In the following, we will inform you about how your personal data is processed when you use our website and products and what rights you have in this regard.
Data protection notice
For HOSTXLS.com., Einsteinlaan 10, Zoetermeer 2719EP (hereinafter HOSTXLS), the protection of your personal information has top priority. Of course, we comply with the relevant data protection laws and would like to inform you comprehensively about the handling of your data with the following data protection information.
1. information and contact details of the Controller
The Controller is: HOSTXLS.com
Einsteinlaan 10, Zoetermeer 2719 EP South Holland
Questions regarding data protection can be directed to our data protection officer: HOSTXLS.com.
The Data Protection Officer Einsteinlaan 10, Zoetermeer 2719 EP South Holland or by e-mail to privacypolicy@hostxls.com
2. visit our website
When you visit our websites, we also collect personal data. On the one hand, this concerns data that we collect as soon as you order something from us, but also such data that is collected when you view our websites or our profiles in social media. We explain the details in the following.
2.1 Cookies and their use – my choice
We use cookies to design our websites optimally for you, to improve our products for you as well as to show you interest-based advertising together with third-party providers.
More detailed information about cookies can be found on our separate https://www.HOSTXLS.com/cookies. There you will also find information on how you can change your Change cookie settings can.
2.2 Use of socialmedia
In order to optimally design our company presence, we maintain company pages in various social media. There, we want to inform our interested parties about our services and also communicate with you via these channels. The links to social media platforms are integrated in such a way that data is not directly transmitted to the social media operator. The integration on our websites takes place via direct links. A data transmission only takes place if you have clicked on the link.
These channels are used for the following purposes:
- Provision of information about our company and our products
- Statistical evaluations for business analysis and further development of services and products, as well as for the improvement of business processes
- Communication with customers and interested parties.
Legal basis
The legal basis for this processing of your personal data is our legitimate interest in communicating with our prospects and customers, as well as the analysis and further development of services and products, and the improvement of business processes. Direct customer contact also takes place via our social media support, whereby the processing is based on our contractual relationship or the pre-contractual measures with interested parties.
Further information on the social media platforms:
Facebook and Instagram: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We are jointly responsible with Facebook for the processing of Insights data on the Facebook fan page. The corresponding agreement pursuant to Art. 26 GDPR can be found here:
https://www.facebook.com/legal/terms/page_controller_addendum. For more information on Page Insights, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.
The general use of Facebook, is your own responsibility. You can find Facebook’s privacy policy directly on our Facebook fan page. You can edit your wishes for personalized advertising by Facebook at any time in their settings on Facebook and contradict.
Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
For information on the data collected by Twitter, purposes and all other privacy information, please refer to the Twitter privacy policy (https://twitter.com/en/privacy).
You can find an opt-out option at: https://twitter.com/personalization
YouTube: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For more information on data protection and personal data collected by Google/YouTube during integration, please see the following privacy policy: https://www.google.com/policies/privacy/
An opt-out is also possible: https://adssettings.google.com/authenticated
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We also maintain a company profile on the LinkedIn networking platform.
If you are a member there, LinkedIn can assign the call of the content and functions on our profile to your user profile there. For more information, please refer to the privacy information of LinkedIn Ireland at:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Xing: New Work SEDammtorstraße 30, 20354 Hamburg, Germany.
We also maintain a company profile on the networking platform on Xing.
If you are a member there, Xing can assign the call of the content and functions on our profile to your user profile there. For further information, please refer to the data protection information of New Work SE at: https://privacy.xing.com/en
If data is transferred to third countries on the part of HOSTXLS.com., suitable guarantees for data transfer are agreed with any processors or data controllers – in accordance with the legal requirements – or recourse is made to adequacy decisions of the EU Commission.
2.3 Video content
2.3.1 YouTube and Vimeo
We embed videos on our website. The content of these videos is stored directly on the platforms and embedded on our site. If you call up such a video, the IP address, technical information such as browser, operating system and basic device information as well as the website you visited are communicated. In addition, we have embedded the YouTube videos in a data protection-friendly manner in “extended data protection mode”.
Personal data is only transmitted when you call up a video. Only then is a server connection to YouTube and Vimeo established and a corresponding cookie set, which is used to save your settings. When you call up the videos, you leave our area and enter the external platforms of YouTube and Vimeo, which are beyond our control.
Before you call up a video, you will be informed about it again. If you have an account with the provider of the video service, they may be able to identify you. You can avoid this by logging out of your account before playing a video.
Legal basis
The legal basis for the activation of these videos is your consent, which is related to your consent to a cookie use (cookie page).
Provider of the YouTube platform
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google/YouTube can be found here: https://www.google.com/policies/privacy/. A general advertising opt-out is possible here:
https://adssettings.google.com/authenticated.
Provider of the Vimeo platform
Vimeo, LLC, 555 West 18th Street, New York, NY 10011, USA. Further information on data protection at Vimeo can be found here: https://livestream.com/legal/cookie-preferences.
2.4 Friendly Captcha
Purpose and legal basis
We use the Friendly Captcha service. This involves including a JavaScript element in the source code, which causes the software to load in the background. Your terminal device calculates the solution to a crypto-puzzle for the service, which is used to be able to track whether the visitor is human or whether the use is abusive through automated, machine processing (e.g. bots).
To prevent fraudulent activity, the service is typically used in the following context: Forms (requests, contacting, password reset), orders, login pages. The service helps HOSTXLS prevent automated attacks that can lead to risks in the company’s infrastructure. In addition, it also provides protection for our customers to become potential victims of cyber crime.
Legal basis
The legal basis for this processing is therefore our legitimate interest and serves to prevent potentially fraudulent activities on our website.
Type of data
- http request header data
in particular user agent (browser, operating system), origin and referrer (previous web pages) - Date/time of request
- Version of the used Friendly Captcha service
- Customer account ID of the client’s website (HOSTXLS)
- Hash value (one-way encryption) of the incoming IP address
(the IP address is discarded, only the hash value is stored) - Number of requests from the (hashed) IP address per time period
- Answer of the calculation problem solved by the visitor’s computer
- No cookies are used.
Provider of the service
Friendly Captcha GmbH, Wörthsee, Germany
You can find more information about data protection at FriendlyCaptcha here:
https://friendlycaptcha.com/de/legal/privacy-end-users/
Friendly Captcha uses the following provider for hosting and delivery of the service (CDN = Content Delivery Network): Cloudflare Inc, San Francisco, USA.
If data is transferred to third countries by HOSTXLS SE, suitable guarantees for data transfer are agreed with any processors or data controllers – in accordance with the legal requirements- or recourse is made to adequacy decisions of the EU Commission.
2.4.1 Google ReCAPTCHA
Purpose and legal basis
We use the reCAPTCHA service from Google. With reCaptcha, a JavaScript element is integrated into the source code, whereby the software is loaded in the background and your user behavior is analyzed. The data is already used and analyzed before you clicked the “I am not a robot” checkbox. Google calculates a score based on the data, which is used on the one hand to be able to understand whether the visitor is a human or whether the input is abusive through automated, machine processing (e.g. bots). On the other hand, it also serves to prevent fraudulent mass orders, which can lead to risks in the company’s infrastructure. ReCAPTCHA also provides protection for our customers from becoming potential victims of cyber crime.
Legal basis
The legal basis for this processing is therefore our legitimate interest and serves to prevent potentially fraudulent activities on our website.
Type of data
- Previous web pages (referrer URL)
- IP address
- Operating system
- Cookies
- Scrolling and mouse clicks on the page
- Date and language settings
- Screen resolution
The IP address transmitted to Google is shortened and not merged with other Google data.
Provider of the ReCAPTCHA service
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at Google can be found here:
https://www.google.com/policies/privacy/.
To have data deleted directly from Google, contact Google support at
https://support.google.com/?hl=de&tid=331578294933.
If you want as little data as possible to be transmitted to Google about you and your behavior, you must log out of Google and delete any Google cookies before visiting our website or using the reCAPTCHA software.
If HOSTXLS.com. transfers data to third countries, suitable guarantees for data transfer are agreed with any processors or data controllers in accordance with the legal requirements, or the EU Commission’s adequacy decisions are applied.
2.5 HubSpot
We use the service of HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing. The following data as well as the content of our website is stored on HubSpot’s servers.
- a) Email marketing:HubSpot is used for our email marketing, among other things. Our website visitors can subscribe to topic-related newsletters and mailings as well as download certain documents (e.g. whitepapers). This requires, for example, the provision of the name and e-mail address. We use this data to contact visitors to our website.
The legal basis for this is your consent.
You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each e-mail or by sending a message to privacypolicy@hostxls.com revoke. Your contact details will be deleted immediately by your revocation.
- b) Reporting and contact managementIn addition to email marketing, we use HubSpot for reporting (e.g. traffic sources, accesses) and contact management purposes (user segmentation and CRM). This involves the use of cookies that are stored on your computer, which enable an analysis of your use of the website by us. This information is analyzed on our behalf by HubSpot to generate reports about visits to our pages. This enables us to determine which services from our company are of interest to you. This enables us to constantly improve our products and make our offers more customer-oriented.
If you have signed up for our registration service (see “Email marketing”), we can also use HubSpot to link a user’s visits to our website with personal details (name, email address) so that you are informed individually and in a targeted manner about preferred topics.
The legal basis for the processing is your consent via the cookie banner. You can find more information about cookies at: https://www.HOSTXLS.com/cookies.
If a collection by HubSpot is generally not desired, the storage of cookies can be prevented at any time by appropriate browser settings. You can make your settings regarding cookies at https://www.HOSTXLS.com/cookies.
- c) Notes on HubSpot/data transfer to third countries
HubSpot is a software company from the USA (25 First Street, Cambridge, MA 02141 USA) with a branch in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland) and Germany (Koppenstraße 93, 10234 Berlin). Within the scope of processing via HubSpot, data may be transferred to the USA. In addition to the order processing agreement, standard contractual clauses as well as other appropriate guarantees have been agreed upon to ensure the security of a data transfer.
For more information about HubSpot’s data protection, please refer to the Terms of Use and Privacy Policy at https://legal.hubspot.com/de/privacy-policy or https://legal.hubspot.com/de/legal-stuff
3. order and order processing
3.1 Contract data
When ordering one of our products, we ask you to provide us with your personal data, which we need for the conclusion of the contract. This contract data will be stored by us for the duration of the contractual relationship, as we need it for the fulfillment of the contract. If you terminate your contract, we will store your contract data longer if there are objections and claims whose clarification is still pending. In addition, we also store your data longer if there are legal retention obligations. In this case, the processing of the data is restricted to compliance with the statutory retention periods and the data is no longer processed for any purposes beyond this.
You can make changes to this data yourself at any time via our protected customer login. Information on the creation of your personal access data will be sent to you after your order has been checked, usually by e-mail and in exceptional cases by post.
Type of data
- Address
- First and last name
- E-mail address
- Telephone number
- Company name (in case of trade) address
- Product contracts and usage
- Contract data
- Payment data
- Tax number
By signing up for HOSTXLS Cloud, you agree that HOSTXLS Cloud may use your directly personally identifiable usage data for a maximum of 6 months for the purpose of tailoring websites, products, and services to your needs, as well as for personalized advertising.
Legal basis
We need your data for contract initiation and execution.
Storage period
In the case of contractual data, processing is restricted after termination of the contract, and deleted after expiry of the 10-year retention period.
3.2 Chat
If you use the chat function on our websites, various cookies are placed by our chat provider. These are technically necessary for the execution of the chat. In some cases, these cookies are also used for analysis purposes. You can find out more about these cookies on our Cookie page.
In addition, we store the chat history for 90 days for quality purposes. By evaluating the stored chat histories, we have the opportunity to continuously improve our customer support and therefore base this processing on our legitimate interest. At the beginning of the chat, customers are informed of this storage and have the option to object to the storage there. Should you wish to object at a later point in time, you are welcome to send your objection at any time via privacypolicy@hostxls.com to us at any time.
In addition, the chat history is stored if it turns into a sales conversation and leads to the conclusion of a contract. In this case, only the sales part of the conversation is stored for the duration of the contractual relationship. The quality part will continue to be deleted after 90 days. We need this data to document the conclusion of the contract.
Legal basis
Legal basis is therefore the fulfillment of the contract.
Storage period
Sales part of the conversation: In the case of contract data, processing is restricted after the end of the contract and deleted after the retention period of 10 years.
Quality part of the call: 90 days
Data recipient
Genesys Telecommunications Laboratories B.V., DD Naarden, Netherlands
3.3 Voice Files
When you place an order by telephone, we record a short voice file summarizing all the essential characteristics of your order or consent as part of the conclusion of the contract or as evidence of an opt-in. If you additionally consent to this, we also record the complete course of the conversation in order to optimize our service quality.
Legal basis
The legal basis for the processing to prove the conclusion of the contract and the consent is the contractual basis, as we need this data in the context of the contract initiation, as well as for the subsequent execution of the contract.
The storage of the entire conversation process for quality purposes takes place exclusively after your consent. The legal basis for this is therefore consent.
Storage period:
Deletion of voice files for contract conclusion or termination takes place after 2 years at the latest. Voice files that we store exclusively for quality purposes with your consent are deleted at your request or after 90 days at the latest. If you agree to be contacted for advertising purposes during a call, this part of the voice file will be stored for 10 years.
3.4 Fraud prevention
Purpose and legal basis
When you place an online order with us, we check whether there are any indications of misuse of our web service or of attempted fraud by means of the terminal device you are using.
In addition, your device data will be compared with data on devices from which fraudulent actions have been carried out in the past or from which there was a corresponding suspicion. In this regard, there is also the possibility that employees of HOSTXLS or a service provider manually check the results in individual cases. The legal basis for data processing in the context of “device fingerprinting” is the legitimate interest, as there is a legitimate interest on the part of HOSTXLS to protect itself against fraud and/or misuse.
The usage data processed in the context of fraud prevention are, for example, IP addresses, information on website calls as well as information on the temporal scope of the websites visited. The device and browser data used in the context of “device fingerprinting” are, for example, language and country settings, browser, screen information, plug-ins, software versions. Transaction data, such as the object of purchase, shopping cart, name, postal address, e-mail address, delivery address, payment method and bank data, are also processed. This data is processed exclusively for reasons of abuse and fraud prevention.
On the basis of the aforementioned device data, a device ID is first created, which can be used to recognize end devices when they visit the website again. A cookie is set so that we can recognize this. The cookie contains a cookie ID, but no personal usage or transaction data. This allows the device to be identified without knowing the person behind it by name or linking it to the device ID.
In the event that the matching process described above is successful, i.e., if fraud or a corresponding fraud attempt has already been made via the respective device in the past, a contract is refused in the specific individual case.
In order to optimize fraud prevention processes, your data will be transmitted to ThreatMetrix (see below for information and contact details of the service provider/sub-service provider used) if you have given your consent. There, personal data is stored in a pseudo-mymized form in a pool in which pseudo-mymized data of other ThreatMetrix customers is also stored. This serves in particular to prevent terminal-related, cross-border waves of attacks or mass attacks with possible abuse or fraud backgrounds at an early stage. Your data is only checked there to determine whether there might be any suspicion of fraud or misuse. ThreatMetrix may also provide suspicious device IDs to other companies for fraud prevention reasons, e.g. also to companies located in a third country without an adequate level of data protection. The legal basis for a data transfer for fraud screening is your consent.
However, this consent is only requested if you wish to place your order online. If you do not wish to give such consent to the data processing for risk assessment, within the framework of fraud prevention, an online order is unfortunately not possible. Alternatively, however, you can continue to place your order with us by telephone.
Cancellation option:
If you have given us your consent under data protection law, you can revoke this consent at any time via privacypolicy@hostxls.com with effect for the future. This revocation will also be transmitted to ThreatMetrix, so that you can also have your data deleted there at any time.
Your data will be transmitted to the following service providers for fraud prevention purposes:
In order to carry out the measures described above, we have commissioned CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich as a service provider, which has subcontracted ThreatMetrix B.V, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol, The Netherlands for parts of the data processing, in particular the creation of the device ID. Data processing (including data storage) by CRIF Bürgel GmbH as well as ThreatMetrix takes place in data centers in Germany and Europe. CRIF Bürgel acts exclusively as an order processor and according to the instructions of HOSTXLS.
With regard to the storage of pseudonymized data in an overarching data pool, ThreatMetrix acts as an autonomous entity. The data ThreatMetrix receives is encrypted with an individual key from HOSTXLS, so that ThreatMetrix has no access to transmitted clear data. All data transfers between HOSTXLS, CRIF Bürgel GmbH and ThreatMetrix are SSL-encrypted according to the state of the art.
Storage period/criteria for determining the storage period:
The data collected in the context of fraud prevention is stored for a maximum of six months for reasons of traceability, process optimization and response to customer inquiries, after which it is deleted.
4. during the contractual relationship
4.1 Contract information and invoices
We require your personal data for the execution of the contract.
We need these in particular to enable the necessary communication for a regulated process, information transfer through process communication as well as the billing of the services. In addition, this data is also used for the management of the company and the further development of the products. We have a legitimate interest to analyze the data we collect in order to improve our products and services. We protect your privacy through a range of technical and organizational measures that are appropriate in this context and respect your choices about how we use your data.
Data stored and used
- -Address
- -First and last name
- -Email address
- -Phone number
- -Company name (in case of trade)
- -address
- -Product contracts and usage
- -contract data
- -Payment data
- -Tax number
- -In case of authorization, the master data of the authorized representative
Legal basis:
The legal basis for the processing is the contractual basis.
Storage period:
We process your data until the termination of your contract. In addition, we store your contract data if there are objections and claims whose clarification is still pending. In addition, we also store your data for a longer period if there are statutory retention obligations. In this case, the processing of the data is limited to compliance with the statutory retention periods and the data is no longer processed for any purposes beyond this. The deletion of personal data takes place for a maximum of 10 years after the end of the calendar year following the termination of the contract.
4.2 Customer communication
Newsletter and product advertising
In order for you to take full advantage of all product benefits, we will send you useful and complementary product solutions by e-mail. In addition, we will inform you from time to time by telephone and e-mail about interesting new products. You can give us the legally required consent to contact you in each case when you place your order online or in the Control Center. If you no longer wish to receive such information, you can revoke your consent at any time in the Control Center or via privacypolicy@hostxls.com revoke.
Legal basis:
The legal basis for processing is your consent.
Storage period:
Your data will be deleted after fulfillment of the purpose or upon revocation of consent.
Advertising with our own similar goods and services
In addition, we regularly offer you offers of similar goods and services of our own by email. If you object to this processing, you will not incur any transmission costs according to the prime rates.
The legal basis for this processing is ou legitimate Interest. In this regard, we have a legitimate interest to use the e-mail address received from you in connection with the sale of our products for direct advertising for our own similar or identical products, unless you have objected to their use for this purpose.
4.3 Surveys and market research
In order to improve our products and services, you have the possibility to rate us via our partner “Trustpilot” of Trustpilot A/S, Pilestræde 58, 5th floor, 1112 Copenhagen, Denmark. You can submit a rating, for example, as part of a product purchase. The ratings are recorded using an integrated rating form or via a simple link. If you submit a rating via the integrated rating form, we will transmit your name, e-mail address, a reference number (usually your order number) including your rating to Trustpilot as soon as you click on the rating link. The transmission is solely for the verification of your online purchase with us to ensure that it is an authentic review. When you receive a review invitation via the simple link, you will be taken directly to the review form on Trustpilot. Alternatively, you can also rate us at any time via the Trustpilot platform. In order to submit a rating on Trustpilot, the creation of a user profile is required so that it can be published on the portal accordingly.
In the event that you have given us consent to receive “surveys” in the HOSTXLS Control Panel, we can send you a corresponding rating invitation with a link to the survey.
If you would like to learn more about how Trustpilot processes your data, you can here view the company’s privacy policy.
Legal basis:
The legal basis for data processing is the consent in the case of e-mail notification by us.
Legal basis for the transmission in the context of the integrated evaluation form is our legitimate interest, based on our legitimate interest to continuously improve our services.
Storage period:
The consent will be deleted at the latest upon termination of your contract. The storage period of the published rating is based on the specifications on Trustpilot.
a) Surveys to improve product and service quality
To improve our product and service quality, you have the opportunity to participate in HOSTXLS surveys. Participation in such surveys is voluntary. The data will only be processed for evaluation purposes and will not be used for any other purposes. The evaluation of the data is also anonymised. If the evaluation is not anonymised in individual cases, you will be informed of this in advance. In addition, depending on the type of survey, we use one of the service providers listed below.
Legal basis:
The legal basis for participation in the survey is your implied consent and our legitimate interest in a corresponding evaluation to improve our products and services.
Storage Period:
Your data will be deleted no later than 24 months after completion of the survey.
Data recipient
Talkwalker S.à r.l.
33, avenue John F. Kennedy
L-1855 Luxembourg
Survalyzer AG
Technoparkstrasse 1
CH-8005 Zurich
Switzerland
Virtuatell Limited
59 St Martin’s Lane
London
WC2N 4JS
UK
Rogator AG
Emmericher Str. 17
90411 Nuremberg
Germany
4.4 Communication in the context of your customer concerns
The satisfaction of our customers is important to us, which is why you can contact our customer support at any time. For the clarification of your concerns we need your data.
For this purpose, we process the following of your personal data:
- -contact data
- -Identification and authentication data
- -contract data
- -contents of your inquiries
- -Payment data
We store communications with you until the end of the contract term and beyond that only until open inquiries to us have been finally concluded or insofar as statutory retention obligations provide for this.
Legal basis:
The legal basis for this processing is the fulfillment of our contract with you.
Customer information:
We send you information on the function and use of your products or added contract components. In particular, we inform you about tips and tricks and the functions of your products.
The legal basis for this processing is the contract.
4.5 Troubleshooting within the scope of our contractual relationship
Traffic data includes information about the type, scope and time of use of our websites. This data identifies you or your device directly and is partly stored in your device, e.g. as log files.
Some traffic data is collected during the use of our services and products. This data enables us to quickly identify and correct any errors that occur and to continuously develop our services for you.
Storage period:
Your data will be deleted after 24 months at the latest.
Legal basis:
The legal basis for this processing is the fulfillment of the contract regarding the use for troubleshooting.
4.6 Crawling
HOSTXLS Crawler is the web crawler of HOSTXLS. Its task is to continuously crawl the Internet so that we can improve and expand our first-class hosting services. You can find more specific privacy information here
Type of data
- -HTML code
- -Page text
- -Information derived from it
Storage period:
Outdated crawled data is deleted after 60 days at the latest as part of a continuous re-crawl.
Legal basis:
The legal basis for this processing is our legitimate interest. Our interest is to gain insights into the use of publicly available domains in order to improve our products and services, offer personalized advertising and monitor the market for web hosting and domains.
4.7 Business Intelligence
Business Intelligence (BI) refers to the collection, analysis and presentation of data in electronic form for the purpose of helping executives, managers and other end users make better business decisions, as well as to meet legal reporting requirements and contractual obligations to customers. HOSTXLS also uses BI processes for these purposes. In addition to anonymized aggregates, personal data is also processed.
Type of data:
- Inventory data
- Use data
- traffic data
Storage period:
The storage period depends on the respective legal basis (see below):
- Consent: Directly personal usage data processed based on consent is deleted after 6 months.
- Compliance with contract: Data will be deleted after two years at the latest.
- Fulfillment of legal obligations: The data will be deleted at the latest after expiry of the 10-year legal retention period.
- Balancing of interests: The data will be deleted after two years at the latest.
Legal basis:
The legal bases for this processing are.
- Consent; example: processing of directly personal usage data for product and sales management purposes.
- Compliance with contract; example: filtering of customers with discontinued product with subsequent notification
- Fulfillment of legal obligations; example: reporting obligations
- Balancing of interests; example: product and sales management. Our interest is: Provision of information about our —company and our products; Statistical evaluations for business analysis and further development of services and products, and to improve business processes.
5 Supplemental Privacy Notice for the HOSTXLS Cloud Computing Offer
5.1 Pardot MAS
Purpose and legal basis:
HOSTXLS uses the Pardot Marketing Automation System (“Pardot MAS”), a special software both for recording and evaluating the use of a website by website visitors and for sending newsletters or other promotional as well as operational e-mails.
Pardot MAS is a service of salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany, which belongs to Salesforce Inc (“Salesforce”), Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. In the event that personal data is transferred to a third country, such as the USA, we have appropriate safeguards in place, such as the conclusion of standard contractual clauses with Salesforce. In addition, Binding Corporate Rules still apply with Salesforce. You can find further information here view. The sending of e-mails of an advertising nature takes place exclusively in consideration of a consent given elsewhere for an advertising contact. In this context, Pardot MAS makes it possible to track your interactions with e-mails. This includes, for example, the so-called link evaluation regarding your click behavior within an email. Pardot MAS records whether and when a link was clicked and can assign this information to the respective e-mail recipient.
In addition, Pardot MAS also enables us to track the extent to which individuals have interacted with our website, clicked on certain links and/or registered in forms. For this purpose, cookies requiring consent are requested or used (category: marketing), which in turn enable recognition of your browser. The legal basis for the processing of personal data is therefore the consent. More detailed information on the cookies used can be found on our separate cookie page.
Storage period:
If you have consented to the use of cookies, you can also withdraw your consent at any time. Existing cookies will then be deleted. You can make your settings for cookies at cookie page. There you will also find detailed information on the respective validity period of the cookie. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your Internet browser so that cookies from the domain “pardot.com” are not accepted. This may lead to certain restrictions in the functions and user-friendliness of our offer.
You can revoke your consent to receive newsletters and/or mailings at any time via a link at the end of each e-mail or by sending a message to produkt@hostxls.com. Your contact data will be deleted immediately by your revocation.
5.2 MaxMind
Purpose and legal basis:
Our website uses an API of the maxmind.com site operated by MaxMind Inc. The operator of the pages is MaxMind Inc, 14 Spring Street, 3rd Floor, Waltham, MA 02451, USA.
In order to prevent fraud and to make the registration process as smooth as possible, MaxMind determines your approximate location once per visit based on the transmitted IP address. This localization is not suitable to identify you as a user and only shows us the city or county of your location. This information is not stored for future visits and is not listed in logs. You can use the website without this information, but you may have to solve so-called reCaptchas to communicate with us via contact forms.
The legal basis for the processing of personal data in connection with MaxMind is our legitimate interest. Our legitimate interest is to secure our systems against fraudulent use and to simplify the registration process.
If data is transferred to third countries on the part of HOSTXLS.com., suitable guarantees for data transfer are agreed with any processors or data controllers – in accordance with the legal requirements – or recourse is made to adequacy decisions of the EU Commission.
For more information on the handling of user data, please refer to the privacy policy of MaxMind Inc. at: Privacy Policy | MaxMind.
Storage period:
The data collected in the context of fraud prevention is stored for up to 15 months.
5.3 Registration HOSTXLS Cloud Products
In order to use the HOSTXLS Cloud products, you must register with us with a user account. In the process, we collect your personal data that you enter in the input fields (name, business email address, business address, business phone number, company, etc.). The mandatory input fields are marked accordingly. As part of the registration process, you must provide a telephone number so that you can receive a so-called “one-time code” to confirm your registration. We will contact you via this deposited phone number in order to support you in case of user activation problems. Furthermore, once the registration is completed, you may be contacted by phone by our account managers to provide you with comprehensive information during the setup of the HOSTXLS Cloud products.
To manage our customer database, we use the CRM tool from “Salesforce” of salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany, which belongs to Salesforce Inc (“Salesforce”), Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. In the event that personal data is transferred to a third country, such as the USA, we have appropriate safeguards in place, such as the conclusion of standard contractual clauses with Salesforce. In addition, Binding Corporate Rules still apply with Salesforce. You can find further information here view.
Legal basis:
The legal basis for the aforementioned data processing is the performance of the contract.
The legal basis for contacting us by telephone is our legitimate interest in providing comprehensive support in the use of our products, based on your presumed interest.
Storage period:
We process your data until the termination of your contract. In addition, we store your contract data if there are objections and claims whose clarification is still pending. In addition, we also store your data for a longer period if there are legal obligations to retain data. In this case, the processing of the data is limited to compliance with the statutory retention periods and the data is no longer processed for any purposes beyond this. Personal data will be deleted a maximum of 10 years after the end of the calendar year following the termination of the contract.
5.4 Webinars
We offer you the opportunity to participate in our webinars. The webinars serve to present our products, for training purposes or other topics that may be relevant for the use of cloud products. To participate and conduct the webinar, we need your contact information, such as email address, name, company, position. After registration, you will receive a notification from us by e-mail with the dial-in data.
When conducting webinars and training, we use the “GoToWebinar” and “GoToTraining” applications of LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland (“LogMeIn”). For more information about how LogMeIn processes your data, you can here view.
Legal basis:
The legal basis for the aforementioned data processing is the contractual basis, for the implementation of the webinar.
Storage period:
We store your personal data as long as necessary for the implementation of the webinar.
6. Service-specific privacy information
Domain Check
Purpose of processing
Domain availability requests are stored and processed to improve domain proposals and the product. These requests are never used to register domains for HOSTXLS.
Categories of personal data:
The processed domain names are not related to a customer.
Domain suggestions with the help of artificial intelligence
Purpose of processing
The generation of suggestions for a domain name with the help of artificial intelligence (AI). For this purpose, the content information is transferred to an external service at the request of the interested party. The AI outputs are checked for the availability of domain names and issued as a recommendation to the interested party.
Categories of personal data
Content data
Legal basis:
Performance of a pre-/contractual measures.
Legitimate interest.
Data recipient
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy
Website Design Service
Website Content Management System (CMS) & Webspace
Purpose of processing:
Operation of the platform for editing and publishing the website, as well as hosting the website.
Categories of personal data
Subscriber data, traffic data, usage data, content data.
Legal basis:
Performance of a contract.
Data recipient:
CM4all GmbH, Cologne, Germany
Design Service
Purpose of processing:
Creation and modification of the website on behalf of the customer.
Website project organization and communication with the customer.
Categories of personal data:
Subscriber data, traffic data, usage data, content data.
Legal basis:
Performance of a contract.
Storage period:
45 days after end of contract
Data recipient:
Spotzer Media Group B.V., Amsterdam, Netherlands
HOSTXLS Status Page
Purpose of processing:
Information about the availability of the various HOSTXLS services and products. Announcement of maintenance. Registration for automatic transmission of status information by mail or SMS.
Categories of personal data
Contact data, traffic data
Legal basis:
Performance of a contract, legitimate interest.
Data recipient:
Atlassian. Pty Ltd, Sydney NSW 2000, Australia https://www.atlassian.com/legal/privacy-policy
Customer Service
Purpose of processing:
Call center services for customer service product advice.
Categories of personal data
Subscriber data, content data.
Legal basis:
Performance of a contract, Legitimate Interest.
Data recipient:
Astute Ltd., Bournemouth, United Kingdom
Spotzer Media Group B.V., Amsterdam, Netherlands
7. Product-specific privacy information
Overview of data recipients
For some of our products, we rely on the expertise of specialized partner companies. This ensures that you can always expect the best performance and service at HOSTXLS. If you no longer use a product, we delete your personal data immediately in most cases.
Web hosting (including Managed Servers)
Content Delivery Network CDN
Purpose of processing:
When using the CDN, content data is stored in Cloudflare data centers to improve the loading time of the website.
Categories of personal data:
Content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Cloudflare, San Francisco, USA
https://www.cloudflare.com/privacypolicy/
SiteLock
Purpose of processing:
Protection of the website against malware, removal of malware on the website.
Categories of personal data:
Content data, usage data.
Legal basis:
Performance of a contract.
Storage period:
SiteLock stores the customer’s web space for 30 days (grace period). Deletion of all personal data within 90 days after cleanup.
Data recipient:
SiteLock, Scottsdale, USA
Shared WordPress Hosting
Feedback function Loop
Purpose of processing
The ‘Loop’ function is offered for continuous product improvement. If the customer consents, information on the use of functions of the product is transferred and aggregated anonymously. The customer has the possibility to give suggestions for improvement and feedback.
Categories of personal data:
Content data, usage data.
Legal basis:
Consent of the customer.
Storage period:
Cyclical updating, immediate deletion if consent is revoked.
Data recipient:
HOSTXLS, Zoetermeer, Netherlands
MyWebsite
MyWebsite Now (current product generation)
Website Editor & Webspace
Purpose of processing:
Editing and publishing the website, as well as hosting the website.
Categories of personal data:
Content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
CM4all GmbH, Cologne, Germany
Route description
Purpose of processing:
Display of the location of the company / customer on a map (directions).
For this purpose, the product transmits the address data to the map provider.
Categories of personal data:
Address data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View, USA
Contact Form
Purpose of processing:
When using the contact form, incoming enquiries are sent to the customer by e-mail.
Categories of personal data:
Subscriber data, content data, contact data, traffic data
Legal basis:
Performance of a contract.
Storage period:
28 days for log files
Data recipient:
1&1 Mail & Media GmbH, Montabaur, Germany
Online booking tool (Mail dispatch)
Purpose of processing:
Optionally, the appointment booking APP Bookingpress can be integrated for the customer.
A HOSTXLS service is used to send emails from the app, which is the sole subject of this description.
Categories of personal data:
Content data, contact data, traffic data
Legal basis:
Performance of a contract.
Storage period:
28 days for log files
Data recipient:
1&1 Mail & Media GmbH, Montabaur, Germany
Content generator with the help of artificial intelligence
Purpose of processing:
Creation of content of an editorial nature with the help of artificial intelligence. For this purpose, the content information is transferred to an external service at the request of the customer. The service includes the creation of texts or images of all kinds, which can then be used and published in the product. The applications listed here are not exhaustive.
Categories of personal data:
Content data
Legal basis:
Performance of a contract.
Legitimate interest.
Consent.
Data recipient:
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy
Website Translator
Purpose of processing:
When using Website Translator, the content of the published web page is transferred to Google Translate in order to translate it into one or more other languages and display it to the website visitor.
Categories of personal data:
Content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View CA, USA
Shop
Purpose of processing:
Seamless integration of an online store into the website editor.
Categories of personal data:
Contact data, content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Ecwid, Encinitas CA, USA
MyWebsite Creator, Shop and Essential
(Current product generation)
Website Editor
Purpose of processing:
Website editing and publishing
Categories of personal data:
Content data, usage data
Legal basis:
Performance of a contract.
Data recipient:
Duda Inc, Palo Alto, USA
Web space
Purpose of processing:
Hosting of the website
Categories of personal data:
Content data, usage data
Legal basis:
Performance of a contract.
Data recipient:
AWS – Amazon Web Services, Data Center Frankfurt, Germany
Amazon Web Services, Inc., Seattle WA, USA
Content Delivery Network CDN
Purpose of processing:
Storage of website content for site visitors in multiple data centers to improve website load time.
Categories of personal data:
Content data, usage data
Legal basis:
Performance of a contract.
Data recipient:
AWS – Amazon Web Services, data center Frankfurt, Germany
Amazon Web Services, Inc., Seattle WA, USA
Online Business Card
Purpose of processing:
Quick publication of an online business card website. You can choose what information is displayed on this website. User data is sent to Google and Facebook to retrieve publicly available information. This data serves as a starting point for the user’s online business card.
Categories of personal data:
Contact data, usage data, content data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View CA, USA
Facebook, Menlo Park CA, USA
Shop
Purpose of processing:
Seamless integration of an online store into the website editor.
Categories of personal data:
Contact data, content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Ecwid, Encinitas CA, USA
Route description
Purpose of processing:
MyWebsite uses the address data to display the location of the company / customer on a map (directions). For this purpose, the product transfers the data to the map provider Mapbox. This is done when you set up the project.
Categories of personal data:
Adsress data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Mapbox, Washington D.C., USA
Website Translator
Purpose of processing:
When using Website Translator, the content of the published web page is transferred to Google Translate in order to translate it into one or more other languages and display it to the website visitor.
Categories of personal data:
Content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View CA, USA
Multi Location
Purpose of processing:
MyWebsite uses the address data to place one or more markers on a map so that the company’s / customer’s locations are displayed (directions). For this purpose, the product transfers the data to the map provider Mapbox. This is done automatically when adding the widget and with additional locations as they are added to the widget.
Categories of personal data:
Address data, content data.
Legal basis:
Performance of a contract.
Data recipient:
Mapbox, Washington D.C., USA.
Consent management
Purpose of processing:
Provision and operation of a consent management function for the website.
Website visitors can use it to give consents for processing operations and the setting of cookies, and to obtain information about the functions used and how the data is used.
Categories of personal data:
Subscriber data, traffic data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Usercentrics GmbH, Munich, Germany
MyWebsite (Earlier product generation – before Sept. 2017, version 8).
Google Maps
Purpose of processing:
MyWebsite 8 transmits the customer’s address data to Google to pre-populate Google Maps module with the correct address or sends another specified address to Google.
Categories of personal data
Address data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View, USA
My Data
Purpose of processing
By publishing the MyWebsite homepage, customer and other custom data in schema.org format is added to the website to support search engines and improve SEO results.
Categories of personal data:
Contact data, content data.
Legal basis:
Performance of a contract.
MyShop
Purpose of processing:
Processing, maintenance and operation of the online store.
Categories of personal data:
Contact data, content data, usage data
Legal basis:
Performance of a contract.
Storage period:
Shop data is deleted 31 days after the end of the contract.
Data recipient:
ePages, Hamburg, Germany
Domain & SSL Certificates
Domain
Purpose of the processing:
Registration, transfer, configuration, maintenance and deletion of the domain name for the customer.
Categories of personal data:
Subscriber data
Legal basis:
Performance of a contract.
Storage period:
This period varies for the different Top Level Domains (TLDs) and depends on the Registrar Accreditation Agreement (RAA) of the registry.
A dedicated overview for registry and escrow providers can be found here:
https://www.hostxls.com/terms-and-conditions/terms-registration/
SSL Certificate
Purpose of processing:
Registration, configuration, maintenance and cancellation of SSL certificates for customers. Automated processing in MyWebsite products when connecting the domain to the website project.
Categories of personal data:
Subscriber data
Legal basis:
Performance of a contract.
Data recipient:
DigiCert, Lehi UT, USA
Note
When procuring and/or maintaining SSL certificates, HOSTXLS only acts as an intermediary between the customer and the respective certificate issuer. HOSTXLS has no influence on the issuance of certificates. HOSTXLS does not guarantee that the certificates requested for the customer will be issued at all or that they will permanently exist.
Shop
HOSTXLS Shopelement / Social Buy Button
(current product generation)
Purpose of processing:
Integration of an online store to existing website or social media accounts.
Editing, maintenance and operation of online shop.
Categories of personal data:
Contact data, content data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
Ecwid, Encinitas CA, USA
HOSTXLS MyShop
-> Please refer to the section ‘MyWebsite Creator, eCommerce and Essential’ for more information.
HOSTXLS Shop (previous product generation)
Purpose of processing:
Processing, maintenance and operation of the online store.
Categories of personal data:
Contact data, content data, usage data
Legal basis:
Performance of a contract.
Storage period:
Shop data is deleted 31 days after the end of the contract.
Data recipient:
ePages, Hamburg, Germany
Email & Office
HOSTXLS Mail Basic / Business
Purpose of processing:
Provision of e-mail services, including the creation, configuration and deletion of e-mail addresses.
Categories of personal data:
Subscriber data, content data, traffic data.
Legal basis:
Performance of a contract.
Storage period:
7 days after deletion/end of contract
28 days for log files
Data recipient:
1&1 Mail & Media GmbH, Montabaur, Germany
Open-Xchange, Cologne, Germany
Content generation and analysis with the help of artificial intelligence
Purpose of the processing:
The creation of email content, generation of suggestions for email texts (e.g. replies) and summaries of email content using artificial intelligence (AI). For this purpose, the content information is transferred to an external service at the request of the interested party.
Categories of personal data:
Content data
Legal basis:
Performance of a contract.
Legitimate interest.
Consent.
Data recipient:
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy
E-mail archiving
Purpose of processing:
Archiving of e-mails
Categories of personal data:
Subscriber data, content data, usage data, traffic data
Legal basis:
Performance of a contract.
Storage period:
60 days after end of contract
Data recipient:
Strato AG, Berlin, Germany
Hosted Exchange
Purpose of processing:
Provision of e-mail services, including the creation, configuration and deletion of e-mail addresses.
Categories of personal data:
Subscriber data, content data, traffic data
Legal basis:
Performance of a contract.
Storage period:
End of contract lifetime
Data recipient:
Fasthosts Internet Limited, Gloucester, England
1&1 Mail & Media GmbH, Montabaur, Germany
Microsoft Office 365
Purpose of processing:
Use of Microsoft Office 365, including creation, configuration and deletion of accounts and users.
Categories of personal data:
Subscriber data, content data, usage data.
Legal basis:
Performance of a contract.
Storage period:
User data is stored for up to 1 year after removal of the last license.
Data recipient:
Microsoft, Redmond WA, USA
OX App Suite
Purpose of processing:
Use of OX App Suite: setup, configuration and deletion of accounts and users.
Categories of personal data:
Subscriber data, usage data.
Legal basis:
Performance of a contract.
Storage period:
Up to one year after deletion of the last license.
Data recipient:
Open-Xchange, Cologne, Germany
Google Workspace | G Suite
Purpose of processing:
Use of Google Workspace | Google G Suite including setup, configuration, deletion and customer service.
Categories of personal data:
Subscriber data, traffic data.
Legal basis:
Performance of a contract.
Data recipient:
Google LLC, Mountain View CA, USA
https://workspace.google.com/intl/en/terms/subprocessors.html
https://policies.google.com/privacy
HiDrive Cloud storage & HiDrive Share
Purpose of processing:
Providing cloud storage for you and your users for worldwide access from any device at any time. Hi Drive Share: Providing the ability to share files via a share link.
Categories of personal data:
Subscriber data, content data, usage data, traffic data.
Legal basis:
Performance of a contract.
Storage period:
Up to four months after the end of the contract.
For HiDrive Share, the data is stored for 7 days.
Data recipient:
Strato AG, Berlin, Germany
Managed Nextcloud
Purpose of processing:
Provision of an online storage solution for you and your users to access it colloboratively, worldwide and at any time from different end devices.
Categories of personal data:
Subscriber data, content data, usage data, traffic data.
Legal basis:
Performance of a contract.
Storage period:
Storage period of the data according to the settings/deletions made by you.
Deletion at the latest at the end of the contract period.
MyDefender
Purpose of processing:
Provision and use of a backup.
Customer support and operation of the platform.
Categories of personal data:
Subscriber data, usage data, content data.
Legal basis:
Performance of a contract.
Storage period:
Storage period of the data according to the settings you have made.
At the latest at the end of the contract period.
Data recipient:
Acronis Germany GmbH, Landsberger Str. 110, 80339 Munich, Germany
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain
Video Chat
Purpose of processing:
Provision and operation of an online video conference with invitation function for participants.
Categories of personal data:
Content data, contact data, traffic data.
Legal basis:
Performance of a contract.
Storage period:
Traffic data is deleted after 7 days, content data and contact data are not stored.
Marketing and other products
List Local
Purpose of processing:
Publication and synchronization of company data in online directories to improve rankings in search engines. Publication of posts on social media platforms.
Categories of personal data:
Contact data, content data
Legal basis:
Performance of a contract.
Storage period:
30 days after end of contract
Data recipient:
uberall, Berlin, Germany
RankingCoach
Purpose of processing:
Optimization of your website’s search results on Google. In addition, when using the Pro version, the setup of Google Ads campaigns.
Categories of personal data:
Subscriber data, contact data, usage data.
Legal basis:
Performance of a contract.
Data recipient:
rankingCoach, Cologne, Germany
Google Ads Management Service (Search Engine Marketing)
Purpose of processing:
Setup and management of Google Ads campaigns for your website.
Categories of personal data:
Subscriber data, content data, usage data.
Legal basis:
Performance of a contract.
Storage period:
30 days
Data recipient:
Jellyfish, Warrington, England
E-mail marketing
Purpose of processing:
Creation, sending and management of newsletter campaigns.
Categories of personal data:
Contact data, content data, usage data, traffic data
Legal basis:
Performance of a contract.
Storage period:
User data is stored for up to 1 year after removal of the last license.
Data recipient:
Xqueue GmbH, Offenbach, Germany
Content generator with the help of artificial intelligence
Purpose of processing:
Creation of content of an editorial nature with the help of artificial intelligence. For this purpose, the content information is transferred to an external service at the request of the customer. The service includes the creation of texts or images of all kinds, which can then be used and published in the product. The applications listed here are not exhaustive.
Categories of personal data:
Content data
Legal basis:
Performance of a contract.
Legitimate interest.
Consent.
Data recipient:
OpenAI L.L.C, San Francisco , USA
https://openai.com/policies/privacy-policy
Hosting Mobile App
Purpose of processing:
Mobile access to HOSTXLS Control Center.
Categories of personal data:
Subscriber data, usage data.
Legal basis:
Performance of contract.
Storage period:
Subscriber data is stored until the app is uninstalled.
12 months for usage data
Tracking
Exclusively internal statistical evaluation of app retrievals. Your IP address is anonymized and not merged with other data. The data collected in this way does not allow any conclusion to be drawn about your identity.
Data recipient:
Google LLC, Mountain View CA, USA
HOSTXLS SiteAnalytics
Purpose of processing:
Statistical evaluation and technical optimization of your website.
Categories of personal data:
Anonymized usage data.
Legal basis:
Performance of a contract.
Data recipient:
1&1 Mail & Media GmbH, Montabaur, Germany
Servers
Servers and HOSTXLS Cloud Computing
The following information applies equally to Servers (Virtual Private Server (VPS), Cloud Server, Dedicated Server and Virtual Server) and HOSTXLS Cloud Computing (HOSTXLS Cloud / IaaS, Private Cloud, S3 Object Storage and Managed Kubernets):
In the case of the above-mentioned products, the customer alone and exclusively decides which personal data are processed in which way.
Categories of personal data:
At your discretion
Storage period:
At your discretion
Legal basis:
At your discretion
Data recipient:
At your discretion
Virtual Private Server (VPS), Cloud Server, Dedicated Server, Private Cloud
Purpose of processing:
Customer support and operation of the platform
Categories of personal data:
Subscriber data, usage data, traffic data.
Legal basis:
Performance of a contract.
Data recipient:
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain
In addition, the following information applies to the use of certain (partial) functions for these products:
Virtual Private Server (VPS), Cloud Server, Dedicated Server, Virtual server, Private Cloud and Cloud Backup
Cloud Backup
Purpose of processing:
Provision and use of Cloud Backup.
Customer support and operation of the platform.
Categories of personal data:
Subscriber data, usage data, content data.
Legal basis:
Performance of a contract.
Storage period:
Storage period of the data according to the settings you have made.
At the latest at the end of the contract lifetime.
Data recipient
Acronis Germany GmbH, Landsberger Str. 110, 80339 Munich, Germany
Arsys Internet S.L.U., C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain
Plesk
Purpose of processing:
Provision and use of the server administration software.
Categories of personal data:
Subscribery data
Legal basis:
Performance of a contract.
Storage period:
End of contract lifetime
Data recipient:
Plesk International GmbH, Schaffhausen, CH Switzerland
Virtuozzo
Purpose of processing:
Provision and use of virtualization software for Virtual Server,
purchased before 07/2016.
Categories of personal data:
Subscriber data, content data, traffic data, usage data.
Legal basis:
Performance of a contract.
Storage period:
End of contract lifetime
Data recipient:
Virtuozzo International GmbH, Schaffhausen, CH Switzerland
8. disclosure of data to third parties
8.1 Disclosure to Group companies
HOSTXLS.com. is a company of Bewogenzorg. Alongside other subsidiaries and sister companies, we are part of Bewogenzorg BV. In order to avoid duplicates in address data and to comply with any negative data, such as those of e-mail blacklists, it has proven useful to provide customer data to companies of Bewogenzorg in individual cases for a specific purpose and taking into account your interests worthy of protection.
The legal basis for the data transfer is our legitimate interest. We have a legitimate interest in the above-mentioned, purpose-bound cases to transfer your personal data to companies of Bewogenzorg in individual cases and taking into account your interests worthy of protection.
In cases where a Group company acts as a processor or a joint controllership exists, the corresponding contractual arrangements will be made.
8.2 Law enforcement
In a few cases, the legislator obliges us to provide information to law enforcement authorities and courts for the purpose of law enforcement.
The legal basis for this processing is the respective legal obligation .
8.3 Service and sales partners
Our products are also marketed via various sales channels, such as customer-to-customer. For a cooperation with an intermediary, it is sometimes necessary to forward some data to intermediaries for excellent customer service. This is necessary, for example, for the transmission of commission status, allocation of commissions and reconciliation of incoming orders.
We need your data for contract initiation and execution.
The legal basis for the processing is the contractual basis.
8.4 Aklamio Program Customers Recruit Customers
Within the framework of the recommend and earn program “Customers recruit customers” we work in cooperation with Aklamio GmbH (aklamio GmbH, Hauptstraße 27-29, Haus 9 (Neubau) Aufgang N 10827 Berlin). For this purpose, we have integrated the offer of Aklamio GmbH on our website via a direct link. If you click on the link “Customers recruit customers @powered by Aklamio”, you will be redirected to the Aklamio website. During the redirection, usage data such as IP address, referrer URL may be transmitted to Aklamio. This data accrues automatically if you visit a website.
The legal basis for the data transfer is the legitimate interest.
If you decide to participate in a rewards program of Aklamio GmbH, further data will be processed by Aklamio GmbH. Aklamio is responsible for this data processing. For more information, please visit: https: //www.aklamio.com/en/community/privacy
Referred customers:
If you, as a recipient, make a purchase via the Aklamio referral link through our website, an Order ID is transmitted to Aklamio so that Aklamio can merge the purchase into a reward authorization at the recipient. The order ID is a pseudonymous date for Aklamio and does not allow any inference to you as a person.
The legal basis is the legitimate interest in the implementation of the rewards program.
Further information on other data processing on the part of Aklamio can be found at: https: //www.aklamio.com/en/community/privacy
8.5 Notifications in case of bad debts or misuse
In case of bad debts or disagreements between the contractual partners, we always try to reach an amicable agreement. If this fails, we carefully consider when and to whom payment defaults or an abusive claim are reported.
The legal basis for the processing is the contractual basis as well as our legitimate interest with regard to the transmission for the purpose of commission accounting (legitimate interest is the correct accounting of commissions).
8.6 Product partners
For some of our products, we cooperate with partner companies and in some cases also act as an agent. Here it is sometimes necessary to forward personal data to the product partners. This is the case, for example, when registering a domain or issuing an SSL certificate. The contracts required by data protection law are concluded with our product partners. We only cooperate with partners who comply with our data protection standards. If a transfer of data to third countries takes place, the legal requirements that are placed on third country transfers are ensured.
The legal basis is the fulfillment of the contract.
8.6.1 Partner Portals of the HOSTXLS Partner Programs
With the Partner Portals of the HOSTXLS Partner Programs (agency partner program, ISV partner program and consulting partner program), partners (e.g. freelancers, agencies, ISVs, consulting companies, system houses, etc.) can easily and clearly manage HOSTXLS products for their end customers and access them directly in order to perform services, such as administering a server or designing a MyWebsite. The prerequisite for using this function is the consent given in advance by the end customer. Also, partners can publish their own contact information in a freely accessible online directory in order to be found and contacted by potential end customers. HOSTXLS and the partners are independent contractual partners. The legal relationship between partner and end customer is completely independent of HOSTXLS. HOSTXLS collects, processes and uses a user’s personal data without further consent, insofar as it is necessary for the establishment and processing of the contract.
To store your data as a user of the partner portal, we use the Salesforce CRM tool from salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, which belongs to Salesforce Inc (“Salesforce”), Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. In the event that personal data is transferred to a third country, such as the USA, we have appropriate guarantees within the meaning of Article 44 GDPR in place, such as the conclusion of standard contractual clauses with Salesforce.
In addition, binding corporate rules still apply at Salesforce. You can find more information here:
https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf
The legal basis for processing is Art. 6 (1) lit. a, b GDPR.
9. third country transfer
We sometimes use service providers in third countries. When using the services offered as well as products and services on our website, data transfers to third countries, such as the USA, may therefore occur in individual cases. In order to protect your data within the legally defined framework, we provide – insofar as the legal requirements for this exist – appropriate guarantees.
You can find more detailed information on the subject of third country transfers in the corresponding data protection notices described above for our individual services and products.
10. storage period
As far as possible, we have informed you about the exact storage period when using our respective services or products in the individual data protection notices mentioned above.
In principle, your personal data will be retained for the duration of the fulfillment of the aforementioned purposes and then deleted. For example, your data will be stored for the duration of a contract concluded with you regarding our services or products.
In the event of an objection or revocation of your consent, the data will be deleted under the conditions for objection/revocation stated in point 11.
In addition, we may be required by law to continue to store your data.
11. your rights as a data subject
To assert your rights, please use the contact details listed in section 1.
Right of access
You have the right to obtain information from us about the categories of data stored, the purpose of processing, the recipients of the data, the planned storage period and your rights regarding data protection. For personal data not collected directly from you, you have the right to be informed about the source of the data.
Right to rectification
If the personal data we process is inaccurate or incomplete, you have the right to have your data rectified.
Right to erasure
You have the right to request that we delete your personal data. In certain cases, however, your data cannot be deleted. For example, if your data is required for an active contract or for our accounting and statutory responsibilities.
Right to restriction of processing
You can request that we restrict the processing of your data in the following cases:
-You have disputed the accuracy of data and you want us to stop using it pending final verification
-The processing is unlawful, but you would prefer to restrict processing rather than have the data erased
-We no longer need and would otherwise delete the data, but you still need it for the assertion, exercise or defence of legal claims
-You have lodged an objection to the data processing, which is still under review
In the event of a restriction, we will ensure that the personal data cannot be further processed or changed by us. If processing has been restricted in accordance with the above conditions, the controller will inform you before lifting the restriction.
Right to data portability
You have the right to receive the personal data that you provided to us in a structured, commonly used and machine-readable format and, if necessary, to have it transferred to third parties. The right to data portability shall not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time to the processing of personal data that we process on the basis of a “legitimate interest”; this also applies to profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. You can object to data processing for the purpose of direct advertising at any time without providing a reason. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. To exercise your right to object, you must submit an objection to us, the data controller. In some cases you can do this directly online (e.g. in the case of cookies) or in the HOSTXLS Control Panel (e.g. for advertising). You are also welcome to address your data protection concerns (e.g. your objection) directly to the responsible contact person at privacypolicy@hostxls.com.
Right to withdraw
You have the right to withdraw your consent to future processing (e.g. to be contacted for advertising purposes) at any time. Please send your notification of withdrawal to us at privacypolicy@hostxls.com.
If you are already a customer, you can also withdraw your consent yourself in the Control Panel.
You can withdraw your consent for cookie-based data processing at any time here.
If you would like to exercise any of the above rights, please write to us at privacypolicy@hostxls.com and we will take care of your request immediately.
Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with the supervisory authority responsible for data protection at any time. Here you will find the contact information for the UK Information Commissioner’s Office:
Information Commissioner’s Office
Einsteinlaan 10
2719 EP Zoetermeer
South Holland
Personal data managed by you
Our customers use our services to host, transmit or process data on our hosting platforms, which may include personal data of their own customers. In this scenario, it is our customers who stipulate the process for collecting their customers’ data. Most importantly, we do not have knowledge of or view, share or collect this specific customer data. In accordance with our Privacy Notice, it is our customers who are responsible for managing the security of their customers’ data which they upload to our platforms. Customers are responsible for encrypting data that is uploaded to our network and ensuring access to our platforms are secure. Our relationship is with our customers directly and there is no agreement in place between us and our customers’ customers.
Third Party Data Processing
In this section, End Users are defined as individuals who visit, access, use and/or interact with our Customers’ websites or email account. When an End User visits a customer website or send/receives email from a customer email address, we process Personal Data contained in server logs. Such Personal Data may include IP address and name of individual (if contained within a domain name or email address).
Internal Audit Processing
HOSTXLS.com. also processes the data to the extent necessary for its internal administrative purposes, in particular to carry out internal audits.
The legal basis for performing the internal audits is the legitimate interest of HOSTXLS.com. and its affiliated group companies in the monitoring of corporate activities by the executive body of a company pursuant to the Companies Act 2006 in conjunction with the recognised standards of the Institute of Internal Auditors (IIA).
HOSTXLS.com. is a company within the Bewogenzorg Group, Netherlands. The performance of the internal audit tasks is assigned to Bewogenzorg BV. Bewogenzorg is a controller and as such is subject to the requirements of the European General Data Protection Regulation (GDPR). In principle, it processes the data in the territory of the Netherlands, in a member state of the European Union or in another state party to the Agreement on the European Economic Area and only for the purposes of the audit. The specific purpose and subject matter, type and scope of the processing and transfer of personal data, the type of personal data concerned and the group of data subjects are set out in each audit assignment, which is determined by Bewogenzorg BV in consultation with HOSTXLS.com. The results of the audits can also be shared with affiliated group companies.
Any affected person can also assert their data subject rights for processing by Bewogenzorg either against them or against HOSTXLS.com..
Additionally:
We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content. Therefore, any video, image, or other content posted, uploaded or otherwise made available by you on your website, whether published or not, is not subject to our Privacy Notice.