Close
Close
Sign in

Privacy Policy

 Effective Date: October 19, 2025 

RootHosts (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data entrusted to us. As a provider of web hosting and managed IT services based in the European Union, we process personal data in accordance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as implemented in relevant EU member states. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you engage with our services, including our website at roothosts.com, hosting plans, and IT support offerings. 

We act as the data controller for personal data we process directly in connection with our services, such as client contact details and billing information. Where we host or manage data on behalf of clients (e.g., website content or IT systems), we serve as a data processor, with our clients as the data controllers responsible for their end-users’ data. In such cases, this Policy does not apply to that processed data; please refer to your service agreement and the relevant client’s privacy practices. 
 
The personal data we process include your phone number, email address, and name. We do not process sensitive personal information such as ID cards, driver’s licenses, or passports. 

If you have questions about this Policy or our data practices, contact us at info@roothosts.com. 

1. Personal Data We May Collect 

We may collect only the personal data necessary to provide our services efficiently and securely. This includes: 

Data You Provide to Us 

  • Account and Contact Information: Name, email address, phone number, business name, and billing address when you sign up for hosting plans, request IT support, or contact us via email or forms. 
  • Payment Information: Details such as credit/debit card numbers, PayPal or cryptocurrency transaction identifiers, processed securely by third-party providers (we do not store full card details). 
  • Support and Service Data: Descriptions of technical issues, server configurations, or business requirements submitted in support tickets or consultations, which may include IP addresses or device identifiers. 

Data Collected Automatically 

  • Technical and Usage Data: IP address, browser type, operating system, device information, and server logs (e.g., access times, pages viewed) when you visit our website or use our client portals. 
  • Location Data: Approximate location derived from IP address, used solely for service optimization and security. 

We do not collect sensitive personal data (e.g., health information) unless explicitly required for specialized services like medical IT support, in which case we process it only with your explicit consent and under strict contractual safeguards. 

2. How We Collect Personal Data 

  • Directly from You: Through online forms, email inquiries, payment gateways, or support portals when you subscribe to services or request assistance. 
  • Automatically: Via cookies, server logs, and analytics tools on our website and client dashboards to monitor usage and ensure performance. 
  • From Third Parties: Limited data from payment processors (e.g., transaction confirmations) or business verification services, only as necessary to fulfill contracts. 

3. How We Use Personal Data 

We process personal data for legitimate business purposes, always balancing our needs against your rights. Key uses include: 

  • Service Delivery: To activate and manage hosting accounts, provide IT support (e.g., troubleshooting Linux/Windows systems, VPN setup), process payments, and ensure uptime with proactive monitoring. 
  • Communication: To respond to inquiries, send service updates, billing statements, or notifications about maintenance and security alerts. 
  • Security and Compliance: To detect and prevent fraud, monitor for DDoS threats, maintain backups, and comply with EU legal obligations (e.g., audit trails for data protection). 
  • Improvement: To analyze usage trends and refine services, such as optimizing NVMe storage performance or enhancing cybersecurity features. 
  • Marketing: With your consent, to inform you of new hosting plans or IT solutions tailored to your business. 

4. Legal Basis for Processing 

Under GDPR, we rely on the following bases: 

  • Contractual Necessity: To perform our civil contracts, such as provisioning VPS hosting or delivering 24/7 IT support. 
  • Legitimate Interests: For security measures, fraud prevention, and service improvements, where these do not override your rights (e.g., anonymized analytics for business efficiency). 
  • Consent: For non-essential marketing or optional features like cookie-based personalization, you may withdraw consent at any time without affecting ongoing services. 
  • Legal Obligation: To retain records for tax, accounting, or regulatory purposes. 

For processing as a data processor (e.g., hosting client websites), we adhere strictly to your instructions as the controller. 

5. Sharing Personal Data 

We share personal data only when necessary and under strict confidentiality agreements: 

  • Service Providers: With trusted processors such as payment gateways (e.g., PayPal, Revolut), cloud infrastructure partners for server hosting, and communication tools for support ticketing. These parties are bound by GDPR-compliant data processing agreements. 
  • Business Partners: Limited sharing with affiliates or subcontractors for joint IT solutions (e.g., cybersecurity vendors), solely to fulfill your services. 
  • Legal Disclosures: To competent authorities if required by EU law, or in response to lawful requests (e.g., for fraud investigations). 

We do not sell personal data. All recipients are EU-based or subject to equivalent protections. 

6. International Data Transfers 

Our primary data storage and processing occur within the EU (e.g., servers in EU data centers with NVMe SSD and DDoS protection). If transfers outside the EEA are required (e.g., for global payment processors), we use Standard Contractual Clauses approved by the European Commission to ensure GDPR-level safeguards. You may request details of transfer mechanisms at info@roothosts.com

7. Data Retention 

We retain personal data only as long as necessary: 

  • Account Data: For the duration of your service contract plus 6 years post-termination for legal and billing purposes. 
  • Support Records: 2 years after resolution, unless longer retention is required for disputes. 
  • Logs and Analytics: 12 months for security and performance review. 

Thereafter, we securely delete or anonymize data. Backups are isolated and purged per retention schedules. 

8. Data Security 

We implement robust technical and organizational measures to protect personal data: 

  • Encryption for data in transit (TLS 1.3) and at rest (AES-256). 
  • Access controls, including multi-factor authentication for client portals and role-based permissions for our team. 
  • Regular vulnerability assessments, firewalls, and intrusion detection for hosted environments. 
  • Daily backups with offsite redundancy, tested for integrity. 

9. Cookies and Tracking Technologies 

Our website may use cookies under the ePrivacy Directive to enhance functionality and security: 

  • Essential Cookies: For session management and secure logins (e.g., DirectAdmin panels); no consent required. 
  • Analytics Cookies: To track site usage anonymously (e.g., via open-source tools); consent obtained via banner. 
  • Security Cookies: For malware scanning and DDoS mitigation. 

You can manage preferences through your browser settings or our cookie banner. Disabling cookies may limit site features. For details, see our Cookie Policy. 

10. Your Data Protection Rights 

As an EU data subject, you have rights under GDPR Chapters III and VIII: 

  • Access: Request confirmation of processing and copies of your data. 
  • Rectification: Correct inaccurate or incomplete data. 
  • Erasure: Request deletion where no longer needed or consent withdrawn. 
  • Restriction: Limit processing during disputes or verification. 
  • Portability: Receive data in structured format for transfer. 
  • Objection: Oppose processing based on legitimate interests, including marketing. 
  • Withdraw Consent: At any time, without impacting prior processing. 

To exercise rights, email info@roothosts.com with verification (e.g., account details). We respond within one month, free of charge unless requests are excessive.  

11. Changes to This Policy 

We review this Policy annually or as needed for legal changes. Updates will be posted here with the new effective date; material changes may trigger email notice. Continued use of services constitutes acceptance. 

12. Contact Us 

For privacy matters, reach our Data Protection Representative at: 

Email: info@roothosts.com 

 

Roothosts
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.