data protection

Privacy policy

Please read the terms bellow

Below you can see our new GDPR compliant privacy policy.

Privacy policy ServerGalactic Ltd.

For ServerGalactic Ltd. (” SERVERGALACTIC”), protecting your personal data is a priority. We comply with all relevant data protection legislation and the following privacy notice is intended to provide transparency about how we handle your personal data.

Personal data and the provision of services

When you order one of our products, we only ask for information that is essential to deliver our products and services to you or for invoicing reasons. In most cases this is limited to name, address, contact data and bank details.

Contract and invoicing data

Prior to sign up
On the SERVERGALACTIC web pages we offer prospective and actual customers practical tools and services, for example, to check how easy it is to locate your website or company on the Internet. The tool needs only some basic address data. For the best results and continuous improvement of our services, your entries are recorded anonymously.

Sign up
Upon ordering our products, we ask for data we need to provision the services. Your data is stored securely on our systems and you are able to access and change your data in our control panel. Information on how you access the control panel will usually be sent by email or alternatively by post.

Billing
In order to provide you with transparent billing, it is necessary to temporarily store certain usage data. Examples include your configurations of our Cloud-Server or performance of our Webhosting products, if those are the basis for billing. Whether your product usage data is recorded, will be in the respective product chapter in this privacy notice.

Usage and content data

Usage data
We aim to provide quality and reliability but on occasion, issues may arise. In order to react quickly, it may be necessary to temporarily record usage and traffic data to provide to our Support staff. We do this to ensure we fulfil our obligations to you and to design products and services aligned to your needs

Content data
We offer certain products, for example, online storage or email accounts, where personal files may be stored. These files are automatically encrypted and may only be viewed by individuals with access rights. In order to protect your data and for maintenance purposes, we create and file encrypted backups. The file contents of these backups cannot be decrypted or viewed by us.

Usage of your data

The usage of your personal data
Some of your personal data we need for processing your order and for providing customer focused services.

Data processing upon receiving your order
Our commitment to you is to provide value for money top products and services to our customers. In order to ensure smooth and trouble-free order processes, your order is thoroughly vetted and invest in fraud prevention before confirming your contract.

Contract and customer information
You will receive the order confirmation and information by email. We use the email address you have provided to order the product. You will also receive your invoices and helpful information in the same manner.

Product information
In order to fully capture the benefits of our products, we send you tips, tricks and useful complementing product solutions by email and control panel. We may also inform you about interesting new products via telephone, provided that you have consented to receive such information. . If
you wish to stop receiving information of this kind, you can always revoke your consent in the control panel.

Usage data as part of our services and products
Certain data is recorded during the use of our products and services to enable us to identify issues with our products and to continuously improve our products and services. We implement a range of technological and organizational measures to protect your privacy and ensure the safety of your personal data.

Personal data managed by you
Our customers use our services to host, transmit or process data on our hosting platforms, which may include personal data of their own customers.
In this scenario, it is our customers who stipulate the process for collecting their customer’s data. Most importantly, we do not have knowledge of or view, share or collect this specific customer data.

In accordance with our Privacy Notice, it is our customers who are responsible for managing the security of their customers’ data which they upload onto our platforms. Customers are responsible for encrypting data that is uploaded to our network and ensuring access to our platforms are secure.

Our relationship is with our customers directly and there is no agreement in place between us and our customers’ customers.

Additionally:
We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content. Therefore, any video, image, or other content posted, uploaded or otherwise made available by you onto your website, whether published content or not, is not subject to our Privacy Notice.

Opinion polls
In order to offer you the best possible products and services, we do need your support. Therefore, we send out surveys to our customers from time to time via email or provide them on our websites. Participation in these surveys is optional and you may revoke your consent to receiving opinion polls from us after the first email.

Improving our products and services
We have a legitimate interest to analyze the data we collect to improve our products and services. We use a variety of methods and tools to do this. As described in this policy, we collect data that relates to you; your usage of our products and services; and your interactions with us, for example when we send you correspondence, you contact our Customer Care department, or complete a survey. We also collect public data and data from third-parties to better understand our customers‘ needs. We protect your privacy through a range of technical and organizational measures tailored to each situation and respect your choices about how we use your data.

Transferring data to third parties


External partner companies
As we work with selected partners to offer you a wide range of products and sometimes act as an intermediary for our partners, it is necessary to transfer certain personal data to third parties, for example, registering domain names or issuing SSL certificates.

Law enforcement
Occasionally, we are obliged to disclose personal data to prosecution authorities and courts for law enforcement purposes. We always ask for the correct paperwork before disclosing any information.

Reporting of faulty products and fraud
In case of faulty products or disagreements and we are committed to seek amicable solutions. Is this not possible, we evaluate the situation carefully, when and to whom we report faulty products or fraudulent usage.

Cookies

Service specific data protection information

Website Live-chat

Purpose of processing
Quality Assurance

Categories of personal data
Content data, usage data, traffic data

Legal basis
Legitimate Interests, Art 6(1) lit. f GDPR

Retention period
Up to 90 days



Domain Check

Purpose of processing
Domain name requests are stored and processed to improve the domain name suggestion and products. This requests will never be used by SERVERGALACTIC to register domains on own behalf.

Categories of personal data
Processed domain name data are not linked to any customer or contract.

Product specific data protection information

List of our current subprocessors

With some of our products we rely on the expertise of specialised partner companies to ensure that we provide the best possible products and services experience. In the event you cease to use our products and services, we will delete your personal data within a given timeframe.

Address Book

Purpose of processing
Provide central contact management functionality for creating, managing, and synchronizing contact information

Categories of personal data
Contact data, content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit b GDPR

Retention period
30 days after termination of contract

Webhosting

Content Delivery Network CDN

Purpose of processing
Distribute website assets through multiple data centres to increase website performance.

Categories of personal data
Content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Cloudflare, San Francisco, USA
https://www.cloudflare.com/privacypolicy/


SiteLock

Purpose of processing
Protect and clean your website from malware.

Categories of personal data
Content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Retention period
SiteLock stores the webspace of customer for 30 days (the grace period). Deletion of personal data is within 90 days after cleanup.

Subprocessors
SiteLock, Scottsdale, USA

MyWebsite

Current product generation

 

MyWebsite Now

Purpose of processing
The processing and publication of the website, and hosting of the website.

Categories of personal data
Content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Infotechna Ltd., Budapest, Hungary


Content Delivery Network (CDN)

Purpose of processing
Hosting of website; distribute website assets through multiple data centres to maximize website performance.

Categories of personal data
Content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
AWS – Amazon Web Services ‘Cloud Front’, Datacentre Frankfurt, Germany
Amazon Web Services, Inc., Seattle WA, United States


Online Business Card

Purpose of processing
Fast publishing of an online business card. You have the choice of which information will be displayed on this business card. User data will be sent to Google and Facebook in order to display publicly available information.

Categories of personal data
Contact data, content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Google LLC, Mountain View CA, USA
Facebook, Menlo Park CA, USA



Website Translator

Purpose of processing
If you set up multilanguage texts: MyWebsite sends the text content of the website to Google Translate in order to translate the content to one or several other languages.

Categories of personal data
Content data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Google LLC, Mountain View CA, USA


Webfonts

Purpose of processing
Load google webfonts to accelerate loading the website and to enable consistent presentation of the website on various platforms and applications.

Categories of personal data
Usage data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Google LLC, Mountain View CA, USA


Multi Location

Purpose of processing
MyWebsite uses address data to mark one or several locations of a company on a map. Data is sent to the map company Mapbox. This takes place automatically when adding this widget and with additional locations.

Categories of personal data
Address data, content data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Mapbox, Washington D.C., USA

MyWebsite (Vers. 8)

Google Maps

Purpose of processing
MyWebsite 8 transfers address data of the customer to Google in order to prefill address data in the Google maps module or if selected sends another stored address to Google.

Categories of personal data
Address data, traffic data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR

Subprocessors
Google LLC, Mountain View, USA


My Data

Purpose of processing
On the publishing of the MyWebsite homepage customer and other user defined data will be added to the website in schema.org format, in order to support search engines and improve SEO results.

Categories of personal data
Contact data, content data

Legal basis
Performance of a contract, Art. 6(1) lit. b GDPR



 

Domain & SSL Certificate

Domain

Purpose of processing
Registering, transfer, configuration, maintenance and deletion of the domain name

Categories of personal data
Subscriber data

Legal basis
Performance of a contract or at your request prior to entering into a contract, Art. 6 (1) lit. b GDPR

Retention period
Differs for the various top level domains (TLDs) depending on the Registrar Accreditation Agreement (RAA) of the registry.

Subprocessors
A dedicated overview for regitries and escrow provider is available here.


SSL certificate

Purpose of processing
Registering, transfer, configuration, maintenance and deletion of SSL certificates. Automatic processing in MyWebsite products when connecting the domain with the website project.

Categories of personal data
Subscriber data

Legal basis
Performance of a contract, Art. 6 (1) lit. b GDPR

Subprocessors
DigiCert, Lehi UT, USA

Note
In the process of acquisition and maintenance of SSL certificates, SERVERGALACTIC is only an intermediary between the customer and the respective issuer of the SSL certificate. SERVERGALACTIC has no influence on the issuance of certificates and does not accept any liability that the certificate is assigned to the customer and that it will permanently exist.



Microsoft Office 365

Purpose of processing
Usage of Microsoft Office 365, including setting up, configuring and deletion of accounts and users

Categories of personal data
Subscriber data, content data, traffic data

Legal basis
Performance of a contract, Art. 6 (1) lit. b GDPR

Retention period
User data will be stored up to one year after termination of the license.

Subprocessors
Microsoft, Redmond WA, USA
T-Systems International, Frankfurt am Main, Germany







SERVERGALACTIC WebAnalytics

Purpose of processing
Statistical analysis and technical optimization of your website.

Categories of personal data
Anonymized usage and traffic data

Legal basis
Performance of a contract, Art. 6 (1) lit. b GDPR


Server

The following information applies to Managed Cloud, Virtual Private Servers (VPS), Cloud Servers, Dedicated Servers, Dynamic Cloud Servers and Virtual Server products:

With the listed products, you as our custonmer solely control which personal data is beeing processed in which way.

Categories of personal data
In your sole discretion

Retention period
In your sole discretion

Legal basis
In your sole discretion

Subprocessors
In your sole discretion

 

Additionally, the following instructions apply to the use of certain (partial) functions for these products:
Virtual Private Servers (VPS), Cloud Servers, Dedicated Servers, Dynamic Cloud Servers, Virtual Server and Cloud Backup.

 

Cloud Backup

Purpose of processing
Provisioning and the use of Cloud Backup.
Customer service and operation of the platform.

Categories of personal data
Subscriber data, content data, usage data

Legal basis
Performance of a contract, Art. 6 (1) lit. b GDPR

Retention period
Time that the data was stored according to the settings you assigned.
Latest by the end of the contract lifetime.

Subprocessors
Infotechna Ltd, Budapest.

 

 

Transparency is our aim

All data we receive from you during the lifetime of your contract is used primarily to provide the level of service you would expect. We carry out statistical analyses to improve products and services. These analyses are conducted in compliance with data protection legislation and our internal privacy policies and processes.

Your rights
In respect of Art. 15 GDPR you have the right to obtain information as to whether or not your personal data are being processed. You also have the right to have your personal data rectified if it is inaccurate in accordance with Art. 16 GDPR, a right to be forgotten (Art. 17 GDPR), a right to obtain restriction of processing under given circumstances (Art. 18 GDPR) and the right to data portability stated in Art. 20 GDPR. You have the right to
object to the processing of your personal data, as to where the processing is based on Art. 6(1) lit f GDPR.

If you wish to exercise one of these rights, please contact our data protection officer and we get this done for you.

Please email:

office@servergalactic.com

Supervisory authorities

You have the right to file a complaint with any supervisory authority.

Here you will find the contact information for the UK Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113