RO EN
▸ Legal

Privacy Policy

Last updated:

Contents

  1. Who we are
  2. What data we collect and why
  3. Legal basis for processing
  4. How long we keep your data
  5. Data transfers to third parties
  6. Cookies
  7. Your rights
  8. Data security
  9. Contact and supervisory authority

Who we are

The data controller is SC Delta Communications Network SRL, with registered office at Calea Văcărești 207, Sector 4, Bucharest, Romania, registered at the Trade Register under no. J40/17458/2004, VAT ID 16890789, hereinafter referred to as "ServerHost", "we" or the "controller".

You can reach us at: contact@serverhost.ro.

Data Protection Officer (DPO): dpo@serverhost.ro

What data we collect and why

We collect only the data strictly necessary to provide our services:

  • Contact details (first name, last name, email address, phone number, company) — provided voluntarily via the contact form or within the contractual relationship. Purpose: communication, invoicing, technical support.
  • Technical data (IP address, browser, operating system, pages visited, session duration) — collected automatically via server logs and cookies. Purpose: security, abuse prevention, service improvement.
  • Billing data (name/company name, address, VAT/tax ID, bank details) — required for contract performance and legal accounting/tax obligations.
  • Correspondence (emails, support messages) — retained to document the contractual relationship and resolve disputes.

Legal basis for processing

We process your data on the following legal grounds (pursuant to Art. 6 GDPR):

  • Contract performance (Art. 6(1)(b)) — to provide the services you have purchased.
  • Legal obligation (Art. 6(1)(c)) — to comply with accounting, tax and archiving requirements under Romanian law.
  • Legitimate interest (Art. 6(1)(f)) — for infrastructure security, fraud prevention and service improvement.
  • Consent (Art. 6(1)(a)) — for marketing communications, if you have explicitly opted in.

How long we keep your data

  • Contractual and billing data — 10 years from contract termination, in accordance with Romanian tax legislation.
  • Correspondence and support — 3 years from the last interaction.
  • Server logs and technical data — maximum 90 days.
  • Contact form data — 1 year from last communication, if no contract was concluded.

Upon expiry of the retention period, data is deleted or irreversibly anonymised.

Data transfers to third parties

We do not sell or rent your data. We may share it with:

  • Oblio.eu (SC Oblio Software SRL) — invoicing platform used to issue fiscal documents. Billing data (name, address, VAT/tax ID) is transmitted to them for invoice generation. Processing of this data is governed by Oblio.eu's privacy policy, which may be updated independently of ServerHost.
  • Accounting/legal service providers — strictly for legal obligations, under confidentiality agreements.
  • Public authorities — upon explicit legal request (courts, tax authorities, police).
  • Analytics & marketing providers (only with your consent) — depending on your choices in the cookie banner, we may use Google (Google Analytics / Tag Manager), Meta Platforms (Facebook Pixel), Microsoft (Bing UET) and/or Matomo (self-hosted on our infrastructure). These tools collect data such as IP address and on-site interaction. Without consent, none are activated.

Transfers outside the European Union: our hosting infrastructure is physically located in Romania. A transfer outside the EU may occur only if you enable Google, Meta or Microsoft, in which case it relies on the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCC). Matomo runs on our infrastructure in Romania and involves no transfer. If you do not consent to analytics and marketing, your data does not leave the European Union and there is no exposure to CLOUD Act.

Cookies

We use cookies and similar technologies, grouped into categories:

  • Strictly necessary — for the site to function (session, CSRF security, storing consent preferences). No consent required.
  • Analytics (consent only) — to understand how the site is used: Google Analytics and/or Matomo (self-hosted).
  • Marketing (consent only) — to measure campaigns: Meta (Facebook) Pixel, Microsoft/Bing UET.

On your first visit we show a banner where you can accept or reject each provider individually. No analytics or marketing cookie loads before your explicit consent. You can change or withdraw your choices anytime via the "Cookie settings" link in the site footer, or through your browser settings.

Your rights

Under GDPR, you have the following rights:

  • Right of access — you may request a copy of the data we hold about you.
  • Right to rectification — you may request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — you may request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing — you may request temporary suspension of processing.
  • Right to data portability — you may receive the data you provided in a structured, commonly used, machine-readable format.
  • Right to object — you may object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.

Automated decision-making and profiling (Art. 22 GDPR): We do not use automated decision-making processes and do not carry out profiling of users in ways that produce legal effects or similarly significantly affect you.

To exercise any of these rights, send an email to dpo@serverhost.ro. We respond within 30 days.

Data security

We take appropriate technical and organisational measures to protect your data:

  • Encrypted communications via TLS/HTTPS across all services.
  • Access to data restricted on a need-to-know basis.
  • Own physical infrastructure located in Romania — no third-party cloud providers for client data.
  • Regular, encrypted backups with controlled access.
  • Continuous infrastructure monitoring for detection of unauthorised access attempts.

In the event of a security incident, we will notify the supervisory authority within 72 hours of becoming aware (Art. 33 GDPR), and affected data subjects without undue delay (Art. 34 GDPR) where there is a high risk to their rights.

Contact and supervisory authority

For any questions or requests regarding your personal data, you can contact us:

If you believe your rights have been infringed, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):