Many of our cloud services offered through the Hostragon™ are intended for use by business organizations. You acknowledge and agree that if you use your organization's email address to register an account and purchase or use our cloud services, the owner of the domain associated with your organization's email address, and or your organization, may monitor or control your account with the Hostragon™ and access, process, and or control your personal data, as well as the contents of your communications and files. You acknowledge and agree that your organization's use of our cloud services may be subject to your organization's own rules or policies, and you shall direct all privacy inquiries relating to such rules or policies to your organization's administrators. We are not responsible for the privacy or security practices of your organization.
Cloud services may be used by our customers (i.e. registered users of Hostragon™) to develop or host their own services and products for the customer’s end users. Any information collected or handled by Hostragon™ in such circumstance is processed on behalf of our customer who controls the collection and use of such information. We do not have a direct relationship with the end users of our customers. End users should direct all privacy inquiries, such as any requests to access, correct, amend or delete personal information, to the Hostragon™ customer providing their services or products. We are not responsible for the privacy or security practices of our customers.
COLLECTION OF PERSONAL DATA
If you are (i) an individual or (ii) a representative of a business organization at the time you register to become a user of the Hostragon™ and or purchase cloud services, you may be asked to complete registration forms which require you to provide information such as your email address, mobile number, country, preferred language, name, contact address, and screen nick name. You may also provide to us additional optional contact information in your account profile, such as email address for sub-accounts, and additional contact phone numbers.
We record and retain details of your activities (including any purchase or use of our product offerings and services) when you use the Hostragon™ and or certain cloud services for legal and/or business purposes. If you make purchases or otherwise transact online through the Hostragon™, we also collect information related to such transactions including, but not limited to, the types and specifications of the cloud services, pricing information, and any trade dispute or complaint records.
When you contact our customer support, sales or other departments, we keep records of the communications.
If you make online purchases for our cloud services through the Hostragon™, you may be required to provide information related to your payment instrument (such as credit cards), including information about your payment instrument organization, your payment instrument number, the security code, and the expiration date of your payment instrument, directly to our payment service provider.
Please note that it is mandatory for you to provide certain categories of data (as specified at the time of collection). In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our cloud services.
We also record and retain records of users’ buying and browsing activities on the Hostragon™, including but not limited to Internet Protocol (IP) addresses, browsing patterns and buying behavioral patterns. In addition, we automatically gather statistical information about our Hostragon™ and visitors to our Hostragon™ including, but not limited to, IP addresses, browser software, operating system, software and hardware attributes, pages viewed, number of sessions and unique visitors.
We may from time to time collect additional information from you (such as copies of identification documents) and obtain information about you from third parties in order to carry out risk control, fraud prevention and compliance procedures. For example, we may collect payment-related information from third parties and combine it with information we collect about you for the purpose of fraud prevention and risk control.
PURPOSES FOR THE COLLECTION, RETENTION, USE, DISCLOSURE AND TRANSFER OF PERSONAL DATA
If you provide any personal data to us, you consent (or shall have procured the relevant consent from your organization, your end users, or relevant third parties) to our collection, retention, use and disclosure of that personal data for the following purposes:
- processing your registration as a user, providing you with an user ID for our Hostragon™ and maintaining and managing your registration;
- providing you with customer service and responding to your queries, feedback, claims or disputes;
- providing the cloud services to you and/or your end users;
- processing your purchases and or subscriptions on the International Marketplace;
- performing research or statistical analysis in order to improve the content and layout of our Hostragon™, to improve our product offerings and services;
- publishing any information voluntarily submitted by you (which may include, but is not limited to, a photograph or other personal data you provide) to our Hostragon™ to be published on our Hostragon™ through the publishing tools (such as our discussion forums);
- to comply with applicable law, legal process or lawful government request, or in respect of any claims or potential claims brought against us or our parent companies, shareholders, subsidiaries and affiliates;
- processing the personal data in accordance with your instructions;
- performing risk control, legal compliance and sanctions screening;
- performing screening and checks for unlawful, fraudulent, deceptive or malicious activities; and
- purposes which are reasonably related to the aforesaid.
Subject to obtaining your specific consent and/or where permitted by applicable law, we may use your name, phone number, residential address, email address and fax number (which may incorporate personal data) to provide notices, surveys, product alerts, communications and other marketing and promotional materials to you relating to goods and services offered by us on our Hostragon™.
DISCLOSURE OF PERSONAL DATA
You agree that we may disclose your personal data to third party service providers engaged by us at our sole discretion to assist with providing you with our services (including providing customer services to you, contacting you regarding promotions products and services, performing risk control, fraud prevention and legal compliance procedures, and conducting payment processing services) (the Third Party Service Providers). These Third Party Service Providers may be located in Singapore or outside of Singapore, and are under a duty of confidentiality to us and are only permitted to use your personal data in connection with the purposes specified in Section B above, and not for their own purposes.
You agree that we may disclose your personal data to other companies within the Hostragon™ for the purposes specified at Section B above.
Any personal data supplied by you will be retained by us for legal and or business purposes and will be accessible by our employees for or in relation to any of the purposes stated in Section B above, and will be retained and or processed by any Third Party Service Providers engaged by us and third parties referred to in C.1 and C.2 above for or in relation to any of the purposes stated in Section B above.
We may provide statistical information to third parties, but when we do so, we do not provide personally-identifying information without your permission.
Our website offers publicly accessible community forums. You acknowledge and agree that any information you provide in these areas may be accessed, read, collected, and used by others anywhere in the world. To request removal of your personal data from our community forums, contact us at email@example.com.
TRANSFER OF PERSONAL DATA
We use commercially reasonable endeavors to protect the personal data that you provide to us. We also employ several security techniques, including but not limited to the use of industry-standard Secure Socket Layer (SSL) encryption for transmission of personal data in registration information and payment information and the adoption of identity, credential and access management measures for transmission of such personal data to prevent security breaches and unauthorized access of personal data. We limit access to your personal data and other data to people who need to access to such data for their work.
Nevertheless, no data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we try to protect your personal data, we cannot guarantee the security of any personal data you transmit to us and you do so at your own risk. We cannot and do not guarantee security in connection with your use of the Hostragon™ and our cloud services.
We may retain your information for as long as your account is active or as needed in accordance with the purpose for which it was collected, to provide you services, to comply with our audit, finance and legal obligations, to resolve disputes, and enforce our agreements with you.
RIGHT TO ACCESS/CORRECT PERSONAL DATA; CONTACTING US
You have the right to request access to your personal data held by us (or on our behalf) and to request correction or deletion of such personal data. Additionally, upon request, we will provide you with information about whether we hold your personal information. You may contact us at firstname.lastname@example.org to request access, correction or deletion of your personal data. We will respond to your request within a reasonable time-frame. You may also have supplemental rights under applicable law in relation to your personal data.
You may receive e-newsletter from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you (or at your member profile).
If a minor (a person under the age of 18) has provided us with personal data without parental or guardian consent, the parent or guardian may contact us on the minor’s behalf to request that we cease any further collection, use and/or disclosure of the personal data relating to the relevant minor.
We and our partners use “cookies” and or similar technologies to store specific information about you and track your visits to our Hostragon™. We may also use “cookies” to store specific information about your use of certain cloud services as part of its features and to facilitate or enhance your user experience of the relevant service. A “cookie” is a small amount of data that is sent to your browser and stored on your device’s hard drive. A cookie can be sent to your device’s hard drive only if you access our Hostragon™ using a device. If you do not de-activate or erase the cookie, each time you use the same device to access our Hostragon™, our web servers will be notified of your visit to our Hostragon™ and in turn we may have knowledge of your visit and the pattern of your usage.
You can determine if and how a cookie will be accepted by configuring the browser which is installed in the computer you are using to access the Hostragon™. If you choose, you can change those configurations. You may be able to change your browser preferences or settings to reject all cookies, or are notified and can choose to consent each time a cookie is sent. If you reject all cookies by choosing the cookie-disabling function in your browser, you may be required to re-enter information on our Hostragon™ more often and certain features of our Hostragon™ may be unavailable.
By accessing and using our Hostragon™ and or cloud services, and by accepting the cookies, you consent to the storage of cookies on your devices. You also consent to the access of such cookies by us and by our partners mentioned above.
The European Union’s General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
Right from the start, we have implemented a high bar for compliance, security, and data privacy, thus the move to GDPR should be simple.
RIGHT TO BE INFORMED
Customers are required to agree to our terms of service in order to register an account and complete checkout. A user account cannot be created, and an order cannot be placed, without the user checking a box to confirm their agreement to our Terms of Service.
ACCESS/RIGHT TO RECTIFICATION
We have provided a self-service client portal that gives our customers access to login and view their personal information (profile data). This same client portal also provides our customers with access to update their personal information including name, email address, postal address and phone number.
DATA PROCESSING AGREEMENTS
Our privacy agreement clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators.
PROCESSING ACCORDING TO INSTRUCTIONS
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions.
PERSONNEL CONFIDENTIALITY COMMITMENTS
All Hostragon employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Hostragon’s Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.
AVAILABILITY, INTEGRITY & RESILIENCE
Hostragon designs the components of our platform to be highly redundant. Hostragon’s data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. Our highly redundant infrastructure helps customers protect themselves from data loss.
Hostragon conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.
Hostragon uses encryption to protect data in transit and at rest. Data in transit to G Suite is protected using HTTPS, which is activated by default for all users. Our hosting services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms. We also offer free SSL certificates to all hosting account and it is the responsibility of our customers to use this.
For Hostragon employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as may be dictated by Hostragon’s security policies.
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying vulnerabilities in our hosting platform, and other products.
Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
DATA RETURN & DELETION
When Hostragon receives a complete deletion instruction from you (such as a cancellation request), Hostragon will delete the relevant customer data from all of its systems during the next system sync.
For customers that registered with us but doesn't have an active account, our system automatically removes all data relating to the given customer including, but not limited to, personal information in the user's profile, service and invoice history, activity log entries, support ticket and email history.
In all other cases, please contact our Data Protection Office at legal[at]hostragon.com
In addition to the addresses listed above, if you have a privacy or data use concern which has not been addressed to your satisfaction, you may contact our third party dispute resolution provider (free of charge) found here.
Updated on the 23rd of April, 2018