Purpose and scope
The Personal Information Policy is used by BuyVPS to describe how the company deals with the personal information and data collected from the website, support, billing and other areas of the hosting services offered by the organization. Data processing is used to enable BuyVPS services, to protect the network and to satisfy BuyVPS organization's obligations under data protection legislation.
Who processes personal data
Controller: BuyVPS, registered in the Netherlands. Chamber of Commerce (KvK) number and full address are listed on the website.
The Data Protection contact point receives privacy inquiries and handles requests which should be sent to privacy@buyvps.com. The contact page allows users to send official requests through postal mail by letting them enter their address for correspondence.
What personal data we process
2.1 Website and forms: The data collected from the website is: user name + email address + phone number + free text from user + IP address + browser user agent + log of all access (to prevent abuse).
2.2 Ordering and billing: Company, Customer details, billing address, payment status. Customer number and contract data.
2.3 Support and communication: Tickets, chat and email content. Support team received diagnostic information via support channel.
2.4 Hosting and infrastructure: Information required by the system: IP addresses of hosting and infrastructure logs (network and security). Reports of abuse with all relevant metadata. All backups and snapshots created by the service.
For the purposes of our data protection policy, we treat your IP address and your log data as personal data i.e. as the personal data category described in personal data regulations such as the General Data Protection Regulation (GDPR).
Purposes of processing
- Service delivery and account management
- Security, fraud prevention and abuse handling
- Billing, administration and payment
- Support and incident resolution
- Legal obligations
Legal basis per purpose
| Basis | Use |
|---|---|
| Contract | Service delivery, account, billing |
| Legal obligation | Tax, retention, authorities |
| Legitimate interest | Security, abuse, fraud prevention |
| Consent | Marketing, optional analytics |
Cookies and similar technologies
5.1 Necessary cookies: This website needs 3 different kinds of cookies: for the login function, for the cart and for security. These 3 types of cookies are necessary for the basic functionality of a website to work.
5.2 Analytical cookies: On our pages we use web analysis tools in a so called privacy-friendly version. Here we activate the IP anonymisation as far as possible. The use of tracking pixels for the measurement of the conversion can be deactivated with a preference on the cookie bar.
5.3 Marketing cookies: We only use it if you agree to it. You're in control and can change your mind anytime, just use the cookie settings to withdraw your consent.
Who we share data with
6.1 Processors: Payment provider, ticketing, monitoring, email delivery, cloud tools. We share only what is necessary.
6.2 Sub-processors for hosting: The hosting sub-processors include Datacenter and upstream providers and DDoS mitigation services and backup storage facilities. See our subprocessor list or Data Processing Agreement.
6.3 Legal requests: As a responsible host we respond to valid requests from competent authorities and will provide data information as required by law.
Roles in hosting
- For hosting services, the customer is usually controller for content data.
- The hosting provider is usually processor for that content data.
- For our own account and billing data, BuyVPS is controller.
Retention periods
- Billing and contract: Businesses must keep their billing records and contracts for seven years according to the law because these documents need to be accessed at some point.
- Support tickets: Support tickets stay active until they receive a solution because organizations maintain them for quality assessment and dispute resolution needs.
- Security and network logs: Security and network logs function as vital system resources which help the system handle incidents and abuse cases.
- Backups and snapshots: Per service configuration. The system needs to remove the document from its database when it no longer serves any purpose.
- Abuse records: The system maintains abuse records active until all law enforcement activities and appeal procedures complete their process.
After the data retention period no longer applies, personal data will be deleted or anonymized unless a longer period of time has to be kept in accordance with statutory requirements.
Security
- In the example implementation above access control as well as MFA for access to the system are permanently activated.
- Logging and monitoring
- Encryption in transit
- Patch policy and hardening
- Incident response processes
See our Security Policy for infrastructure details.
International transfers
The organization enables EEA border data transfers through its implementation of suitable security protocols. Standard Contractual Clauses (SCC) are used when they become necessary. See our Data Processing Agreement and SCC annex for details.
Your rights
- Access
- Rectification
- Erasure
- Restriction
- Objection
- Data portability
- Withdraw consent
To protect your personal info, you need to send your privacy requests to privacy@buyvps.com. We check your identity first, to make sure everything is safe and secure. The law says we have to get back to you within 30 days, so we'll make sure to respond quickly.
Complaints
Internal: Contact privacy@buyvps.com.
Supervisor: In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). autoriteitpersoonsgegevens.nl
Children
We don't provide services to kids. If you think we've collected information from someone under 18, you should get in touch with privacy@buyvps.com. We don't intentionally gather data from children, so if this has happened, we need to know.
Changes
From time to time we may update this privacy policy. The current version of this privacy policy is shown below and we will notify users by email of any material changes to this privacy policy and also publish changes on the company's website.
Last updated: 13 February 2026.
Related documents
Data Processing Agreement, Subprocessor list, Cookie Policy, Acceptable Use Policy, Terms of Service.
Privacy policy
Frequently asked questions about data processing at BuyVPS.