Last Updated: January 30, 2020
INFORMATION COLLECTION AND USE
maintains and discloses information collected from our visitors and/or customers (collectively,
"Customer", "you" or "your") through the use of the Company websites.
Hostek is the sole owner of the information
collected on this site. We will not sell, share, or rent
this information to others in ways different from
what is disclosed in this statement. Hostek may collect
information from our customers at several different points on
our website, as needed to service our customers, as outlined below.
INFORMATION COLLECTED DURING ORDER PROCESS
We request information from the user on our order form(s).
In order for us to service Customer account, here a user must provide contact information (email, name,
address, phone) and depending on payment method, financial information (credit
card number, expiration date, bank information). Additionally the IP is recorded in the billing system.
This information is used for
billing purposes and to fill customer's orders. If we have
trouble processing an order, this contact information is
used to get in touch with the user. We use a high encryption
SSL certificate for securely gathering the requested information. We also encrypt the credit card
for your security and the CVV code of the card is NOT stored.
INFORMATION COLLECTED DURING TROUBLESHOOTING PROCESS
To help provide faster resolutions to server issues such as Out Of Memory (OOM) errors on ColdFusions
servers, we may collect information at the time of the error to help with troubleshooting the cause of
the error. This collected data could contain the results of a query. This data is not used for any
purpose other than the troubleshooting process.
Log files automatically collect certain types of information related to your browser, including your IP
address. We use IP addresses to analyze trends and
help provide an insight into how visitors transition from one page to another so we can optimize the
visitor experience, and gather broad demographic
information like the type of browser, for aggregate use. IP addresses are not linked
to personally identifiable information.
Company web sites contain links to third party sites. These third party websites have their own privacy
policies and that we do not accept any responsibility or liability for their policies. We encourage our
visitors to be aware when
they leave our site and to read the privacy statements of
each and every web site that collects personally
identifiable information. This privacy statement applies
solely to information collected by Company Web sites.
SURVEYS & CONTESTS
From time-to-time our site requests information from visitors or customers
via surveys or contests. Participation in these surveys or
contests is completely voluntary and the participant therefore has
a choice whether or not to disclose this information.
Information requested may include contact information (such
as name and address), and demographic information (such as
zip code and age). Contact information will be used to
notify the winners and award prizes. Survey information will
be used for purposes of monitoring or improving the use and
satisfaction of this site.
This website takes every precaution to protect our visitors'
information. When visitors submit sensitive information via the
website, the information is protected both online and
When our order form(s) asks visitors to enter sensitive
information (such as credit card number), that information
is encrypted and is protected with the best encryption
software in the industry - SSL. While on a secure page, such
as our order form(s), the lock icon in the Web
browser becomes locked. Hostek has taken additional steps to ensure SSL encryption is used at all times
when browing our site.
While we use SSL encryption to protect sensitive information
online, we also do everything in our power to protect
user-information off-line. All of our users' information,
not just the sensitive information mentioned above, is
restricted in our offices. Only employees who need the
information to perform a specific job (for example, our
billing clerk or a customer service representative) are
granted access to personally identifiable information. ALL
employees are kept up-to-date on our security and privacy
practices. Any time new policies are added, our employees
are notified and/or reminded about the importance we place
on privacy, and what they can do to ensure our customers'
information is protected. Finally, the servers that we store
personally identifiable information on are kept in a secure
Hostek's website and services are not intended for, nor
designed to attract, individuals under the age of 18.
Hostek does not knowingly collect personally
identifiable information from any person under the age of
When paying by Credit Card, upon initial payment, you will be required to enter the CVV code for the
card. We do NOT store this code. It is only asked for this once. The card itself is encrypted and stored
for your security.
We send all new accounts an email providing new account
information. Established customers will occasionally receive
information on new services and/or special promotions. Out
of respect for the privacy of our users we present the
option to not receive these types of communications.
CORRECTING/UPDATING/DELETING PERSONAL INFORMATION
If a user's personally identifiable information changes
(such as your phone number or email address), or if a user no longer desires our
service, we will endeavor to provide a way to correct,
update or remove that user's personal data provided to us.
This can usually be done at the user's Control Panel page or
by submitting a
CUSTOMER INFORMATION AND CUSTOMER PRIVACY
New European Union (EU) Data Protection laws (GDPR) are effective May 25, 2018.
While GDPR only holds us accountable for how we process EU customers’ personal data, we have taken this
opportunity to review our practices and ensure that our high standards for data privacy encompass every
Company shall act in accordance with industry practice in protecting Customer Information submitted by
Customer to Company ("Customer Information"), and shall not sell or otherwise transfer Customer
Information to third parties for marketing activitites in any circumstance. Company shall be entitled to
use the Personal Information of Customer in the due performance of the Services, this Agreement and
(unless opted out in writing) for communcation to Customer of Company's own marketing information.
As to Personal Information, also referred hereinto as Personal Data, supplied by or through Customer in
the course of its business with Company, the following shall apply:
(1) Both parties will comply with their respective obligations under the applicable requirements of the
Data Protection Laws.
(2) The parties acknowledge that for the purposes of the Data Protection Laws, Customer can be both the
data subject and the data controller as described herein. As a Customer of Company, personal data
submitted to Company by Customer means Customer is a data subject. When Customer utilizes Company
servers for handling Customer's own customers, Customer is a Data Controller as defined in the Data
The parties also acknowledge that for the purposes of the Data Protection Laws, Company can be both a
data processor and data controller as described herein. Regarding Customer data submitted to Company,
Company is a Data Controller. Company, as a supplier of server services to Customer, Company is a Data
Processor as defined in the Data Protection Laws.
The following sets out the scope, nature and purpose of processing by Company, the duration of the
processing and the types of Personal Data (as defined in the Data Protection Laws) and categories of
(a) Processing by Company: The provision of data or application hosting services for Customer and
indirectly its customers.
(b) Company does not control what personal or non personal data Customers collect from their customers.
It is Customer's responsibility to have their own Data Protection guidelines in place for their own
protection related to data Customer collects from its customers; additionally, it is Customer's
responsibility to keep their applications up to date and secure from a code/software perspective.
(3) Customer declares and acknowledges that Company has no control, involvement, role or responsibility
as to the type or use of data put by Customer itself or third parties generally nor, without limitation,
Customer's employees, contractors, agents, customers or suppliers or end-users of Customer's services or
those of Customer's customers and Company merely provides an IT repository for data with a specified
conduit for its movement to and from Customer or third party infrastructure. Company's processing does
not include the manipulation, selection, ordering, searching or monitoring of such Personal Data other
than in a generic sense of storage in the scope of the Services. Customer is responsible for the
cleansing, updating, timely deletion and maintenance of Personal Data.
(4) Customer acknowledges and consents to the lawful transmission of Personal Data to Company and its
processing in accordance with this Agreement for the duration and purposes of this Agreement.
Additionally, Customer will ensure that it has all necessary and appropriate consents and notices, when
applicable, in place to enable lawful transmission of Personal Data to Company and its processing in
accordance with this Agreement for the duration and purposes of this Agreement. Customer may withdraw
consent at any time. However, Company can not provide service to Customer without consent.
(5) Without prejudice to the generality of the above clause, Company shall, in relation to any Personal
Data processed in connection with the performance by Company of its obligations under this
(a) process that Personal Data only in accordance with the performance of Services and otherwise either
required under this Agreement (this Agreement being agreed to constitute written instructions from
Customer for processing of Personal Data) or by variation of Services agreed with Company; or
(b) process that Personal Data if required by the laws of any member of the European Union or by the
laws of the European Union applicable to Company to process Personal Data (Applicable Laws). Where
Company is relying on laws of a member of the European Union or European Union law as the basis for
processing Personal Data outside of pre-agreed processing, Company shall promptly notify Customer of
this before performing the processing required by the Applicable Laws unless those Applicable Laws
prohibit Company from so notifying Customer;
(c) ensure that it has in place appropriate, industry-standard for England, technical and organisational
measures to protect against unauthorised or unlawful processing of that Personal Data and against
accidental loss or destruction of, or damage to, those Personal Data, having regard to the state of
technological development and the cost of implementing any;
(d) ensure that all personnel who have access to and/or process those Personal Data are obliged not to
permit disclosure of the Personal Data except as required by law or for the purposes of this Agreement;
(e) not transfer any of those Personal Data, other than Customer Submitted information required for
servicing Customer account (ie, US and UK based systems/support/billing teams), outside of the European
Economic Area (other than Customer’s transmission and receipt of data over the Internet and the use of
similar networks that may involve part of the network being located outside the European Economic Area
and/or the UK), unless the prior written consent of Customer has been obtained;
(f) assist Customer, at Customer's expense using Company's then current standard time rates, in
responding to any request from a Data Subject and in ensuring compliance with its obligations under the
Data Protection Laws with respect to security, breach notifications, impact assessments and
consultations with supervisory authorities or regulators;
(g) notify Customer without undue delay on becoming aware of a material Personal Data breach committed
by Company, its employees or agents and take reasonable steps to prevent further disclosure or breach
and mitigate the potential adverse effects on affected data subjects in cooperation with Customer;
(h) at the written direction of Customer, delete or return to Customer or allow Customer to retrieve
Personal Data and copies thereof on termination of Agreement unless required by Applicable Law to store
(i) maintain appropriate records and information to demonstrate its compliance with this clause;
(j) in accordance with Data Protection Laws, make available to Customer such information as is
reasonably necessary to demonstrate Company's compliance with its obligations under Article 28 of the
GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to
audits, including inspections, by Customer's professional appointee for this purpose, subject to
(j.1) giving Company reasonable prior notice of such information request, audit and/or inspection being
required by Customer;
(j.2) ensuring that all information obtained or generated by Customer or its auditor(s) in connection
with such information requests, inspections and audits is kept strictly confidential (save for
disclosure to the supervisory authority under Data Protection Laws or as otherwise required by
(j.3) ensuring that such audit or inspection is undertaken during normal business hours, with minimal
disruption to Company's business, any sub-processors’ business and the business of other customers of
(k) paying Company's costs using the then current standard time rates of Company for assisting with the
provision of information and allowing for and contributing to inspections and audits; and
(j) Customer may view and/or update their Personal Data via the billing control panel.
(6) Company has a designated Data Protection Officer (DPO), in the US and separately in the EU, as a
point of contact for all issues related to data privacy and protection within the scope of the Agreement
and pending notification. The DPO can be reached at [email protected].
(7) If Company informs Customer that it considers that an instruction violates Data Protection Laws then
it shall be entitled to suspend the execution of the relevant instructions until Customer satisfactorily
confirms compliance or changes them. Further, if Company follows the instructions of Customer, Customer
indemifies Company for any and all such current and future items or incidences related to such
(8) Customer shall, without undue delay and in a comprehensive fashion, inform Company of any defect
that Customer considers has occurred in their and/or Company's compliance with Data Protection Laws.
(9) Customer shall be obliged to maintain the public register of processing in accordance with Article
30 (1) GDPR.
The first step in resolving any concern is to contact Company (see Inquiries or Complaints below) with
any details. Unresolved issues will be resolved via binding Arbitration as a sole remedy.
INQUIRIES OR COMPLAINTS
hostek.com or send a postal mail to:
PO Box 701048
Tulsa, OK 74170
INDEMNIFICATION AND LIMITATION OF LIABILITY
Customer, as Controller shall indemnify and hold harmless on demand Company for any loss, damage,
liabilities, penalties, expenses or fines incurred (whether foreseeable or unforeseeable or direct or
indirect) as a result of:
Controller breaching its Data Processing obligations; and
any unsuccessful claim by a data subject when such claim holds both Controller and Company as jointly
and severally liable under the Data Protection Laws.
Additional information related to this section is covered and governed by the LIMITATION OF LIABILITY
section of the TOS Agreement.
NOTIFICATION OF CHANGES
those changes on this page as well as update the Modified date so Customer can stay aware of
what information we collect, how we use it, and under
circumstances, if any, we disclose it. If at any point we
decide to use personally identifiable information in a
manner different from that stated at the time it was
collected, we will notify users by way of an email. Users
will have a choice as to whether or not we use their
information in this different manner. We will use
which the information was collected.