the case of clients, we will process data for the entire duration of the contractual relationship and thereafter, in accordance with the legal obligations incumbent upon Hostico.

For client accounts, they will be retained for a period of 5 years from the registration of the last financial transaction on the respective account and will be automatically deleted upon the fulfillment of this term, provided that there are no active services on the account.

In the case of financial-accounting supporting documents, contracts, and additional agreements, according to legal provisions, they will be retained for a period of 10 years from the end of the financial year.

If you no longer wish to be concerned with the processing of personal data or if you want your data to be deleted, you can exercise your rights detailed in section VII below.

Account deletion is only possible if there are no active services associated with it. If there are one or more active services on the account, the account can only be closed if one of the following conditions is met:

  • The contracted period of the active service(s) on the account is expected to expire.
  • The active service(s) on the account are waived via a written request or transferred to other providers/registrars.

If you withdraw your consent for data processing for marketing purposes, Hostico will cease processing personal data for this purpose, without affecting the processing performed by Hostico based on the previously given consent.

Regarding internal notes, statistical analysis, service improvement, and market research/studies, we retain personal data only to the extent necessary to achieve these purposes and in accordance with legal provisions. The storage duration of this data is determined based on the specific needs of each purpose and is periodically reviewed to ensure that data is not retained longer than necessary.

In all cases, the storage of personal data complies with the principles of the GDPR, including purpose limitation, data minimization, and ensuring accuracy and currency. We ensure that personal data is appropriately deleted or anonymized after the retention period has expired.

V. Disclosure of personal data

The recorded information is intended for the exclusive use of Hostico in order to fulfill the contractual relationship and provide the requested services. However, in certain situations, personal data may be disclosed to third parties as described below:

  • Hostico's contractual partners: Based on a confidentiality commitment, data may be disclosed to Hostico's contractual partners who are involved in the provision of the requested services. These partners are obliged to keep the data secure and use it in accordance with applicable legislation.
  • Service providers: To ensure the efficient operation of services, we may disclose data to third-party service providers, such as those specialized in marketing, payment/banking services, courier services, or domain registration firms. These providers will act as processors and process the data according to our instructions.</li
  • Public authorities: If necessary for the prevention, investigation, and combat of crimes, we may be required to disclose the provided data to competent public authorities or other authorities, in accordance with applicable law.

VI. Transfer of personal data

The transfer of personal data outside the respective country or the European Union will only occur in situations where such transfer is necessary to fulfill the assumed contractual obligations.

An example of this is the domain registration service. Depending on the requested domain extension, it may be necessary to transfer personal data outside the respective country or the European Union. In such cases, we will take all necessary measures to ensure that the transfer complies with legal requirements and that the data is adequately protected in accordance with applicable personal data protection legislation.

Please note that when we transfer personal data outside the European Union, we will use appropriate mechanisms to ensure data protection in accordance with applicable law, such as standard contractual clauses approved by the European Commission or other legal mechanisms provided by the GDPR.

If you have any further questions or need more information about the transfer of personal data, please contact us at the email address office@hostico.ro.

VII. The rights you receive

In accordance with personal data protection legislation, as data subjects, you have the right to exercise the following rights:

  • Right to information: the right to receive detailed information about the processing activities carried out by Hostico, as described in this privacy policy.
  • Right to access: the right to obtain confirmation from Hostico regarding the processing of personal data and to receive information about how your data is processed, the purpose of processing, recipients or categories of recipients of the data, etc.
  • Right to rectification: if your personal data is inaccurate or incomplete, you have the right to request its prompt correction by Hostico. Any rectification or completion will be communicated to all recipients to whom the data was initially disclosed, unless this proves impossible or involves disproportionate effort.
  • Right to erasure ("right to be forgotten"): you have the right to request the erasure of personal data in the following situations:
    • the data is no longer necessary for the purposes for which it was collected or processed;
    • you have withdrawn your consent and there is no other legal basis for the processing;
    • you object to the processing, and there are no overriding legitimate grounds for the processing;
    • the data has been processed unlawfully;
    • the data must be erased to comply with a legal obligation;
    • the personal data has been collected in relation to the offer of information society services as provided for by the European Union law or the law of the Member State to which the data controller is subject.

Following a request for data erasure, it is possible that Hostico will anonymize this information (removing personal identifiers) and continue to process it for statistical purposes.

In accordance with the provisions of the GDPR, you are granted the following rights as data subjects:

  • Right to restriction of processing: the right to request the restriction of the processing of personal data in the following situations: the data subject contests the accuracy of the data, for a period allowing the controller to verify the accuracy; the processing is unlawful, and the data subject opposes the erasure of the data, requesting the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims; the data subject has objected to the processing (except for direct marketing) pending the verification of whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to request the transfer of this data to another data controller, to the extent that the applicable legal conditions are met.
  • Right to object: You have the right to object to the processing of your personal data based on Hostico's legitimate interests or for public interest purposes. Unless Hostico can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims, you can request at any time, free of charge and without justification, that your personal data not be processed for direct marketing purposes.
  • Right not to be subject to automated individual decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing or competent courts: You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing or competent courts if you consider it necessary.
  • The right of access and rectification is provided through the application used to access your customer account.

For any further questions regarding the processing of personal data or to exercise the rights mentioned above, please contact us via email at: office@hostico.ro.

VIII. Control, access and security

Hostico stores and processes customers' personal data in accordance with the General Data Protection Regulation (GDPR), using organizational and technical methods to ensure the protection of this data against destruction through security breaches, alteration, disclosure, or any other form of unlawful processing.

For the proper provision of services, Hostico may provide certain employees with information and personal data provided by customers. These employees have signed confidentiality agreements and receive specific instructions regarding the processing of this data. Hostico takes responsibility for the recording, storage, and use of this data by its employees.

The personal information of Hostico's customers is stored and processed through the WHMCS application (for more information, visit https://www.whmcs.com).

Access to a client's personal information is allowed only to the respective client and Hostico operators, requiring a separate username and password for each client.

Additionally, customers can activate Two-Factor Authentication as an additional security measure for accessing their account. This method requires obtaining an authentication code from an external device. Data processing takes place exclusively at the offices of Awesome Projects S.R.L. and partner data centers.

However, it is important to note that no information security program is infallible.

The client fully understands and accepts that Hostico does not assume responsibility for the consequences or disruptions that may occur due to improper use of the portal by clients. This includes, but is not limited to:

  • The addition by the client account administrator of a user whose contact details do not belong to the client (such as email addresses, payment cards, phone numbers, etc.). The client bears full responsibility for the use of these access details within the portal.
  • Access to the portal and making interventions or adjustments by administrators or users who no longer have access rights granted by the client.
  • Repeated and abusive access to the functionalities available within the client's account.
  • Distributing and copying links containing authentication tokens to other devices, browsers, or third parties.
  • The transmission of information, as well as the necessary access data for accessing, authenticating, and authorizing into the client account, to various individuals.

The client's account is the central point for managing the services provided by Hostico. This interface grants its owner authority and responsibility over the associated services, and anyone with access to this account can take various actions without the need to provide additional documents to Hostico.

The losses incurred by the Client due to non-compliance with the security policies agreed upon jointly under the conditions of this policy will not be considered the fault of Hostico and will not hold Hostico liable

IX. Special preferences related to minors

Hostico does not knowingly or intentionally collect data about minors. We do not provide services to minors.

X. Social Media

We maintain an online presence on various social networks and platforms to communicate with customers and potential clients, providing them with information about our services. We use platforms such as Facebook, Twitter, LinkedIn, YouTube, and Google Business. When you access these platforms, the processing terms and conditions of the respective platform operator apply. We also process data communicated to us through these social platforms.

Our website may include social media features such as Facebook, Twitter, and G+ sharing buttons. These features are governed by the privacy policies of the companies providing them.

Please note that our website may contain links to other websites. We do not control and are not responsible for the content or practices of these websites. The provision of these links does not imply endorsement of the respective activity, content, or owners of the linked sites. This Privacy Policy does not apply to these websites as they are subject to their own privacy policies.

XI.Processor

As a data processor, Hostico commits to the following:

  • Processing the information provided by the client only for the specific purposes imposed by the client.
  • Applying strict security standards at the level of equipment and inf rastructure.
  • Reporting any data breaches without undue delay.
  • Processing personal data only for the period indicated by the client.
  • Ensuring that the data is and will remain the property of the client.
  • Storing information only on servers located in Romania.

XII. Document validity

This privacy document has an indefinite validity.

Hostico reserves the right to make changes to this document, and therefore, customers are requested to consult it periodically.

If you have any additional questions regarding the Privacy Policy or would like to obtain information about the personal data processed by Hostico concerning you directly, please contact us.

Last updated: 15.04.2024