Protecting your data
How BeoHosting collects, uses and protects your personal data in compliance with the GDPR.
Important
If you have questions about the processing of your data or wish to exercise your rights, contact us at podrska@beohosting.com or through the ticket system. We respond within 30 days.
The data controller within the meaning of the Personal Data Protection Act ("Official Gazette RS", No. 87/2018) and the General Data Protection Regulation (GDPR) is BeoHosting Group d.o.o., Požeška 12a, Čukarica, 11000 Belgrade, PIB: 112568867 (hereinafter: "BeoHosting" or "Controller"). Contact for data protection questions: support@beohosting.com.
We only collect data that is necessary to provide our services and fulfil legal obligations: • Identification data: first and last name, or company name and PIB/registration number. • Contact data: email address, phone number, address of registered office or residence. • Payment data: amounts, payment date and method (we do not store card numbers — processing goes through the payment processor). • Technical data: IP address, device type, access logs, browser information. • Service usage data: hosting account, domains, tickets, support history. • Marketing data: newsletter consent, email open history (only if you have subscribed).
We process your data exclusively for the following purposes: • Concluding and performing contracts for hosting services, domain registration and related services. • Issuing invoices, tracking payments and complying with legal obligations (tax and accounting standards). • Technical and customer support, communication via ticket, phone and email. • Account security and abuse prevention (proactive anomaly monitoring, DDoS protection, anti-spam filter). • Sending service notifications about status, expiration, changes to terms and security alerts. • Marketing communication (newsletter) only with your explicit consent, which you can withdraw at any time.
The legal basis for processing your data is: • Performance of the contract (Article 6(1)(b) GDPR) — for all data necessary to provide the services. • Legal obligation (Article 6(1)(c) GDPR) — for invoicing and keeping accounting records. • Legitimate interest of the Controller (Article 6(1)(f) GDPR) — for system security, fraud prevention and service improvement. • Consent of the data subject (Article 6(1)(a) GDPR) — for marketing communication and optional analytical cookies.
We do not sell or rent your data to third parties except when necessary to provide the service or when required by law: • Domain registries (ICANN registries for .com/.net/.org and other extensions) — we forward the data needed for domain registration. • Payment processors — to process card payments. • Business partners for technical services (data centres, CDN, SSL issuers) — only data necessary for the service. • Government bodies on the basis of a legally binding request (court, prosecution, inspectorates).
Part of our infrastructure is located in data centres in EU member states (Germany, the Netherlands) which have the same or higher level of data protection as the Republic of Serbia. For data transfers to the USA (e.g. for certain analytics tools), we use standard contractual clauses that guarantee adequate protection under GDPR.
We keep data only for as long as is necessary: • Contract and invoice data — 10 years from the end of the business relationship (legal obligation to retain accounting records). • Ticket communication and support — 3 years from closure of the ticket. • Log records (access, security) — 12 months. • Marketing consent and newsletter list — until consent is withdrawn. After the retention periods, data is permanently deleted or anonymised.
You have the following rights regarding your personal data at any time: • Right of access — to know what data we are processing about you. • Right of rectification of inaccurate or incomplete data. • Right to erasure ("right to be forgotten") — when the processing is no longer necessary. • Right to restriction of processing. • Right to data portability in a structured format. • Right to object to processing based on legitimate interest. • Right to withdraw consent at any time (for consent-based processing). You can address requests for any of these rights to support@beohosting.com or via the ticket system. We respond within at most 30 days.
If you believe that we are processing your data contrary to the regulations, you have the right to lodge a complaint with your competent data protection supervisory authority. In the United Kingdom this is the Information Commissioner's Office (ICO, ico.org.uk), and within the EU it is the data protection authority of your country of residence or place of work.
We apply all reasonable technical and organisational data protection measures: encryption in transit (TLS 1.3), encryption of sensitive data in the database, access control under the principle of least privilege, regular security audits, two-factor authentication for administrative accounts and Imunify360 server protection. All of our employees sign a confidentiality agreement.
For detailed information about which cookies we use and how to manage them, please read our Cookie Policy available at /politika-kolacica.
BeoHosting reserves the right to update this privacy policy from time to time. We will notify users of any material changes via email at least 30 days before they take effect. Date of last modification: 23.04.2026.
