Privacy Policy

This policy describes how WebServiceStudio LLC manages and uses client’s personal data and visitor’s personal data following the latest laws on the topic. This policy is subject to being updated, the updates will be published on our website.

Responsible for the data

The responsible for personal data collected through our website is WebServiceStudio LLC, based in 30 N GOULD ST STE R, SHERIDAN WY 82801, EIN: # 61-1867672, USA.

Rights of the clients and visitors

Our clients and visitors have the following rights:

The right to ask and get confirmation about the existence of personal data regarding him

The right to be informed about the following:

  1. The origin of such data
  2. How this data is handled
  3. The logic used to handle personal data
  4. The third parties interested that could know his personal data

The right to obtain:

  1. update of the data
  2. deletion of data from our systems
  3. the confirmation of what stated at 1 and 2

What information doesSupportHost collect from its Users?

SupportHost collects different types of personally identifiable information in order to be able to provide its services to You. Such information may include but is not limited to name, mailing address, telephone numbers, email addresses, credit card information and other. Users provide all such information voluntarily through various order forms, email messages sent to SupportHost, LiveChat, telephone, etc.

SupportHost also collects different types of non-personally identifiable information that may include referral URL’s, Users’ IP addresses, Users’ use of website, information about the browsers used by the User, etc. Some of this information is collected through Cookies, which are small pieces of data that are sent to your browser from a web server and are stored on your computer’s hard drive and helpSupportHost identify you as the User. You have the choice to modify your browser and thus to reject the Company’s cookies.

 

Other data collected by SupportHost

SupportHost collects other data that do not allow to identify the customer as for example (but not limited to) the refering url, IP addresses and information about the browser.

Some of this informations are collected using Cookies and used to identify that person as one of our users. It’s client’s responsibility to set the browser to no accept SupportHost’s cookies. All informartions related to cookies are included in our Cookie Policy.

Data processing system

Personal data will be processed by automated and manual means, for the duration strictly necessary for the purposes of processing the same.

Purposes of the processing of personal data by SupportHost

  1. SupportHost collects and uses personal data in order to provide the service requested by the user, guaranteeing all necessary support
  2. SupportHost can use the collected data for the periodic sending of communications regarding changes to services, new features, updates, promotional activities and so on. We may use personal data to send a text message in case of problems that could cause the service to be interrupted.
  3. SupportHost can use the collected data for the purpose of understanding how users use the service and perform analyzes in order to improve the user experience
  4. SupportHost can use data to resolve disputes related to possession
  5. SupportHost processes personal data for the fulfillment of the legal directives required by local authorities and competent bodies. The provision of personal data is mandatory and their processing does not require the user’s consent.

The provision of personal data required for the purposes listed in points 1 to 4 is not mandatory, but in case of refusal we reserve the right not to activate the purchase order of the services or limit their use.

Does SupportHost disclose Users’ information to third parties?

All personal information collected by SupportHost is treated as strictly confidential. We may disclose User’s personal information if required by law. We may disclose part of Users’ personal information to our business partners, independent contractors or other third parties when this is required in order to provide the services you have ordered. For example: your Credit card information may be provided for payment confirmation and verification to the partnering entity involved in processing your payment; the personal information of anyone who uses SupportHost domain name registration services is available in the public WHOIS searches as required by the domain name registration regulations; your personal and business related information may be provided to the SSL certificate provider with whom SupportHost cooperates for providing you with the SSL certificate service, etc. The use of any data provided by SupportHost to these partnering service providers is governed by their own Privacy Policies and is beyond SupportHost’s control.

SupportHost may transfer Users’ personal information on the occasion of a sale of the company’s business.

What does SupportHost do to prevent loss, misuse or alteration of Users information?

We guarantee that we strictly apply all industry standard security measures to protect your personal information. Such measures include without limitation: data encryption, password protected access to Users’ personal information, limited access to the sensitive data, encrypted transfer of sensitive data submitted by the User through SupportHost’s order forms, login forms etc. There may be security and privacy limitations, which are beyond SupportHost’s control. By choosing to provide personal information to SupportHost you understand and agree that the security, integrity and privacy of your information cannot be 100% guaranteed.

SupportHost reserves the right to change this Privacy Policy at any time. Such changes will become effective and binding after their posting on the SupportHost website. You agree to regularly review this Privacy Policy for revisions and updates. By continuing to use SupportHost’s services and website after any posted revision, you agree to those changes.

In detail:

I. Confidentiality

• Physical access control

• electronic physical entry control system with log

• high security perimeter fencing around the entire data center park

• documented distribution of keys to employees and colocation customers for colocation racks (each Client only for his rack)

• policies for accompanying and designating guests in the building

• data center staff present 24/7

• video monitoring at entrances and exits; security door interlocking systems and server rooms

• For people outside of the employment of SupportHost (data center visitors), entrance to the building is only permitted in the company of an employee.

• Monitoring

• electronic physical access control system with log

• video surveillance for all entrances and exits

• Electronic access control

• for dedicated root server, colocation server, and cloud server principal commissions

• server passwords, which, after the initial deployment, can only be changed by Client and are not known to the Supplier

• The Client’s password for the administration interface is determined by the Client himself; the password must comply with predefined guidelines. In addition, the Client may employ two-factor authentication to further secure his account.

• for managed server, web hosting, and storage box principal commissions

• Access is password-protected and only employees of the Supplier have access to the passwords. Passwords must meet a minimum length, and new passwords shall be changed on a regular basis.

• Internal access control

• for the Supplier’s internal administration systems

• The Supplier shall prevent unauthorized access by applying security updates regularly by using state of the art technology.

• a revision-proof, compulsory process for allocating authorization for Supplier employees

• for dedicated root server, colocation server, and cloud server principal commissions

• The responsibility for access control is incumbent upon the Client.

• for managed server, web hosting, and storage box principal commissions

• The Supplier shall prevent unauthorized access by applying security updates regularly by using state of the art technology.

• a revision-proof, compulsory process for allocating authorization for Supplier employees

• Only the Supplier is responsible for transferred data/software with regard to security and updates.

• Transfer control

• Data center parks in Nürnberg and Falkenstein

• Drives that were in operation on canceled servers will be swiped multiple times (deleted) in accordance with data protection polices upon termination of the contract. After thorough testing, the swiped drives will be reused.

• Defective drives that cannot be securely deleted shall be destroyed (shredded) directly in the Falkenstein data center.

• Isolation control

• for the Supplier’s internal administration systems

• Data shall be physically or logically isolated and saved separately from other data.

• Backups of data shall also be performed using a similar system of physical or logical isolation.

• for dedicated root server, colocation server, and cloud server principal commissions

• The Client is responsible for isolation control.

• for managed server, web hosting, and storage box principal commissions

• Data shall be physically or logically isolated and saved separately from other data.

• Backups of data shall also be performed using a similar system of physical or logical isolation.

• Pseudonymization

• The Client is responsible for pseudonymization.

II. Integrity (Art. 32 Para.1 Clause b GDPR)

• Data transfer control

• All employees are trained in accordance with Art. 32 Para. 4 GDPR and are obliged to ensure that personal data is handled in accordance with data protection regulations.

• Deletion of data in accordance with data protection regulations after termination of the contract.

• Encrypted data transmission options are provided within the scope of the service description of the principal commission.

• Data entry control

• for the Supplier’s internal administration systems

• Data is entered or collected by the Client.

• Changes in data are logged.

• for dedicated root server, colocation server, and cloud server principal commissions

• The responsibility for input control is incumbent upon the Client.

• for managed server, web hosting, and storage box principal commissions

• Data is entered or collected by the Client.

• Changes in data are logged.

III. Availability and Resilience (Art. 32 Para. 1 Clause b GDPR)

• Availability control

• for the Supplier’s internal administration systems

• backup and recovery concept with daily backups of all relevant data

• professional employment of security programs (virus scanners, firewalls, encryption programs, spam filters)

• employment of disk mirroring on all relevant servers

• monitoring of all relevant servers

• employment of an uninterruptible power supply system or emergency power supply system

• permanently active DDoS protection

• for dedicated root server, colocation server, and cloud server principal commissions

• Data backup is incumbent upon the Client.

• employment of an uninterruptible power supply system or emergency power supply system

• permanently active DDoS protection

• for managed server, web hosting, and storage box principal commissions

• backup and recovery concept with daily backups of all relevant data depending upon the services booked for the principal commission

• employment of disk mirroring

• employment of an uninterruptible power supply system or emergency

• power supply system

• employment of software firewalls and restricted ports

• permanently active DDoS protection

• Rapid recovery measures (Art. 32 Para. 1 Clause c GDPR)

• For all internal systems, there is a defined escalation chain which specifies who is to be informed in the event of an error in order to restore the system as quickly as possible.

IV. Procedures for regular testing, assessment, and evaluation (Art. 32 Para. 1 Clause d GDPR; Art. 25 Para. 1 GDPR)

• The data protection management system and the information security management system have been combined into a DIMS (data protection information security management system).

• Incident response management is available.

• Data-protection-friendly default settings are taken into account for software development (Art. 25 Para. 2 GDPR).

• Agreement or contract control

• SupportHost employees are regularly instructed in data protection law and are familiar with the procedural instructions and user guidelines for data processing on behalf of the Client also with regard to the Client’s right of instruction. The General Terms and Conditions contain detailed information on the type and scope of the commissioned data processing and use of the Client’s personal data.

• The General Terms and Conditions contain detailed information about the purpose limitation of Client’s personal data.

• SupportHost has appointed a company Data Protection Officer and an Information Security Officer. The data protection organization and the information security management systems integrate both officers into the relevant operational procedures.

Updates to this privacy policy

This policy might change. Such changes will be effective right after they are published on our website. The user will periodically check for updates. Using SupportHost’s services after an update of this policy the user accepts it.