Privacy Policy

1. Introduction

CoolVDS ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website coolvds.com and use our services.

This policy complies with:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - United States
• Personal Data Act (Personopplysningsloven) - Norway

2. Data Controller

CoolVDS
Norway
Email: [email protected]
Data Protection Officer: [email protected]

3. Information We Collect

3.1 Personal Information

When you use our services, we may collect:

• Account Information: Name, email address, phone number, billing address
• Payment Information: Credit card details, billing information (processed securely by Stripe)
• Technical Information: IP address, browser type, operating system, device information
• Usage Data: Pages visited, time spent, features used, interaction data
• Communication Data: Support tickets, emails, chat messages

3.2 Automatically Collected Information

• Cookies: We use cookies to enhance your experience (see Cookie Policy below)
• Server Logs: IP addresses, access times, pages viewed
• Analytics: Aggregated usage statistics (privacy-friendly analytics)

4. How We Use Your Information

We use your personal data for the following purposes:

• Provision of cloud hosting services and infrastructure
• Processing payments and managing billing
• Customer support and communication
• Service improvement and development
• Security monitoring and fraud prevention
• Compliance with legal obligations
• Marketing (only with your explicit consent)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

5.1 Service Providers

• Payment Processors: Stripe (PCI-DSS compliant)
• Infrastructure: Norwegian data centers (GDPR compliant)
• Email Services: Transactional email providers
• Analytics: Privacy-friendly analytics (no personal data shared)

5.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect the safety of our users

6. Data Storage and Security

6.1 Storage Location

All data is stored in Norwegian data centers within the European Economic Area (EEA), ensuring GDPR compliance. We do not transfer personal data outside the EEA without appropriate safeguards.

6.2 Security Measures

• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication (2FA)
• DDoS protection and firewall systems
• Regular backups with encryption

6.3 Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Duration of service + 30 days after termination
• Billing Records: 7 years (legal requirement)
• Support Tickets: 3 years
• Server Logs: 90 days
• Marketing Data: Until consent is withdrawn

7. Your Privacy Rights

7.1 Right to Access

Request a copy of your personal data we hold.

7.2 Right to Rectification

Correct inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements).

7.4 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV).

7.5 Right to Object

Object to processing based on legitimate interests or for marketing purposes.

7.6 Right to Restrict Processing

Request restriction of processing in certain circumstances.

7.7 Right to Withdraw Consent

Withdraw consent for marketing or optional data processing at any time.

8. Cookie Policy

We use cookies to improve your experience:

8.1 Essential Cookies

Required for site functionality (session management, security).

8.2 Analytics Cookies

Help us understand how you use our website (opt-in required).

8.3 Marketing Cookies

Track advertising effectiveness (opt-in required).

You can manage cookie preferences via our Cookie Settings.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

All data is stored within the EEA (Norway). If we ever need to transfer data outside the EEA, we will use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. California Residents (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale (we do not sell data)
• Right to deletion
• Right to non-discrimination for exercising rights

We do not sell personal information.

12. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR and Norwegian law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our website at least 30 days before the changes take effect.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority:

• Norway: Datatilsynet (Norwegian Data Protection Authority)
• EU: Your local Data Protection Authority
• California: California Attorney General's Office

15. Contact Us

For questions about this Privacy Policy or to exercise your rights: