Effective date: 1 January 2026 | Last updated: 26 March 2026
1. Who We Are
ETX Hosting ("we", "us", "our") is a web hosting company providing shared hosting, VPS, and related services. We are committed to protecting your privacy and handling your personal data responsibly.
For the purposes of applicable data protection law, including the UK GDPR and EU GDPR, ETX Hosting is the data controller of the personal data collected through our website and services.
If you have any questions about this policy, please contact our Data Protection Officer at [email protected].
2. Data We Collect
We collect the following categories of personal data:
Account and Identity Data
- Full name
- Email address
- Username and password (stored as a hashed value)
- Company name (if applicable)
Billing and Payment Data
- Billing address
- Payment method type (card, PayPal)
- Last four digits of payment card (we do not store full card numbers)
- Transaction history and invoice records
Technical and Usage Data
- IP address and approximate geographic location
- Browser type and version
- Pages visited and time spent on our website
- Referring URLs
- Server access logs (including requests made to your hosted websites)
- Support ticket and live chat history
Communications Data
- Emails and messages sent to our support team
- Survey and feedback responses
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing our services — setting up and maintaining your hosting account
- Billing and payments — processing transactions, sending invoices, and handling refunds
- Customer support — responding to your queries and resolving issues
- Security — detecting fraud, abuse, and threats to our infrastructure
- Service improvement — analysing usage data to improve our platform
- Communications — sending service notifications, maintenance alerts, and (with your consent) marketing emails
- Legal compliance — meeting our obligations under applicable law
4. Legal Basis for Processing
We process your personal data on the following legal bases under the UK/EU GDPR:
- Contract performance — processing necessary to deliver the hosting services you have purchased
- Legitimate interests — fraud prevention, security monitoring, and service analytics
- Legal obligation — retaining records for tax and regulatory compliance
- Consent — marketing communications (you may withdraw consent at any time)
5. Data Sharing
We do not sell your personal data. We may share your data with trusted third parties in the following circumstances:
- Payment processors — Stripe and PayPal process payments on our behalf
- Infrastructure providers — our data centre and cloud service partners
- Support tools — helpdesk software used to manage support tickets
- Analytics providers — anonymised/aggregated traffic analytics
- Legal authorities — when required by law or valid court order
All third-party processors are bound by data processing agreements and are required to protect your data in accordance with applicable law.
6. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy:
- Account data — retained for the duration of your account plus 2 years after closure
- Billing records — retained for 7 years to meet tax and accounting obligations
- Server access logs — retained for 90 days
- Support communications — retained for 3 years
- Marketing consent records — retained until consent is withdrawn plus 1 year
7. Your Rights
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your data in certain circumstances
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
8. Cookies
We use cookies and similar technologies on our website. For full details of the cookies we use and how to manage them, please see our Cookie Policy.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, firewalls, and regular security audits.
No method of transmission over the internet is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
10. International Data Transfers
If we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the relevant data protection authority.
11. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
12. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us: