The controller is:
Hetzner Online GmbH
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
Registration Court Ansbach, HRB 6089
VAT ID No. DE 812871812
CEO: Martin Hetzner
Margit Müller is the data protection officer, firstname.lastname@example.org.
How do you process personal data?
We save and use your personal data only to process your orders and to get in touch with you. If you subscribe to our customer newsletter, we also use your email address to send it out. We will automatically send you status messages from hetzner-status.de if you have previously changed your settings on our customer administration interface in which you request these messages. We also save and process data that job applicants provide us as part of the job application process.
What categories of data do we collect?
Every time you visit our website, your IP address and other pieces of information are saved in anonymized form. If you register an account with us, your contact information will be stored. If you order products from us, your address and payment information will also be stored.
In particular, we save the following data from you.
When you register an account with us, we collect and process certain personal data from you as your registration data. For example, we need your name, address information, telephone number, payment information and your email address to process your order. If you pay using a credit card, we do not collect and store any payment information such as credit card numbers or verification codes. You disclose this information only to the respective payment service provider. One exception with credit card payments is what is known as the pseudo card number: in order for you not to have to enter your credit card information for every payment, a pseudo card number is saved for your account. The pseudo card number only enables payment for products on our website that you order using your customer account. A pseudo card number is not identical to the credit card number. We delete all your registration data either: within 24 months, as soon as you delete your user account with us, or once the statutory retention period expires. You can delete your user account with us by sending an email to email@example.com with your deletion request. The legal basis for this data processing is Art. 6 (1) lit. b GDPR.
If you subscribe to our newsletter or request that you receive automated messages from hetzner-status.com, we also store your email address. We delete your email address once you delete your user account or if you unsubscribe from our newsletter. The legal basis for this data processing is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR.
Server log files
Whenever you visit our websites, we automatically store certain data. This includes your IP address, type and version of the browser you use, time, date, website from which you come to our site. Your IP address is saved for 7 days and then anonymized. You can then no longer be identified. The legal basis for this data process is Art. 6 (1) lit. f GDPR.
If you register for our online discussion forum, we save your username and email address. After you delete your account in the forum, this saved data will also be deleted. The legal basis for this data processing is Art. 6 (1) lit. a GDPR.
If you send us job application documents such as your resume, references and cover letter, we will save and process these pieces of data. Application documents from job applicants that do not result in hires are deleted after 3 months. If you wish to be considered for future job openings and you consent to a longer storage period, your application documents will be deleted after 24 months. With applications that result in hires, the documents are forwarded to our HR department. The legal basis for the processing of your personal data in the job application process is primarily Section 26 of the German Data Protection Act (BDSG) in the new version, which became valid on May 25, 2018.
We sometimes have sweepstakes on our websites for various occasions. If you choose to participate in the sweepstakes, we save your first and last names, your email address and, if applicable, the country you come from. We use the collected data only to process the sweepstakes. Once the sweepstakes end and the winner or winners are chosen and notified, the collected data are deleted. The legal basis for this data processing is Art. 6 (1) lit. a GDPR.
Who we forward your data to
External service providers may have access to your data while they assist us in providing our services. In some cases, third parties such as government authorities, external consultants, or our business partners may receive your data.
In particular, this may occur in the following cases:
If we register a domain for you, we provide the required data to the corresponding registration service provider.
Payment via credit card:
When paying via credit card, the payment is processed by an external service provider. For credit card payments, your information is collected directly by Computop at the address Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, D-96050 Bamberg.
Debt collection agency
If you as a customer fail to pay your invoices on time, your necessary data are passed on to an external debt collection agency.
Job application documents
If you apply for a job in Tuusula, Finland or in Munich (Unterföhring) using our career portal, we pass on your job application documents to our subsidiaries at Hetzner Finland Oy or Hetzner Cloud GmbH. We have order processing contracts with both of them.
Data is transferred to third countries in adherence to the legally regulated admissibility requirements. We will not transfer your data to a third country if it does serve the purpose of performing our contract with you; we have no consent from you; the transfer is not necessary to assert, exercise or defend legal claims; and there are no other exceptions. We will only transfer your data to a third country if there is an adequacy decision in accordance with Art. 45 GDPR or appropriate safeguards in accordance with Art. 46 GDPR. Once such adequacy decision (regarding an adequate level of protection) is the "Privacy Shield" for the USA. For transfers to a company certified under the Privacy Shield, the data privacy level is considered essentially as adequate within the meaning of Art. 45 GDPR. However, we usually do not rely on the Privacy Shield, but rather create appropriate privacy guarantees and complete the EU standard data privacy clauses issued by the European Commission with the receiving party. Together these actions establish appropriate safeguards in accordance with Art. 46 GDPR and provide an adequate level of protection.
Other categories of recipients
State authorities and courts
Where do we process your data?
We process your data exclusively in our data centers in Germany and in Finland.
Cookies and the right to object to direct advertising
"Cookies" are small files that are stored on a user's computer. Cookies can store different kinds of data. Cookies are primarily used to store information about users. They are stored on the users' devices during and/or after users visit a website or online store. "Temporary cookies", "session cookies", or "transient cookies" are cookies that are deleted after users leave an online store and close their browsers. With such cookies, for example, the content of a shopping basket can be stored in an online shop or a login bottleneck. However, other cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, users' login status can be saved when they visit a shop after several days. Likewise, permanent cookies can measure the "range" of a website (where the users are geographically located) or information on the users' interests. This information is used for marketing purposes. "Third-party cookies" are cookies that are offered by the original providers (who operate the online store or website) to other parties. (If the original provider is the one using the cookies, they are often called "first-party cookies").
It is useful to know the above terms so that you understand our cookie policies and data protection agreement.
If, as a Hetzner Online GmbH customer or as a visitor to our websites or interfaces, you do not wish cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. You can also delete stored cookies in the system settings of your browser. However, if you do these things, it will likely lead to problems when you try to use Hetzner Online GmbH websites and interfaces.
1) the US site http://www.aboutads.info/choices/
2) the EU site http://www.youronlinechoices.com/.
Furthermore, you can deactivate cookies from being stored on your computer or device by changing your browser settings. However, if you do this, it will likely lead to problems when you try to use Hetzner Online GmbH websites, interfaces, and features on the interfaces.
Social media data
Online presence on social media
We maintain online presence on social networks and platforms in order to communicate with our customers, interested parties, and users and to inform them about our services. We use Facebook, Twitter, and Instagram, among others. When visiting each of these platforms, you as a user agree to the terms and conditions and the data processing guidelines of the corresponding operator.
Unless stated otherwise in our data privacy notice, we process user data if users communicate with us on these social networks and platforms, e.g. publish posts on our pages or send us messages.
We at Hetzner Online process users' data only when it is in the customer's legitimate interest for us to do so in accordance with Art. 6, (1) lit. b GDPR. As a company, we have a legal right to obtain general customer information to use in customer accounts. We also use customers' data for communication purposes. If any of the providers below request users for consent for processing their data, the legal basis for data pracessing is Art. 6 para. 1 lit. a. GDPR.
For detailed information about the data processing operations of the providers below, as well as their opt-out options, please check the links that we have listed below.
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Irland, Joint Data Processing Agreement
Data privacy agreement: https://www.facebook.com/about/privacy/
Facebook has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework:
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA
94103, USA) - Data protection policy: https://twitter.com/de/privacy
Twitter has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework:
Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Data protection policy & opt-out: http://instagram.com/about/legal/privacy/.
Google Universal Analytics
Your rights as a "data subject"
You have the right to information about your personal data that we process.
If you do not make requests for information in writing, please bear in mind that we might ask you to provide proof that you who you claim to be.
Furthermore, you have a right to rectification or deletion or restriction of processing, as it is applicable to you under the law.
Furthermore, in accordance with legal requirements, you have the right to object to us processing your data. You also have the right of data portability.
Right to lodge a complaint
You have the right to lodge a complaint about the processing of your personal data by us to a supervisory authority for data protection.
Voluntary nature of data provision
There is no statutory obligation for you to provide your data to Hetzner Online GmbH. However, you cannot use some of our services if you do not provide your data to us. Your decision to provide us with your personal data is completely voluntary.