Documents

Effective Date of Latest Revision: 21.02.2025

1. Introduction

This Privacy Policy explains how Infinity Telecom, s. r. o. (hereinafter the "Company", "we" or "us") processes and protects the personal data of its clients and website users in accordance with Regulation (EU) 2016/679 (the “GDPR”), the ePrivacy Directive (Directive 2002/58/EC), and applicable Czech law. It also describes the rights you have regarding your personal data and how you can exercise them.

We provide telecommunication services, hosting services, such as dedicated servers rent, data center and colocation services, as well as related telecommunication or connectivity solutions, such as IP transit. We recognize that protecting personal data is of utmost importance, and we are committed to handling your data responsibly and lawfully.

2. Who Is the Controller of Your Personal Data?

The Controller of your personal data is:

Infinity Telecom, s. r. o.
Hartigova 2660/141, 130 00 Prague, Czech Republic
ID No.: 04425715
Registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 247118

This Privacy Policy applies to Infinity Telecom, s. r. o. and its subsidiaries and affiliated companies (jointly referred to as the "Company").

Important Note: In some cases, such as when you store or process third parties’ data on our hosting infrastructure, we may act as a processor of those specific data on your behalf. For more details on such scenarios, see Section 8.

3. Contact Person for Data Protection

We have appointed a contact person for data protection matters. For any questions or concerns related to personal data or to exercise your rights under the GDPR, please contact us at:

E-mail: legal@in8inity.com

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes:

1. Performance of a Contract
   • To provide hosting, data center, colocation, domain registration, and related services.
   • This processing is based on Article 6(1)(b) GDPR (performance of a contract or pre‑contractual measures).
2. Compliance with Legal Obligations
   • For example, to meet anti‑money‑laundering (AML) requirements, tax or accounting obligations, or other mandates under Czech/EU law.
   • Based on Article 6(1)(c) GDPR.
3. Legitimate Interests
   • To ensure security and integrity of our services;
   • To detect and prevent misuse or fraudulent activities;
   • To tailor our offers to your needs;
   • To maintain network and information security.
   • Based on Article 6(1)(f) GDPR, provided such interests are not overridden by your fundamental rights and freedoms.
4. Consent
   • If you voluntarily agree to receive direct marketing communications, newsletters, or for other purposes requiring consent (e.g., certain types of profiling).
   • Based on Article 6(1)(a) GDPR.
5. Marketing and Profiling
   • We may analyze or segment usage data (e.g., purchase history, server usage, interaction with our website) to better understand your needs and offer relevant services.
   • This is done either under our legitimate interest or your explicit consent, depending on the circumstances.

5. What Personal Data Do We Process?

We only process the personal data necessary to fulfill the purposes set out above in connection with providing hosting and related services. Depending on your interactions with us, the following categories of data may be processed:

1. Identification Data
   • First name, last name, date of birth (if needed), national ID number (if required by law for verification) or business registration details (e.g., VAT ID).
2. Contact Data
   • Physical address (street, city, ZIP/postal code, country).
   • Telephone number, e-mail address.
   • Other contact details provided voluntarily (secondary email, etc.).
3. Registration and Payment Data
   • Records of purchased services (hosting plans, domains, etc.).
   • Payment details (e.g., masked credit card or account number), billing information (invoice address, transaction IDs).
   • Bank account details if required for wire transfers, refunds, or other transactions.
4. Technical Data
   • System Logs and Access Logs: Timestamps of logins, administrative actions in control panels, event history.
   • Authorization Logs: Records of authentication attempts, two-factor authentication data (if enabled).
   • Other metadata generated automatically for diagnostics, system stability, or security purposes.
5. Additional Data for Security and Compliance
   • Fraud Prevention Data: Information from third-party sources or internal checks if needed to comply with anti-fraud or KYC/AML measures.
   • Government ID or Corporate Documents: Collected only if legally required for identity or compliance checks (e.g., business registration documents).
6. Marketing and Communication Preferences
   • Consent status, opt-in/opt-out choices, or unsubscribes related to marketing campaigns or newsletters.
   • Segmentation data (e.g., how you interact with our website or services) if used to provide customized offers.

We do not intentionally collect or process any special categories of personal data (e.g., health data, biometric data) under Article 9 GDPR unless explicitly required by law or with your express consent.

6. Sources of Personal Data

We primarily collect personal data from:

• You (the data subject): Information you provide when signing up for services or communicating with us (e.g., online forms, emails, support tickets).
• Contracts: Data derived from contractual agreements you enter into with us.
• Publicly Available Sources: Commercial registers, official public records, domain WHOIS data (where accessible).
• Cooperating Third Parties: Our business partners or vendors, but only when such sharing is relevant and lawful.

7. Consent for Certain Purposes

In some cases, we may ask for your explicit consent, for example:

• To send you commercial offers or newsletters beyond the normal retention period or up to 5 years after your contract ends.
• To share your personal data with selected partners who may offer their products or services to you.
• To use specific types of profiling or targeted marketing that go beyond our legitimate interests.

If and when we implement such consent-based processing, we will provide more details and an option to grant or withdraw consent on our website or in your account settings. You may withdraw your consent at any time (see Section 10).

8. Data Sharing and Transfers

1. Processors
   • We may delegate certain processing activities to processors (natural or legal persons who process data on our behalf) such as payment gateways, domain registrars, or data center maintenance providers.
   • Any processor we use must contractually guarantee at least the same level of personal data protection that we maintain and comply with GDPR requirements.
2. Within the Company
   • Only authorized and trained employees are permitted to handle personal data.
3. Third Parties / Contractual Partners
   • In specific cases, we may share selected data with third parties (e.g., domain registries, SSL certificate authorities, anti-fraud service providers), but only where such sharing is legally mandated or necessary to provide our services.
4. Transfers Outside the EEA
   • If personal data is transferred outside the European Economic Area, we implement appropriate safeguards (e.g., Standard Contractual Clauses) as required by the GDPR, ensuring an adequate level of data protection.
5. Role as a Processor
   • When clients store or process third parties’ personal data on our servers, the client is considered the controller of those data, and Company Limited acts as a processor under Article 28 GDPR. In such cases, a separate Data Processing Agreement (DPA) may be required to define our respective responsibilities and ensure GDPR compliance.

9. Retention Period

We retain personal data:

• Throughout the duration of the contractual relationship, plus an additional 3 years thereafter, unless longer retention is required by law or specific contractual obligations.
• CDRs (Call Detail Records) (if telecom/VoIP services apply) are kept for at least 6 months in accordance with legal obligations.
• Payment transaction records are stored for at least 10 years to comply with accounting and tax regulations.
• Technical logs related to hosting services (e.g., server access logs) may be kept for security, fraud detection, and diagnostic purposes, typically for up to 12 months, unless longer retention is justified by ongoing security investigations or legal requirements.

Once these periods expire, or if you withdraw consent where consent was the only legal basis: your data will be deleted, anonymized, or retained only to the extent and for purposes not requiring consent.

10. Your Rights

You have the following rights regarding the processing of your personal data:

1. Right of Access
   • Request information on whether your data is processed by us and obtain a copy of such data.
2. Right to Rectification
   • Ask us to correct inaccurate or incomplete personal data.
3. Right to Erasure (“Right to Be Forgotten”)
   • Request deletion of data if it is no longer needed, was processed unlawfully, or if you have withdrawn consent and no other legal basis applies.
4. Right to Restriction of Processing
   • Under certain conditions (e.g., accuracy contested, processing is unlawful but you oppose erasure) you can demand we restrict how we process your data.
5. Right to Data Portability
   • Receive personal data you provided in a structured, commonly used, machine-readable format.
6. Right to Withdraw Consent
   • If processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
7. Right to Object
   • You may object at any time to processing for direct marketing purposes or other processing based on legitimate interest.
8. Right to Lodge a Complaint
   • With the Infinity Telecom, s. r. o. Hartigova 2660/141, 130 00 Prague, Czech Republic or the contact e-mail above.
   • With a Data Protection Authority, for example the Czech Office for Personal Data Protection (www.uoou.cz), or if you reside/work in another EU Member State, contact your local supervisory authority.

11. Voluntary or Mandatory Nature of Data Provision

• Providing personal data is generally necessary to enter into or fulfill a contract for our services (e.g., hosting, domain registration).
• Where we rely on consent (e.g., marketing communications), you are not obliged to consent, and you can withdraw your consent at any time (see Section 10).

12. Data Security Measures

We implement a range of technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include:

• Secure server infrastructure and network configurations (firewalls, intrusion detection systems).
• Access controls (passwords, role-based access, two-factor authentication) ensuring only authorized personnel can access your data.
• Regular training for employees who handle personal data.
• Encryption for data transmissions where applicable.
• Regular audits, penetration testing, and reviews to maintain and improve data security.

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will post the new version on our website and, where required, notify you via email or another appropriate channel. We encourage you to review this Policy periodically to stay informed about how we protect your data and of any changes to our processing practices.

Contact and Further Information

If you have any questions or concerns about the processing of personal data, or if you wish to exercise any of your rights, please contact us at: