Legal Basis for Data Processing

Introduction

The company Hostnetics, owner of the website https://hostnetics.gr, will hereinafter be referred to as "the Company." Users, visitors, or customers of the Company's website will be referred to as "Customers," regardless of whether they proceed with service or product orders from the Company. This Privacy Policy applies to both Customers and general visitors of the Company’s websites.

The Company follows strict security procedures, including a Data Processing Policy and Privacy Protection Measures for Communications. It implements all appropriate technical and organizational measures to protect the privacy of communications and the Personal Data provided by its Customers, in accordance with legal requirements, regulations of the Hellenic Authority for Communication Security and Privacy (ADAE), and the Company’s Security Policy. However, the Company does not guarantee the complete security of data transmitted over networks, as its protection also depends on the appropriate security measures required by applicable legal and regulatory frameworks.

If you do not agree with the Data Processing Policy and Data Processing Agreement, please do not use the website and services. You may delete your account or submit a request for account deletion electronically via email.

Legal Basis for Data Processing

The Company provides services including:

  • Web hosting
  • Domain name registration (with extensions such as .gr, .eu, .com, .net)
  • Issuance of SSL security certificates for the proper operation of its services.

The collection, storage, and maintenance of updated contact information is carried out exclusively to verify the accuracy of user data, ensure service continuity, and facilitate customer support, in accordance with the Company’s data security obligations.

The Company’s Security Policy is based on:

  • Greek National Data Protection and Privacy Laws (Law 2472/1997, Law 3471/2006)
  • Regulations of the Hellenic Authority for Communication Security and Privacy (ADAE)
  • The European General Data Protection Regulation (GDPR) – 2016/679

Relevant legal texts are available on the websites of the competent supervisory authorities, such as the Hellenic Data Protection Authority (HDPA), ADAE, and EETT (Hellenic Telecommunications & Post Commission).

The Company’s Privacy Policy is regularly updated based on technological and legislative developments.

Visitors and registered users of https://hostnetics.gr expressly accept the processing of their personal data in accordance with Greek and European legislation and the details outlined in this statement.

Information on Data We Collect

Data We Collect

Users/Customers who visit https://hostnetics.gr are not required to provide personal information in order to browse the website.

However, if a user wishes to purchase or test the Company’s services, registration requires the following information:

  • Full name
  • Business/Organization Name (if registering as a legal entity)
  • Tax Identification Number (TIN), Tax Office, and Business Activity (for freelancers or legal entities)
  • Residential or Business Address
  • Landline and/or mobile phone number
  • Email address

If a visitor only wishes to receive updates (e.g., newsletters) about new services, promotions, and Company updates, only the email address and IP address used during registration are required, along with explicit consent to receive marketing emails.

For communication via live chat, users must provide:

  • Full name
  • Email address
  • The IP address of their connection is also recorded.

The Company has the right to store and process personal data only with user consent for specific purposes, while implementing the necessary safeguards for their protection.

Purpose of Data Collection

The personal data provided to the Company is used to ensure secure and efficient service provision in the transactional relationship, such as:

  • Activating services (e.g., domain name registration, website hosting, SSL certificate issuance)
  • Ensuring communication with the Customer.

To confirm user consent for data processing, the IP address and connection time to the website, as well as the specific data the user has agreed to, are recorded.

Data Retention Period

Personal data is securely stored for as long as the Customer remains registered for the Company’s services and is deleted upon termination of the relationship or upon the Customer’s request.

Data from live chat communications is temporarily stored and deleted after the conversation ends, while a copy is sent via email and stored in the support system for service monitoring and improvement.

Sharing of Personal Data

The Company will not sell, rent, or disclose personal data to third parties, except where necessary to provide services, such as:

  • For domain name registration with the respective domain registries.
  • For website hosting: In extremely rare cases, a third-party software provider (e.g., cPanel) may have limited and controlled access to resolve technical issues related to third-party software.
  • For SSL certificate issuance: Data may be shared with certification authorities (e.g., DigiCert) for database compliance and validation checks within and outside the EU.
  • For accounting and bookkeeping compliance.
  • Upon legal, judicial, prosecutorial, or law enforcement orders for investigation purposes.

The Company does not provide information via email, phone, or live chat, only through the Customer’s account on https://hostnetics.gr.

Disclosure of Data by Third Parties

Certain third parties may have legal grounds to request the disclosure of personal data belonging to individuals or legal entities that own domain names. Such requests must be submitted to the respective registry for internal processing.

Access to this data will only be granted if the request meets all legal requirements or if a court order is issued by a competent authority within the EU or the jurisdiction of the domain registrar.

The Company may share data with public authorities such as EETT (Hellenic Telecommunications & Post Commission), judicial authorities, police, and other administrative bodies when legally required. It strictly complies with legal provisions, including prosecutorial orders, court rulings, or instructions from independent authorities, without prior user notification, unless required by law or a judicial decision.

Additionally, the Company follows the necessary procedures for lifting communication confidentiality and fully cooperates with relevant authorities.

Changes in WHOIS Privacy (GDPR Compliance from May 25, 2018)

Since May 25, 2018, personal data associated with registered domain names (regardless of their extension: .gr, .eu, .com, .net, etc.) is no longer publicly available online through WHOIS lookup services.

WHOIS search results now only display:

  • Domain registration date
  • Domain expiration date
  • Last update date
  • Domain registrar
  • DNS name servers

Below are sample links to WHOIS lookup pages for central domain registries:

  • .GR domains
  • .EU domains
  • .COM & gTLDs

 Accuracy and Completeness of Personal Data

For the activation of services, the Customer must provide accurate and up-to-date personal information. In certain cases, such as domain name registration or SSL certificate issuance, correct, complete, and real contact details (full name, business name, VAT number/tax office, address, phone number, email) are required. The Customer is responsible for updating or correcting this information when necessary.

If the provided details are incorrect, communication and service provision will not be possible! The Customer may lose access to the service without entitlement to a refund.

Additionally, a Customer may request the concealment of their personal details related to domain name registration (e.g., .com, .net, .eu) via the Whois Privacy/Domain ID Protection service, which incurs an additional fee as indicated in the respective pricing list.

Data Subject Consent for Processing

The consent of the data subject to the Company is a valid legal basis for processing under the EU General Data Protection Regulation (GDPR) and complies with the following principles:

  • Independent: The request for consent is made separately from other terms and conditions. Consent is not mandatory for obtaining a service unless required for service provision.
  • Active Consent: We use clear and explicit consent mechanisms, without pre-checked boxes or other forms of passive consent. Users must actively choose to accept the terms.
  • Very Clear: Users are given the option to consent separately for different types of processing, when necessary.
  • Explicitly Named: We identify our organization and any third parties (when applicable) that rely on the user’s consent.
  • Documented: We maintain a record of consent, including what was agreed to, when, and how.
  • Easily Revocable: Users are informed that they can withdraw their consent at any time, and simple revocation methods are provided, equal in ease to the process of granting consent.
  • Balanced: We ensure a strong protection of user rights and interests, while ensuring transparency and fairness in meeting both user and Company needs.

Data Subject Rights

The Company fully recognizes and protects all legal rights of data subjects under the GDPR, offering the following:

  • Right of Access: The data subject has the right to access the personal data we hold.
  • Right to Rectification: The right to request correction of any inaccurate or incomplete data.
  • Right to Erasure (Right to Be Forgotten): The right to request the deletion of personal data when it is no longer necessary for the purpose it was collected.
  • Right to Restrict Processing: The right to request restriction of processing under specific conditions.
  • Notification of Corrections or Deletions: We inform users when data is corrected, deleted, or processing is restricted.
  • Right to Data Portability: Personal data can be provided in a structured, commonly used, and machine-readable format for transfer to another provider.
  • Right to Object to Processing: The subject has the right to object to data processing, except where there are compelling legal reasons to continue.
  • Automated Decision-Making: We do not apply automated decision-making processes that involve profiling, so the right to object to such processes is not applicable.

We respond to all requests within one month of receipt and reserve the right to extend this period by two additional months if necessary and justified. In such cases, we inform the data subject within the first month about the delay and the reasons for it.

Data Protection Security Measures

Commitment to Data Protection

The Company is fully committed to protecting its customers' personal data and ensures that it does not sell, rent, or share them with third parties. The use of personal data is strictly limited to the execution of the agreed-upon services, as outlined in the Company's contract with the data subject.

How We Protect Personal Data

Data protection covers all stages, from collection to storage, transmission, and management by the Company’s employees, always under the conditions set by the Company’s Security Policy. Specifically:

  1. Secure Data Storage
    • The data stored and hosted on the Company’s infrastructure are secured on servers with strong security measures.
    • Our services operate through private and leased infrastructures located in data centers within Greece and the EU, protected by strict security protocols.
  2. Restricted Access
    • Access to facilities and computers is strictly limited to the Company’s employees.
    • Role-Based Access Control (RBAC) ensures that each employee only has access to the data necessary for their role.
  3. Secure Password Management
    • Employee passwords are stored securely using AES 256-bit encryption with the PBKDF2-SHA256 algorithm.
    • Decryption occurs only locally on devices and is supported by two-factor authentication (2FA) via Google Authenticator and Microsoft Authenticator.
  4. Protection of Work Computers
    • Office computers automatically lock after 5 minutes of inactivity, requiring a password for reactivation.
    • All computers are protected by up-to-date antivirus software.
  5. Employee Training
    • All employees must sign a Non-Disclosure Agreement (NDA) and participate in mandatory training on data protection and proper handling of personal data.
  6. Physical Server Access
    • Physical access to servers is restricted to authorized personnel and strictly monitored via CCTV and controlled entry systems.
    • Remote server access is limited to authorized personnel only.
  7. Data Processing Agreements
    • The Company has signed (or is in the process of signing) Data Processing Agreements (DPAs) with partners, data centers, and software providers to ensure compliance with GDPR security standards.
  8. Advanced Security Systems in Infrastructure
    • Partnered data centers use advanced physical and digital security systems and are ISO 27001 and/or ISO 9001/PCI DSS certified.
    • They also feature redundant cooling and power sources to ensure service continuity.
  9. Data Encryption & Security Management
    • On shared and semi-dedicated hosting servers, we use Linux OS versions that isolate user file systems.
    • On VPS servers, virtualization ensures that security breaches do not affect other users or servers.
  10. Continuous Monitoring & Security Updates
  • Real-time service monitoring and regular security updates ensure immediate responses to security incidents.
  • Protection against threats such as DDoS attacks, malware, and phishing is continuously maintained.
  1. Backup Systems
  • The Company conducts daily and weekly backups of data.
  • Data transfers between servers and backup systems are encrypted to ensure security.

 Ensuring High Security Standards

These security measures guarantee:

·         Maximum levels of security and data confidentiality

·         High availability of services

·         Immediate data recovery in case of emergency

·         Optimal resource utilization and system performance

With these measures, the Company fully protects customer data from breaches, loss, or unauthorized access.

Financial Transaction Protection & Data Encryption

Transaction Security

  • The Company allows customers to place orders using credit or debit cards in an encrypted 256-bit environment.
  • All transactions are processed electronically through Everypay or PayPal, ensuring secure and reliable payments.

SSL Security

To protect financial transactions and personal data, the Company uses SSL security certificates on its websites.

Code Security & Hosting Environment

  • The Company’s programming code and hosting environment are protected against security vulnerabilities.
  • Regular updates ensure integrity and reliability of services.

Data Encryption

  • All data transferred via the Company’s services are encrypted using strong encryption methods, making them inaccessible to malicious users.
  • Customers are required to use secure passwords, stored in safe locations, to protect their accounts.

Restricted Access to Transactions

  • Only authorized personnel have access to customer financial transactions.
  • Customer data is protected by strict security measures, preventing unauthorized access and malicious activities.

With these measures, the Company ensures that all financial transactions are carried out with maximum security, while also safeguarding personal data.

Cookie Usage Policy

To ensure the proper functioning of the Company’s websites, small data files may need to be stored on the user's computer or device. These files are called cookies.

What Are Cookies?

Cookies are small text files stored on the user’s computer or mobile device when they visit the website. These files allow the website to remember user actions and preferences (such as login credentials, language, font size, and other display preferences) for a certain period, so users do not need to re-enter this information every time they visit or navigate through the website.

To manage cookies via your browser settings, please use the following links to access your browser’s instructions:

  • Microsoft Windows Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari
  • Opera

For mobile devices:

  • Android
  • Safari
  • Windows Phone
  • Blackberry

If you use a different browser, you can find cookie management instructions in your browser's help section.

You can learn more about cookies on the following third-party websites:

Use of Cookies by the Company

The Company uses cookies on its websites to:

  • Provide a better browsing experience
  • Enable communication
  • Offer personalized ads and other content

These cookies enhance the user’s interaction with the website by delivering more relevant content and advertisements.

User Choices

Users can choose whether or not to accept cookies, except for essential cookies, which are required for the proper functioning of the website. Users can accept or reject cookies via the pop-up notification displayed when they visit the website.

Types of Cookies We Use

The Company uses cookies from the following services to enhance user experience and collect anonymous data:

  • Google Analytics (GA)
  • Google Conversion
  • Google Tag Manager
  • Facebook Ads

Activating these cookies is not essential for the website's operation but enhances the browsing experience by providing better analytics and personalized content.

Managing Cookies

Users can delete cookies or block access to them through their browser settings. However, if they do so, some website features may not function properly or be unavailable.

Privacy and Cookie Usage

  • Information collected through cookies is not used to identify users.
  • Cookies are not linked to personal data without the user’s explicit consent.
  • Cookies are used only for the purposes described in this Cookie Usage Policy.

 Withdrawing Consent

Users can withdraw their consent for the use of cookies at any time by clicking on the opt-out link located at the bottom of the Company’s web pages.

Contact

For any questions regarding this policy, please contact us via email at: info [at] hostnetics [dot] gr

or through the contact form on our website.

Agreement with the Data Protection Policy

If you do not agree with this Personal Data Processing Policy and the Data Processing Agreement, you must not use the services of this website and delete your account with the Company.

Users Under 18 Years Old

For users under 18 years old, parental or guardian consent is required before submitting any personal information on the Company’s websites.

Right to Change the Policy

The Company reserves the right to modify this Data Protection Policy at any time, in accordance with the applicable laws of Greek and European legislation.

Powered by WHMCompleteSolution

Web Hosting & Website Support

Skroutz growth expertsSkroutz tech expertsMoosend Partner

Brevo PartnerHostnetics.gr is listed on whtop.com

Available payment methods

Copyright © 2025 Hostnetics. All Rights Reserved.
We use cookies to ensure the best possible browsing experience on our website. Privacy Policy