Introduction

The General Data Protection Regulation (GDPR) is the new legal framework of data protection law across the EU, and is due to come into force on 25th May 2018. Contrary to Directive 95/46/EC, which governed this processing prior to this point, the GDPR has direct effect within the Union and does not need to be transposed at national level. In this way, it will aim to harmonise laws governing the processing of personal data across Europe. Even better, the GDPR enshrines a principle of extraterritoriality, which means that, in certain circumstances, the scope of its application can be extended beyond the frontiers of Europe.

If you are an organisation that processes personal data, you are highly likely to be governed by the provisions of the GDPR. In this regard, you are subject to obligations and must abide by them. The same is true of Legionhoster Inc, which, in view of its situation, is bound by different obligations, in its capacity as a processor and as a data controller.

This Privacy Statement also applies to other information received in the United States from Europe. This statement describes how legionhoster.com collects, uses, shares, protects, or otherwise processes your personal information. By using this website, you agree to the terms of this Privacy Statement.

Definitions

Understanding the real, specific issues at stake in European regulations is not always an easy task, especially when the regulation in question contains 99 articles, 173 recitals and numerous lines of guidance on how it will apply. Understanding these issues is nonetheless essential in order to avoid any risks that may arise from an excessively broad or imprecise interpretation of your organisation’s regulatory obligations. A proper understanding of the terms defined below is therefore essential:

1.) Personal data: any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.
i.) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, transmission, storage, conservation, extracting, consultation, use, disclosure by transmission and so on.
ii.) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
iii.) Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2. Legionhoster.com as a processor
It is undoubtedly in this last scenario that you will deal the most frequently with Legionhoster. Legionhoster is classed as a “processor” when it processes personal data on behalf of a data controller. This will typically be the case when you use the services of Legionhoster and you store personal data on an Legionhoster infrastructure. Within the limit of its technical restrictions, Legionhoster may process any data stored solely in accordance with your instructions, and on your behalf.

3. Sharing of Data with Third Parties
Company shall not disclose a customer’s information to third parties for their own independent marketing purposes without customer’s consent. company shall not publish, sell, give on rent, trade or otherwise transfer Data to third parties, except as may be required by law, or pursuant to the order of a court or regulatory authority, or in order for company to enforce its rights.

4. Legionhoster’s commitments as a processor
1.) Processing personal data solely for the purposes of carrying out the services correctly: Legionhoster will never process your information for any other purposes (marketing, etc.).
2.) Keeping your data inside the EU and only in countries recognized by the European Union as offering a sufficient degree of protection, provided that you do not select a datacentre located in a geographical area outside the EU.
3.) Informing you if we have enlisted a subcontractor to process your personal data: to date, no services involving any access to data you have stored as part of the service have been subcontracted outside the Legionhoster Inc.
4.) Applying strict security standards to provide a high level of security for our customers.
5.) Reporting any data breach to you without “undue delay”.
6.) Helping you meet your regulatory obligations, by providing you with comprehensive information on our services.
5. Cookies
a.) A “cookie” is an alphanumeric identifier that is unique to your browser. The cookie will identify your browser to us when you visit our web site so that we may customize your visit.

b.) “pixel tags” is a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

c.) The website uses cookies and pixels tags to help us improve use of our website and the services, and know when content has been shown to you.

d.) Upon your first connection to our website, you will be asked to confirm whether you agree to our use of cookies and similar technologies in accordance with this Policy, and if you accept we will store them on your computer.

e.) Some cookies expire at the end of your visit to our website (session cookies), others remain on your computer or terminal device for a longer period (persistent cookies).

f.) We use temporary cookies file which are erased when you close your web browser. When you restart your browser and revisit the website, the website will not recognize you.

g.) In particular, we use a cookie that allows us to identify when a user has logged into the website. This cookie is essential to use and navigate the website. Without such cookie, you would not be able to properly view our website and basic functions of our website would not work.

h.) We also use a cookie that allows us to detect a user’s geographical location, mainly using the IP address of the connection point. In some cases, this cookie can redirect the user to our website from the related subsidiary site in the country where they appear to be connected.

i.) We also use a cookie which stores information about your browsing session so that we can offer live support chat. The cookie allows you to continue a chat with us as you view different pages on the website, or if you come back to the website later.

j.) We use cookies in load balancing that allow effective display of information by ensuring that the user stays on the same host server for the entire duration of the session.

k.) We use some cookies that may be necessary to facilitate use of our website, for example to improve the safety and security of our website, authenticate account users, balance traffic on our website and remember information that you submitted on forms when you request services on our website.

l.) We also use cookies to gain a better understanding of your interests and requirements, for example to remember your language and site preferences, show you when you are logged into our system and allow you to remain logged-in for a period of time, provide you with support services, remember your login information, and prepopulate forms that you have already completed. Cookies also allow you to access your private accounts on our website, and sign into many portals with the use of only one login.

m.) We use a cookie which expires after 365 days. This cookie keeps track of your acceptance of our use of cookies in accordance with this Policy so that you do not see the cookie banner displayed after you have agreed to such use.

n.) The Site uses cookies that allow us to recognize and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). By continuing to use our Site, you accept the website’s use of audience measurement cookies.

o.) We use pixel tags from the following third parties, to help us improve use of the website and our services, and know when content has been shown to you:

>> For information regarding Twitter’s data privacy and cookies, please go to Twitter’s Privacy Policy : Link

>> For information regarding Facebook’s data privacy and everything, please go to Facebook’s privacy policy Privacy Policy : Link

>> For additional information regarding LinkedIn’s data privacy and cookies, please go to LinkedIn’s Privacy Policy and to opt out : Link

>> For additional information regarding Google’s data privacy and cookies, please go to Google’s privacy policy : Link

6.Who owns the personal data used and stored by the customer as part of the services?
The that customers host on our services remains the property of the customers in question.

Legionhoster will not access or use this data except where necessary in order to perform the services, within the limits of its technical restrictions.

Any resale of the aforementioned data, as well as any use of the data for commercial purposes (e.g. data mining, profiling activity or direct marketing), is strictly prohibited.

7. When may Legionhoster access the data stored and used by the customer as part of its services?
Legionhoster will access data in two circumstances only:

In order to implement services, particularly to improve the support provided to customers when they contact the Legionhoster helpline. In this situation, access to data will be limited, thanks to specific authorizations and specific control and security measures.
To comply with legal obligations as part of legal and/or administrative requests. These requests are very strictly regulated.
Access as part of customer support:
When a customer contacts Legionhoster customer support, depending on the issue involved, two categories of data may be accessed. On the one hand, in order to handle the customer’s request as well as possible, customer support will access the data provided by the customer when his Legionhoster account was created (surname, first name, telephone number, email address, etc.).
On the other hand, and only if expressly requested by the customer and subject to technical restrictions unique to each service, the customer support team may access the data it has stored on Legionhoster services, in order to determine the origin of the problem encountered and, potentially, to solve it.

Access as part of a request from judicial and/or administrative authorities:
In order to act in accordance with the regulations in force, Legionhoster is obliged to answer requests from judicial and/or administrative authorities. Since requests for access are covered by a strict legal framework, Legionhoster will not authorise these requests until we have ensured that they are valid and substantiated. Moreover, unless prohibited by the request or by law, Legionhoster undertakes to inform the customer as soon as possible in the event that such a request is made. Requests issued from a third-party country will not be handled unless there is an underlying international agreement, such as a treaty for mutual legal assistance, in force between the third-party country applicant and the Union or a Member State.

8. Is the data belonging to OVH’s European customers transferred outside the European Union?
Legionhoster is classed as a “data controller” when we determine the purpose and method of “our” personal data processing.

This is typically the case when Legionhoster collects data for billing, managing accounts receivable, improving the quality of services and performance, sales prospecting, commercial management, etc. But it is also the case when Legionhoster collects personal data on its own employees.

In this scenario, ‘your’ data – the data that you store on Legionhoster’s services – is not affected. On the other hand, certain information concerning you or concerning your employees (the identity and contact details of your contact person at Legionhoster as part of a request for technical assistance, for example) may be. This is why Legionhoster is keen to explain the guarantees put in place to ensure that this personal data is protected.

There are two different scenarios, depending on the choices made by the customer as to the location of the datacentres storing their data:When the customer chooses a service that involves one or more datacentres within the European Union: In this scenario, the customer’s data will never be transferred outside:

the Member States of the European Union;
countries recognized by the European Commission as offering a sufficient degree of protection for personal data with regard to the protection of private life, liberties and fundamental human rights. The list of these countries is available on the European Commission website.
In the wake of ‘Safe Harbour’ being ruled invalid, and despite the fact that the European Commission deems that the American bodies that are members of the Privacy Shield offer a sufficient degree of protection, Legionhoster will never transfer customer data with a selected geographical location within the EU to the United States of America. Transfers of data to countries recognized by the European Commission as offering a sufficient degree of protection may occur as part of an intervention by Legionhoster customer support. For Legionhoster datacentres based in the European Union, the Legionhoster customer support teams who may be called on to intervene are based in the European Union and in Canada, since Canada is recognised by the European Commission as a country offering an adequate degree of protection for personal data. Legionhoster also reserves the right to entrust customer support services that may involve remote access to data stored by customers, as part of our services, to other bodies in the Legionhoster is based in countries that are also recognized by the European Commission as offering a sufficient degree of protection (excluding the USA). The guarantees provided by Legionhoster with regard to data transfer mean that customers can meet their own regulatory obligations. Article 45 of the GDPR, which defines “transfers on the basis of an adequacy decision”, stipulates that the transfer of personal data to a third-party country or to an international organization may take place if the Commission has ruled that that third-party country, a territory or one or more specific sectors of that third-party country, or the international organization in question, offers an adequate degree of protection. Such transfers do not need to be authorized separately.If the customer chooses a service that uses a datacentre located outside the European Union: In this scenario, it seems obvious that data will be transferred outside the European Union. The location or geographical area of the datacentre(s) used for the service can be found on the Legionhoster website. Where several datacentres are available, customers may select the datacentre of their choice, and Legionhoster will not change the location or geographical area requested in the order without the customer’s permission and subject to the individual terms and conditions of certain services. To assist organizations wishing to process personal data using datacentres located outside the European Union, in a country that does not offer an adequate degree of protection for personal data, Legionhoster may, by express request, discuss the implementation of safeguards that would permit such a transfer, as defined in Article 46 of the GDPR, “Transfers subject to appropriate safeguards”.

9. Social Media
We allow you to choose to access certain social media websites and services that are owned and/or controlled by third parties, such as Facebook, Twitter, Instagram, Pinterest and YouTube (“Social Media Services”) through our website. When you choose to access and use Social Media Services, including interacting with our pages on those websites, you will be sharing your Personal Data and other information with them. The information that you share with the Social Media Services will be governed by the specific privacy policies and terms of service of the Social Media Services and not by this Privacy Policy.

10. HIPAA
HIPAA (The Health Insurance Portability and Accountability Act) does not apply to the service we provide. As HIPAA does not apply, our service does not need to and may not meet the standards set forth in HIPAA. Accordingly, using the service should not be used submit, store, or disclose information that would be subject to HIPAA in a manner that is compliant with HIPAA and its requirements.

11. Privacy Shield
In compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information free of charge. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us.

12. Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

13. Publicly Posted Information
This Privacy Policy shall not apply to any information you post to the public areas of the website. Comments posted to public areas may be viewed, accessed and used by third parties subject to those third parties’ privacy practices and policies.

14. Children
We do not knowingly collect personal data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal data to us through this website, please contact us and we will endeavor to delete that information from our databases.

15. Enquiries and Complainants
For any enquiries and complaints, contact us. All enquiries and complaints shall be looked into promptly and without charging any fee to the enquirer / complainant.

16. Amendments of Privacy Policy
Company may, in its sole discretion, modify or update this Privacy Policy from time to time, and so the user should review this page periodically. While company shall make best efforts to notify users of any such modification, it shall be users’ responsibility to read and understand the policy as prevalent from time to time. Installation of the application shall be deemed to constitute acceptance of the policy as amended.

Other Policies :

Right to be forgotten You, as a person concerned, have the right to submit a request to have your personal data deleted. Legionhoster.com can only comply with this request if we are not obliged to keep your data or if the data is still necessary to provide services to you in conformity with the concluded agreement.

For how long we keep your personal data :
Your data is kept in any case over the course of the effective time of the agreement between you and Legionhoster.com. The preceding does not mean that we will keep this information available for all the purposes mentioned in this privacy statement, which we only do to the extent this is necessary for a specific objective. Legionhoster.com keeps your data for at least 2 years, and fiscal data for 7 years. In case of the legally mandatory storage of personal data, Legionhoster.com keeps your data for the period which is legally obligatory,and we will remove them definitively from our systems after expiry of this period.