Privacy Policy

1. General information 

This privacy policy will provide you information on how we use your personal data. 

2. Information regarding controller and data protection officer  

2.1. ScalaHost is the ‘controller’ and as such responsible for the processing of your personal data. You can reach us for general questions either by phone at +31687993099 or by e-mail at support@scalahost.com. Further information may be found on our website at www.scalahost.com

3. Activities, in which we process your personal data 

3.1. Visiting our website 

If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows: 

3.1.1. For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, screen resolution, the page or file accessed, as well as the access status (successful or error code) for each page view of all website visitors.   
The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR).   
The data is deleted after the end of your visit to our website, unless specific data is further processed for one or more of the purposes described in this privacy notice. 

3.1.2. For the purpose of detecting and blocking attacks on our website and the technical infrastructure (e.g. hacking, denial of service attack), we process personal data including identification data, connection data or localization data (including IP addresses).   
This processing is necessary to pursue our legitimate interest to take protective measures against attacks (Article 6 (1) lit. f GDPR). 

3.1.3. The data is deleted no later than two (2) years after the end of your visit to our website, unless an attempted attack is detected. In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.  
Visitors of our website have the right to object to the use of these cookies as described below in sect. 4.2.3.  

3.1.4. For the purpose of providing our website we use the cloud platform Vercel, provided by Vercel Inc., 340 S Lemon Ave #4133 Walnut, CA 91789 under a data processing agreement (Art. 28 GDPR). Each visit to our website will be handled or delivered through Vercel who processes information, which may include; IP addresses, system configuration information, and other information about traffic to and from our website, for the purpose of operating, maintaining and improving service. This data can help to detect new threats, identify malicious third parties, and provide more robust security protection. 
The processing of this data is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). 

3.1.5. We use cookies on our website. Cookies are small text files. They allow us to store specific visitor-related information in the context of the use of our website. 

3.2. Website Registration 

a) For the purposes of providing you access to and use of the functionality of our website that requires registration, such as the user and customer portal or leaving comments on the website, we process the IP address, first name, last name, gender, postal address and country, email address, status as private individual or business representative, and in case of business registration also the trade-name of the business and tax ID number or similar business identification information. 

This processing is necessary to enable the use of some functionality of our website (Art. 6 (1) lit. b GDPR). For individuals who are not party to the contract, but represent a company, the legal basis is Art. 6 (1) lit. f GDPR. 

We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for identification and access to the functions of the website requiring registration. 

Individuals representing a business have the right to object to data processing as described below in sect. 4.2.3.  

b) For the purpose of verifying customer identity, we process the IP address, first name, last name, gender, postal address and country, email address, status as private individual or business representative, and in case of business registration also the trade-name of the business and tax ID number or similar business identification information. 

This processing is necessary to ensure the identity of our customer and to enable the use of our website (Art. 6 (1) lit. b GDPR). For individuals who are not party to the contract, but represent a company, the legal basis is Art. 6 (1) lit. f GDPR. 

We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for identification and access to the functions of the website requiring registration. 

Individuals representing a business have the right to object to data processing as described below in sect. 4.2.3. 

3.3. Website comment function 

For the purpose of displaying the username together with a comment left on our website or the blog, as well as identifying the author of a comment in case of later complaints about the content of the comment, we process the IP-address of the machine used to send the comment, and if available the email-address and/or username of the author of the comment. 

Registered users may subscribe to comment feeds, in which case we use the email-address to send new comments and responses by email.  

The processing is necessary to pursue our legitimate interest to protect ourselves and our users from unlawful content on our website and enable a community environment by displaying the usernames (Art. 6 (1) lit. f GDPR). 

We retain the IP-addresses, the email-address and/or username for as long as the comment is stored and visible on our website, or until the registered user has unsubscribed from the comment feed. 

Authors of comments have the right to object to data processing as described below in sect. 4.2.3. This right may also be exercised by using the anonymous commenting function. 

3.4. Email advertisement 

For the purpose of processing email communication with customers about industry news and advertisement for our own products and services, such as information about promotions, new product launches and new offers, we process the email-address of our customers. 

This processing is based on the customer’s consent (Art. 6 (1) lit. a GDPR). 

We retain the email-address until consent is withdrawn. The processing of the email-address for this purpose is restricted after withdrawal of consent, and the email-address is deleted unless it is also processed for other purposes. 

The customer has the right to withdraw consent as described below in sect. 4.2.4. Subscriber may also withdraw consent by unsubscribing from the mailing by using the “unsubscribe” link contained in every advertisement mailing. 

3.5. Email newsletters 

For the purpose of sending email newsletters with information about industry news and advertisement for our own products and services, such as information about promotions, new product launches and new offers, we process the email-address of the subscriber. 

This processing is based on the subscriber’s consent (Art. 6 (1) lit. a GDPR). 

We retain the email-address until consent is withdrawn. The processing of the email-address for this purpose is restricted after withdrawal of consent, and the email-address is deleted unless it is also processed for other purposes. 

The subscriber has the right to withdraw consent as described below in sect. 4.2.4. Subscriber may also withdraw consent by unsubscribing from the newsletters by using the “unsubscribe” link contained in every newsletter mailing. 

3.6 Application for job vacancy

By submitting an application on our recruiting page or to us via email, the applicant declares that he wishes to take up an employment with us. We process and store all personal data provided by the applicant exclusively for the purpose of the job search/application.

In particular the following data are collected: name (first and last name), e-mail address, telephone number, LinkedIn-Profile (optional), channel (how the applicant became aware of us).

You also have the option to upload documents such as cover letter, CV and references. These may include further personal data such as date of birth, address, etc.

If provided by the applicant, we also process special categories of personal data, for example information on handicaps, ethnic origin or biometric data (handwritten signature). 

The processing of the aforementioned personal data is necessary as a pre-contractual measure. We use the provided personal data for the application process (assessment and qualification for the position). The processing is based on Art. 6 (1) lit. b,  Art. 88 GDPR in connection with sect. 26 BDSG.

Where special categories of data are provided voluntarily by the applicant, processing is based on Art. 9 (2) lit. a GDPR. By providing the special categories of personal data concerned, the applicant consents to the processing.

Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH (Rundfunkplatz 4, 80335 München), which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.

The data contained in the application letter is made available to our HR-department and the decision makers for the respective job vacancy. 

The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.

We retain the data until six months after a decision on filling the job vacancy is communicated to the applicant. After this period we will delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).

The applicant has the right to withdraw consent to processing of voluntarily provided special categories of data as described below in sect. 4.2.4. 

Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.

3.7 Talent pool

For possible consideration for future job vacancies, we process all personal data provided by applicants either for a job application (see above sect. 3.6) or as an unsolicited application (concerning the categories of data described above in sect. 3.6) to decide on whether to consider an applicant for any available job vacancies. 

The processing is based on the applicant’s express consent (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR). 

We retain the data for 6 month or until consent is withdrawn, whichever is earlier. The application letter and the data contained therein is then erased, returned to the applicant or destroyed, unless the applicant has renewed consent (e.g. upon our request) or data is further processed for employment purposes. 

The applicant has the right to withdraw consent to processing as described below in sect. 4.2.4

3.8. Order processing 

For the purpose of processing customer orders of our products and services and commissioning the products and services for delivery, we process the personal data provided during website registration (see above sect. 3.2) and the status of the customer’s payments.  

The processing is necessary to perform the contract with the customer (Art. 6 (1) lit. b GDPR). 

We retain the personal data until after termination of all contracts with the customer. Then processing for this purpose is restricted. The data is deleted after all mandatory retention periods have expired. 

3.9. Fraud prevention 

For the purpose of protecting against attempts at payment fraud or misuse of our products and services for unlawful uses (e.g. spamming, hosting illegal content), we process the personal data provided during website registration (see above sect. 3.2). We transfer IP address to Maxmind Inc., seated in 14 Spring Street, 3rd Floor, Waltham, MA 02451 USA for the purpose of determining if this is a proxy address.  

The processing is necessary to pursue our legitimate interest of fraud prevention (Art. 6 (1) lit. f GDPR).  

We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for fraud prevention.  

3.10. Payment processing 

For the purpose of processing payments for products and services we process the personal data provided for website registration (see above sect. 3.2) and the account information provided by the customer, the products and services ordered and the amounts incurred. Unless the customer prepays the remuneration for the entire contract duration by bank transfer, the data is transferred to the respective payment processing provider selected by the customer, for example PayPal (Europe) S.à.r.l & Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland. 

The processing and transfer are necessary to perform the contract with the customer (Art. 6 (1) lit. b GDPR). 

We retain the account information for the lifetime of the customer account + 6 months. Then processing is restricted for this purpose and deleted after all mandatory retention periods have expired. 

3.11. Customer and product support 

To process all customer or product support inquiries that reach us by email or phone, we process the name, first name, email address, telephone number and other personal data communicated in the e-mail as well as information on the content of the request.  

The processing is necessary to handle the request or inquiry (Article 6 (1) lit. b GDPR).  

Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the request. The data is deleted after all mandatory retention periods have expired. 

4. Your data subject rights 

4.1. You may at any time exercise your rights as a data subject by contacting us by mail or e-mail to our address mentioned in section 2.2. Please keep in mind that we do not answer any inquiries about personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty. 

4.2. You have the following rights with respect to your personal data: 

4.2.1. You may exercise your right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing, i. e. blocking for certain purposes, (Art. 18 GDPR) at any time, if the respective statutory prerequisites are met. 

4.2.2. Your right to data portability (Art. 20 GDPR) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format. 

4.2.3. You have the right to object to processing (Art. 21 GDPR) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests. You may object to processing by sending us an email to the address stated in sect. 2.2, and we may advise you of additional ways to object to processing for each specific processing activity in sect. 3. 

4.2.4. You have the right to withdraw consent you have given us to process your personal data (Art. 7 (3) GDPR). You may withdraw your consent at any time and without need to give any reason, either for all processing or limited to specific processing of your data that is based on your consent. Withdrawal of consent will be effective immediately and for any future processing. The lawfulness of processing before withdrawal of consent remains unaffected. You may withdraw consent by sending us an email to the address stated in sect. 2.2, and we may advise you of additional ways to withdraw consent for each specific processing activity in sect. 3.