Privacy Policy

Privacy Policy

Last Updated: February 2026

1. Introduction

FluxIT Service ("FluxIT", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our web hosting services, visit our website at gazduire.fluxit.ro, or interact with us.

This Privacy Policy complies with:

  • EU General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
  • Romanian Data Protection Law - Law 190/2018
  • ePrivacy Directive - Directive 2002/58/EC
  • Romanian Law on Electronic Commerce - Law 365/2002

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

1.1 Data Controller

FluxIT Service is the data controller responsible for your personal data.

Contact Information: FluxIT Service Bucharest, Romania Email: privacy@fluxit.ro Data Protection Officer: dpo@fluxit.ro

1.2 Scope of This Policy

This Privacy Policy applies to:

  • Our website (gazduire.fluxit.ro)
  • All hosting and related services
  • Customer portal and control panels
  • Email communications
  • Support interactions
  • Payment processing

1.3 Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation - data collected for specific purposes
  • Data minimization - only necessary data collected
  • Accuracy - data kept accurate and up to date
  • Storage limitation - data retained only as long as necessary
  • Integrity and confidentiality - appropriate security measures
  • Accountability - we are responsible for compliance

2. What Personal Data We Collect

2.1 Account Registration Data

When you create an account, we collect:

Identity Information:

  • Full name (first and last name)
  • Email address
  • Phone number
  • Date of birth (if required for verification)
  • Username and password (encrypted)

Address Information:

  • Billing address (street, city, postal code, country)
  • Shipping address (if different from billing)
  • Company name and VAT number (for business accounts)
  • Company registration number (for Romanian companies)

Purpose: Account creation, identity verification, service provision, billing, legal compliance

Legal Basis: Contract performance, legal obligation

2.2 Payment and Billing Data

When you purchase services, we collect:

Payment Information:

  • Credit/debit card details (processed by payment providers, not stored by us)
  • PayPal account information (processed by PayPal)
  • Bank account details (for bank transfers)
  • Billing history and transaction records
  • Tax identification numbers (for invoicing)

Purpose: Payment processing, invoicing, fraud prevention, accounting, tax compliance

Legal Basis: Contract performance, legal obligation

Note: We do not store full credit card numbers. Payment card data is processed by PCI DSS compliant payment processors (Netopia, PayPal).

2.3 Service Usage Data

When you use our services, we automatically collect:

Server and Website Data:

  • Domain names registered or hosted
  • Server login credentials and access logs
  • File uploads and website content
  • Database information
  • Email accounts and email metadata (sender, recipient, timestamp)
  • Bandwidth and storage usage statistics
  • Control panel activity logs

Purpose: Service delivery, technical support, security monitoring, resource allocation, abuse prevention

Legal Basis: Contract performance, legitimate interest (service security and optimization)

2.4 Technical and Device Data

Automatically Collected:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Language preference
  • Referring website/URL
  • Pages visited and time spent
  • Click-stream data
  • Session duration
  • HTTP headers

Purpose: Website functionality, security, analytics, user experience improvement, fraud detection

Legal Basis: Legitimate interest (service improvement and security), consent (for non-essential cookies)

2.5 Communication Data

When you contact us, we collect:

Support Communications:

  • Support ticket content and attachments
  • Live chat conversations
  • Email correspondence
  • Phone call recordings (with notification)
  • Feedback and survey responses

Marketing Communications:

  • Newsletter subscription data
  • Email open and click rates
  • Marketing preferences
  • Unsubscribe requests

Purpose: Customer support, service improvement, marketing (with consent), quality assurance

Legal Basis: Contract performance (support), consent (marketing), legitimate interest (service improvement)

2.6 Special Categories of Personal Data

We do not intentionally collect sensitive personal data such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data
  • Health data
  • Sexual orientation

If such data is inadvertently collected (e.g., in support communications), we will handle it with extra care and delete it when no longer necessary.

2.7 Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

If you believe a child has provided us with personal data, please contact us at privacy@fluxit.ro.

3. How We Use Your Personal Data

3.1 Service Provision

We use your data to:

  • Create and manage your account
  • Provide hosting, domain, and related services
  • Process payments and issue invoices
  • Provision servers, storage, and bandwidth
  • Configure email accounts and DNS settings
  • Provide access to control panels (cPanel, Plesk, etc.)
  • Enable file uploads and website management

Legal Basis: Contract performance - necessary to fulfill our agreement with you

3.2 Customer Support

We use your data to:

  • Respond to support tickets and inquiries
  • Troubleshoot technical issues
  • Provide guidance and assistance
  • Follow up on unresolved issues
  • Conduct satisfaction surveys

Legal Basis: Contract performance, legitimate interest (customer satisfaction)

3.3 Security and Fraud Prevention

We use your data to:

  • Detect and prevent fraud, abuse, and unauthorized access
  • Monitor for malware, spam, and security threats
  • Enforce our Acceptable Use Policy
  • Investigate security incidents
  • Protect our infrastructure and other customers
  • Comply with legal obligations

Legal Basis: Legitimate interest (security), legal obligation

3.4 Service Improvement and Analytics

We use your data to:

  • Analyze usage patterns and trends
  • Improve website functionality and user experience
  • Optimize server performance
  • Develop new features and services
  • Conduct market research
  • Generate aggregated, anonymized statistics

Legal Basis: Legitimate interest (service improvement), consent (for non-essential analytics)

3.5 Marketing and Communications

With your consent, we use your data to:

  • Send newsletters and promotional emails
  • Inform you about new services and features
  • Provide special offers and discounts
  • Conduct customer surveys
  • Share industry news and updates

You can opt-out at any time by clicking "unsubscribe" in any marketing email or updating your preferences in your account settings.

Legal Basis: Consent - you can withdraw consent at any time

3.6 Legal Compliance and Protection

We use your data to:

  • Comply with legal obligations (tax, accounting, data retention laws)
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service and policies
  • Protect our legal rights and interests
  • Defend against legal claims
  • Comply with court orders and subpoenas

Legal Basis: Legal obligation, legitimate interest (legal protection)

4. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data:

4.1 Contract Performance

Processing necessary to provide services you've requested or to enter into a contract with you.

Examples: Account creation, service delivery, payment processing, customer support

4.2 Legal Obligation

Processing necessary to comply with legal requirements.

Examples: Tax records retention, anti-money laundering checks, responding to court orders

4.3 Legitimate Interest

Processing necessary for our legitimate business interests, balanced against your rights.

Examples: Security monitoring, fraud prevention, service improvement, direct marketing to existing customers

4.4 Consent

Processing based on your explicit, informed, and freely given consent.

Examples: Marketing emails, non-essential cookies, newsletter subscriptions

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4.5 Vital Interest

Processing necessary to protect someone's life or physical integrity.

Examples: Emergency situations requiring disclosure to authorities

5. Data Sharing and Disclosure

5.1 When We Share Data

We share your personal data only in the following circumstances:

5.1.1 Service Providers and Processors

We work with trusted third-party service providers who process data on our behalf:

Infrastructure Providers:

  • Data center operators (server hosting)
  • Content delivery networks (CDN)
  • Backup and disaster recovery services

Payment Processors:

  • Netopia Payments (card processing)
  • PayPal (alternative payment method)
  • Banks (wire transfers)

Software and Tools:

  • Control panel providers (cPanel, Plesk)
  • Email service providers
  • Analytics platforms (Google Analytics, self-hosted Matomo)
  • Customer relationship management (CRM) systems
  • Help desk and ticketing systems

Security Services:

  • DDoS protection providers
  • Malware scanning services
  • SSL certificate authorities

All processors:

  • Are contractually bound to protect your data
  • Process data only on our instructions
  • Implement appropriate security measures
  • Comply with GDPR requirements

5.1.2 Domain Registration

When you register a domain, your information is shared with:

  • Domain Registries (e.g., Verisign for .com, specific country registries for ccTLDs)
  • WHOIS databases (public directory, unless WHOIS privacy enabled)

Domain registration data is regulated by ICANN and registry policies.

WHOIS Privacy: We offer free WHOIS privacy protection where allowed by the registry to hide your personal information from public WHOIS databases.

5.1.3 Legal Requirements

We may disclose your data when required by law:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security demands (where legally obligated)
  • Tax authorities (fiscal documentation)
  • Regulatory compliance

We notify you of legal requests when legally permitted.

5.1.4 Business Transfers

If FluxIT is involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.1.5 Consent-Based Sharing

We may share data with your explicit consent for purposes not covered by this policy.

5.2 When We Do NOT Share Data

We do not:

  • Sell your personal data to third parties
  • Share your data for third-party marketing without consent
  • Provide data to data brokers
  • Share data with advertisers (except aggregated, anonymized analytics)
  • Disclose data to competitors

5.3 International Data Transfers

Primary Data Location: All customer data is stored in data centers located in Romania (European Union).

Backups: Secondary backups are stored in EU data centers.

Third-Party Processors: Some service providers (e.g., Google Analytics) may process data outside the EU. When data is transferred outside the EU:

  • We ensure adequate safeguards are in place
  • We use EU Standard Contractual Clauses (SCCs)
  • We verify adequacy decisions by the European Commission
  • We conduct transfer impact assessments

You have the right to request information about international transfers and obtain copies of safeguards.

6. Data Retention

6.1 How Long We Keep Data

We retain personal data only as long as necessary for the purposes outlined in this policy:

Active Account Data:

  • Retained while your account is active
  • Deleted within 30 days of account termination (unless legal obligation requires longer retention)

Billing and Tax Records:

  • Invoices: 10 years (Romanian law requirement)
  • Payment records: 10 years (accounting law requirement)
  • Tax documentation: 10 years (fiscal law requirement)

Communication Data:

  • Support tickets: 3 years after ticket closure
  • Email correspondence: 2 years
  • Live chat logs: 1 year
  • Marketing communications: Until unsubscribe or 3 years of inactivity

Technical Logs:

  • Access logs: 90 days
  • Security logs: 180 days
  • Error logs: 30 days

Backups:

  • Active account backups: 7-30 days (depending on plan)
  • Deleted account data: Removed from backups after 30 days

Legal Hold:

  • Data subject to legal proceedings retained until matter is resolved
  • Data requested by authorities retained as legally required

6.2 Data Deletion

When retention periods expire:

  • Data is securely deleted using industry-standard methods
  • Backups containing deleted data are overwritten during regular backup cycles
  • Physical media is destroyed or degaussed when decommissioned

6.3 Right to Request Deletion

You can request early deletion of your data (see "Your Rights" below), subject to legal retention requirements.

7. Data Security

7.1 Technical Security Measures

We implement robust security measures to protect your data:

Network Security:

  • Firewalls and intrusion detection/prevention systems (IDS/IPS)
  • DDoS mitigation and traffic filtering
  • Network segmentation and isolation
  • Regular vulnerability scanning and penetration testing

Data Encryption:

  • TLS/SSL encryption for data in transit (all website connections)
  • Encrypted storage for sensitive data at rest
  • Encrypted database connections
  • Encrypted backups

Access Controls:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) for administrative access
  • Principle of least privilege
  • Regular access audits

Server Security:

  • Hardened server configurations
  • Regular security patches and updates
  • Automated malware scanning
  • File integrity monitoring

Physical Security:

  • Data centers with 24/7 surveillance
  • Biometric access controls
  • Environmental controls (fire suppression, climate control)
  • Redundant power and network connections

7.2 Organizational Security Measures

Policies and Procedures:

  • Information security policy
  • Incident response plan
  • Data breach notification procedures
  • Employee security training

Personnel Security:

  • Background checks for employees with data access
  • Confidentiality agreements
  • Regular security awareness training
  • Access revocation upon termination

Vendor Management:

  • Due diligence on third-party processors
  • Contractual security requirements
  • Regular vendor security assessments

7.3 Your Security Responsibilities

You are responsible for:

  • Keeping your password secure and confidential
  • Enabling two-factor authentication (2FA) where available
  • Keeping your software and CMS updated
  • Monitoring your account for suspicious activity
  • Notifying us immediately of any security incidents

We are not liable for security breaches caused by your negligence.

7.4 Data Breach Notification

In the event of a data breach:

  • We will assess the risk to your rights and freedoms
  • We will notify the Romanian supervisory authority (ANSPDCP) within 72 hours if required
  • We will notify affected individuals without undue delay if high risk to rights and freedoms
  • We will provide information about the breach, its impact, and remedial actions

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

8.1 Right to Access (Article 15)

You have the right to:

  • Confirm whether we process your personal data
  • Access your personal data
  • Obtain a copy of your data

How to exercise: Email privacy@fluxit.ro or log into your account portal

Response time: Within 1 month (may be extended by 2 months for complex requests)

Free of charge for the first request, reasonable fee for additional copies

8.2 Right to Rectification (Article 16)

You have the right to:

  • Correct inaccurate personal data
  • Complete incomplete personal data

How to exercise: Update information in your account settings or contact privacy@fluxit.ro

Response time: Within 1 month

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your data when:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing (and no overriding legitimate grounds exist)
  • Data was unlawfully processed
  • Erasure is required to comply with a legal obligation

Limitations:

  • We may refuse if retention is required by law (e.g., tax records)
  • We may refuse if necessary for legal claims or obligations

How to exercise: Email privacy@fluxit.ro or request account closure

Response time: Within 1 month

8.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

  • You contest the accuracy of data (while we verify)
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You object to processing (while we verify overriding legitimate grounds)

How to exercise: Email privacy@fluxit.ro

Response time: Within 1 month

8.5 Right to Data Portability (Article 20)

You have the right to:

  • Receive your data in a structured, commonly used, machine-readable format
  • Transmit your data to another controller

Applies to:

  • Data you provided to us
  • Data processed based on consent or contract
  • Data processed by automated means

How to exercise: Email privacy@fluxit.ro and specify format (CSV, JSON, XML)

Response time: Within 1 month

8.6 Right to Object (Article 21)

You have the right to object to processing based on:

  • Legitimate interest (including profiling)
  • Direct marketing (including profiling)
  • Scientific or historical research
  • Statistics

For direct marketing: We must stop processing immediately

For legitimate interest: We must demonstrate compelling legitimate grounds or cease processing

How to exercise: Click "unsubscribe" in marketing emails or email privacy@fluxit.ro

8.7 Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

We do not use automated decision-making for:

  • Account approval or rejection
  • Service provision decisions
  • Pricing decisions

We may use automated fraud detection but human review is always involved in final decisions.

8.8 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time.

Withdrawal does not affect the lawfulness of processing before withdrawal.

How to exercise:

  • Marketing emails: Click "unsubscribe"
  • Cookies: Adjust cookie preferences in your browser
  • Other consent: Email privacy@fluxit.ro

8.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

Romanian Supervisory Authority: ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București Phone: +40 21 252 5599 Email: anspdcp@dataprotection.ro Website: www.dataprotection.ro

EU-wide: You may also lodge a complaint with the supervisory authority in your country of residence or work.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. For detailed information, please see our Cookie Policy.

9.2 Types of Cookies We Use

Essential Cookies (No Consent Required):

  • Session management
  • Authentication
  • Security features
  • Load balancing

Functional Cookies (Consent Required):

  • Language preferences
  • Theme preferences
  • User settings

Analytics Cookies (Consent Required):

  • Google Analytics (anonymized IP)
  • Matomo (self-hosted, privacy-focused)

Marketing Cookies (Consent Required):

  • Currently not used
  • Will request consent if implemented

9.3 Cookie Management

You can control cookies through:

  • Our cookie consent banner (first visit)
  • Browser settings (block all or specific cookies)
  • Opt-out tools (Google Analytics opt-out browser add-on)

Note: Disabling essential cookies may prevent you from using certain features.

9.4 Third-Party Cookies

Third-party services (payment processors, analytics) may set their own cookies. Please review their privacy policies:

10. Marketing and Communications

10.1 Marketing Emails

We send marketing emails only with your consent.

Types of marketing emails:

  • Product updates and new features
  • Special offers and promotions
  • Industry news and tips
  • Event invitations
  • Customer surveys

Frequency: No more than 2 marketing emails per week

10.2 Transactional Emails

We send transactional emails as part of service delivery (no consent required):

  • Order confirmations and receipts
  • Invoice notifications
  • Payment reminders
  • Service renewal notices
  • Password reset requests
  • Security alerts
  • Technical notifications
  • Support ticket updates

You cannot opt-out of transactional emails as they are necessary for service provision.

10.3 How to Opt-Out

To stop receiving marketing emails:

  • Click "Unsubscribe" at the bottom of any marketing email
  • Update your email preferences in your account settings
  • Email privacy@fluxit.ro with your request

Processing time: Immediate (allow 48 hours for systems to update)

10.4 Suppression Lists

We maintain suppression lists to honor unsubscribe requests permanently, even if you create a new account.

11. Children's Privacy

11.1 Age Restriction

Our services are intended for adults (18+). We do not knowingly collect personal data from children under 16 without parental consent.

11.2 Parental Consent

If you are under 16, your parent or legal guardian must:

  • Review this Privacy Policy
  • Consent to your use of our services
  • Supervise your account usage

11.3 If We Learn of Child Data

If we discover we have collected data from a child under 16 without proper consent:

  • We will delete the data immediately
  • We will terminate the account
  • We will notify the parent/guardian if contact information is available

To report child data: Email privacy@fluxit.ro immediately.

12. Third-Party Links and Services

12.1 External Links

Our website may contain links to third-party websites. We are not responsible for:

  • Privacy practices of third-party sites
  • Content of external websites
  • Security of third-party services

We encourage you to review the privacy policies of any third-party sites you visit.

12.2 Third-Party Services

If you use third-party services through our platform (e.g., WordPress plugins, external APIs):

  • Those services have their own privacy policies
  • Data shared with third-party services is subject to their terms
  • We are not responsible for third-party data practices

12.3 Social Media

We may have social media pages (Facebook, Twitter, LinkedIn). Interactions on social media platforms are governed by those platforms' privacy policies.

13. Data Controller and Processor Roles

13.1 When We Are the Controller

We are the data controller for:

  • Account and billing information
  • Support communications
  • Marketing data
  • Website analytics
  • Security logs

Responsibility: We determine the purposes and means of processing.

13.2 When We Are the Processor

We are the data processor for:

  • Content you upload to your hosting account
  • Databases you create
  • Emails you send/receive through our mail servers
  • Files stored on your account

Responsibility: We process data on your behalf according to your instructions.

Your Obligations as Controller:

  • Ensure you have a legal basis for processing
  • Inform your users about data processing
  • Maintain your own privacy policy
  • Respond to data subject requests from your users

Data Processing Agreement (DPA): For customers processing personal data of EU residents, we provide a GDPR-compliant Data Processing Agreement. Request a DPA at dpo@fluxit.ro.

14. California Privacy Rights (CCPA/CPRA)

Although we are based in Romania, we respect the rights of California residents:

14.1 Rights Under CCPA/CPRA

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Say no to the sale of personal information
  • Access their personal information
  • Request deletion of personal information
  • Non-discrimination for exercising CCPA rights

14.2 Our Practices

We do NOT:

  • Sell personal information
  • Share personal information for cross-context behavioral advertising
  • Process sensitive personal information beyond what's necessary for services

To exercise CCPA rights: Email privacy@fluxit.ro

Verification: We may request information to verify your identity before responding.

15. Changes to This Privacy Policy

15.1 Updates and Revisions

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • New features or services
  • Feedback from users or regulators

15.2 Notification of Changes

Significant Changes:

  • Email notification to all registered users
  • Prominent notice on our website
  • Notice in client portal
  • 30 days' notice before changes take effect

Minor Changes:

  • "Last Updated" date changed
  • Notification on website
  • Changes effective immediately

15.3 Consent to Changes

Continued use of our services after changes take effect constitutes acceptance of the revised Privacy Policy.

If you disagree with changes:

  • You may close your account before changes take effect
  • Refund eligibility determined by our Refund Policy

16. Contact Information

16.1 Privacy and Data Protection Inquiries

General Privacy Questions: Email: privacy@fluxit.ro Phone: +40 746 358 948 (Mon-Fri, 9 AM - 6 PM EET)

Data Protection Officer: Email: dpo@fluxit.ro

Data Subject Requests: Email: privacy@fluxit.ro with "Data Subject Request" in subject line

Data Breach Reports: Email: security@fluxit.ro (for urgent security issues)

16.2 Mailing Address

FluxIT Service Privacy Department Bucharest, Romania

Client Portal: https://gazduire.fluxit.ro Support Tickets: Available 24/7 in client portal

16.3 Response Times

  • Privacy inquiries: Within 5 business days
  • Data subject requests: Within 1 month (GDPR requirement)
  • Complex requests: May extend by 2 additional months with notification
  • Urgent security issues: Within 24 hours

17. Additional Information

17.1 Accessibility

This Privacy Policy is available in:

  • English (this version)
  • Romanian (upon request)

If you have difficulty accessing this policy due to a disability, please contact us for alternative formats.

17.2 Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).

Data Controller: Entity that determines the purposes and means of processing personal data.

Data Processor: Entity that processes personal data on behalf of the controller.

Data Subject: Individual whose personal data is being processed.

17.3 Language

This Privacy Policy is written in English. If translated, the English version prevails in case of discrepancies.

17.4 Severability

If any provision of this Privacy Policy is found invalid or unenforceable, the remaining provisions remain in full force and effect.

Summary:

We collect personal data necessary to provide hosting services, process payments, and communicate with you. We protect your data with strong security measures and only share it with trusted service providers or as required by law. You have rights to access, correct, delete, and control your personal data. We comply with GDPR, Romanian law, and international privacy standards.

Quick Links:

Effective Date: February 1, 2026 Last Revised: February 17, 2026 Version: 2.0

By using FluxIT services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.