Privacy Policy

XenonHost.ro ("we", "our", or "the Company") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, store, and protect your information when you use our website and hosting services.

This policy has been drafted in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable Romanian data protection legislation.

Depending on how you interact with our services, we may collect the following categories of data:

2.1. Data You Provide Directly

• Full name
• Email address
• Phone number
• Postal or billing address
• Tax identification data (for businesses: tax ID, company name)
• Payment information (securely processed through third-party payment providers)
• Information submitted via contact forms or support tickets

2.2. Data Collected Automatically

• IP address
• Browser type and version
• Operating system
• Pages visited and duration of visit
• Referral source (where you accessed the site from)
• Device data (screen resolution, preferred language)

2.3. Technical Data Related to Services

• Server access logs
• Resource usage information (CPU, memory, storage)
• DNS records and domain configurations

We use the personal data we collect for the following purposes:

• Service delivery: to create and manage your account, provide the hosting services you have contracted, and process payments.
• Technical support: to respond to your requests and resolve technical issues.
• Communications: to send you service-related notifications, invoices, security updates, and, with your consent, marketing communications.
• Service improvement: to analyze service usage patterns and enhance the user experience.
• Legal compliance: to fulfill our legal obligations, including tax and accounting requirements.
• Security: to prevent fraud, abuse, and unauthorized activities.

We process your personal data based on the following legal grounds, in accordance with Article 6 of the GDPR:

• Contract performance: processing is necessary to deliver the services you have contracted.
• Consent: for marketing communications and non-essential cookies, based on your explicit consent.
• Legal obligations: for compliance with Romanian legal and tax requirements.
• Legitimate interest: for service improvement, infrastructure security, and fraud prevention.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request the correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): you may request the deletion of your personal data, subject to legal requirements.
• Right to restriction of processing: you may request the limitation of processing in certain circumstances.
• Right to data portability: you may request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object: you may object to the processing of your data for direct marketing purposes or based on our legitimate interest.
• Right to withdraw consent: if processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: you may file a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise any of these rights, please contact us at: office@xenonhost.ro.

Our website uses cookies to improve your browsing experience. Cookies are small text files stored on your device.

6.1. Types of Cookies Used

• Strictly necessary cookies: essential for website functionality (authentication, security, language preferences). These do not require consent.
• Performance/analytics cookies: help us understand how the website is used (Google Analytics or similar). These are only activated with your consent.
• Marketing cookies: used to display relevant advertisements. These are only activated with your explicit consent.

6.2. Managing Cookies

You can manage your cookie preferences through the consent banner displayed on your first visit or through your browser settings. Disabling certain cookies may affect website functionality.

We do not sell or rent your personal data to third parties. We may share data in the following situations:

• Sub-processors: we work with a limited number of providers who process data on our behalf, under Data Processing Agreements (DPAs) ensuring GDPR compliance.
• Legal obligations: we may disclose data if required by law or at the request of competent authorities.
• Domain registrars: WHOIS information may be shared as required by ICANN for domain registration.

7.1. Current sub-processors list

Transfers to US-based providers rely on Standard Contractual Clauses (SCC) approved by the European Commission and/or participation in the EU-US Data Privacy Framework (DPF).

This list may be updated. Material changes will be communicated on this page.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: for the duration of the contractual relationship and 3 years after its termination.
• Billing data: 10 years in accordance with Romanian tax legislation.
• Server logs: maximum 12 months.
• Marketing data: until consent is withdrawn.
• Support tickets: 3 years after resolution.

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for all connections
• Firewalls and intrusion detection systems
• Restricted data access based on the need-to-know principle
• Regular encrypted backups
• Continuous infrastructure monitoring

In accordance with Art. 33 and 34 GDPR, in the event of a personal data breach that poses a risk to the rights and freedoms of affected individuals:

• We will notify the Romanian National Supervisory Authority (ANSPDCP) within 72 hours of becoming aware of the breach.
• If the breach poses a high risk, we will inform affected data subjects without undue delay, via email or public notice on the site.
• The notification will include the nature of the breach, categories and approximate number of affected individuals, measures taken, and contact point for further information.
• We maintain an internal register of all security incidents, as required by Art. 33(5) GDPR.

To exercise any of the rights listed in Section 5 (access, rectification, erasure, portability, objection, consent withdrawal):

1. Send a written request to office@xenonhost.ro specifying the right you wish to exercise and identification details so we can locate you in our systems (full name, email associated with your account).
2. In cases justified by security risks, we may request additional documents for identity verification.
3. We will respond to your request within a maximum of 30 days from receipt. For complex cases or multiple requests, this period may be extended by up to 60 additional days, with prior notice to you.
4. Responses are free of charge. For manifestly unfounded or excessive requests, we reserve the right to charge a reasonable fee or refuse the request, as permitted by Art. 12(5) GDPR.

If you believe your rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

For any questions or requests regarding the processing of your personal data, you may contact us:

Note: The company does not carry out processing that would require a mandatory DPO under Art. 37 GDPR. Data protection requests are handled directly by management.

We reserve the right to update this Privacy Policy periodically. Any significant changes will be communicated through our website or via email. We recommend checking this page regularly.