Privacy Policy

Last updated: 2025-10-12

This Privacy Policy explains how Secure Hosting OÜ (“Provider”, “we”, “us”) collects, uses, shares, and protects personal data in connection with our hosting services, software development, and consulting activities. We comply with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

1. Data Controller

The Data Controller is Secure Hosting OÜ, located at Sepapaja tn 6, 15551, Tallinn, Estonia, Email: securehostingmuenchen@gmail.com.

2. Categories of Data We Process

2.1 Hosting Services

• Customer account details (name, address, email, phone, payment info).
• Technical data (IP addresses, log files, usage statistics).
• End-user data stored on our servers (content, emails, databases, etc.) — processed only on behalf of our customers.

2.2 Software Development

• Business contact information of customer representatives.
• Project-related data (documents, test datasets, source code).
• Personal data provided by the customer for testing or integration (processed only as instructed by the customer).

2.3 Consulting Services

• Business contact details of participants.
• Information necessary to perform analysis, reports, or advisory services.

3. Purposes and Legal Bases of Processing

• Contract performance: To provide hosting, software development, and consulting services (Art. 6(1)(b) GDPR).
• Legal obligations: To comply with tax, accounting, and regulatory requirements (Art. 6(1)(c) GDPR).
• Legitimate interests: To improve services, maintain security, and prevent fraud (Art. 6(1)(f) GDPR).
• Consent: For optional marketing communications or use of test data provided with consent (Art. 6(1)(a) GDPR).

4. Data Sharing

We only share personal data when necessary:

• With service providers (e.g., payment processors, datacenter operators) under strict data processing agreements.
• With public authorities if legally required.
• With subcontractors for software development or consulting, bound by confidentiality and GDPR-compliant contracts.

5. International Transfers

Personal data is normally processed within the EU/EEA. If data is transferred outside the EU/EEA, we ensure adequate safeguards such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

• Customer account and billing data: retained for 10 years as required by law.
• Project data: retained for the project duration plus [X months/years] for support, unless otherwise requested.
• Server logs: typically retained for up to 12 months, unless needed for security investigations.

7. Security Measures

We implement technical and organizational measures (encryption, access control, backup, monitoring) to protect personal data against loss, misuse, or unauthorized access.

8. Customer and End-User Responsibilities

When customers use our hosting or software development services, they act as Data Controllers for the personal data they store or process. We act as Data Processor under GDPR and will only process such data on customer instructions, under a Data Processing Agreement (DPA).

9. Data Subject Rights

Individuals have the following rights under GDPR:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, contact us at [Email Address].

10. Cookies and Tracking

Our websites may use cookies for functionality and analytics. Where legally required, we will request consent before setting non-essential cookies.

11. Automated Decision Making

We may use Google Gemini, a generative AI technology, to assist with specific types of data processing. This includes tasks such as summarization, content generation, customer support, and other natural language processing functions.

11.1. Purpose & Scope

Google Gemini may be used to process limited, relevant text data to enhance services such as chat support, report summaries, or internal analysis. We take care to use only the data necessary for the AI tasks performed.

11.2. Data Input to Google Gemini

Only the necessary data is shared with Google Gemini. When feasible, personal data is anonymized or excluded. If any personal data is processed, it is done so lawfully under the appropriate legal basis such as consent, contractual necessity, or legitimate interest.

11.3. Data Retention & Deletion

Any data processed or generated through Google Gemini is retained only as long as necessary for its intended purpose and is deleted or anonymized as appropriate.

11.4. Data Security & Confidentiality

We ensure that all AI-related data processing is subject to strict data security measures and confidentiality agreements. Google, as a subprocessor, is contractually obligated to implement security safeguards and protect user data.

11.5. International Data Transfers

Use of Google Gemini may involve data transfers outside the European Economic Area (EEA). We ensure all such transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs).

11.6. Automated Decision-Making

We do not use Google Gemini to make automated decisions that have legal or similarly significant effects on individuals. If we introduce such features, users will be informed, and appropriate rights (such as human review) will be provided.

11.7. Transparency & Updates

We will update this policy as necessary if our use of generative AI technologies evolves. We are committed to transparency and will notify users of any material changes.

12. Updates to this Policy

We may update this Privacy Policy to reflect legal or operational changes. We will inform customers of any material changes in advance.