The General Data Protection Regulation (‘GDPR’) is applicable from 25th May 2018 and is designed to give individuals more control over their personal data. The key principles under the GDPR are:

- Lawfulness, fairness and transparency;

- Purpose Limitation;

- Data minimisation;

- Accuracy;

- Storage Limitation;

- Integrity and confidentiality and

- Accountability.

This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

NXTSERVERS SRL operates the NXTHOST( www.nxthost.com, nxthost.ro, my.nxthost.com, my.nxthost.ro) website, which provides the SERVICE.

If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect are used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at https://www.nxthost.com/terms-and-conditions , unless otherwise defined in this Privacy Policy.

1. GDPR DEFINITIONS

Processing

The term “processing” refers to any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations.

Data Controller

A “data controller” refers to a person, company, or other body which determines the purposes and means of processing of personal data.

Data Processor

A “data processor” refers to a person, company, or other body which processes personal data on behalf of a data controller.

Consent

Some types of processing are carried out on the basis that you have given your consent. Under the GDPR, consent to processing must be freely given, specific, and informed. You cannot be forced to give your consent, you must be told what purpose(s) your data will be used for and you should show your consent through a ‘statement or as a clear affirmative action’ (e.g. ticking a box).

Consent is not the only lawful basis on which your personal data can be processed.

Profiling

Profiling is any kind of automated processing of personal data that involves analysing or predicting your behaviour, habits or interests.

Special categories of personal data

Certain types of sensitive personal data are subject to additional protection under the GDPR. These are listed under Article 9 of the GDPR as “special categories” of personal data. The special categories are: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, and data concerning a natural person’s sex life or sexual orientation. Processing of these special categories is prohibited, except in limited circumstances set out in Article 9.

2. YOUR OPERATOR

Your data controller is the Romania based company NXTSERVERS S.R.L. (NXTHOST), with the headquarters in Bucharest, 16 Liviu Rebreanu Street, A4 building, 4th entrance, 3rd floor, 45th, District 3, registered with the Bucharest Trade Register under No. J40/3382/2015, Fiscal Identification Number RO34258382.

For any questions regarding your personal data, please contact us via email at: [email protected] . This email box is permanently monitored and any claim will be solved in maximum 30 days. If the claim requires a longer period, it can be extended with an additional 30 days, after informing the Beneficiary.

3. WHAT DOES PERSONAL DATA MEAN?

The term “personal data” means any information relating to a living person who is identified or identifiable (such a person is referred to as a “data subject”).

A person is identifiable if they can be identified directly or indirectly using an “identifier”. The GDPR gives examples of identifiers, including names, identification numbers, and location data. A person may also be identifiable by reference to factors which are specific to their identity, such as physical, genetic or cultural factors.

Personal data may include: first and last name, address, unique identification number, e-mail address, telephone number, IP, etc.

4. WHOSE DATA WE MAY PROCESS

NXTHOST processes personal data in order to fulfil the legal obligations and to respect the agreements established with its clients as well as for optimising the data flows and internal regulations such that every client will benefit form our permanently improved products and services. Also, from the moment that you become our client, on the basis of your expressed consent, you will be able to receive information related to the legal and fiscal component of your products and services.

5. TO WHAT PURPOSES WE WILL PROCESS THE DATA AND WHO WILL HAVE ACCESS TO IT

The data processing has the sole purpose of providing good services to our clients, as your information will be used exclusively to turning on and running the products and services that you purchased. The legal basis of the processing is represented by our duty to fulfil the agreement established with the client.

Related to service provision, NXTHOST may use your personal data as follows:

• To improve service quality : answer to support tickets

• To improve our website: ask for feedback

• To process payments

• To send periodical emails: various information about the products purchased

In the exceptional case in which a website visitor wishes to subscribe to our newsletter, he may receive emails strictly connected to our services and our company.

6. HOW DO WE STORE DATA?

NXTHOST servers used for shared hosting, VPS and dedicated servers are collocated in Euroweb Datacenter (Bucharest). Our backup system is well implemented and secured and no one but our technical personnel has access to it.

Our clients’ data located on our servers remain the property of the clients.

NXTHOST will not access or use this data unless it is necessary in order to provide a good service functionality (database fix and restore, backup restore, bug fix, etc)

Your data will be processed and stored according to the Romanian legislation regarding accounting obligations, fiscal reporting, archiving, etc.

7. THE RIGHTS OF THE BENEFICIARY

1. The right to be informed;

You have the right to be informed of anything regarding your personal data and its processing by the Data Controller.

2. The right of access;

You have the right to obtain the following, from the data controller:

a) Confirmation of whether or not personal data concerning you is being processed;

b) Where personal data concerning you is being processed, a copy of your personal information;

c) Where personal data concerning you is being processed, other additional information as follows:

- Purpose(s) of the processing;

- Categories of personal data;

- Any recipient(s) of the personal data to whom the personal data has or will be disclosed, in particular recipients in third countries or international organisations and information about appropriate safeguards;

- The retention period or, if that is not possible, the criteria used to determine the retention period;

- The existence of the following rights :

i. Right to rectification

ii. Right to erasure

iii.Right to restrict processing

iv. Right to object and to request these from the controller.

- The right to lodge a complaint with a supervisory authority

3. The right to rectification;

If your personal data is inaccurate, you have the right to have the data rectified, by the controller, without undue delay.

If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information

4. The right to erasure;

This is also known as the ‘right to be forgotten’.

You have the right to have your data erased, without undue delay, by the data controller, if one of the following grounds applies:

1. Where your personal data is no longer necessary in relation to the purpose for which it was collected or processed;

2. Where you withdraw your consent to the processing and there is no other lawful basis for processing the data;

3. Where you object to the processing and there is no overriding legitimate grounds for continuing the processing (See point 6 below).

4. Where you object to the processing and your personal data is being processed for direct marketing purposes (See point 6 below);

5. Where your personal data has been unlawfully processed;

6. Where your personal data have to be erased in order to comply with a legal obligation;

7. Where your personal data has been collected in relation to the offer of information society services to a child.

5. The right to restrict processing;

You can ask your Data Controller to suspend the processing of your personal data in the following scenarios:

a) if you want us to establish the data’s accuracy;

b) where our use of the data is unlawful but you do not want us to erase it;

c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;

d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

6. The right to data portability;

In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context, and to transmit this data to another data controller of your choosing without hindrance. This is referred to as the right to data portability.

7. The right to object;

You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks in the public interest, or under official authority, or in the legitimate interests of others.

You have a stronger right to object to processing of your personal data where the processing relates to direct marketing. Where a data controller is using your personal data for the purpose of marketing something directly to you, or profiling you for direct marketing purposes, you can object at any time, and the data controller must stop processing as soon as they receive your objection.

You may also object to processing of your personal data for research purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

8. Rights in relation to automated decision making and profiling

You have the right to not to be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.

Automated processing includes profiling.