Privacy Policy

Effective date: 2023.07.20.

The data of the Data Controller:

  • Company Name: ServerAstra Informatikai, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
  • Registered seat: 1158 Budapest, Petrence utca 66.
  • Company registration number: Cg. 01-09-873403
  • E-mail: info@serverastra.com
  • Website: serverastra.com
  • Tax number: 13791173-2-42
  • VATID: HU13791173
  • Name of Court of Registration: Metropolitan Court as Court of Registration

ServerAstra Kft. ("ServerAstra", "us", "we", or "our") operates the https://serverastra.com website (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, we have to collect and use the information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meaning as in our Terms and Conditions, accessible from https://serverastra.com/docs/GTCS .

The privacy policy of the user's personal data is restricted to natural persons ("Private persons"). This information only covers the handling of personal data of natural persons.

Definitions

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small pieces of data stored on a User's device.

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. We are a Data Controller of your data, when we are providing you the services, maintaining your customer and payment information.

Data Processor (or Service Providers)

Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. We are the Data Processor of your data, when you store your personal data on our devices, servers and other hardware involved in providing the Service. As a Data Processor we shall have an agreement in place with you for data processing, therefore please find information on data processing in our General Terms and Conditions of Services.

Data Subject

Data Subject is any living individual who is the subject of Personal Data.

User

The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, you need to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information is:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City

Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data

We may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Browser manufacturers provide help pages relating to cookie management in their products. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Statistics Cookies. We use Statistics Cookies for analytics purposes to improve our service.

Use of Data

ServerAstra uses the collected data for various purposes on a different legal basis:

  • To provide and maintain our Service - GDPR Article 6. (1) b)
  • To notify you about changes to our Service - GDPR Article 6. (1) b)
  • To allow you to participate in interactive features of our Service when you choose to do so - GDPR Article 6. (1) b)
  • To provide customer support GDPR Article 6. (1) b)
  • To gather analysis or valuable information so that we can improve our Service - GDPR Article 6. (1) f)
  • To monitor the usage of our Service - GDPR Article 6. (1) f)
  • To detect, prevent and address technical issues - GDPR Article 6. (1) b)
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or inquired about unless you have opted not to receive such information GDPR Article 6. (1) a)
  • To issue our invoices and complete our tax obligations - GDPR Article 6. (1) c) - Section 78 (3) on Tax Proceedings and Section 169 of Act C of 2000 on Accounting.
  • To provide and manage customer support and complaint services - GDPR Article 6. (1) c.) - Section 17/A on the Act CLV of 1997on Customer Protection.

Retention of Data

ServerAstra will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

After the termination of the agreement, in cases where the legal basis on which we were processing your data was based on GDPR Article 6. (1) b) or GDPR Article 6. (1) f), the retention period is set to be 5 years after the termination of our agreement, since we have a legitimate interest to defend ourselves should you have any claim against us in connection with our services. This five years lapse period is based on Section 6:22 of the Hungarian Civil Code.

In cases where the legal basis on which we were processing your data was based on GDPR Article 6. (1) a) we only process your data until you decide to withdraw your consent to the data process or your contract with us has been ceased.

In cases where the legal basis on which we are processing your data was based on GDPR Article 6. (1) c) the legal retention period is set by mandatory laws:

  • To issue our invoices and complete our tax obligations - 8 years - Section 78 (3) on Tax Proceedings and Section 169 of Act C of 2000 on Accounting.
  • To provide and manage customer support and complaint services - 5 years - Section 17/A on the Act CLV of 1997on Customer Protection.

ServerAstra will also retain Usage Data for internal analysis purposes only for as long as is necessary for the purposes set out in this Privacy Policy.

Usage Data is processed on the legal basis of GDPR Article 6. (1) f) and this data is retained for 6 months, the data is used to strengthen the security, to identify breaches and resolve security issues and thus improve the functionality of our Service.

Transfer Of Data

If you are located outside Hungary and choose to provide information to us, please note that your Personal Data is processed within the EU, in Hungary, and certain information, including Personal Data, may be transferred outside of the EU where the data protection laws may differ than those from your jurisdiction. Please note that some of the data processors, we use to provide our services, such as domain registrars and backup service providers are located outside of the EU, therefore your consent to this Privacy Policy followed by your registration and concluding the agreement with us represents your agreement to the transfer of your Personal Data outside of the EU to the persons and locations defined in this Privacy Policy in line with GDPR Article 49 (1) b), since to the transfer it is necessary for the performance of the contract or the implementation of pre-contractual measures taken at your request.

ServerAstra will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.

Disclosure Of Data

Business Transaction

If ServerAstra is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, ServerAstra may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

ServerAstra may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of ServerAstra
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Domain Registration

If you order domain registration service from us, ServerAstra must disclose your Personal Data to the following registrar company to register your domain:

Enom (Enom Inc.)

Attention: DPO
96 Mowat Avenue
Toronto, ON M6K 3M1, Canada
You may find further information on the data process of the domain registrar at the following website: https://www.enom.com/reseller/legal-policy-agreements/privacy-policy/

Hexonet (Key-Systems GmbH)

Im Oberen Werk 1
66386 St. Ingbert, Germany
You may find further information on the data process of the domain registrar at the following website: https://www.hexonet.net/privacy_policy

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. In case of known breach we have necessary procedures in place to inform Hungarian data protection authorities and the affected Data Subject of such breach.

We provide the appropriate level of data security which include, but are not limited to, (i) your data is stored in a secure technical environment, we are not making it available to the public (ii) only properly identified employees of our company and our business partners have access to your data (iii) data is encrypted by using industry standards SSL communication or SSH2 with AES128-AES256 cryptography; (iv) we use industry standard and PCI-DSS compliant SSL encryption for web/HTTP communications (v) our data is stored physically in Budapest server room (vi) we use encryption when sending data to Registers, registrars, resellers, back up service providers, (vii) we regularly test and evaluate our security actions and improve them; (vii) we check your identification before you are exercising yours rights in order to protect your data; (viii) We perform continuous backups of our data.

"Do Not Track" Signals

We support Do Not Track ("DNT") and disable analytics and statistics collection for browsers reporting this header. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Rights

ServerAstra aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In addition please be informed on your rights related to our data process:

  • You have the right to ask information in writing whether a data process of your Personal Data is in progress by ServerAstra You shall have the right to obtain from ServerAstra confirmation as to whether or not Personal Data concerning you are being processed and if that is the case, the ServerAstra Ltd shall inform you on the purposes of the processing, the categories of Personal Data concerned, the legal base of the process, the data source, the period of the process and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries.
  • You have the right to have any of your Personal Data corrected without delay and have your data completed by ServerAstra For example you may change your email address or password at any time.
  • You have the right to the erasure of Personal Data concerning you without delay where one of the following grounds applies:
    1. the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
    3. you object to the processing and there are no overriding legitimate grounds for the processing;
    4. the Personal Data have been unlawfully processed;
    5. the Personal Data have to be erased for compliance with a legal obligation applicable for ServerAstra Ltd;
    6. the Personal Data have been collected in relation to the offer of information society services to children.
  • You have the right to have your Personal Data blocked or have the data processing restrained where one of the following applies:
    1. the accuracy of the Personal Data is contested, for a period enabling the ServerAstra to verify the accuracy of the Personal Data;
    2. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead;
    3. ServerAstra no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
    4. You have objected to processing; pending the verification whether the legitimate grounds of the controller override those of the data subject.Where processing has been blocked/restricted, such Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Such block/restraint shall last until the data storage is required by the reason named by you.
  • You have the right to receive the Personal Data concerning you, which you have provided to ServerAstra Ltd, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from ServerAstra Ltd to which the Personal Data have been provided, where the processing based on your consent or on a contract and the processing is carried out by automated means. In exercising your right to data portability you shall have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.
  • You have the right to object at any time against the process of your Personal Data by ServerAstra Ltd or a third party. ServerAstra Ltd shall no longer process the Personal Data unless ServerAstra Ltd demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for your establishment, exercise or defense of legal claims. Via any of the above given contacts in writing or in e-mail where Personal Data are processed for direct marketing purposes, you shall have the right to object at any time against the process of your Personal Data for marketing purposes, in which case your Personal Data shall no longer be processed for such reasons.

ServerAstra Ltd does not make decisions based solely on automated processing, including profiling. In case ServerAstra Ltd introduces the referred decision-making process, ServerAstra Ltd will inform you beforehand via e-mail about the applied logic and method. In this case you will have the right for human intervention on the part of ServerAstra Ltd, to express your point of view and to contest the decision.

If you ever experience an unlawful data process, please notify us via email or chat before initiating a legal procedure, and by doing so we have the opportunity to restore the lawful operation if applicable. Please note that we may ask you to verify your identity before responding to such requests. Moreover, should your rights related to your Personal Data be breached, you may file a petition to the court having competency according to your residential address. You may also turn to the Hungarian National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.) if you believe that your rights related to your Personal Data is being breached.

ServerAstra shall give response to your requests within 30 days by email or using the contact data provided by you via mail or email.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service:

  • Google:

    Google LLC, Mountain View
    1600 Amphitheatre Parkway
    Mountain View CA
    94043 United States

    European Addresses:
    https://www.google.com/about/locations/?region=europe

    We use Google Analytics in order to better understand our users' needs and to optimize this service and experience. Google Analytics is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our service with user feedback.
    Google Analytics uses cookies and other technologies to collect data on our users' behaviour and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website).
    Google Analytics stores this information in a pseudonymized user profile. Neither Google nor we will ever use this information to identify individual users or to match it with further data on an individual user.

    For further details, please see Google's privacy policy by clicking on: https://policies.google.com/privacy

    You can opt-out to the creation of a user profile, Google's storing of data about your usage of our site and Google's use of tracking cookies on other websites by selecting privacy options at the bottom of the page or clicking this link.

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We may store or collect your payment card details. Our payment processing systems are tested for PCI-DSS compliance. Payment information is also provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Instant Messaging (IM), Chat and Phone communications

ServerAstra operates part of their support system and internal communications via instant messaging systems.

We use the following IM/Chat service providers:

  • Telegram:

    Telegram Messenger FZ-LLC
    71-75 Shelton Street
    Covent Garden, London
    England, WC2H 9JQ

    Telegram chats use end-to-end encryption. This means that all data is encrypted with a key that only you and us may know.

    Their privacy policy can be reached here: https://telegram.org/privacy

  • WhatsApp:

    WhatsApp Ireland Limited 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland

    WhatsApp chats use end-to-end encryption. This means that all data is encrypted with a key that only you and us may know.

    Their privacy policy can be reached here: https://www.whatsapp.com/legal/privacy-policy-eea

  • Zadarma:

    UK representative: SMARTVOICE LTD, 63-66 Hatton Garden, London, United Kingdom, EC1N 8LE.

    EU representatives: IP Telecom Bulgaria LTD: office 211, 16 Vasil Levski Str., Burgas, Bulgaria - 8000. VOICE CLOUD S.L., av/Cortes Valencianas, 58-1003, Valencia, Spain - 46015.

    Kazakhstan representative: SMARTVOICE KZ LLP 43 Markov str., Almaty, 050040, Kazakhstan

    We use Zadarma service for our VoIP processing and call recording.

    Their privacy policy can be reached at https://zadarma.com/en/legal/privacy-policy/

Site Security

ServerAstra uses third-party audit and penetration testing for their network and web assets to provide customers with security and protection. A tiny proof of such protection is a security seal.

To display a security seal and protect our website from abuse we use the following providers:

  • Google reCAPTCHA

    Google LLC, Mountain View
    1600 Amphitheatre Parkway
    Mountain View CA
    94043 United States

    European Addresses:
    https://www.google.com/about/locations/?region=europe

    We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human and not an automated program. reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This operations starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

    For further details, please see Google's privacy policy by clicking on: https://policies.google.com/privacy

Resellers

If the service you've ordered or the payment method you've selected is not available at ServerAstra, we may share your data with our resellers, but only if you've previously given us explicit consent to do so. This might occur if you've chosen to utilize their services in lieu of ServerAstra's. Rest assured, any data transfer to resellers is conducted through cryptographically secure channels that adhere to the highest industry standards. Furthermore, only specifically filtered data relevant to them will be transferred.

List of certified ServerAstra Resellers

Accountants

ServerAstra performs its accounting and bookkeeping obligation via a reliable accounting company working to the highest standards. ServerAstra needs to disclose part of your Personal Data that is necessary to process for accounting purposes (such as your identification data represented on the invoices and on the agreement; transaction data; data provided by our payment processing partners) to that company. The accounting company processes your Personal Data based on a signed DPA and its own privacy policy.

Accounting contractor is:

  • Next Accounting Kft.

    1132 Hungary, Budapest Váci út 20-26 7.emelet

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this document, please contact us: