Website Privacy

A. Privacy Policy for a2hosting.com and my.a2hosting.com

Thank you for your interest in our Internet presence. The protection of your personal data (hereinafter also “data” or “PI”) is a very important concern for us. Capitalized terms used but not defined in this policy have the meaning given to them in our Terms of Services, located at: https://www.a2hosting.com/about/policies#Terms-Of-Service.

Controller, contact, data protection officer

Controller pursuant to Art. 4 (7) EU General Data Protection Regulation (“GDPR”) is

A2 Hosting Inc.

PO BOX 2889

Ann Arbor, Michigan, 48106

USA

It is represented by the CEO Bryan Muthig.

You can also contact us through the email address [email protected]

In case of questions or comments concerning this Privacy Policy, please contact our data protection officer at the following email address: [email protected]

EU-US Privacy Shield Framework

A2 Hosting complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. A2 Hosting has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Among other things, the Privacy Shield Principles describe our obligations with respect to personal information that we transfer to third parties as described in this Privacy Policy. A2 Hosting remains responsible and liable as provided in the Principles if the third party processes the personal information in a manner that is not consistent with the Principles, unless A2 Hosting proves that it is not responsible for the event giving rise to the damage. Please note in detail:

  • A2 Hosting is subject to the investigatory and enforcement powers of the Federal Trade Commission.
  • A2 Hosting complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. A2 Hosting has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
  • Among other things, the Privacy Shield Principles describe our obligations with respect to personal information that we transfer to third parties as described in this Privacy Policy. A2 Hosting remains responsible and liable as provided in the Principles if the third party processes the personal information in a manner that is not consistent with the Principles, unless A2 Hosting proves that it is not responsible for the event giving rise to the damage.
  • If we transfer your PI to third parties, we will remain responsible and liable to you if the third party processes your PI in violation of the Privacy Shield Principles, unless we prove we were not responsible for the event giving rise to the damage.
  • Under certain conditions, you may also have the right to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission or Swiss Government.
  • In compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, A2 Hosting commits to resolve complaints about your privacy and our collection or use of your personal information free of charge. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact A2 Hosting at:

Mail: [email protected]

Attn: Privacy Policy
PO Box 2998

Ann Arbor, MI 48106
USA
Web: https://www.a2hosting.com/contact/

  • A2 Hosting has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
  • Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Changes to policy

If we make any significant changes to this policy we will notify you by email, post a notice of such changes on the Site or flag our Privacy Policy on the website as updated.  You agree to our use of electronic communications with you for purposes of this policy.

General Information about information we collect

We may use PI as required or permitted by law, including in response to service of legal process (court order, summons, subpoena, and the like).  We may disclose PI to law enforcement or regulatory authorities as part of an investigation into activity at the Site (such as a suspected breach). We shall use commercially reasonable measures to limit disclosure and use of such PI.  We may use PI in connection with the establishment or defense of legal claims.  Any information sent to us will not be deemed to be confidential, and may be shared by us with any other individual or entity, regardless of whether you mark it confidential.

We do not knowingly collect personally identifiable information from children under the age of 13.  If a parent or guardian believes that their child under the age of 13 has provided us with personally identifiable information, they should contact us.

If the legal basis is not listed in the Privacy Policy, the following applies:

  • Insofar as we obtain the data subject’s consent for processing, Art. 6 (1) Clause 1 lit. a) GDPR is the legal basis.
  • In case of processing of personal data necessary for the fulfillment of a contract, the legal basis is Art. 6 (1) Clause 1 lit. b) GDPR.
  • Insofar as processing of personal data is necessary for the fulfillment of a legal obligation, the legal basis is Art. 6 (1) Clause 1 lit. c) GDPR.
  • In the event that vital interests of the data subject or of another natural person require a processing of personal data, the legal basis is Art. 6 (1) Clause 1 lit. d) GDPR.
  • If processing is necessary to safeguard legitimate interests of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh these legitimate interests, the legal basis for processing is Art. 6 (1) Clause 1 lit. f) GDPR.

Retention periods

The data processed by us is erased or its processing is restricted in compliance with statutory requirements, in particular Art. 17 and 18 GDPR. Unless expressly stated otherwise within the scope of this Privacy Policy, we erase data stored by us as soon as such is no longer required for the intended purpose. Data will be retained beyond the time at which the purpose ends only if such data is necessary for other, legally permissible purposes or if the data must continue to be retained due to statutory retention periods. In these cases, processing is restricted, i.e. it is blocked, and will not be processed for other purposes.

Server log data

For the informational use of our Internet presence it is generally not required that you actively disclose your personal data. In this case we instead collect and use only the data automatically transmitted to us by your Internet browser. This includes:

  • date and time of your retrieval of one of our websites;
  • your browser type;
  • your browser settings;
  • utilized operating system;
  • your most recently visited site;
  • the transferred data volume and access status (file transferred, file not found, etc.);
  • your IP address.

The data is stored on our servers. This data is not stored together with other personal data except those stated above. The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session. We create so-called log files from this data. The created log files are stored to safeguard the security of our IT systems. A personal evaluation of the data, in particular for marketing purposes, does not take place.

Processing of the above data is required for technical reasons to offer a website pursuant to Art. 6 (1) Clause 1 lit. b), lit. c), lit. f) GDPR in order to correctly display our website to you and to safeguard stability and security. In particular, log files are created to verify attacks on our systems. We erase server log data from our systems at the latest after 7 days.

Shopping cart and my.a2hosting.com

If you wish to place an order through our shopping cart, it is necessary for the conclusion of a contract that you disclose your personal data, which we require to process your order. Mandatory information necessary for processing of contracts is marked separately, additional information is voluntary. We process the data disclosed by you to process your order. We may also forward your payment information to our bank. We may also process the data disclosed by you in order to inform you of additional interesting products in our portfolio, or to send you emails with technical information. The legal basis for this is Art. 6 (1) Clause 1 lit. b GDPR.

There will be set up a customer account through which we can store your data for additional future purchases. You can also use the log-in area to manage and set up your contracts and purchased products.  You can manage change and delete information in your account. The legal basis for the creation of a customer account is Art. 6 (1) lit. b) GDPR. We are furthermore authorized to retain your utilized IP addresses as well as the time of registration and confirmation in order to verify your registration and to clarify a possible abuse of your personal data, if necessary. The legal basis for this is Art. 6 (1) Clause 1 lit. c and f GDPR.

To prevent unauthorized access of third parties to your personal data, in particular financial data, the ordering process is encrypted through TLS technology.

Contacting

In case of contacting by contact form, email or telephone, your data is processed, depending on the content of the request, for purely informational inquiries based on your (assumed) consent pursuant to Art. 6 (1) Clause 1 lit. a) GDPR or pursuant to Art. 6 (1) Clause 1 lit. b) GDPR, insofar as contacting is connected to contractual performance obligations. In case of contacting through our form, we require only your name and email address in order to reply to you. Your information may be stored in a customer relationship management system (“CRM system”).

We delete your contact requests immediately after they are processed, unless statutory retention periods require additional retention.

Newsletter

With your consent, you can subscribe to our newsletter in which we inform you of our current interesting offers.

We used the so-called double opt-in process for registration to our newsletter. This means that after your registration, an email is sent to the disclosed email address, in which we ask you to confirm your request to receive the newsletter. If you do not confirm your registration through the hyperlink within 24 hours, your information is blocked and erased after the expiration of one month. We furthermore retain your utilized IP addresses and the time of registration and confirmation. The purpose of this process is to verify your registration and clarify a possible abuse of your personal data, if necessary. Only the disclosure of your email address is required to receive the newsletter. All other disclosed information is voluntary and will be used to allow us to address you personally. After your confirmation, we store your email address for sending you the newsletter. The legal basis for this is Art. 6 (1) Clause 1 lit. a) GDPR.

To unsubscribe from the newsletter, you can click on the link provided in every newsletter email, send an email to [email protected].

Please note that we analyze your user behavior when sending the newsletter. For this analysis, the emails sent by us contain so-called web beacons or tracking pixels, which are one-pixel images that are stored on our website. For the analysis we combine the data listed under “Server log files” and the web beacons with your email address and an individual ID.

Your rights

You may request access, updating and corrections of inaccuracies in your PI by contacting us as set out below.  For security purposes, we may request PI from you in connection with such access.  You may also: (i) modify your information through your control panel in your account, or (ii) ask that information regarding your inquiries be deleted by contacting us through our contact form at https://www.a2hosting.com/contact/

You may request that we delete your PI, and we shall attempt to accommodate such requests.  However, we may retain and use PI for such periods of time as required or permitted by law or best business practices.

  • Nevertheless, you can assert the following rights under the GDPR free of charge:
  • Right to access by the data subject (Art. 15 GDPR);
  • Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object (Art. 21 GDPR).

You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.

Social media presences

We maintain presences in social media in order to communicate with customers and prospective customers there and to keep them informed. When retrieving the relevant networks, the terms and conditions of the operators apply.

Third Party Agents (Processors and data recipients)

In some cases, we use external service providers to process your data, which are bound to our instructions. They were selected and commissioned by us with care and they are monitored regularly. The orders are based on data processing agreements pursuant to Art. 28 GDPR. The processor does not independently process data for its own purposes.

We use a hosting provider to operate this web offer, who processes inventory data, contact data, content data, contract data, utilization data, metadata, and communication data from visitors or customers of this web offer within the scope of our legitimate interest in an efficient and secure provision of this online offer pursuant to Art. 6 (1) Clause 1 lit. f), 28 GDPR. If we transfer your data to third parties, we will remain responsible and liable to you if the third party processes your data in violation of the Privacy Shield Principles, unless we prove we were not responsible for the event giving rise to the damage. In any case, we oblige third parties to protect your privacy at least to the extent specified in this data protection declaration.

HIPAA

HIPAA (The Health Insurance Portability and Accountability Act) does not apply to the service we provide. We are not a “Covered Entity” or a “Business Associate” as those terms are defined by HIPAA.  As HIPAA does not apply, our service does not need to and may not meet the standards set forth in HIPAA. Accordingly, using the service should not be used submit, store, or disclose information that would be subject to HIPAA in a manner that is compliant with HIPAA and its requirements.

Testimonials

Pursuant to our Terms of Service (located at https://www.a2hosting.com/about/policies#Terms-Of-Service), you may provide us with an Endorsement in connection with your use of the Services. We may, at our discretion, use the Endorsement to promote our Services as specified in our Terms of Service. In connection with our use of your Endorsement, you hereby agree that we may use your first name, last initial, home state, voice or likeness, and/or contact information in connection with its publication of the Endorsement. If, at any time, you want us to stop using your Endorsement, please contact us using the contact information in Section 19 of our Terms of Service and we will cease using the Endorsement soon after processing your request. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

B. Cookies and integrated third-party offers

We use cookies in our Internet presence. Cookies are small text files that within the scope of your visit of our website are transmitted from our web server to your browser and are stored by your browser on your computer for later retrieval. You yourself can determine, through settings in your browser, the extent to which cookies can be placed and retrieved. Persistent cookies may be stored on your computer after your visit and our website can access them every time each time you visit our website (so-called “ID cookies”). Some cookies that are stored during your visit of our website can be stored and retrieved by other companies.

We use so-called session cookies (also called “temporary cookies”) as cookies that are exclusively stored for the duration of your use of one of our websites. It is necessary for technical reasons to permit session cookies to fully use all functions of our Internet presence. It is the purpose of these cookies to identify your computer during your visit of our Internet presence when changing from one of our websites to one of our other websites and to determine the end of your visits. Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie. You can at any time delete cookies in the security settings of your browser.

Legal basis for the use of cookies is Art. 6 (1) Clause 1 lit. f) GDPR unless specified otherwise.

I. Third-Party-Cookies

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note the following with regard to third-party cookies.

1. Google Analytics, Double Click

Google Analytics is a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google uses cookies. The information concerning the use of the user’s online offer generated through cookies is generally transmitted to and stored at a Google server in the USA.

Google is certified under the Privacy Shield Treaty and thus offers a guarantee that it complies with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We inform you that, on this website, Google Analytics was expanded by the code “anonymizeIp” in order to guarantee anonymized capture of IP addresses (so-called “IP masking”). By activating IP anonymization on this website, your IP address within member states of the European Union or other contracting parties to the Agreement on the European Economic Area is first abbreviated by Google. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to create reports concerning website activities, and to provide other services in connection with website use and Internet use vis-à-vis the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data held by Google. Pseudonym profiles of users may be created from the processed data. The IP address transmitted by your browser is not combined with other data held by Google.  

You can prevent the collection of the data generated by the cookie and relating to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information concerning data used by Google, settings options, and opportunities to object are available on Google‘s website under https://www.google.com/intl/de/policies/privacy/partners and under http://www.google.com/policies/technologies/ads and http://www.google.de/settings/ads

DoubleClick by Google (“DoubleClick”) is a service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). DoubleClick uses cookies to display most relevant advertisements. Google keeps track of the advertisements you have seen and which of them you have actually viewed. Using the DoubleClick cookies allows Google and its advertising network to serve advertisements based on your previous web page visits (or even apps). Google will transmit information generated by the cookies to a Google server for analysis and storage. You can prevent cookies from being saved by setting your browser software accordingly. You can also prevent Google from collecting data generated by the cookies and pertaining to your use of the web page as well as processing this data.

For more detailed information on the terms and conditions of use and data protection, please visit: http://www.google.com/analytics/terms/de.html or http://www.google.com/intl/de/analytics/privacyoverview.html

2. Facebook Pixel

When using our web page, we place a visitor action pixel of the social network Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) on your computer. This allows us to track your behavior when you click on a Facebook advertisement and are then redirected to our web page. The service helps to analyze and evaluate the effectiveness of Facebook advertisements in order to optimize future advertising measures. The data will remain completely anonymous to us and cannot be traced back to the respective person. However, Facebook will store and process the data and hence establish a connection between the data and the user's Facebook profile. For more information about Facebook's data processing, please visit: https://www.facebook.com/about/privacy/

If you wish to object to this procedure, please click here: http://optout.aboutads.info/#/

3. Bing Ads

We use the conversion and tracking tool “Bing Ads” from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft stores cookies on your device in order to enable an analysis of the use of our online offer by the users if users have accessed our online offer via a Microsoft Bing display (so-called “conversion measurement”). Microsoft and we can recognize in this way that someone has clicked on an ad, has been redirected to our online offer and has reached a previously defined target page (so-called “conversion page”). We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the user is communicated.

Microsoft is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

If you do not wish to participate in the Bing Ads tracking process, you can use Microsoft's opt-out page: http://choice.microsoft.com/de-DE/opt-out.

Users can find further information on data protection and the cookies used at Microsoft Bing Ads in Microsoft's data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.

4. Hotjar

Our web page also utilizes the analysis software “Hotjar” by “Hotjar” Ltd., Level 2, St. Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta.

Hotjar enables you to measure and analyze your web page usage (clicks, mouse movement, scroll depth, etc.). The collected data is transmitted to a Hotjar server in Ireland and stored there. The following data is collected:

  • IP address - prior to storage your IP address is anonymized by setting the last octet to zero to prevent personal identification. The first three octets of the IP address will only reveal the user’s geographical region;
  • Your email address, including your first and last name, if you have made it available to us via our web page;
  • Screen size of your device;
  • Device type and browser information;
  • Geographic position (just the country);
  • The preferred language to display our web page.

The following data is automatically generated by our servers when Hotjar is used:

  • Referring domain;
  • Visited web pages;
  • Geographic position (just the country);
  • The preferred language to display our web page;
  • Date and time of web page access.

Hotjar uses this information to analyze your use of our web page, to create reports on its use and to provide other internet analysis services.

The cookies set by Hotjar are stored for different lengths of time depending on the cookie; but no longer than 365 days. For more information, please visit: https://www.hotjar.com/cookies

To prevent Hotjar from collecting data, please click on this link and follow the instructions: https://www.hotjar.com/opt-out  

5. Glassdoor

Glassdoor uses cookies and transfers data about your visit to our site directly to Glassdoor. If you have a Glassdoor account, your visit to our site can be directly connected to your account. For more information, visit https://www.glassdoor.com/about/privacy.htm

6. Social Plugins

For data protection reasons we have deliberately decided against using direct plug-ins from social networks on our websites. Generally, if you retrieve our websites, no data is automatically transmitted to social networks. Your Internet browser will create a connection to the servers of the respective social network only once you actively click on the respective button, i.e. by clicking the respective button (e.g. “Like”) you consent to your Internet browser establishing a connection to the servers of the respective social network and to transmit usage data to the respective provider of the social network.
Data transmitted through clicking the respective buttons may possibly be connected to existing accounts and profiles. The providers also create usage profiles. We have no influence on data processing or data retention after transmission of the data to the stated providers. In case of questions concerning data processing after transmission, please note the following Privacy Policys of the providers and contact them directly in case of questions.

The transmission of data to the relevant provider is subject to Art. 6 (1) lit. a GDPR based on your consent.

The following services are integrated:

  • Facebook, Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
  • LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.
  • YouTube, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
  • Twitter,Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

All providers are subject to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

C. Data security

We have implemented technical, physical and administrative safeguards designed to protect your data against loss and against unauthorized access, use, and disclosure.  Passwords are stored on our server in encrypted form. We have personal information retention processes designed to retain personal information as necessary for the purposes stated above or to otherwise meet legal requirements.  Unless this Privacy Policy states otherwise, our employees are required to keep the information set out here confidential.

For this purpose, this site, among other things, uses SSL encryption for the secure transmission of data. The common SSL process (Secure Socket Layer) is used in connection with the respective maximum encryption level supported by your browser.

This policy was last updated May 23, 2018

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.