Information
Privacy & Security Policy
Privacy & Security Policy
1. Controller and applicable framework
get-hosting.com is operated by ACTIEFHOST LTD, a company registered in Bulgaria. This policy is intended to reflect Regulation (EU) 2016/679 (GDPR), applicable Bulgarian data-protection rules including the Personal Data Protection Act, and general EU privacy and security principles applicable to an online review platform.
2. Scope of this policy
This policy explains how we collect, use, store, secure, disclose, retain, and delete personal data when individuals use get-hosting.com, create an account, submit a review, request management access to a company profile, communicate with us, or otherwise interact with the platform.
3. Categories of personal data we may process
Depending on how the platform is used, we may process:
- account data, such as name, display name, email address, password hash, verification status, login activity, and two-factor authentication status;
- review and moderation data, such as review title, text, rating, recommendation status, uploaded evidence, moderation decisions, timestamps, and related company references;
- claim-request data, such as business email, job title, supporting explanation, and claim history;
- communication data, such as contact messages and support correspondence;
- technical, anti-abuse, and security data, such as IP addresses, session identifiers, browser or device information, failed login events, anti-spam checks, and security logs;
- analytics and usage data, where analytics tools are configured.
4. Purposes of processing
We process personal data only where necessary for legitimate platform purposes, including to:
- create and maintain user accounts;
- authenticate users and protect account security;
- send verification, reset-password, and transactional emails;
- review, moderate, publish, reject, edit, investigate, or remove review submissions;
- detect duplicate submissions, manipulation, fraud, impersonation, and abuse;
- process company profile ownership or representation requests;
- respond to support, legal, or data-rights requests;
- maintain audit trails, platform integrity, and dispute records;
- improve service quality, functionality, trust, and operational stability;
- comply with applicable legal and regulatory obligations.
5. Legal bases under the GDPR
Depending on the processing activity, the relevant legal basis may be one or more of the following:
- performance of a contract or steps taken at the request of the data subject;
- consent, where we explicitly rely on it;
- legitimate interests, including fraud prevention, moderation, service security, dispute handling, and platform integrity;
- compliance with legal obligations;
- establishment, exercise, or defence of legal claims.
6. Moderation and authenticity controls
Because get-hosting.com is a moderated review platform, moderation-related data is a core security and trust function. We may retain review status history, submission timestamps, IP data, claim records, and anti-abuse indicators for the purpose of authenticity assessment, duplicate detection, account protection, legal compliance, and enforcement of platform standards.
7. Cookies, sessions, reCAPTCHA, and analytics
We use essential technical mechanisms such as sessions and security-related cookies where required for login, account continuity, and abuse prevention. Public forms may use Google reCAPTCHA or similar anti-abuse checks. If analytics are enabled, limited usage information may also be processed to understand website performance and improve the platform.
8. Disclosure of data
We do not sell personal data. Personal data may be disclosed only where reasonably necessary to:
- hosting, storage, security, email, analytics, or anti-abuse service providers acting on our instructions;
- advisers, auditors, insurers, or legal counsel where required for legitimate business or legal purposes;
- courts, authorities, regulators, or law-enforcement bodies where disclosure is legally required or necessary to protect rights, safety, or the platform.
9. International transfers
If personal data is processed outside the European Economic Area by a service provider, we aim to rely on an appropriate transfer mechanism recognised under the GDPR, such as adequacy decisions, contractual safeguards, or another lawful basis where applicable.
10. Retention
We keep personal data only as long as reasonably necessary for the purposes for which it was collected, including moderation, security, account operation, legal compliance, audit, and dispute handling. Some records may remain retained after public content is removed where retention is necessary for abuse prevention, evidence, or legal defence.
11. Security measures
We apply technical and organisational measures designed to protect data against unauthorised access, misuse, destruction, loss, or unlawful alteration. These measures may include password hashing, access controls, role-based permissions, email verification, moderation workflows, secure connections, file restrictions, event logging, optional two-factor authentication, and anti-abuse controls. No internet system can be guaranteed absolutely secure, but we aim to maintain a security level appropriate to the nature and risks of the processing.
12. Data subject rights
Under the GDPR, individuals may have rights including the right to be informed, access their personal data, request rectification, request erasure, request restriction of processing, object to certain processing, and request data portability where applicable. Rights are not absolute and may be limited where lawful exceptions apply.
13. How to exercise rights
Requests concerning personal data may be submitted through our contact channels. We may ask for information necessary to verify identity before acting on a request. Where the GDPR applies, we aim to respond without undue delay and ordinarily within one month, subject to lawful extensions where applicable.
14. Supervisory authority in Bulgaria
If you believe that your data-protection rights have been infringed, you may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP / KZLD). Based on the CPDP official website, its contact point includes kzld@cpdp.bg and its address is 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria. Current complaint procedures and official details should be checked directly at cpdp.bg.
15. Children
The platform is not intended for children and we do not knowingly seek to collect personal data from children.
16. Changes to this policy
We may amend this policy from time to time to reflect legal, technical, operational, or service changes. The current published version will apply from its effective publication on the website.
17. Important note
This policy is intended as a platform privacy and security notice and does not constitute legal advice to third parties.
1. Controller and applicable framework
get-hosting.com is operated by ACTIEFHOST LTD, a company registered in Bulgaria. This policy is intended to reflect Regulation (EU) 2016/679 (GDPR), applicable Bulgarian data-protection rules including the Personal Data Protection Act, and general EU privacy and security principles applicable to an online review platform.
2. Scope of this policy
This policy explains how we collect, use, store, secure, disclose, retain, and delete personal data when individuals use get-hosting.com, create an account, submit a review, request management access to a company profile, communicate with us, or otherwise interact with the platform.
3. Categories of personal data we may process
Depending on how the platform is used, we may process:
- account data, such as name, display name, email address, password hash, verification status, login activity, and two-factor authentication status;
- review and moderation data, such as review title, text, rating, recommendation status, uploaded evidence, moderation decisions, timestamps, and related company references;
- claim-request data, such as business email, job title, supporting explanation, and claim history;
- communication data, such as contact messages and support correspondence;
- technical, anti-abuse, and security data, such as IP addresses, session identifiers, browser or device information, failed login events, anti-spam checks, and security logs;
- analytics and usage data, where analytics tools are configured.
4. Purposes of processing
We process personal data only where necessary for legitimate platform purposes, including to:
- create and maintain user accounts;
- authenticate users and protect account security;
- send verification, reset-password, and transactional emails;
- review, moderate, publish, reject, edit, investigate, or remove review submissions;
- detect duplicate submissions, manipulation, fraud, impersonation, and abuse;
- process company profile ownership or representation requests;
- respond to support, legal, or data-rights requests;
- maintain audit trails, platform integrity, and dispute records;
- improve service quality, functionality, trust, and operational stability;
- comply with applicable legal and regulatory obligations.
5. Legal bases under the GDPR
Depending on the processing activity, the relevant legal basis may be one or more of the following:
- performance of a contract or steps taken at the request of the data subject;
- consent, where we explicitly rely on it;
- legitimate interests, including fraud prevention, moderation, service security, dispute handling, and platform integrity;
- compliance with legal obligations;
- establishment, exercise, or defence of legal claims.
6. Moderation and authenticity controls
Because get-hosting.com is a moderated review platform, moderation-related data is a core security and trust function. We may retain review status history, submission timestamps, IP data, claim records, and anti-abuse indicators for the purpose of authenticity assessment, duplicate detection, account protection, legal compliance, and enforcement of platform standards.
7. Cookies, sessions, reCAPTCHA, and analytics
We use essential technical mechanisms such as sessions and security-related cookies where required for login, account continuity, and abuse prevention. Public forms may use Google reCAPTCHA or similar anti-abuse checks. If analytics are enabled, limited usage information may also be processed to understand website performance and improve the platform.
8. Disclosure of data
We do not sell personal data. Personal data may be disclosed only where reasonably necessary to:
- hosting, storage, security, email, analytics, or anti-abuse service providers acting on our instructions;
- advisers, auditors, insurers, or legal counsel where required for legitimate business or legal purposes;
- courts, authorities, regulators, or law-enforcement bodies where disclosure is legally required or necessary to protect rights, safety, or the platform.
9. International transfers
If personal data is processed outside the European Economic Area by a service provider, we aim to rely on an appropriate transfer mechanism recognised under the GDPR, such as adequacy decisions, contractual safeguards, or another lawful basis where applicable.
10. Retention
We keep personal data only as long as reasonably necessary for the purposes for which it was collected, including moderation, security, account operation, legal compliance, audit, and dispute handling. Some records may remain retained after public content is removed where retention is necessary for abuse prevention, evidence, or legal defence.
11. Security measures
We apply technical and organisational measures designed to protect data against unauthorised access, misuse, destruction, loss, or unlawful alteration. These measures may include password hashing, access controls, role-based permissions, email verification, moderation workflows, secure connections, file restrictions, event logging, optional two-factor authentication, and anti-abuse controls. No internet system can be guaranteed absolutely secure, but we aim to maintain a security level appropriate to the nature and risks of the processing.
12. Data subject rights
Under the GDPR, individuals may have rights including the right to be informed, access their personal data, request rectification, request erasure, request restriction of processing, object to certain processing, and request data portability where applicable. Rights are not absolute and may be limited where lawful exceptions apply.
13. How to exercise rights
Requests concerning personal data may be submitted through our contact channels. We may ask for information necessary to verify identity before acting on a request. Where the GDPR applies, we aim to respond without undue delay and ordinarily within one month, subject to lawful extensions where applicable.
14. Supervisory authority in Bulgaria
If you believe that your data-protection rights have been infringed, you may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP / KZLD). Based on the CPDP official website, its contact point includes kzld@cpdp.bg and its address is 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria. Current complaint procedures and official details should be checked directly at cpdp.bg.
15. Children
The platform is not intended for children and we do not knowingly seek to collect personal data from children.
16. Changes to this policy
We may amend this policy from time to time to reflect legal, technical, operational, or service changes. The current published version will apply from its effective publication on the website.
17. Important note
This policy is intended as a platform privacy and security notice and does not constitute legal advice to third parties.