Skip to main content
Sign up free! Already a user? Log in

GDPR Compliance Statement

A+ Hosting Inc. DBA ServerPoint.com ("ServerPoint", "we", "us", "our") is committed to protecting the privacy and personal data of individuals in the European Union (EU) and European Economic Area (EEA). This GDPR Compliance Statement explains how we comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") when processing personal data of EU/EEA residents.

This statement supplements our Privacy Policy and provides additional information specific to GDPR compliance.

About the summaries: Each section below includes a plain-language summary in an orange box. These summaries are provided for your convenience only and are not legally binding. Please read the full text of each section for complete details.

1. Data Controller Information

In Plain English: ServerPoint is responsible for protecting your data when you're our customer. When you use our hosting to store your own customers' data, you're responsible for that data and we process it on your behalf.

ServerPoint acts as a data controller for the personal data we collect from our customers and website visitors. For the purposes of the GDPR:

Data Controller:
A+ Hosting Inc. DBA ServerPoint.com
10620 S. Highlands Pkwy, Suite 110-491
Las Vegas, NV 89141, USA
Email: [email protected]

When our customers use our hosting services to process personal data of their own end users, ServerPoint acts as a data processor on behalf of those customers (who are the data controllers for their end users' data).

2. Legal Basis for Processing

In Plain English: We only use your data when we have a legal reason: to provide services you paid for, to run our business legitimately, to comply with laws, or when you've given us permission.

We process personal data only when we have a valid legal basis under the GDPR. The legal bases we rely upon include:

  • Performance of a Contract: Processing necessary to fulfill our contractual obligations to you, such as providing hosting services, processing payments, and delivering customer support.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, ensuring network security, and communicating service-related information. We balance these interests against your rights and freedoms.
  • Legal Obligation: Processing necessary to comply with legal requirements, such as tax regulations, law enforcement requests, and court orders.
  • Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.

3. Categories of Personal Data

In Plain English: We collect basic info: your name, contact details, payment info, technical data (like IP address), how you use our services, and support conversations.

We may collect and process the following categories of personal data:

  • Identity Data: Name, username, title, date of birth
  • Contact Data: Email address, postal address, telephone numbers
  • Financial Data: Payment card details, billing address, transaction history
  • Technical Data: IP address, browser type, device information, login data, time zone settings
  • Usage Data: Information about how you use our website and services
  • Communications Data: Records of correspondence with our support team

4. Your Rights Under GDPR

In Plain English: As an EU resident, you have strong rights: access your data, fix errors, delete your data, restrict how we use it, take your data elsewhere, and object to processing. We don't make automated decisions about you.

As an EU/EEA resident, you have the following rights regarding your personal data:

Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will provide this information free of charge within one month of your request.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete data completed. You can update most of your information directly through your Client Portal.

Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Please note that we may need to retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect you. We do not currently use automated decision-making that falls within the scope of Article 22.

5. How to Exercise Your Rights

In Plain English: Email [email protected] or open a support ticket. We'll respond within one month (sometimes two if it's complex). We may need to verify your identity first.

To exercise any of your GDPR rights, please contact us at:

  • Email: [email protected]
  • Support Ticket: Through your Client Portal
  • Mail: ServerPoint.com Inc., 10620 S. Highlands Pkwy, Suite 110-491, Las Vegas, NV 89141

We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two additional months, and we will inform you of any extension within the first month.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may ask for additional information.

6. International Data Transfers

In Plain English: We're based in the US, so your data comes here. We use EU-approved Standard Contractual Clauses to legally protect your data during the transfer.

ServerPoint is based in the United States. When you provide personal data to us, it may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EU/EEA to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses for international data transfers.
  • Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure the protection of personal data.

You may request a copy of the safeguards we use for international transfers by contacting us at [email protected].

7. Data Retention

In Plain English: We keep your data as long as you're a customer. After you leave: account info for 2 years, financial records for 7 years (tax law), support tickets for 3 years.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our general retention periods are:

  • Active Customer Data: Retained for the duration of your account and our business relationship.
  • Account Information: Retained for 2 years after account closure, unless longer retention is required by law.
  • Financial and Transaction Records: Retained for 7 years to comply with tax and accounting regulations.
  • Support Communications: Retained for 3 years after resolution for quality assurance and dispute resolution.
  • Website Analytics Data: Anonymized or deleted after 26 months.

8. Data Security

In Plain English: We protect your data with encryption, access controls, security monitoring, employee training, and incident response plans.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

9. Data Processing Agreement

If you use ServerPoint services to process personal data of your own customers or end users, you may require a Data Processing Agreement (DPA) to comply with GDPR Article 28. Please contact us at [email protected] to request a DPA.

10. Cookies and Tracking

For information about how we use cookies and similar technologies, please see our Cookie Policy.

11. Right to Lodge a Complaint

In Plain English: If you think we've violated your rights, you can complain to your country's data protection authority. But please contact us first so we can try to fix the issue.

If you believe that we have violated your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We encourage you to contact us first so that we can address your concerns directly. We are committed to resolving any issues regarding your personal data.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected personal data from a child, please contact us immediately.

13. Changes to This Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any material changes by posting the updated statement on our website and updating the "Last Updated" date below.

Last Updated: January 2026