This Privacy Policy (the “Policy”) applies to the processing of personal data by
[COMPANY LEGAL NAME], which operates under the trade names
AegeanHost and Domain Market, with registered office at
[REGISTERED ADDRESS] and tax / registration number
[VAT / REGISTRATION NUMBER] (hereinafter
“AegeanHost”, “Domain Market”, “we”,
“us”, “our”), acting in its capacity as
data controller.
This Policy explains our privacy practices regarding the processing of personal data of natural persons who:
- visit our website(s) (the “Website”),
- use the services and/or products ordered or provided through the Website (the “Services”),
- use applications, client area, billing system, control panel, or other related software we make available (the “Applications”),
- or otherwise interact with us as described below.
For the avoidance of doubt, this Policy does not apply to the processing of personal data by third parties
whose websites or systems are not owned or operated by us.
I. Categories of data subjects and types of personal data
1. Website Visitors
Definition: Natural persons who visit our Website. Websites hosted by us but operated by our customers are not considered part of our Website.
Types of data:
- Contact details: full name, email address, telephone number, company name, and other information you provide through contact forms, newsletters, quote requests, or downloadable content requests.
- Log data: IP address, referral URL, exit URL, browser type, operating system, date/time, clickstream data, and similar technical information.
- Analytics data: number of visits, page views, time spent on the Website, traffic source, content interactions, and related usage information.
2. Customers
Definition: Natural or legal persons who enter into a contract with us for the provision of Services.
Types of data:
- Customer account details: full name, company name, legal representative details, address, phone number, email address, language preferences, IP address, payment and billing details, VAT number, invoices, and service-related information.
- Log data: IP address, browser, operating system, device information, date/time, and activity logs.
- Usage and analytics data: information relating to the use of the Website, Client Area, Applications, and Services.
- Support and identity verification data: information provided when you contact our support team, and identification documents where verification of account ownership is required.
3. Users
Definition: Natural persons who access and/or manage Services on behalf of our customers.
- User details: name, email, phone number, username, account role, and information necessary for access, administration, and support.
- Log data: IP address, referral URL, browser, operating system, device model, date/time, and clickstream information.
- Usage data: pages visited, duration of use, features used, and related technical information.
- Support communication data: any information provided to us for handling a support request.
4. Registrants
Definition: Natural or legal persons who register domain names through us.
- Full name, company name, legal representative details, address, telephone number, email address, domain name, nameservers, IP address, registrar/registry details, domain status, and any other information required for registration, renewal, transfer, or compliance purposes.
5. End Users
Definition: Natural persons who visit, use, or interact with websites, applications, e-shops, or other digital projects of our customers that are hosted or supported through our Services.
- Log data: IP address, domain, date/time, request method, URI, user agent, referrer, TLS/SSL version, cache data, and similar technical information.
- Payment-related data: where payment integrations are provided as part of a service, we may process technical or transactional data necessary to support that integration.
For the avoidance of doubt, where we provide hosting or infrastructure services only, we generally act as a
data processor on behalf of our customer in relation to data processed through the customer’s project.
6. Affiliates / Partners / Resellers
Definition: Natural or legal persons participating in our affiliate, referral, reseller, or partnership programs.
- Full name, company name, representative details, address, email address, phone number, IP address, payment details, bank details or PayPal information, VAT number, account activity, and communications with us.
7. Participants in events, campaigns, offers, webinars, or surveys
- Full name, email address, address, phone number, social media username, image, voice, registration details, and technical/usage data where participation takes place through our systems.
8. Other individuals
Definition: Prospective customers, potential partners, complainants, information requesters, persons involved in ownership disputes, social media followers, and other third parties who communicate with us.
- Full name, company name, email address, address, phone number, social media username, communications, image, voice, and any other information lawfully provided to us or publicly available.
II. Sources of data collection
In addition to you, who are the primary source of the information we collect, we may also obtain data from:
- publicly available sources, such as corporate registries, WHOIS/RDAP, public websites, and compliance lists,
- affiliates, partners, contractors, and trusted service providers,
- payment providers,
- marketing, analytics, anti-fraud, security, or advertising providers,
- authentication providers, where you choose to sign in through a third-party account.
III. Purposes and legal basis of processing
We collect only the minimum personal data necessary to serve the purposes of processing.
1. Performance of a contract
To provide, manage, maintain, support, and secure our Services, including account creation, orders,
domain registration, hosting, billing, invoicing, and customer support.
2. Compliance with a legal obligation
To comply with tax, accounting, regulatory, and other legal obligations, and to respond to lawful requests
from competent authorities.
3. Legitimate interests
To maintain the security of the Website, Services, Applications, systems, and networks, prevent fraud,
stop unauthorized access, improve our services, manage requests, enforce our terms, and defend legal claims.
4. Consent
To send newsletters, marketing emails, offers, surveys, and to use certain cookies or tracking technologies
where consent is required by law.
5. Other purposes
For any other purpose not covered above, we will request consent where required.
IV. Cookies, beacons, tags, and pixels
We use cookies and similar technologies to collect certain information described in this Policy.
Cookies may be used for purposes such as:
- maintaining login sessions,
- cart and checkout functionality,
- storing preferences such as language or region,
- remembering previous selections or form details,
- statistics and analytics,
- content personalization,
- advertising targeting and campaign performance measurement,
- affiliate / referral tracking.
We may also use pixels, tags, scripts, and similar tools to understand user behavior, improve the Website
and our Services, and provide more relevant content or offers.
More details about our use of cookies and your choices are set out in our
Cookie Policy.
V. Disclosure of personal data
We may disclose all or part of your personal data in the following cases, always subject to appropriate safeguards:
1. To provide Services and operate our business
We may work with third-party service providers, partners, consultants, and contractors for purposes such as
hosting infrastructure, domain registration, billing, tax/accounting, anti-fraud, customer support, cloud
services, analytics, communications, security, software development, marketing, and operational management.
2. Registrars, registries, and related providers
Where we provide domain registration, renewal, or transfer services, we may disclose the necessary personal
data to registrars, registries, registry operators, dispute providers, and competent authorities or compliance bodies.
3. Payment providers
When you make payments through PayPal, Viva Payments, banks, or other payment partners, the relevant
personal and transaction data may be processed by those providers in accordance with their own privacy policies.
4. Resold third-party products and services
Where we act as a reseller of third-party products or services, such as domain names, SSL certificates,
email services, software licenses, or related cloud services, we may disclose the information required to
deliver the relevant service.
5. Security and abuse prevention
We may disclose data to anti-fraud, anti-spam, CAPTCHA, abuse-monitoring, and security providers in order
to protect the Website, the Services, our customers, and our infrastructure.
6. AI tools and automation
If we offer AI-based functionality, such as domain suggestion tools, search, support assistants, or content
generation features, information submitted may be transmitted to the relevant technology providers to the extent
necessary for delivering that functionality.
You should not submit personal data to such tools unless you have a lawful basis or the relevant authorization.
7. Legal compliance and protection of rights
We may disclose personal data where we believe in good faith that such disclosure is necessary to comply with
the law, respond to lawful requests, enforce our agreements, investigate misuse, or protect our rights,
property, and safety, or those of others.
8. Corporate reorganizations
We may disclose information in connection with a merger, acquisition, sale of assets, restructuring,
financing, or insolvency proceeding, subject to appropriate safeguards.
9. At your direction or with your consent
We may disclose personal data where you expressly request it or provide the relevant consent.
We do not sell or rent personal data in a manner contrary to this Policy.
VI. International data transfers
As part of our operations, we may transfer personal data to countries outside your country of residence,
including countries outside the EU/EEA, where we or our partners maintain infrastructure, support, or
business operations.
Where required by applicable law, we implement appropriate safeguards, such as adequacy decisions,
standard contractual clauses, and appropriate technical and organizational protection measures.
VII. Security measures
We implement appropriate technical and organizational measures to protect personal data, including, by way of example:
- SSL/TLS encryption,
- account authentication mechanisms,
- password protection and session management,
- two-factor authentication where available,
- logging and monitoring,
- access restrictions and authorization controls,
- encryption of sensitive data where required,
- regular review of security procedures.
Although we take reasonable security measures, no method of transmission or storage over the internet is
completely secure, and we cannot guarantee absolute security.
VIII. Retention periods
We retain personal data only for as long as necessary for the purposes for which it was collected, and for
compliance with legal, accounting, tax, regulatory, and contractual obligations.
Indicatively:
- account and support data may be retained for the duration of the customer relationship and a reasonable period thereafter,
- tax, invoicing, and accounting records may be retained for up to 10 years or as required by law,
- domain registration data may be retained in accordance with registrar/registry and regulatory requirements,
- logs, analytics, and security-related data may be retained for shorter operational periods, unless longer retention is required for investigation, legal claims, or compliance.
When data is no longer necessary, it is securely deleted, anonymized, or otherwise properly destroyed.
IX. Your rights
Depending on applicable law, you may have the following rights:
- Right to be informed about the collection and use of your personal data.
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure under certain conditions.
- Right to data portability, where applicable.
- Right to restriction of processing under certain conditions.
- Right to withdraw consent where processing is based on consent.
- Right to object where processing is based on legitimate interests.
- Right to object to automated decision-making, where provided by law.
- Right to non-discrimination for exercising your rights.
You may exercise your rights by contacting us using the details set out below. We may request information
necessary to verify your identity before responding.
X. Age restrictions
Our Website, Applications, and Services are intended for individuals aged at least
18 years.
If you are under 18, you must not use our Services or provide us with personal data without the involvement
of a parent or legal guardian, where permitted by law.
If we become aware that we have collected personal data from a minor in violation of applicable law, we will
take appropriate steps to delete it.
XI. Changes to the Privacy Policy
We reserve the right to amend this Policy at any time.
If we make material changes, we will publish the updated version on the Website and, where required, notify
you by email, through the Client Area, or by other appropriate means before the changes take effect.
The date of the latest revision will always appear at the end of this Policy.
XII. Supervisory Authority for Data Protection
If you are located in Greece or in the EU/EEA, you have the right to lodge a complaint with the competent
supervisory authority for data protection.
For Greece, the competent authority is the
Hellenic Data Protection Authority (HDPA).
