Static.Media

This Privacy Policy applies to internet hosting services provided by Sprettynice Limited under the trading name of Static.Media.

We do not, and have never, sold or otherwise released our customers’ personal information to any third party. This Privacy Policy describes the personal information that Static.Media may collect and how that information is used.

Collected Information

1. Visitors to our site Visitors to our web site have their HTTP requests logged. This includes IP address, browser type and version, which pages were requested and where the request was referred from. All of this information is collected anonymously and is not linked to any personal information.
2. Services run on our servers Any client software running on or connecting to our servers may be logged and/or monitored for security and quality reasons. This includes:
   1. Any network connections made to our servers.
   2. Any network connections initiated from one of our servers.
   3. Any commands, scripts or programs run on our servers by any means, including but not limited to SSH, CGI and Cron.
3. This logging may collect information including but it not limited to: date, time, initiating user, commands executed, network traffic, IP addresses and ports used. Data collected in this way will only be used to help diagnose and fix security or other technical problems.

Data Retention

1. Web access logs are destroyed after 30 days. Aggregated web statistics generated from those logs may be retained indefinitely.
2. Client software logs are destroyed after 30 days.
3. Support tickets and emails may be retained indefinitely but we reserve the right to destroy them at any time after the support request has been dealt with.

Use of Data

1. Why we collect data We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Static.Media and our users.
2. Data Security We employ industry standard techniques to protect against unauthorised access of data that we store.
3. Sharing of data Static.Media shares anonymous data with Google Analytics, such as browser type, demographics, language settings, page views, and time/date.
4. Ownership of data If Static.Media is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Third Parties

1. Domain Registrars A domain name is required to use many of our services. Domain names must be obtained through a third party domain registrar. The personal information which you provide to a third party domain registrar is never stored on or transmitted through our servers. As such, this information is subject to the privacy and data retention policies of the domain registrar being used. We will not share any of the personal information you prove us with your domain registrar. Please note that by the very nature of the domain registration system some of the contact information that you provide when registering your domain name will be made available in public records.
2. Other Third Parties We will not share your personal information with any other third party without either your explicit consent or a court order requiring us to do so.
3. Court orders Static.Media has to date never received a court order to share any personal information.

International Privacy Requirements

We understand the need for strict privacy regulations required by certain countries. For the European data protection acts Bundesdatenschutzgesetz (BDSG) and General Data Protection Regulation (GDPR), Static.Media provides infrastructure for sites, apps or other properties. For sites, apps, or other properties hosted with Static.Media you are the "Data Processor", and you or your affiliate or client is the "Data Controller".

Payment Data Security

Credit / debit card purchases for Static.Media services are processed by the third-party vendor GoCardless. When you provide your credit / debit card information for a payment the data is sent to GoCardless, i.e. the payment data is not stored on our systems. GoCardless power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.

User Consent

When using Static.Media services and products that incorporate this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area and where data protection law requires such disclosures and consents. If you fail to comply with this policy, we may limit or suspend your use of the Static.Media service or product and/or terminate your agreement.

Properties under your control

For Static.Media products and services used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area and where data protection law requires such disclosures and consents.

You must obtain end users’ legally valid consent to:

• The use of cookies or other local storage where legally required; and
• The collection, sharing, and use of personal data for personalisation of ads or other services.

When seeking consent you must:

• Retain records of consent given by end users; and
• Provide end users with clear instructions for revocation of consent.

You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of Static.Media’s services. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.

You must use commercially reasonable efforts to ensure that an end user is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the end user’s device where such activity occurs in connection with a service or product to which this policy applies.

Properties under a third party’s control

If personal data of end users of a third party property is shared with Static.Media due to your use of, or integration with, a Static.Media service or product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate's or your client's control and whose operator is not already using a Static.Media service or product that incorporates this policy.

Data Protection Roles

Static.Media provides services as a provider of Infrastructure-as-a-Service (IaaS). Giving you flexibility to choose how to use that infrastructure. As well as freedom to choose what data to process on that infrastructure. This IaaS is under your control, including with respect to whether any personal data is uploaded to the infrastructure service and, if so, how that personal data is “processed”.

In respect of data processed by you on the IaaS Static.Media will not (a) access or use such data except as absolutely necessary on your behalf to provide services to you, or (b) process such data for Static.Media’s own purposes, including, in particular, for the purposes of data mining, profiling, or direct marketing.

Data Protection Officer (DPO)

Where the nature of your core activities and/or the type of data processed on any site, app or other property that is under your control requires such you are under obligation to appoint your own Data Protection Officer (DPO). Static.Media will not act as DPO on your behalf.

Data Controller (DC)

Where appropriate for all sites, apps or other properties that are under your control, or that of your affiliate or your client, you or your affiliate or client will act as Data Controller (DC). Static.Media will not act as DC on your behalf.

Data Processor (DP)

Where appropriate for all sites, apps or other properties that are under your control, or that of your affiliate or your client, you will act as Data Processor (DP). Static.Media will not act as DP on your behalf.

You must ensure that persons authorised by the processor to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (GDPR Art 28(3)(b)).

Accommodating DC and DP Needs

The majority of the obligations from data protection law will fall upon the DC, it may be that infrastructure or services provided by Static.Media need to be adapted to accommodate the service and legal burden of your customers, or of your affiliates or your clients. Static.Media will use commercially reasonable efforts to ensure that services provided to you accommodate this, without Static.Media assuming the role of DPO, DC, or DP.

You must (taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (GDPR Art 32(1)).

Static.Media will provide the customer with the ability to rectify, erase, restrict or retrieve customer data. You may use this ability to assist customers in the fulfilment of your obligations to respond to requests for exercising data subject's rights.

Static.Media may provide you with the ability to rectify, erase, restrict or retrieve customer data (a) as part of the service, or (b) by enabling you to design and deploy your own solutions using the service. The method this is provided through will be dependant upon the IaaS setup for you.

Changes to this Policy

Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes).