Privacy, Data Collection & Data Protection Policy
Last Updated: 10 March 2025
Status: Website‑posted policy (not separately signed).
Related Website Documents: General Terms of Service (“General Terms”), Acceptable Use Policy (“AUP”).
This Policy applies to Techtomize Ltd. dedicated server services (the “Services”).
1. Purpose & Scope
This Policy consolidates the privacy, data collection, and data protection rules for the Services. By using the Services, the Customer agrees to this Policy, the General Terms, and the AUP.
2. Definitions
- Provider / “we” / Techtomize Ltd: The hosting provider that operates the infrastructure supporting the Services.
- Customer: Any entity or individual that purchases or uses the Services.
- Services: The Provider’s services.
- Personal Data: Any data relating to an identified or identifiable natural person under applicable data protection laws (e.g., GDPR, CCPA, or similar).
- Customer Content / Data: All data, software, content, and materials uploaded, stored, transmitted, or otherwise processed by the Customer using the Services.
- Confidential Information: Non‑public, proprietary, or confidential information disclosed by one party to the other.
3. Roles of the Parties
3.1 Controller/Processor. As between the Parties, the Customer determines the purposes and means of processing any Personal Data on the dedicated server and acts as controller (or equivalent). The Provider acts solely as a processor (or equivalent), where applicable, and will process Personal Data only on the Customer’s lawful instructions and solely for the purposes specified by the Customer.
3.2 No Routine Access by Provider. The Provider does not have, seek, or retain access to Customer Content or Personal Data stored on the server. The Provider does not monitor, view, or control the Customer’s data, has no access to passwords, encryption keys, or other authentication mechanisms, and does not manage the Customer’s operating system, applications, or data.
3.3 Law Enforcement & Legal Process. If the Provider receives legal demands relating to activity on the Customer’s server, the Provider will cooperate as required by law and, to the extent permitted, indicate that it does not have access to the Customer’s data. The Customer is solely responsible for responding to such requests concerning its data or users.
4. Lawful Basis, Transparency & Customer Responsibilities
4.1 Lawful Processing. The Customer is solely responsible for complying with all applicable data protection and privacy laws, including identifying a lawful basis for processing, providing notices and obtaining consents where required, and honoring data subject rights.
4.2 Privacy by Design. The Customer is responsible for implementing appropriate administrative, technical, and organizational measures to protect Personal Data and other Customer Content, including:
- Maintaining strong access controls and authentication; limiting access to authorized personnel only.
- Encrypting data at rest and in transit; securely managing encryption keys and certificates.
- Applying timely security patches, updates, and hotfixes to all software and operating systems it manages.
- Implementing firewalls, intrusion detection/prevention, and restricting exposed services/ports.
- Establishing continuous monitoring and logging to detect suspicious activity.
- Maintaining and testing regular, reliable backups and secure storage of backups.
- Maintaining an incident response plan and responding promptly to any security incident.
4.3 Prohibited Conduct & Privacy Violations. The Customer will not collect, store, process, transmit, or otherwise use Personal Data in violation of applicable privacy laws, nor engage in unauthorized collection, use, or dissemination of private information.
4.4 Third‑Party Software & Integrations. The Customer is responsible for vetting and securing any third‑party software, plugins, or services integrated with the server.
5. Provider’s Infrastructure Security Measures
5.1 Reasonable Safeguards. The Provider will take reasonable precautions to maintain the security of the infrastructure hosting the Services.
5.2 No Data Management. The Provider does not maintain, access, or manage Customer Content or Personal Data.
6. Data Retention, Backups & Deletion
6.1 Backups. The Provider does not maintain backups of Customer Content. The Customer is solely responsible for data redundancy, backup schedules, and restoration testing.
6.2 Non‑Payment Data Deletion. If invoices remain unpaid after the grace period as stated in the General Terms, the Provider may permanently delete all data associated with the Customer’s account. This deletion is irreversible.
6.3 Termination. Upon termination or expiration of the Services, the Customer must immediately cease using the Services and is solely responsible for retrieving any data prior to termination. The Provider has no obligation to store, maintain, or restore any Customer data after termination.
7. Data Breach & Incident Handling
7.1 Customer‑Managed Environment. Because the Customer manages its server environment, the Customer is responsible for detecting, investigating, mitigating, and remediating security incidents affecting its systems, applications, or data.
7.2 Notice & Cooperation. The Customer must promptly notify the Provider of suspected unauthorized access or security breaches that could impact the Provider’s infrastructure. The Provider will reasonably cooperate as required by law in connection with legally mandated notifications and investigations that relate to the Provider’s infrastructure.
7.3 Liability Allocation. To the maximum extent permitted by law, the Provider disclaims liability for security incidents or data breaches arising from the Customer’s configuration, software, access controls, or failure to implement appropriate security measures.
8. Acceptable Use & Privacy Compliance
The Customer must comply with the Acceptable Use Policy published on the Website. Without limitation, the Customer may not engage in activities that violate data protection or privacy laws, including unauthorized collection, use, or dissemination of Personal Data, or the processing of Personal Data in violation of applicable law.
9. Confidentiality
Each Party must protect the other’s Confidential Information and use it only to perform obligations in connection with the Services. For clarity, the Provider does not access or store the Customer’s intellectual property or data.
10. Data Processing Agreement (DPA)
Upon the Customer’s request, the Parties will enter into a separate DPA that aligns with this Policy and formalizes processing terms, including the limited nature of any processing by the Provider and the absence of routine access to Customer data.
11. Subprocessors
If and to the extent the Provider engages infrastructure or service providers to operate its hosting environment, the Provider remains responsible for such providers’ performance of infrastructure services supporting the Provider’s obligations in connection with the Services. No subprocessor will be granted routine access to Customer Content.
12. International Data Transfers
If the Customer transfers Personal Data across borders in connection with its use of the Services, the Customer is responsible for ensuring a lawful transfer mechanism and associated compliance.
13. Data Subject Requests
The Customer is solely responsible for responding to requests from data subjects and regulators that relate to Customer Content or Personal Data on the Customer’s servers. The Provider will, to the extent legally required and feasible, forward to the Customer any such requests it directly receives.
14. Order of Precedence
This Policy applies alongside the other website‑posted documents. If there is a conflict between this Policy and the General Terms, the General Terms control. The AUP applies in addition to this Policy; if there is a conflict between this Policy and the AUP, the more protective or restrictive provision for privacy and security will apply.
15. Governing Law
This Policy is posted on the Provider’s website and is not separately executed. The governing law and dispute resolution terms applicable to the Customer’s use of the Services are those set out in the General Terms.
16. Related Website Documents & URLs
- General Terms of Service: [Insert URL]
- Acceptable Use Policy: [Insert URL]
- Privacy, Data Collection & Data Protection Policy (this page): [Insert URL]
17. Updates to this Policy
The Provider may update this Policy from time to time. Each version will be dated and posted on the Website, and material changes will be highlighted. Your continued access or use of the Services after any update constitutes acceptance of the revised Policy. If you do not agree to the updated Policy, you must stop using the Services.