Nullhost.eu

Privacy Policy

Effective from 12 May 2026. This is an English translation. The Czech version is the authoritative one; in case of discrepancy, the Czech version prevails.

1. Data controller

The data controller within the meaning of Regulation (EU) 2016/679 (GDPR) is:

Controller:
Daniel Adámek
Company ID:
23394218
Registered office:
Vašátkova 1032/11, 198 00 Prague 9, Czech Republic
Contact:
[email protected]

The Controller is not required to appoint a Data Protection Officer and has not done so.

2. Data we process

2.1 Identification and contact data

  • name, or company name;
  • email address;
  • phone number (optional);
  • Company ID (for businesses);
  • billing address.

2.2 Order data

  • services ordered, price, order date;
  • payment and invoice history.

2.3 Service usage data

  • IP address and technical connection data (server logs);
  • hosting configuration data (for the purpose of technical support).

2.4 Website traffic data (anonymous statistics)

To measure traffic on nullhost.eu we use Umami in cookieless mode. We do not store any cookies or other identifiers on your device and we do not build profiles of individual visitors. We process only aggregated, pseudonymised data:

  • page visited and referrer;
  • browser type, operating system and device type;
  • country derived from the IP address (the IP address itself is not stored);
  • date and time of the visit.

2.5 Website analysis data

  • URL of the website to be analysed;
  • publicly available information obtained by automated crawling.

2.6 Payment data

Card data is processed exclusively by the payment processor Stripe (see clause 4) and the Controller never has access to it.

3. Purposes and legal bases of processing

PurposeLegal basisData categories
Performance of the contract (providing the Service, invoicing)Art. 6(1)(b) GDPR — contractidentification, contact, order data
Compliance with legal obligations (accounting, tax)Art. 6(1)(c) GDPR — legal obligationbilling data, invoices
Operation and security of the ServiceArt. 6(1)(f) GDPR — legitimate interestserver logs, IP, technical data
Website traffic and performance measurement (anonymous statistics)Art. 6(1)(f) GDPR — legitimate interestpseudonymised visit data, no cookies
Communication regarding the order and supportArt. 6(1)(b) GDPR — contractemail, phone, message content
Defence of legal claimsArt. 6(1)(f) GDPR — legitimate interestrelevant data during the limitation period

4. Recipients (processors)

We share your personal data only with the following processors, who are contractually bound to confidentiality and GDPR-level protection:

ProcessorPurposeProcessing location
Stripe Payments Europe, Limited (Ireland) Payment processing and invoicing EU + Standard Contractual Clauses for any extra-EU transfer
Proton AG (Switzerland) Transactional email delivery (order confirmation, invoices, support) Switzerland — country with an adequacy decision under Art. 45 GDPR (Commission Decision 2000/518/EC)
Server infrastructure provider (Germany) Nullhost.eu service Germany (EU)
Umami Software, Inc. (USA) Anonymous website traffic statistics (cookieless) EU region (Frankfurt) + Standard Contractual Clauses for the US-based provider

5. International transfers

Your personal data is primarily processed within the European Union. Where a specific processor (e.g. Stripe or Umami) uses infrastructure outside the EU for some operations or is established outside the EU, such transfer is protected by Standard Contractual Clauses approved by the European Commission (Art. 46(2) GDPR).

6. Retention periods

DataRetention
Active order datafor the duration of the contract
Accounting documents and invoices10 years (Act No. 563/1991 Coll., § 31)
Server logsmaximum 90 days
Email communication3 years from last contact
Data for defence of legal claimsup to the general limitation period (3 years)

After these periods data is irreversibly deleted or anonymised.

7. Your rights

You have the following rights regarding your personal data:

  • Right of access — to obtain confirmation and a copy of your data (Art. 15 GDPR).
  • Right to rectification (Art. 16 GDPR).
  • Right to erasure — "right to be forgotten" (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability — receive your data in a structured machine-readable format (Art. 20 GDPR).
  • Right to object — against processing based on legitimate interest (Art. 21 GDPR).
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) — see clause 10.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

nullhost.eu uses only strictly necessary cookies needed for the site to function. We use no marketing or tracking cookies.

For traffic measurement we use Umami in cookieless mode — it stores no cookies or other identifiers on your device and therefore requires no consent. Further details on this processing are in clauses 2.4 and 4.

9. Changes to this policy

We may update this policy. The current version is always published on nullhost.eu. We notify you by email at least 30 days in advance of substantial changes.

10. Complaint to the supervisory authority

If you believe your data is being processed in violation of GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.gov.cz, or with the supervisory authority in your country of residence. Controller contact details are in clause 1.