Privacy Policy

Last reviewed: 2026-07-03

This Privacy Policy explains how veldhost ("we", "us") processes personal data when you use veldhost.eu, create or manage a hosting account, request support, or order managed hosting services. We are established in the Netherlands and process this controller-side data under the EU GDPR.

Controller

The controller is JBMPC-SOLUTIONS, a Dutch sole proprietorship (eenmanszaak) of Janis Berzins, established in Netherlands (EU).

  • Registered office: Kloosterraderplein 134, 6461 CH Kerkrade, Netherlands
  • Chamber of Commerce (KvK): 98167820
  • VAT number: NL005311289B72
  • Privacy / legal contact: legal@veldhost.eu

Controller and processor roles

For your account, billing, support, website-visit, security, and abuse-prevention data, we are the controller and this policy applies. For the websites, files, mailboxes, databases, backups, and other content you host with us, you are the controller and we act as your processor under our Data Processing Agreement. If your personal data appears inside a customer's hosted content, please contact that customer first; we assist them where required by the DPA.

Summary

  • We do not use analytics, ad networks, tracking pixels, or sell personal data.
  • We use only essential/session cookies required to run the website, portal, and security controls.
  • Account data is hosted in the EU. Customer content is handled under the separate DPA.
  • Domain registrations use our own business contact for WHOIS/RDAP, not your personal contact details.

What we collect and why

Data Purpose Legal basis
Account data: name, email, company, KvK/VAT details, address, login credentials, ordered domains and services Create, secure, and run your account and provide the service Contract
Billing data: billing address, VAT number, plan, invoices, payment reference and payment status Bill you, collect payment, and keep required accounting records Contract and legal obligation
Support data: emails, tickets, messages, and troubleshooting details you provide Answer questions, diagnose issues, and provide support Contract and legitimate interests
Technical and security logs: IP address, user-agent, timestamps, requests, error logs, audit events, and rate-limit signals Keep the website and service secure, prevent abuse, troubleshoot, and maintain reliability Legitimate interests
Domain registration data where applicable Register and maintain domains and meet registry or ICANN requirements Contract and legal or registry obligation
Essential cookies and session data Operate sessions, security, authentication, and forms Legitimate interests; consent is not required for strictly necessary cookies

How we collect data

  • Directly from you through forms, account setup, support, email, and service configuration.
  • Automatically through server logs, audit logs, session cookies, and security controls when you use the website or portal.
  • From domain registries or registrars when a domain is registered or managed through the service.

Recipients and service providers

We share personal data only where needed to run the service, comply with law, or establish, exercise, or defend legal claims.

  • Hetzner Online GmbH, Germany/Finland: core EU hosting infrastructure for the platform, account data, hosted files, backups, and authoritative DNS nodes.
  • OpenSRS / Tucows Inc., Canada: domain registrar. It receives the domain name and our own business WHOIS/RDAP contact, not your personal contact details. Canada benefits from a European Commission adequacy decision for PIPEDA-regulated commercial organisations.
  • Stripe Payments Europe, Ltd.: payment processing. Stripe acts as an independent controller for card and payment data under its own privacy terms; we receive payment references and statuses, not full card numbers.
  • Cloudflare, Inc.: edge/CDN and DNS for the veldhost portal and marketing domain, processing request metadata and IP addresses of visitors to those properties under the EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.
  • Mail-in-a-Box (self-hosted): mailbox/email service when enabled, run by us on our own Hetzner EU infrastructure rather than a third-party email SaaS.
  • Providers not yet enabled: off-node backups, transactional email, and workspace tooling are added to the DPA sub-processor register and pinned to an EU region before they are used for customer data.

The complete, versioned sub-processor register — including each provider's role, location, and transfer basis — is maintained in our Data Processing Agreement. Where we act as your processor, we will notify you before adding or replacing a sub-processor and you may object on reasonable data-protection grounds.

Domain registration and WHOIS/RDAP

Domain registration may require registrant data to be provided to registries or registrars and, depending on registry rules, published through WHOIS/RDAP. Under our standard model, domains registered through us use our own business contact as the WHOIS/RDAP contact, so your personal contact details are not sent to the Canadian registrar for that purpose. If we later register domains in a customer's own name for a specific order, we will update this policy and the DPA transfer position before that change is offered.

International transfers

We keep Account Data and Customer Content in the EU/EEA for the managed hosting service. The disclosed non-EEA flow is the domain-registration path to OpenSRS / Tucows in Canada, which receives the domain name and our own business contact. Canada benefits from a European Commission partial adequacy decision for commercial organisations subject to PIPEDA. If a future service requires your personal data to leave the EEA, we will use an appropriate GDPR Chapter V safeguard, such as an adequacy decision or the EU Standard Contractual Clauses, and disclose that before enabling the flow.

Retention

  • Account data: for the life of your account and up to 24 months after closure, unless longer retention is needed for legal claims.
  • Billing and invoice data: seven years to meet Dutch statutory fiscal retention obligations.
  • Support data: up to 24 months after a ticket closes, unless needed for legal claims or an ongoing service issue.
  • Server logs and anti-abuse data: up to 12 months, unless extended for a specific security investigation.

We delete or anonymise personal data when the applicable retention period ends.

Deletion on account closure or termination. When you close your account or the service ends, we give you a reasonable opportunity to export your website/app files, database, and DNS information, and deleting your account triggers automated teardown of the associated hosting container and resources. Personal data inside your hosted content is returned and/or deleted under our Data Processing Agreement. We then delete or anonymise account and support data on the schedule above, keeping only the minimum records the law requires — for example invoices for the seven-year Dutch fiscal retention period.

Your rights

You may request access, rectification, erasure, restriction, objection to processing based on legitimate interests, and data portability. Where we rely on consent, you may withdraw it at any time without affecting prior processing. We respond within one month unless GDPR permits an extension. You may complain to the Autoriteit Persoonsgegevens or your local supervisory authority.

Security

We apply appropriate technical and organisational measures for the service, including TLS in transit, multi-factor authentication, role-based access control, customer separation, audit logging, and abuse monitoring. No transmission or storage method is completely secure. Where GDPR requires it, we notify affected customers and the Autoriteit Persoonsgegevens of personal-data breaches.

Children

The service is not directed to children under 16. We do not knowingly collect their personal data.

Cookies

We use only essential/session cookies needed for the website, portal, authentication, security, and forms. We do not use analytics, advertising, or tracking cookies.

Changes

We may update this policy for legal or operational reasons. The current version is posted here with the review date shown above. For material changes affecting how we use your personal data, we will give notice where appropriate.

Contact

For privacy enquiries or rights requests, email info@veldhost.eu.