CrockyHost - Privacy Policy

This Privacy Policy explains how CROCKY S.R.L. ("CrockyHost," "we," "us," or "our") collects, uses, and shares personal information when you visit our website at https://crocky.host ("Website") or use our hosting services ("Services").

Please read this Privacy Policy carefully. By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website or Services.

1. Information We Collect

We collect several types of information from and about users of our Website and Services, including:

1.1 Personal Information

Personal information is information that identifies you as an individual. We may collect the following types of personal information:

Contact information (such as name, email address, postal address, and phone number)
Account information (such as username and password)
Payment information (such as credit card details and billing address)
Identity verification information (such as government-issued identification documents)
Communications you send to us (such as customer support inquiries)

1.2 Usage Information

We may automatically collect certain information about your equipment, browsing actions, and patterns, including:

Details of your visits to our Website, including traffic data, location data, logs, and other communication data
Information about your computer and internet connection, including your IP address, operating system, and browser type
Information about your use of our Services, including server logs, performance metrics, and error reports

1.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on our Website and hold certain information.

What Are Cookies

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners.

Types of Cookies We Use

We use the following types of cookies on our Website:

Cookie Type	Purpose	Duration
Essential Cookies	These cookies are necessary for the Website to function properly. They enable core functionality such as security, network management, and account access.	Session / Persistent
Performance Cookies	These cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously.	Persistent
Functionality Cookies	These cookies enable the Website to provide enhanced functionality and personalization, such as remembering your preferences.	Persistent
Analytics Cookies	These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website.	Persistent

Specific Cookies We Use

Name	Purpose	Duration	Type
darkMode	Stores your preference for dark or light mode	1 year	Functionality
language	Stores your preferred language	1 year	Functionality
_ga	Google Analytics cookie used to distinguish users	2 years	Analytics
_gid	Google Analytics cookie used to distinguish users	24 hours	Analytics
PHPSESSID	Preserves user session state across page requests	Session	Essential

Controlling Cookies

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience. Some browsers offer a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. Our Website does not currently respond to "Do Not Track" signals.

To manage cookies in popular browsers:

If you use Google Analytics opt-out browser add-on, you can opt out of Google Analytics tracking: https://tools.google.com/dlpage/gaoptout

Third-Party Cookies and Tracking Technologies

Some content or applications on our Website are served by third parties, including content providers and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you use our Website. We do not control these third parties' tracking technologies or how they may be used.

Third parties that may use cookies on our Website include:

Google Analytics for website traffic analysis
Payment processors to enable payments
Customer support tools for chat functionality

2. How We Collect Information

We collect information in the following ways:

Direct interactions. You may give us your personal information when you register for an account, purchase our Services, contact customer support, or otherwise interact with our Website or Services.
Automated technologies. As you navigate through and interact with our Website or use our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns.
Third parties. We may receive information about you from third parties, such as payment processors, fraud detection services, and identity verification services.

3. How We Use Your Information

We use the information we collect for various purposes, including:

To provide, maintain, and improve our Website and Services
To process and fulfill your orders, including payment processing
To create and manage your account
To communicate with you, including sending service updates, security alerts, and support messages
To respond to your inquiries and provide customer support
To detect, prevent, and address technical issues, fraud, and other illegal activities
To comply with legal obligations
To understand how users access and use our Website and Services to improve them
To deliver relevant advertisements and marketing communications (with your consent where required by law)

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we must have a legal basis for processing your personal information. Our legal basis for processing your personal information will depend on the specific context in which we collect it. Generally, we will process your personal information in the following circumstances:

Where we need to perform a contract we are about to enter into or have entered into with you
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
Where we need to comply with a legal or regulatory obligation
Where you have given your consent to the processing of your personal information for one or more specific purposes

5. Disclosure of Your Information

We may share your personal information with the following categories of recipients:

Service providers. We may share your personal information with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Business partners. We may share your personal information with our business partners to offer you certain products, services, or promotions.
Affiliates. We may share your personal information with our affiliates, in which case we will require them to honor this Privacy Policy.
Legal compliance. We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
Business transfers. We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
With your consent. We may disclose your personal information for any other purpose with your consent.

We do not sell, rent, or lease your personal information to third parties.

6. International Transfers

Your information, including personal information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Romania and choose to provide information to us, please note that we transfer the data, including personal information, to Romania and process it there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.

7. Data Processing Agreement

This section constitutes a Data Processing Agreement (DPA) between CROCKY S.R.L. (the "Processor") and you (the "Controller") in relation to the processing of personal data as part of our Services.

7.1 Roles of the Parties

For the purposes of applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (GDPR):

You are the "Controller" of the personal data that you upload or store through our Services.
We are the "Processor" of such personal data, processing it on your behalf.

7.2 Processing of Personal Data

7.2.1 Subject Matter and Duration

The subject matter of the processing is the provision of the Services by the Processor to the Controller. The processing will continue for the duration of the agreement between the parties for the provision of the Services.

7.2.2 Nature and Purpose

The Processor will process personal data as necessary to provide the Services to the Controller in accordance with this Privacy Policy and any agreement between the parties.

7.2.3 Types of Personal Data

The types of personal data processed may include, but are not limited to:

Contact information (name, email address, phone number, etc.)
User account information
IP addresses and other online identifiers
Any other personal data that the Controller chooses to upload or store through the Services

7.2.4 Categories of Data Subjects

The categories of data subjects may include, but are not limited to:

The Controller's end users
The Controller's customers or clients
The Controller's employees or contractors
Any other individuals whose personal data the Controller chooses to upload or store through the Services

7.3 Obligations of the Processor

The Processor shall:

Process the personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
Ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Take all measures required pursuant to Article 32 of the GDPR (Security of processing).
Respect the conditions for engaging another processor as set out in Article 28(2) and (4) of the GDPR.
Taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR.
Assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.
At the choice of the Controller, delete or return all the personal data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data.
Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

7.4 Subprocessors

The Controller gives the Processor general authorization to engage subprocessors for the processing of personal data. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of subprocessors, thereby giving the Controller the opportunity to object to such changes.

The Processor shall impose the same data protection obligations as set out in this DPA on any subprocessor by way of contract, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.

7.5 Data Transfers

The Processor shall not transfer personal data to a third country or an international organization unless it has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.

7.6 Data Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach. The notification shall at least:

Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
Describe the likely consequences of the personal data breach;
Describe the measures taken or proposed to be taken by the Processor to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

8. Data Security

We have implemented appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain usage information for internal analysis purposes. Usage information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Website or Services, or we are legally obligated to retain this data for longer periods.

10. Your Data Protection Rights

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information.

You have the following data protection rights:

Access. You have the right to request access to your personal information that we hold about you.
Rectification. You have the right to request that we correct any inaccurate personal information we hold about you.
Erasure. You have the right to request that we delete your personal information in certain circumstances.
Restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.
Objection. You have the right to object to the processing of your personal information in certain circumstances.
Data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Withdraw consent. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time.

Please note that we may ask you to verify your identity before responding to such requests.

11. Third-Party Links

Our Website and Services may contain links to third-party websites and services. We have no control over the content, privacy policies, or practices of any third-party website or service. We are not responsible for the content or privacy practices of such third parties. We encourage you to read the privacy policies of every website you visit or service you use.

12. Children's Privacy

Our Website and Services are not directed to anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Website prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: privacy@crocky.host
By visiting this page on our website: https://crocky.host/contact.html
By mail: CROCKY S.R.L., Str. DRĂGAICA, Nr. 5, Balasan, Municipiul Băileşti, Dolj, Romania

If you have a complaint or concern about how we are processing your personal data, please contact us in the first instance, and we will endeavor to resolve your complaint or concern. If you believe your concern has not been satisfactorily resolved, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.