Protecting your data
How BeoHosting collects, uses and protects your personal data in compliance with the Serbian Personal Data Protection Act and GDPR.
Important
If you have questions about the processing of your data or wish to exercise your rights, contact us at podrska@beohosting.com or through the ticket system. We respond within 30 days.
The data controller within the meaning of the Personal Data Protection Act ("Official Gazette RS", No. 87/2018) and the General Data Protection Regulation (GDPR) is BeoHosting Group d.o.o., Požeška 12a, Čukarica, 11000 Belgrade, PIB: 112568867 (hereinafter: "BeoHosting" or "Controller"). Contact for data protection questions: support@beohosting.com.
We only collect data that is necessary to provide our services and fulfill legal obligations: • Identification data: first and last name, or company name and PIB/registration number. • Contact data: email address, phone number, address of registered office or residence. • Payment data: amounts, payment date and method (we do not store card numbers — processing goes through the payment processor). • Technical data: IP address, device type, access logs, browser information. • Service usage data: hosting account, domains, tickets, support history. • Marketing data: newsletter consent, email open history (only if you have subscribed).
We process your data exclusively for the following purposes: • Concluding and performing contracts for hosting services, domain registration and related services. • Issuing invoices, tracking payments and complying with legal obligations (tax and accounting standards). • Technical and customer support, communication via ticket, phone and email. • Account security and abuse prevention (proactive anomaly monitoring, DDoS protection, anti-spam filter). • Sending service notifications about status, expiration, changes to terms and security alerts. • Marketing communication (newsletter) only with your explicit consent, which you can withdraw at any time.
The legal basis for processing your data is: • Performance of the contract (Article 6(1)(b) GDPR) — for all data necessary to provide the services. • Legal obligation (Article 6(1)(c) GDPR) — for invoicing and keeping accounting records. • Legitimate interest of the Controller (Article 6(1)(f) GDPR) — for system security, fraud prevention and service improvement. • Consent of the data subject (Article 6(1)(a) GDPR) — for marketing communication and optional analytical cookies.
We do not sell or rent your data to third parties except when necessary to provide the service or when required by law: • Domain registries (ICANN-accredited registry operators for .com, .net, .org, and other extensions) — we forward the data needed for domain registration. • Payment processors (our card-payment providers) — to process card payments. • Business partners for technical services (data centers, CDN, SSL issuers) — only data necessary for the service. • Government and law-enforcement bodies on the basis of a legally binding request (court order, subpoena, or regulatory demand).
Part of our infrastructure is located in data centers in EU member states (Germany, the Netherlands) which have the same or higher level of data protection as the Republic of Serbia. For data transfers to the USA (e.g. for certain analytics tools), we use standard contractual clauses that guarantee adequate protection under GDPR.
We keep data only for as long as is necessary: • Contract and invoice data — 10 years from the end of the business relationship (legal obligation to retain accounting records). • Ticket communication and support — 3 years from closure of the ticket. • Log records (access, security) — 12 months. • Marketing consent and newsletter list — until consent is withdrawn. After the retention periods, data is permanently deleted or anonymised.
You have the following rights regarding your personal data at any time: • Right of access — to know what data we are processing about you. • Right of rectification of inaccurate or incomplete data. • Right to erasure ("right to be forgotten") — when the processing is no longer necessary. • Right to restriction of processing. • Right to data portability in a structured format. • Right to object to processing based on legitimate interest. • Right to withdraw consent at any time (for consent-based processing). You can address requests for any of these rights to support@beohosting.com or via the ticket system. We respond within at most 30 days.
If you believe that we are processing your data contrary to applicable data protection law, you have the right to file a complaint with the competent data protection authority in your jurisdiction. Customers in the United States may contact the Federal Trade Commission (ftc.gov), and customers in Canada may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca). You may also reach our team at any time and we will work to resolve your concern directly.
We apply all reasonable technical and organizational data protection measures: encryption in transit (TLS 1.3), encryption of sensitive data in the database, access control under the principle of least privilege, regular security audits, two-factor authentication for administrative accounts and Imunify360 server protection. All of our employees sign a confidentiality agreement.
For detailed information about which cookies we use and how to manage them, please read our Cookie Policy available at /politika-kolacica.
BeoHosting reserves the right to update this privacy policy from time to time. We will notify users of any material changes via email at least 30 days before they take effect. Date of last modification: 23.04.2026.
