Privacy Policy

As a controller, we collect only what we need to provide and run the Services:

• Account and billing data (name, email, address, organisation, VAT number, payment status) — to create your account, take payment and meet our legal accounting obligations. Billing runs in our client area at my.2-host.com.
• Support and enquiry data (your messages, contact details) — to answer you and provide support.
• Technical and security logs (IP addresses, timestamps, request and error logs) — to operate the Services, keep them secure, and investigate abuse or incidents.
• Website analytics — aggregated, privacy-friendly statistics about visits to this site (see "Cookies and analytics" below).

• Performance of a contract — to provide the Services you order and manage your account.
• Legal obligation — to keep accounting and tax records, and to respond to lawful requests.
• Legitimate interests — to secure and improve our infrastructure, prevent abuse and fraud, and communicate with you about your service. We balance these against your rights.
• Consent — where we ask for it, for example any optional marketing. You can withdraw consent at any time.

When you use our hosting, you control the personal data your sites and applications store, and we process it on your behalf as your processor. The following terms apply to that processing and act as a data processing agreement between us:

• We process that data only to provide the Services and on your documented instructions, including these Terms.
• We keep it stored within the EU/EEA (our infrastructure is in a Tier-3 data centre in Falkenstein, Germany).
• We apply appropriate technical and organisational measures to protect it, and keep our staff bound by confidentiality.
• We engage sub-processors only under contracts with equivalent data-protection obligations (see "Sharing and sub-processors").
• We will help you, so far as reasonably possible, to respond to data-subject requests and to meet your own GDPR obligations.
• We will notify you without undue delay if we become aware of a personal-data breach affecting your data.
• On termination we will delete or, where you ask and it is technically possible, return your data, except where we must keep it by law.

We do not sell your personal data. We share it only with service providers who help us run the Services, under contracts that require them to protect it and use it only as instructed. These include:

• An EU-based data-centre operator that provides the physical infrastructure in Falkenstein, Germany.
• Cloudflare, Inc., for DNS, CDN and DDoS protection / web application firewall.
• A payment provider that processes your payments (we do not store full card numbers).
• A domain registrar / registry, where you register or transfer a domain.
• Email delivery for transactional and support messages.

A current list of sub-processors is available on request at privacy@2-host.com. We may also disclose data where we are legally required to do so.

Your data and the data you host with us are stored and processed within the EU/EEA. Some providers we rely on (for example, our CDN and security provider) may operate globally; where any transfer of personal data outside the EU/EEA is involved, we rely on an approved safeguard such as an adequacy decision or the European Commission’s Standard Contractual Clauses.

We keep account and support data for as long as you are a customer and for a reasonable period afterwards. Accounting and invoicing records are kept for the period required by Swedish law (currently seven years under the Bookkeeping Act, Bokföringslagen). Security logs are kept only as long as needed for security and operational purposes. Data you host with us is kept until you delete it or your service ends.

Under the GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to processing, to data portability, and to withdraw any consent you have given. To exercise any of these, contact us at privacy@2-host.com and we will respond within the time the GDPR allows (normally one month).

If your data is inside hosting you control, please contact the website or service operator (the controller) for those requests; we will support them as your processor. You also have the right to complain to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY, imy.se), or your local supervisory authority in the EU.

This marketing website uses privacy-friendly, self-hosted analytics (Plausible) that measure visits in aggregate. It does not use cookies for tracking, does not collect personal data for advertising, and does not track you across other websites — which is why you will not see a cookie-consent banner here. Our client area at my.2-host.com uses only the cookies strictly necessary to keep you logged in.

The Services are intended for adults and businesses. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy from time to time. We will post the updated version here with a new date, and for significant changes we will let you know directly where appropriate.

For any privacy matter, contact 2-Host Web Hosting & Cloud Services at privacy@2-host.com, or write to Enköping, Sweden.