🔥 -44% Web Hosting — codeR44HOS⚡ -20% WordPress — codeR20WPS🚀 -24% Web Performance — codeWPERF24🛒 -60% eCommerce first 3 months — codeECOM60🎁 Free .RO domain with any annual plan🔒 Free SSL included with all plans📦 Free migration from any hosting provider🔥 -44% Web Hosting — codeR44HOS⚡ -20% WordPress — codeR20WPS🚀 -24% Web Performance — codeWPERF24🛒 -60% eCommerce first 3 months — codeECOM60🎁 Free .RO domain with any annual plan🔒 Free SSL included with all plans📦 Free migration from any hosting provider

Privacy Policy

How HOSTON SRL processes personal data

Ultima actualizare: 06.06.2026

01. Data Controller

HOSTON SRL, CUI RO38066444, Reg. No. J39/357/2017, Str. I.L. Caragiale no. 47, Mărășești, Vrancea, Romania, is the controller of personal data collected through hoston.ro.

You can contact us for any questions about your data at info@hoston.ro or +40 733 371 801 (Mon–Fri, 09:00–18:00). HostON does not have a formally designated DPO (Data Protection Officer), as there is no legal obligation, but we treat requests to info@hoston.ro with subject "GDPR Request" as a priority.

02. Data Collected

We collect the following categories of data:

  • Identification data: First name, last name, email address, phone number
  • Billing data: Billing address, VAT number (for legal entities), Personal Identification Number (for individuals requesting an invoice with PID, per fiscal requirements)
  • Technical data: IP address, browser, operating system, pages visited
  • Usage data: Server logs, traffic statistics (anonymized)
  • Domain WHOIS data: Contact details provided at domain registration (transmitted to TLD registries)
  • Cookies: As per the cookie policy available at /politica-cookies

We do not collect special category data (health, political opinions, biometric data, data relating to criminal convictions).

03. Purpose and Legal Basis for Processing

  • Contract performance — processing orders, activating services, invoicing (Art. 6(1)(b) GDPR)
  • Legal obligations — issuing invoices, accounting archiving, tax reporting (Art. 6(1)(c) GDPR)
  • Legitimate interests — security, fraud prevention, service improvement, abuse management (Art. 6(1)(f) GDPR)
  • Consent — newsletter, marketing, analytical cookies (Art. 6(1)(a) GDPR) — you can withdraw at any time

04. Data Retention

  • Account data: for the duration of the contractual relationship + 5 years (accounting and legal obligations)
  • Technical logs (server, access): 90 days
  • Marketing / newsletter data: until consent is withdrawn
  • Invoices and accounting documents: 10 years in accordance with Accounting Law no. 82/1991 and the Tax Code
  • Domain WHOIS data: for the duration of domain ownership + 1 year after expiry

05. Data Recipients

Your data may be shared with:

  • privacyPage.s5Item1
  • privacyPage.s5Item2
  • privacyPage.s5Item3
  • privacyPage.s5TesIntro
    • ROTLD (ICI Telecom) — .RO domains
    • EURid — .EU domains
    • Verisign / ICANN — .COM, .NET and other gTLD domains
    • DENIC — .DE domains
    • Other national or international registries, depending on the registered TLD

    Data transmitted to registries is publicly accessible via WHOIS (subject to applicable exceptions under each registry's GDPR policy).

  • privacyPage.s5Item5

We do not sell or transfer your data for marketing purposes to third parties.

06. International Transfers

Data is stored on servers in Romania (EU). Transfers carried out by sub-processors to third countries (Cloudflare — USA, Brevo — EU/USA) are performed in compliance with GDPR transfer mechanisms: Adequacy Decisions or Standard Contractual Clauses (SCC) adopted by the European Commission. International registries (Verisign/ICANN — USA) receive WHOIS data in accordance with ICANN policies, with applicable contractual guarantees.

07. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of access (Art. 15) — to receive a copy of your data
  • Right to rectification (Art. 16) — to correct inaccurate or incomplete data
  • Right to erasure (Art. 17) — "right to be forgotten" (with legal exceptions: invoices 10 years, WHOIS data)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20) — data in structured format (JSON/CSV)
  • Right to object (Art. 21) — to processing for marketing purposes or based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) — without retroactive effect

Exercise these rights by email at info@hoston.ro with subject "GDPR Request". We respond within a maximum of 30 calendar days. We do not charge fees for exercising rights (exception: manifestly unfounded or excessive requests).

08. Right to Lodge a Complaint

If you believe that the processing of your data violates GDPR, you may lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP)www.dataprotection.ro, B-dul G-ral Gheorghe Magheru no. 28–30, sector 1, Bucharest.

09. Data Security

We apply appropriate technical and organisational measures: SSL/TLS encryption in transit, account isolation via CloudLinux CageFS, WAF firewall (ModSecurity), continuous antivirus scanning (Imunify360), restricted staff access on a need-to-know basis, encrypted daily backups (JetBackup), DDoS protection via Cloudflare. In the event of a security incident affecting your data, we will notify you in accordance with GDPR (Art. 34) if the incident presents a high risk to your rights and freedoms.

10. Policy Updates

Any significant changes will be communicated by email and/or by displaying a banner on the website at least 30 days before the changes take effect.

HOSTON SRL · CUI: RO38066444 · Reg. Com: J2017000806390

Str. I.L. Caragiale, nr. 47, Mărășești, Vrancea, 625200, România

Contact: info@hoston.ro · +40 733 371 801