Privacy Policy

This Privacy Policy explains how Webhosting Services Ltd (referred to as “we,” “us,” or “our”) collects, uses, stores, discloses, and protects your personal data when you access or use our services, including hosting, domain registration, virtual and dedicated servers, and related products (collectively, “Services”), as defined in our Terms of Service (“ToS”). By using our Services, you agree to the practices described in this Privacy Policy and the ToS, subject to applicable laws.

We are committed to complying with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”) and other relevant international laws. Webhosting Services Ltd is located at Prestige Business Center, bul. “Patriarh Evtimiy” 49, 4th floor, 1463 Sofia, Bulgaria (VAT No: BG207127194) and acts as the data controller for personal data processed in connection with the Services. As an EU-based entity, we ensure full GDPR compliance for all customers and adhere to applicable data protection laws globally, as referenced in our ToS.

When you use our Services to process personal data (e.g., hosting customer data on our servers), you act as the data controller, and we act as a data processor on your behalf, as outlined in ToS Section 5.6. As a processor, we process such data solely per your instructions, this Privacy Policy, and the ToS. You, as the data controller, are responsible for ensuring compliance with applicable data protection laws for the content you upload or process through our Services. We disclaim liability for any data you process or upload, to the fullest extent permitted by law (ToS Section 14).

Legal Bases for Collecting, Processing, and Storing Your Personal Data

We collect and process your personal data pursuant to applicable legal bases under GDPR Article 6(1) and equivalent principles in other relevant laws, such as:

  • Consent (GDPR Article 6(1)(a)): Where you provide explicit consent for specific processing activities (e.g., newsletters or marketing).
  • Contractual Necessity (GDPR Article 6(1)(b)): To perform a contract with you, such as providing Services under the ToS (Section 2).
  • Legal Obligation (GDPR Article 6(1)(c)): To comply with legal requirements, such as tax reporting or law enforcement requests in applicable jurisdictions.
  • Legitimate Interests (GDPR Article 6(1)(f)): For purposes such as fraud prevention, cybersecurity, improving Services, or defending legal claims, provided these interests do not override your fundamental rights and freedoms.

Purposes of Collecting, Processing, and Storing Your Personal Data

We collect and process personal data for the following purposes, in compliance with GDPR and applicable international laws, and as permitted by the ToS:

  • Account creation and management to provide access to our Services worldwide (ToS Section 2).
  • Execution of contracts for hosting, domain registration, or server services (ToS Section 2).
  • Event registration for webinars, workshops, or other activities we organize.
  • Billing, accounting, and payment processing in compliance with local regulations (ToS Section 12).
  • Statistical and analytical purposes to improve our Services globally.
  • Ensuring the security and integrity of our systems and Services (ToS Sections 4, 7).
  • Delivering contractual Services, including technical support via ticketing systems (ToS Section 1).
  • Sending service-related communications (e.g., updates, expiring Services, or platform improvements).
  • Marketing and promotional communications (with your consent or where permitted by law).
  • Complying with legal obligations, such as tax reporting or responding to lawful requests from authorities in relevant jurisdictions.

We adhere to the following principles when processing your personal data, as required by GDPR and applicable international laws:

  • Lawfulness, Fairness, and Transparency: Processing data lawfully and clearly communicating our practices.
  • Purpose Limitation: Collecting data only for specified, legitimate purposes.
  • Data Minimization: Collecting only what is necessary for the intended purpose.
  • Accuracy: Ensuring data is accurate and up-to-date.
  • Storage Limitation: Retaining data only for as long as necessary or required by law.
  • Integrity and Confidentiality: Implementing appropriate technical and organizational measures to secure your data.

We disclaim liability for claims arising from processing necessary to comply with legal obligations or protect our legitimate interests, including fraud prevention, cybersecurity, or legal defense, to the fullest extent permitted by law (ToS Section 14).

Types of Personal Data We Collect, Process, and Store

We collect and process the following categories of personal data for the specified purposes, as permitted by the ToS:

Category Examples Purpose Legal Basis
Identifying Data Name, surname, email address, country, phone number User registration, communication, contract execution, and marketing (with consent) Contract, consent, or legitimate interests
Additional Profile Data Contact details or preferences you voluntarily provide Enhancing your account experience Contract or consent
Technical Data IP address, device information, browser type Security, fraud prevention, analytics, and Service optimization (ToS Sections 4, 7) Legitimate interests or contract
Billing Data Payment details, personal identification number (for invoices) Processing payments and issuing invoices (ToS Section 12) Contract or legal obligation

We do not collect or process special categories of personal data (e.g., racial or ethnic origins, political opinions, religious beliefs, health, or biometric data) unless explicitly required by law and with your consent. As per ToS Section 4, we are not responsible for the accuracy of data you provide or for any content you upload to our Services. We disclaim liability for claims arising from inaccurate or unlawful data you provide, to the fullest extent permitted by law.

We use third-party services (e.g., MaxMind, FraudRecord) to screen orders for fraud or abuse globally, as permitted by ToS Sections 2.3 and 12.2. Orders are subject to manual review, and we may report violations to these services at our discretion. We disclaim liability for decisions based on such screenings, to the fullest extent permitted by law.

Retention Period for Your Personal Data

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, the ToS, or as required by applicable laws (e.g., tax records may be retained for up to 10 years under Bulgarian/EU law or longer if required by other jurisdictions). Upon account termination or contract expiration (ToS Section 13), we delete or anonymize your data promptly, except where retention is required for legal compliance or defense against claims. You will be notified if retention is extended for legal purposes. We reserve the right to retain data as needed to comply with legal obligations or protect our interests, to the fullest extent permitted by law (ToS Section 14).

Transfer of Your Personal Data

Your personal data may be transferred to third-party processors (e.g., payment processors, domain registrars, analytics providers, or external AI service providers for enhanced technical support efficiency) for the purposes outlined in this Privacy Policy and the ToS (e.g., Sections 3, 12). Data may be stored or processed in the USA, Canada, Singapore, Australia, the EEA, or other jurisdictions where we or our processors operate servers. For transfers outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions, as required by GDPR Article 46. By using our Services, you acknowledge and consent to these transfers where necessary for Service provision. We disclaim liability for third-party actions beyond our reasonable control, to the fullest extent permitted by law (ToS Section 14).

For domain registrations, we share necessary data with registrars, who act as independent data controllers, as outlined in ToS Section 3.1. We are not liable for their data processing practices, to the extent permitted by law.

Your Rights Regarding Your Personal Data

Under GDPR and other applicable regulations, you have the following rights regarding your personal data, subject to certain conditions and limitations, as aligned with ToS Section 13:

  • Right to Withdraw Consent: You may withdraw consent at any time via your account settings or by contacting us at [email protected]. Withdrawal may prevent us from providing certain Services if the data is essential (ToS Section 13).
  • Right of Access: You may request confirmation of whether we process your data, access a copy of your data, and obtain related information (free of charge, subject to reasonable limits).
  • Right to Rectification: You may correct inaccurate or incomplete data via your account or by contacting us.
  • Right to Erasure (‘Right to be Forgotten’): You may request deletion of your data where it is no longer necessary, consent is withdrawn, or other GDPR grounds apply. We may retain data if required by law or for legal claims (ToS Section 13).
  • Right to Restriction of Processing: You may request restriction of processing in cases such as contested accuracy or unlawful processing.
  • Right to Data Portability: You may receive your data in a structured, commonly used, machine-readable format or have it transferred to another controller, where technically feasible.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes, including profiling.
  • Right to be Informed: We will inform you of any corrections, erasures, or restrictions made to your data, unless impracticable or disproportionate.
  • Right to Lodge a Complaint: You may file a complaint with a supervisory authority (e.g., the Bulgarian Commission for Personal Data Protection or another relevant EU Data Protection Authority) if you believe your rights have been violated.
  • Rights in Case of Data Breach: We will notify you of any data breach posing a high risk to your rights and freedoms without undue delay, as required by GDPR Article 34 or applicable law.

To exercise these rights, contact us at the addresses provided in ToS Section 8 ([email protected]). We will respond within one month, extendable by two months for complex requests, as permitted by GDPR. Identity verification may be required. We disclaim liability for delays or refusals due to excessive, unfounded, or unverifiable requests, to the fullest extent permitted by law (ToS Section 14). For data processed as a processor, we will assist you as the controller within the scope of our contractual obligations as outlined in the ToS, but we bear no liability beyond these obligations.

Cookie Policy

We use cookies and similar technologies to enhance functionality, performance, and user experience, as permitted by the ToS. You may manage cookie preferences via your browser settings or our cookie consent tool, where available, per ToS Section 16.3, particularly for EU users. We use the following types of cookies:

  • Essential Cookies: Necessary for core functionality (e.g., session management). No personal data is collected.
  • Functional Cookies: Enable personalization of your experience (e.g., remembering preferences).
  • Analytics Cookies: Track performance and usage (e.g., Google Analytics). Opt out via Google Analytics opt-out.
  • Advertising Cookies: Deliver targeted ads (e.g., Google Ads, Meta Ads, X Ads). Opt out via respective privacy policies: Google, Meta, X.
  • Third-Party Cookies: For integrations like social media sharing (e.g., X, Meta). Review third-party privacy policies for details and opt-out options.

For more information, visit allaboutcookies.org. We disclaim liability for third-party cookie practices, to the fullest extent permitted by law (ToS Section 14).

Security Measures

We implement technical and organizational measures to protect your personal data, including encryption, access controls, and regular security audits, as referenced in ToS Section 4. However, no system is completely secure, and we disclaim liability for unauthorized access or breaches beyond our reasonable control, to the fullest extent permitted by law (ToS Section 14).

Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or business changes, as permitted by ToS Section 16.3. Significant updates will be communicated via email or through our Services, as required by law. Continued use of our Services after updates constitutes acceptance of the revised policy, as outlined in the ToS.

Contact Information

For questions, concerns, or to exercise your rights, contact Webhosting Services Ltd at Prestige Business Center, bul. “Patriarh Evtimiy” 49, 4th floor, 1463 Sofia, Bulgaria, or via [email protected]. GDPR-related inquiries may be directed to the same contact or, if a Data Protection Officer is appointed, to the designated DPO email, as per ToS Section 8.

Updated: February 05, 2026