Privacy Policy

Table of Contents

1. Information About the Data Controller 2. Types of Data Processed 3. Purposes of Processing 4. Legal Bases for Processing 5. Disclosure to Third Parties 6. Data Retention Periods 7. Data Protection Measures 8. Data Subject Rights 9. Cross-Border Data Transfers 10. Contact Information

1. Information About the Data Controller

AlfaHost LLC

Jurisdiction: EU GDPR and applicable laws of Georgia

2. Types of Data Processed

2.1. Account and Identification Data

  • Account data: name, email address, username, encrypted passwords
  • Contact data: email address, correspondence related to support requests
  • Profile data: information provided by the user in their account or during the ordering process

2.2. Technical Data

  • Service configuration data: IP addresses, server parameters, service specifications, software configurations
  • Usage data: traffic consumption, resource usage, access logs, actions performed in the control panel
  • Security logs: login attempts, system events, monitoring and security events
  • Support communications: tickets, technical requests, and support interaction history

2.3. Billing and Payment Data

  • Billing information: name and payment details to the extent necessary for invoicing and payment processing
  • Transaction records: payment history, invoices, and payment confirmations
  • Tax data: information required for accounting and tax compliance where required by law

3. Purposes of Processing Personal Data

3.1. Service Provision

  • Registration and maintenance of user accounts
  • Deployment, delivery, and operation of servers and other services
  • Technical support and troubleshooting
  • Monitoring of infrastructure, network, and service availability
  • Response to security incidents and abuse

3.2. Billing and Financial Operations

  • Issuing invoices and processing payments
  • Maintaining accounting and tax records
  • Preventing fraud and abuse
  • Handling disputes, refunds, and payment-related inquiries

3.3. Legal Compliance and Protection of Company Interests

  • Compliance with applicable legal obligations
  • Responding to lawful requests from public authorities
  • Protecting the rights, property, services, and users of AlfaHost
  • Ensuring information security and internal control

4. Legal Bases for Processing

Personal data is processed on the following legal bases:

  • Article 6(1)(b) GDPR: processing is necessary for entering into and performing a contract for the provision of services
  • Article 6(1)(c) GDPR: processing is necessary for compliance with legal obligations
  • Article 6(1)(f) GDPR: processing is necessary for the legitimate interests of AlfaHost, including security, fraud prevention, infrastructure protection, and user support
  • Article 6(1)(a) GDPR: where processing is based on the user’s consent

5. Disclosure to Third Parties

5.1. Service Providers

AlfaHost may share data with trusted third parties where necessary to provide services and operate its infrastructure, including:

  • Data centers: for hosting server infrastructure
  • Network providers: for connectivity, routing, and network resilience
  • Payment providers: for payment processing and transaction confirmation
  • Security service providers: for DDoS protection, threat monitoring, and incident investigation
  • Backup and disaster recovery providers: to ensure data preservation and service resilience

5.2. Public Authorities and Mandatory Disclosures

Data may be disclosed to public authorities, courts, regulators, or other authorized parties only where required by applicable law or a lawful request.

5.3. Data Minimization Principle

AlfaHost discloses to third parties only the amount of data objectively necessary for the specific processing purpose and takes reasonable contractual and technical measures to protect such data.

6. Data Retention Periods

AlfaHost retains personal data no longer than necessary for the purposes of processing, performance of the contract, and compliance with legal obligations.

Standard Retention Periods

  • Account data: until account deletion and thereafter for a reasonable period necessary to complete obligations and resolve disputes
  • Technical logs: generally up to 90 days, unless longer retention is required for security, investigations, or legal compliance
  • Support tickets and inquiries: up to 2 years for service quality control and support history
  • Security logs: up to 1 year, unless longer retention is required for incident investigation
  • Billing and accounting records: for the period required by tax, accounting, and other mandatory legal requirements

After the applicable retention period expires, data is deleted, anonymized, or archived to the extent permitted by law.

7. Data Protection Measures

Technical Measures

  • Encryption of data in transit using TLS
  • Storage of passwords in encrypted or hashed form
  • Restriction of administrative access
  • Network segmentation, firewalls, and filtering mechanisms
  • Monitoring, logging, and incident detection systems
  • Backups and recovery procedures

Organizational Measures

  • Access control based on the need-to-know principle
  • Internal procedures for data processing and protection
  • Oversight of employee and contractor activities
  • Assessment of vendor and contractor reliability
  • Regular review of security practices

Despite the measures taken, no method of storage or transmission can guarantee absolute security. AlfaHost seeks to apply reasonable and proportionate safeguards based on the nature of the services and the risks associated with processing.

8. Data Subject Rights

Where processing is subject to the GDPR or other applicable data protection laws, the user may have the following rights:

  • Right of access: to request information about what personal data is being processed
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of data in cases provided by law
  • Right to restriction of processing: to request a temporary limitation on processing
  • Right to data portability: to receive data in a structured, commonly used, machine-readable format where applicable
  • Right to object: to object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent
  • Right to lodge a complaint: with the competent supervisory authority

How to Exercise Your Rights

To exercise these rights, the user may send a request to:

AlfaHost will review such requests within a reasonable timeframe and within the limits established by applicable law.

9. Cross-Border Data Transfers

Depending on the infrastructure and service providers used, data may be processed and stored in different jurisdictions, including EU/EEA countries and other countries involved in the provision of AlfaHost services.

Where personal data is transferred outside a jurisdiction in which GDPR protection applies, AlfaHost takes reasonable steps to ensure an adequate level of protection, including:

  • reliance on adequacy decisions where applicable
  • execution of Standard Contractual Clauses (SCCs) where required
  • implementation of additional technical and organizational safeguards where necessary

10. Contact Information

AlfaHost LLC

Supervisory Authority

If you believe that the processing of your personal data violates applicable law, you have the right to contact the competent data protection supervisory authority in the relevant jurisdiction.