MyHBD Logo
Legal Information

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use our hosting services.

Last updated: June 2026
MyHBD Legal

Table of Contents

Introduction

At MyHBD (Hosting Big Data B.V.), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

This policy applies to users of our website, services, and products. We process personal data only where we have a lawful basis, such as contract performance, legal obligation, legitimate interest, or your consent where consent is required. We are registered in the Netherlands and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Company Details:

  • Legal Name: Hosting Big Data B.V.
  • Address: Fazantstraat 155A, 7523 DP, Enschede, The Netherlands
  • KVK Number: 98176579
  • BTW Number: NL868387745B01

Controller and Processor Roles

Where MyHBD is controller

Hosting Big Data B.V. is the data controller for account registration, billing, payments, KYC status, support, abuse prevention, security monitoring, website analytics, marketing consent, and quote requests.

Where MyHBD is processor

For customer content hosted inside VPS, cloud servers, websites, databases, email accounts, backups, or applications, MyHBD generally acts as a hosting processor and processes that content only to provide, secure, maintain, and support the service, unless the law requires otherwise.

Information We Collect

We collect various types of information to provide and improve our services:

Personal Information

  • • Full name and contact details
  • • Email address and phone number
  • • Physical address and billing information
  • • Payment and financial information
  • • Account credentials and preferences
  • • Identity verification information handled through Didit before payment or service activation, such as ID document checks, selfie/liveness or face-match checks, KYC result status, device/IP analysis, fraud signals, and AML/sanctions screening where applicable
  • • Quote form details such as project scope, budget range, timeline, company, country, and preferred contact method

Technical Information

  • • IP addresses and connection details
  • • Browser type and operating system
  • • Usage patterns and service interactions
  • • Server logs and traffic data
  • • Device identifiers and network information
  • • Referrer, landing page, UTM parameters, click IDs, source platform, IP address, and user agent for quote attribution, fraud prevention, and campaign measurement

How We Use Your Data

We use your personal information for the following primary purposes:

Service Provision

Billing, payment processing, and account management

Customer Support

Technical assistance, troubleshooting, and service notifications

Legal Compliance

Meeting regulatory requirements and protecting our rights

Identity Verification (KYC)

Verify every customer before payment or service activation using Didit, our third-party KYC provider, to prevent fraud, abuse, duplicate misuse, payment risk, sanctions exposure, and prohibited service use.

Service Improvement

Analyzing usage patterns to enhance our services and security

Lawful Bases

We rely on different GDPR lawful bases depending on the purpose of processing:

Contract performance

Account setup, service delivery, support, billing, and quote handling before entering into a service contract.

Legal obligation

Accounting records, tax records, lawful authority requests, and mandatory compliance obligations.

Legitimate interests

Security monitoring, abuse prevention, fraud prevention, service reliability, business communications, and defending legal claims.

Consent

Non-essential analytics cookies, marketing cookies, Meta Pixel, Google Ads tracking, and optional marketing communications where consent is required.

Fraud and KYC controls

Didit KYC is used before payment and activation to verify customers, reduce payment abuse, screen for fraud or sanctions risk where applicable, and protect our network and customers.

Vital or public-interest situations

Exceptional cases where processing is necessary to protect someone or comply with urgent lawful requests.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected:

Retention Periods:

Client Activity Logs: Up to 36 months, unless security, abuse, legal, or dispute reasons require longer

Traffic Logs: Typically up to 12 months, unless needed for security, abuse handling, or legal claims

Payment Records: 7 years (legal requirement)

Account Information: Duration of service + 1 year

Support Communications: 3 years

KYC, fraud, abuse, and legal investigations: As long as reasonably required for verification, security, compliance, disputes, or legal obligations

In specific cases involving security investigations or legal proceedings, we may retain certain data for extended periods as required by law or to protect our legitimate interests.

Data Security Measures

We implement comprehensive security measures to protect your personal information:

Encryption

Data encrypted in transit and at rest using industry standards

Access Controls

Strict access controls and authentication protocols

Monitoring

Continuous security monitoring and threat detection

Important: While we implement robust security measures, no system can guarantee 100% security. We continuously update our security practices to address evolving threats.

When We Share Your Information

We have a strict policy against unauthorized disclosure of personal data. We only share your information in the following limited circumstances:

Legal Authorities

We may disclose information when legally required by:

  • Netherlands National Cyber Security Centre
  • Netherlands Police (Politie)
  • International Criminal Police Organization (Interpol)
  • Other legitimate law enforcement agencies with proper legal authority

Service Providers

We may share limited information with trusted third-party service providers who assist in delivering our services, under data processing, confidentiality, or equivalent contractual safeguards. This includes Didit for KYC before payment and service activation.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

Cookies and Tracking

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand where our visitors are coming from. This section explains what cookies we use and why.

What Are Cookies

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

Essential Cookies (Always Active)

These cookies are necessary for the website to function properly and cannot be disabled. They include:

  • • Session management and user authentication
  • • Security features and fraud prevention
  • • Load balancing and website performance
  • • Cookie consent preferences storage

Retention: Session cookies are deleted when you close your browser; persistent cookies last up to 12 months

Analytics Cookies (Requires Consent)

We use Google Analytics 4 (GA4) to understand how visitors interact with our website. These cookies help us:

  • • Measure website traffic and user behavior
  • • Understand which pages are most popular
  • • Improve website performance and user experience
  • • Track conversion goals and form submissions

Provider: Google LLC (USA)

Data Collected: Page views, session duration, bounce rate, referral source, device information, anonymized IP addresses

Retention: Up to 26 months (Google Analytics default)

Opt-out: Available through our cookie banner or Google Analytics Opt-out Browser Add-on

Marketing Cookies (Requires Consent)

These cookies and pixels are used for advertising, conversion measurement, and remarketing through Google and Meta services:

  • • Google Ads conversion tracking
  • • Remarketing to previous website visitors
  • • Interest-based advertising
  • • Meta Pixel/Facebook conversion measurement and remarketing when marketing consent is granted

Providers: Google LLC and Meta Platforms Ireland/Meta Platforms, Inc.

Retention: Up to 540 days (varies by cookie type)

Functional Cookies (Requires Consent)

These cookies enable enhanced functionality and personalization:

  • • Language preference storage
  • • User interface customization
  • • Form data memory
  • • Live chat functionality

Retention: Up to 12 months

Third-Party Services

We use the following third-party services that may set cookies:

  • • Google Analytics 4: Website analytics and reporting
  • • Google Tag Manager: Tag and code management
  • • Google Ads: Conversion tracking and remarketing
  • • Meta Pixel: Facebook/Instagram conversion measurement and remarketing when marketing consent is granted
  • • Google Search Console: SEO and website verification

Cookie Consent Management

We implement Google Consent Mode v2 for privacy-compliant tracking:

  • • Default consent state: Denied (privacy-first approach)
  • • Granular consent categories: Analytics, Marketing, Functional
  • • Consent signals sent to Google services automatically
  • • Consent choices are stored in browser local storage and re-requested periodically

Your Cookie Choices and Rights

  • • Manage cookie preferences through our consent banner
  • • Control cookies through your browser settings
  • • Opt out of Google Analytics via browser add-on
  • • Opt out of interest-based ads via Google Ad Settings
  • • Clear cookies and website data from your browser

Note: Disabling essential cookies may affect website functionality

Your Privacy Rights

Under applicable data protection laws, including GDPR, you have the following rights:

Access

Request a copy of your personal data we hold

Rectification

Correct inaccurate or incomplete information

Erasure

Request deletion of your personal data (right to be forgotten)

Portability

Receive your data in a structured, machine-readable format

Restriction

Limit how we process your personal information

Objection

Object to certain types of data processing

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or through our support system. We will respond to your request within 30 days.

Note: Some requests may require reasonable identity verification for security purposes. We try to use existing account or KYC status before requesting additional information.

International Data Transfers

As a Netherlands-based company, we primarily process and store data within the European Union. However, some data processing activities may involve international transfers:

EU/EEA Processing

Primary data processing occurs within the EU/EEA, ensuring full GDPR compliance and adequate data protection levels.

Third Country Transfers

When transfers to third countries are necessary, including for providers such as Google, Meta, Didit, payment, email, support, or security providers, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, data processing agreements, or other approved mechanisms.

Personal Data Breaches

If a personal data breach occurs, we assess the risk and take appropriate containment, investigation, and notification steps.

  • • We notify the Dutch Data Protection Authority where legally required.
  • • We notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.
  • • We document breach assessments and remedial actions as required by GDPR.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements:

Update Process

  • • Material changes will be communicated via email or prominent website notice
  • • Minor updates may be posted without additional notification
  • • Continued use of our services constitutes acceptance of updated terms
  • • You can review the current policy version and last updated date at any time

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Officer

Email: [email protected]

General Contact: [email protected]

Phone: Available through support portal

Response Time: Within 30 days

Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you may lodge a complaint with:

Autoriteit Persoonsgegevens (Dutch DPA)

Bezuidenhoutseweg 30 2594 AV The Hague The Netherlands

Website: autoriteitpersoonsgegevens.nl

Company Information

Hosting Big Data B.V.

Fazantstraat 155A

7523 DP Enschede

The Netherlands

KVK: 98176579

VAT: NL868387745B01

Email: [email protected]

Related Legal Documents

Privacy Policy

How we collect, use, and protect your personal information.

Terms & Conditions

Terms of service and user responsibilities.

Refund Policy

Our refund and cancellation policies.

Fair Usage Policy

Bandwidth and resource usage rules for Cloud VPS services.

Privacy Policy | MyHBD