Privacy Policy changes 2019-05-31 00:00:00 - 2020-02-20 00:00:00

Privacy Policy

Effective date: 2019-05-31

2020-02-20

The data of the Data Controller:

  • Company Name: ServerAstra Informatikai, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
  • Registered seat: 1158 Budapest, Petrence utca 66.
  • Company registration number: Cg. 01-09-873403
  • E-mail: info@serverastra.com
  • Website: serverastra.com
  • Tax number: 13791173-2-42
  • VATID: HU13791173
  • Name of Court of Registration: Metropolitan Court as Court of Registration

ServerAstra Kft. ("ServerAstra Ltd.", "us", "we", or "our") operates the https://serverastra.com website (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, we have to collect and use the information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://serverastra.com/billing/knowledgebase/6/ServerAstra-General-Terms-and-Conditions.html .

The privacy policy of the user's personal data is restricted to natural persons ("Private persons"). This information only covers the handling of personal data of natural persons.

Definitions

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small pieces of data stored on a User's device.

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. We are a Data Controller of your data, when we are providing you the services, maintaining your customer and payment information.

Data Processor (or Service Providers)

Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. We are the Data Processor of your data, when you store your personal data on our devices, servers and other hardware involved in providing the Service. As a Data Processor we shall have an agreement in place with you for data processing, therefore please find information on data processing in our General Terms and Conditions of Services.

Data Subject

Data Subject is any living individual who is the subject of Personal Data.

User

The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, you need to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information is:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City

Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data

We may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Browser manufacturers provide help pages relating to cookie management in their products. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Statistics Cookies. We use Statistics Cookies for analytics purposes to improve our service.

Use of Data

ServerAstra Ltd. uses the collected data for various purposes on a different legal basis:

  • To provide and maintain our Service – GDPR Article 6. (1) b)
  • To notify you about changes to our Service – GDPR Article 6. (1) b)
  • To allow you to participate in interactive features of our Service when you choose to do so – GDPR Article 6. (1) b)
  • To provide customer support GDPR Article 6. (1) b)
  • To gather analysis or valuable information so that we can improve our Service – GDPR Article 6. (1) f)
  • To monitor the usage of our Service – GDPR Article 6. (1) f)
  • To detect, prevent and address technical issues – GDPR Article 6. (1) b)
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or inquired about unless you have opted not to receive such information GDPR Article 6. (1) a)
  • To issue our invoices and complete our tax obligations – GDPR Article 6. (1) c) – Section 78 (3) on Tax Proceedings and Section 169 of Act C of 2000 on Accounting.
  • To provide and manage customer support and complaint services – GDPR Article 6. (1) c.) – Section 17/A on the Act CLV of 1997on Customer Protection.

Retention of Data

ServerAstra Ltd. will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

After the termination of the agreement, in cases where the legal basis on which we were processing your data was based on GDPR Article 6. (1) b) or GDPR Article 6. (1) f), the retention period is set to be 5 years after the termination of our agreement, since we have a legitimate interest to defend ourselves should you have any claim against us in connection with our services. This five years lapse period is based on Section 6:22 of the Hungarian Civil Code.

In cases where the legal basis on which we were processing your data was based on GDPR Article 6. (1) a) we only process your data until you decide to withdraw your consent to the data process or your contract with us has been ceased.

In cases where the legal basis on which we are processing your data was based on GDPR Article 6. (1) c) the legal retention period is set by mandatory laws:

  • To issue our invoices and complete our tax obligations – 8 years – Section 78 (3) on Tax Proceedings and Section 169 of Act C of 2000 on Accounting.
  • To provide and manage customer support and complaint services – 5 years – Section 17/A on the Act CLV of 1997on Customer Protection.

ServerAstra Ltd. will also retain Usage Data for internal analysis purposes only for as long as is necessary for the purposes set out in this Privacy Policy.

Usage Data is processed on the legal basis of GDPR Article 6. (1) f) and this data is retained for 6 months, the data is used to strengthen the security, to identify breaches and resolve security issues and thus improve the functionality of our Service.

Transfer Of Data

If you are located outside Hungary and choose to provide information to us, please note that your Personal Data is processed within the EU, in Hungary, and certain information, including Personal Data, may be transferred outside of the EU where the data protection laws may differ than those from your jurisdiction. Please note that some of the data processors, we use to provide our services, such as domain registrars and backup service providers are located outside of the EU, therefore your consent to this Privacy Policy followed by your registration and concluding the agreement with us represents your agreement to the transfer of your Personal Data outside of the EU to the persons and locations defined in this Privacy Policy in line with GDPR Article 49 (1) b), since to the transfer it is necessary for the performance of the contract or the implementation of pre-contractual measures taken at your request.

ServerAstra Ltd. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.

Disclosure Of Data

Business Transaction

If ServerAstra Ltd. is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, ServerAstra Ltd. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

ServerAstra Ltd. may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of ServerAstra Ltd.
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Domain Registration

If you order domain registration service from us, ServerAstra Ltd. must disclose your Personal Data to the following registrar company to register your domain:

Enom, LLC

5808 Lake Washington Blvd. NE, Suite 201
Kirkland, WA 98033, USA
You may find further information on the data process of the domain registrar at the following website: https://www.enom.com/terms/privacy.aspx
Valid from: 2018.12.13.

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. In case of known breach we have necessary procedures in place to inform Hungarian data protection authorities and the affected Data Subject of such breach.

We provide the appropriate level of data security which include, but are not limited to, (i) your data is stored in a secure technical environment, we are not making it available to the public (ii) only properly identified employees of our company and our business partners have access to your data (iii) data is encrypted by using industry standards SSL communication or SSH2 with AES128-AES256 cryptography; (iv) we use industry standard and PCI-DSS compliant SSL encryption for web/HTTP communications (v) our data is stored physically in Budapest server room (vi) we use encryption when sending data to Registers, registrars, resellers, back up service providers, (vii) we regularly test and evaluate our security actions and improve them; (vii) we check your identification before you are exercising yours rights in order to protect your data; (viii) We perform continuous backups of our data.

"Do Not Track" Signals

We support Do Not Track ("DNT") and disable analytics and statistics collection for browsers reporting this header. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Rights

ServerAstra Ltd. aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In addition please be informed on your rights related to our data process:

  • You have the right to ask information in writing whether a data process of your Personal Data is in progress by ServerAstra Ltd. You shall have the right to obtain from ServerAstra confirmation as to whether or not Personal Data concerning you are being processed and if that is the case, the ServerAstra Ltd shall inform you on the purposes of the processing, the categories of Personal Data concerned, the legal base of the process, the data source, the period of the process and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries.
  • You have the right to have any of your Personal Data corrected without delay and have your data completed by ServerAstra Ltd. For example you may change your email address or password at any time.
  • You have the right to the erasure of Personal Data concerning you without delay where one of the following grounds applies:
    1. the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
    3. you object to the processing and there are no overriding legitimate grounds for the processing;
    4. the Personal Data have been unlawfully processed;
    5. the Personal Data have to be erased for compliance with a legal obligation applicable for ServerAstra Ltd;
    6. the Personal Data have been collected in relation to the offer of information society services to children.
  • You have the right to have your Personal Data blocked or have the data processing restrainedwhere one of the following applies:
    1. the accuracy of the Personal Data is contested, for a period enabling the ServerAstra Ltd. to verify the accuracy of the Personal Data;
    2. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead;
    3. ServerAstra Ltd. no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
    4. You have objected to processing; pending the verification whether the legitimate grounds of the controller override those of the data subject.Where processing has been blocked/restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Such block/restraint shall last until the data storage is required by the reason named by you.
  • You have the right to receive the Personal Data concerning you, which you have provided to ServerAstra Ltd, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from ServerAstra Ltd to which the Personal Data have been provided, where the processing based on your consent or on a contract and the processing is carried out by automated means. In exercising your right to data portability you shall have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.
  • You have the right to object at any time against the process of your Personal Data by ServerAstra Ltd or a third party. ServerAstra Ltd shall no longer process the Personal Data unless ServerAstra Ltd demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for your establishment, exercise or defense of legal claims. Via any of the above given contacts in writing or in e-mail where Personal Data are processed for direct marketing purposes, you shall have the right to object at any time against the process of your Personal Data for marketing purposes, in which case your Personal Data shall no longer be processed for such reasons.

ServerAstra Ltd does not make decisions based solely on automated processing, including profiling. In case ServerAstra Ltd introduces the referred decision-making process, ServerAstra Ltd will inform you beforehand via e-mail about the applied logic and method. In this case you will have the right for human intervention on the part of ServerAstra Ltd, to express your point of view and to contest the decision.

If you ever experience an unlawful data process, please notify us via email or chat before initiating a legal procedure, and by doing so we have the opportunity to restore the lawful operation if applicable. Please note that we may ask you to verify your identity before responding to such requests. Moreover, should your rights related to your Personal Data be breached, you may file a petition to the court having competency according to your residential address. You may also turn to the Hungarian National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.) if you believe that your rights related to your Personal Data is being breached.

ServerAstra Ltd. shall give response to your requests within 30 days by email or using the contact data provided by you via mail or email.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service:

  • Google:

    Google LLC, Mountain View
    1600 Amphitheatre Parkway
    Mountain View CA
    94043 United States

    European Addresses:
    https://www.google.com/about/locations/?region=europe

    We use Google Analytics in order to better understand our users' needs and to optimize this service and experience. Google Analytics is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our service with user feedback.
    Google Analytics uses cookies and other technologies to collect data on our users' behaviour and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website).
    Google Analytics stores this information in a pseudonymized user profile. Neither Google nor we will ever use this information to identify individual users or to match it with further data on an individual user.

    For further details, please see Google's privacy policy by clicking on: https://policies.google.com/privacy

    You can opt-out to the creation of a user profile, Google's storing of data about your usage of our site and Google's use of tracking cookies on other websites by selecting privacy options at the bottom of the page or clicking this link.

  • Smartsupp Smartlook:

    Smartsupp.com, s.r.o.
    Company reg. no.: 03668681
    VAT ID: CZ03668681
    Milady Horakove 13
    Brno, 602 00
    Czech Republic

    Smartsupp Smartlook is an interaction activity recording service for the website. We use Smartsupp Smartlook to improve website operation and on-boarding for website visitors. This service does not process any personal data as the processing of forms and IP addresses is explicitly disabled for our website.

    Their privacy policy can be reached here: https://www.smartsupp.com/help/privacy/

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Backup storage services

ServerAstra provides information security by performing continuous backups and uses third party backup providers to store this data. Backup storage providers receive and keep the data in encrypted form. We store the data in the backups for a period of 1 year maximum based on technical assessment to be able to restore the systems in case of unplanned data corruption or system failure in line with Article 32 (c) of the GDPR.

We use the following backup service providers:

  • Crashplan SMB:

    Code42 Software, Inc.
    100 Washington Ave. S, 20th Floor
    Minneapolis, MN 55401
    United States

    Code 42 Software UK LTD
    Third Floor – The Pearce Building
    West Street, Maidenhead SL6 1RL
    United Kingdom
    Attention: General Counsel

    Code 42 Software UK LTD
    Third Floor – The Pearce Building
    West Street, Maidenhead SL6 1RL
    United Kingdom

    Code42 Software GmbH
    Luise-Ullrich-Straße 20
    80636 München
    Deutschland

    Their privacy policy can be reached here: https://www.code42.com/privacy-statement/

Instant Messaging (IM) and Chat

ServerAstra Ltd. operates part of their support system and internal communications via instant messaging systems.

We use the following IM/Chat service providers:

  • Telegram:

    Telegram UK Holdings Ltd
    71-75 Shelton Street
    Covent Garden, London
    England, WC2H 9JQ

    Telegram chats use end-to-end encryption. This means that all data is encrypted with a key that only you and us may know.

    Their privacy policy can be reached here: https://telegram.org/privacy

  • Smartsupp:

    Smartsupp.com, s.r.o.
    Company reg. no.: 03668681
    VAT ID: CZ03668681
    Milady Horakove 13
    Brno, 602 00
    Czech Republic

    Smartsupp is an online chat popup app for the website. We use Smartsupp to facilitate fast contact with the customer and on-boarding for website visitors. The chat transcripts are retained for 3 months. The personal data entered into the chat forms is processed by Smartsupp to securely deliver emails with chat transcripts

    For details on which data is processed you can reach their privacy policy here: https://www.smartsupp.com/help/privacy/

Site Security

ServerAstra Ltd. uses third-party audit and penetration testing for their network and web assets to provide customers with security and protection. A tiny proof of such protection is a security seal.

To display a security seal we use the following providers:

  • Sitelock:

    Sitelock performs website checks for known vulnerabilities and issues.

    Sitelock, LLC

    By mail: Attn: GDPR Owner 8701 East Hartford Drive Suite 200
    Scottsdale
    AZ 85255 USA

    By phone: U.S. (877)257-9263 or International: (415) 390-2500

    By email: privacy@sitelock.com

    Their privacy policy can be reached here: com/privacy-policy" title="Sitelock Privacy Policy">https://www.sitelock.com/privacy-policy

  • Google reCAPTCHA

    Google LLC, Mountain View
    1600 Amphitheatre Parkway
    Mountain View CA
    94043 United States

    European Addresses:
    https://www.google.com/about/locations/?region=europe

    We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human and not an automated program. reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This operations starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

    For further details, please see Google's privacy policy by clicking on: https://policies.google.com/privacy

Resellers

If the service that you have ordered or the payment you requested is not available at ServerAstra, ServerAstra shall forward your data to resellers when if you have previously informed us, that you agree to the transfer of your data, because you have decided to order their services instead of ServerAstra. When we are transferring data to resellers we are using cryptographically secure channels up to the highest industry standards only and transfer only the data filtered for them specifically.

List of our certified resellers:

  • Currently there are no certified resellers of our services

Accountants

ServerAstra Ltd. is performing its accounting obligation via a reliable accounting company working to the highest standards. ServerAstra Ltd. needs to disclose part of your Personal Data that is necessary to process for accounting purposes (such as your identification data represented on the invoices and on the agreement and transaction data as well as data provided by our payment processing third parties) to that company. The accounting company is processing your Personal Data based on a DPA and its own privacy policy.

Our Accountant Company is:

  • Next Accounting Kft.

    1132 Hungary, Budapest
    Váci út 22-24.
    7. emelet

    1132 Hungary, Budapest
    Váci út 44. 3.
    emelet 1 ajtó

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us: