Privacy policy
How we collect, use and protect personal data across our website, support, billing and hosting services.
Purpose and scope
The policy explains how BuyVPS handles all personal information that it collects. It applies to the website, support channels, billing systems and hosting infrastructure. The organization uses data processing to deliver services and defend its systems and meet its legal obligations.
Who processes personal data
Controller: BuyVPS, registered in the Netherlands. Chamber of Commerce (KvK) number and full address are listed on the website.
The Data Protection contact point receives privacy inquiries and handles requests which should be sent to privacy@buyvps.net. The contact page allows users to send official requests through postal mail by letting them enter their address for correspondence.
What personal data we process
2.1 Website and forms: The system collects three types of data through its website interface which includes user name and email address and phone number and the information entered into the message field. IP address, user agent and access logs.
2.2 Ordering and billing: Company details, billing address, payment status. Customer number and contract data.
2.3 Support and communication: Tickets, chat and email content. The support team received diagnostic information through their support channel.
2.4 Hosting and infrastructure: The system requires IP addresses and network and security logs for its hosting and infrastructure operations. Abuse reports and their corresponding metadata information. Backups and snapshots created by the service.
The organization treats IP addresses and logs as personal data because these data types fulfill personal data regulations which define personal data.
Purposes of processing
- Service delivery and account management
- Security, fraud prevention and abuse handling
- Billing, administration and payment
- Support and incident resolution
- Legal obligations
Legal basis per purpose
| Basis | Use |
|---|---|
| Contract | Service delivery, account, billing |
| Legal obligation | Tax, retention, authorities |
| Legitimate interest | Security, abuse, fraud prevention |
| Consent | Marketing, optional analytics |
Cookies and similar technologies
5.1 Necessary cookies: The system requires three essential cookie types which include login functionality and cart management and security features. The system needs this feature to execute its core functions.
5.2 Analytical cookies: We use analytics tools with privacy-friendly settings. IP anonymization where available. Opt-out via cookie preferences.
5.3 Marketing cookies: Used only when you consent. You have the right to withdraw your consent whenever you want through the cookie settings interface.
Roles in hosting
- For hosting services, the customer is usually controller for content data.
- The hosting provider is usually processor for that content data.
- For our own account and billing data, BuyVPS is controller.
Retention periods
- Billing and contract: Businesses must keep their billing records and contracts for seven years according to the law because these documents need to be accessed at some point.
- Support tickets: Support tickets stay active until they receive a solution because organizations maintain them for quality assessment and dispute resolution needs.
- Security and network logs: Security and network logs function as vital system resources which help the system handle incidents and abuse cases.
- Backups and snapshots: Per service configuration. The system needs to remove the document from its database when it no longer serves any purpose.
- Abuse records: The system maintains abuse records active until all law enforcement activities and appeal procedures complete their process.
The organization removes or makes data anonymous when retention periods expire unless legal requirements force extended data storage.
Security
- The system requires access control and MFA access to be enabled at all times.
- Logging and monitoring
- Encryption in transit
- Patch policy and hardening
- Incident response processes
See our Security Policy for infrastructure details.
International transfers
The organization enables EEA border data transfers through its implementation of suitable security protocols. Standard Contractual Clauses (SCC) are used when they become necessary. See our Data Processing Agreement and SCC annex for details.
Your rights
- Access
- Rectification
- Erasure
- Restriction
- Objection
- Data portability
- Withdraw consent
Users need to send their privacy requests to privacy@buyvps.net. We verify identity before processing. The legal system demands that all responses need to reach their destination within a 30-day time period.
Complaints
Internal: Contact privacy@buyvps.net.
Supervisor: In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). autoriteitpersoonsgegevens.nl
Children
Our services are not directed at minors. We do not knowingly collect data from children. You should reach privacy@buyvps.net if you think we obtained information from someone under eighteen years old.
Changes
We may update this policy. Version and last update date are shown at the bottom. The company sends material changes through email messages and displays them on their website.
Last updated: 13 February 2026.
Related documents
Data Processing Agreement, Subprocessor list, Cookie Policy, Acceptable Use Policy, Terms of Service.
Privacy policy
Frequently asked questions about data processing at BuyVPS.