My Account

Privacy Policy

Last Updated: April 2026  ·  Business Registry: 389082189  ·  VAT: PL7011036703

Hostyt (“we”, “us”, “our”) is the operator of host.yt (Business Registry: 389082189  ·  VAT: PL7011036703). We act as the data controller for personal data collected through our website, client area, and hosting services, and as a data processor when providing infrastructure to customers under a Data Processing Agreement.

Privacy contact: privacy@host.yt
Supervisory authority: President of the Personal Data Protection Office (UODO/PUODO), Poland

1. Scope

This policy covers personal data we collect directly from you (Art. 13 GDPR) and data we receive indirectly (Art. 14 GDPR) through registrations, orders, support requests, and technical system logs.

2. Data We Collect

  • Identity & contact: name, email address, telephone number, billing address
  • Account & billing: service identifiers, order history, invoice data, payment status — we do not store full card numbers
  • Technical: IP addresses, browser/device information, server access logs, security event data

3. Purposes & Legal Bases

  • Account setup, service delivery, support: contract performance — Art. 6(1)(b) GDPR
  • Billing, taxes, fraud prevention, record-keeping: legal obligation — Art. 6(1)(c) GDPR
  • Security, abuse prevention, service improvements: legitimate interests — Art. 6(1)(f) GDPR
  • Marketing communications, analytics cookies: consent — Art. 6(1)(a) GDPR, withdrawable at any time

4. Data Sources

We collect data directly from you (registration forms, orders, support tickets), from payment processors (payment status, fraud signals), and automatically via service logs and security monitoring.

5. Data Recipients & Processors

Personal data may be shared with infrastructure providers, payment processors, anti-abuse tools, and support systems. All processors operate under written agreements meeting GDPR Article 28 requirements, covering confidentiality and security obligations.

6. International Transfers

Where data is transferred outside the EEA, we apply European Commission Standard Contractual Clauses (SCCs) and appropriate supplementary safeguards as required by GDPR Chapter V.

7. Retention Periods

  • Account & contract data: retained for the duration of the service and applicable statutory periods (e.g. 5 years for accounting records under Polish law)
  • Security & access logs: retained only as long as necessary for security and legal purposes, then deleted or anonymized
  • Marketing consents: retained until withdrawn or periodically renewed

8. Your Rights

Under GDPR you have the right to: access your data, have it rectified or erased (“right to be forgotten”), restrict processing, receive it in a portable format, and object to processing. Where consent is the legal basis, you may withdraw it at any time without affecting prior processing. We respond to rights requests within one month (Art. 12 GDPR).

To exercise your rights, contact: privacy@host.yt
You may also lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw — uodo.gov.pl

9. Security Measures

We implement technical and organizational measures proportionate to risk: access controls, TLS encryption in transit, hardened server configurations, and incident response procedures aligned with GDPR obligations.

10. Cookies & Similar Technologies

Non-essential cookies require your prior, explicit, granular consent — no pre-ticked boxes, no cookie walls. Consent can be managed and withdrawn at any time via our cookie banner or browser settings. We comply with the Polish Electronic Communications Act (Prawo Telekomunikacyjne) requirements on consent records and accessibility. See our Cookie Policy for full details.

11. DSA — Intermediary Service Disclosures

As a hosting intermediary, we maintain a notice-and-action mechanism for illegal content and provide statements of reasons when restricting or removing content, consistent with DSA Articles 16–18 (EU Regulation 2022/2065).

12. Processor Role & DPA

When we act as data processor for your customer-controlled content, processing occurs strictly on your documented instructions under a signed Data Processing Agreement (DPA) meeting GDPR Article 28 requirements.

13. Changes to This Policy

We update this policy to reflect legal or operational changes. The “Last Updated” date at the top indicates the most recent revision. Material changes will be communicated to registered account holders.

Hostyt  ·  Business Registry: 389082189  ·  VAT: PL7011036703  ·  Privacy: privacy@host.yt  ·  Legal: legal@host.yt  ·  Support: support@host.yt

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by