Data Privacy
Privacy Policy
General information
This privacy policy applies to all online services of Hetzner Online GmbH.
The controller is:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
Email: info@hetzner.com
Registration Court Ansbach, HRB 6089
VAT ID No. DE 812871812
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
Alena Scholz is the data protection officer, data-protection@hetzner.com.
How do we process personal data?
We save and use your personal data only to process your orders and to get in touch with you. If you subscribe to our customer newsletter, we also use your email address to send the newsletter to you. We will automatically send you status messages from hetzner-status.de if you have previously changed your settings on our customer administration interface in which you request these messages. We also save and process data that job applicants provide us as part of the job application process.
What categories of data do we collect?
Every time you visit our website, your IP address and other pieces of information are saved in anonymized form. If you register an account with us, your contact information will be stored. If you order products from us, your address and payment information will also be stored.
In particular, we save the following data from you.
Registration data
When you register an account with us, we collect and process certain personal data from you as your registration data. For example, we need your name, address information, telephone number, payment information and your email address to process your order. If you pay using a credit card, we do not collect and store any payment information such as credit card numbers or verification codes. You disclose this information only to the respective payment service provider. One exception with credit card payments is what is known as the pseudo card number: in order for you not to have to enter your credit card information for every payment, a pseudo card number is saved for your account. The pseudo card number only enables payment for products on our website that you order using your customer account. A pseudo card number is not identical to the credit card number. We delete all your registration data either: within 24 months, as soon as you delete your user account with us, or once the statutory retention period expires. You can delete your user account with us by sending an email to data-protection@hetzner.com with your deletion request. The legal basis for this data processing is Art. 6 (1) lit. b GDPR.
Email addresses
If you subscribed to our newsletter, if someone invited you to a Hetzner Cloud project, or if you requested that you receive automated messages from status.hetzner.com, we also store your email address. We will delete your email address once you delete your user account or if you unsubscribe from our newsletter.
We use the double opt-in method to ensure that you actually want to receive the newsletter. If you go through this process, you agree to receive the newsletter and to be added to the mailing list for it, and then you will receive a confirmation email that will allow you to legally confirm that you have registered for the newsletter. We will only add your name to the mailing list if you actually complete the confirmation.
We use these data exclusively for sending information that you request including information about our new offers.
We use Brevo as our newsletter software. So if you agree to register for the newsletter, we will send your data to Sendinblue GmbH. Brevo is prohibited from selling your data and from using it for purposes other than sending our newsletter. Brevo is a German certified provider whom we chose because they must comply with the requirements of the EU's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
You can find more information on Brevo here:
https://www.brevo.com/legal/termsofuse/?rtype=n2go
You can revoke your consent at any time to the storage of your personal data (including your email address) and to the use of your data. You can do this, for example, by clicking on the "Unsubscribe" link in the newsletter. The legal basis for processing your data for the above purpose is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR.
Server log files
Whenever you visit our websites, we automatically store certain data. This includes your IP address, type and version of the browser you use, and the time, date, and website from which you come to our site. Your IP address is saved in an anonymized manner. You can then no longer be identified. The legal basis for this data process is Art. 6 (1) lit. f GDPR.
Forum
If you register for our online discussion forum, we save your username and email address. After you delete your account in the forum, this saved data will also be deleted. The legal basis for this data processing is Art. 6 (1) lit. a GDPR.
Career portal
If you send us job application documents such as your resume, references and cover letter, we will save and process these pieces of data. Application documents from job applicants that do not result in hires are deleted after 6 months. If you wish to be considered for future job openings and you consent to a longer storage period, your application documents will be deleted after 24 months. With applications that result in hires, the documents are forwarded to our HR department. The legal basis for the processing of your personal data in the job application process is Art. 6 (1) lit. b GDPR.
Sweepstakes
We sometimes have sweepstakes on our websites for various occasions. If you choose to participate in the sweepstakes, we save your first and last names, your email address and, if applicable, the country you come from. We use the collected data only to process the sweepstakes. Once the sweepstakes end and the winner or winners are chosen and notified, the collected data are deleted. The legal basis for this data processing is Art. 6 (1) lit. a GDPR.
Website analysis
On our website, we use the open-source web analysis tool Matomo on our self-hosted system. Matomo uses cookies. These are text files that are saved on your computer and which allow Matomo to analyze how you use our website. The cookies generate information about how you use the website, and our server saves this information.
We do not send to third parties the data that the cookies generate about how you use our website. You can prevent the software from generating cookies by changing the settings of your internet browser. However, if you do this, you may not be able to use all of the functions on our website.
If you do not want us to save and use your data using Matomo, you can deactivate it by clicking here:
Your internet browser will create an opt-out cookie, which will prevent the Matomo software from creating a cookie when you visit our website.
Who we forward your data to
External service providers may have access to your data while they assist us in providing our services. In some cases, third parties such as government authorities, external consultants, or our business partners may receive your data.
In particular, this may occur in the following cases:
Domain registration
If we register a domain for you, we provide the required data to the corresponding registration service provider.
Payment via credit card:
If you pay via credit card, the payment is processed by an external service provider. For credit card payments, your information is collected directly by Computop at the address Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, D-96050 Bamberg.
Debt collection agency
If you as a customer fail to pay your invoices on time, your necessary data are passed on to an external debt collection agency.
Job application documents
If you apply for a job in Tuusula, Finland or in Munich (Unterföhring) using our career portal, we pass on your job application documents to our subsidiaries at Hetzner Finland Oy or Hetzner Cloud GmbH. We have data processing agreements with both of them.
To manage our job applications, we use software from rexx systems GmbH. We also have a data processing agreement with this company.
Third countries
Data is transferred to third countries in adherence to the legally regulated admissibility requirements. We will not transfer your data to a third country if it does not serve the purpose of performing our contract with you; if we have no consent from you; if the transfer is not necessary to assert, exercise or defend legal claims; and if there are no other exceptions. We will only transfer your data to a third country if there is an adequacy decision in accordance with Art. 45 GDPR or appropriate safeguards in accordance with Art. 46 GDPR.
Other categories of recipients
State authorities and courts
Where do we process your data?
We process your data exclusively in our data centers in Germany and in Finland.
Using the “Ask AI” chatbot
1. General information
We at Hetzner rely on advanced technologies to provide the best possible customer service. This is why we use the “Ask AI” chatbot. It can help to answer your questions about our products. The chatbot is operated by kapa.ai and uses technology like ChatGPT in the background. You can find more information at https://www.kapa.ai.
The chatbot completely automates the answers to your questions, and does so based on textual analysis and machine learning. The answers are based entirely on information that Hetzner has created itself, for example, information on Hetzner Docs.
We may need to make adjustments to the data protection policy for the chatbot as part of the continuous process for its improvement and further development. That’s why we recommend that you review this set of policies from time to time.
2. Scope and legal basis for the data processing
The chatbot collects and uses any and all information that you provide it with to answer your questions. You do not need to provide any personal data to use the chatbot. To increase the protection and security of your data, we use a tool that automatically detects personal data. (Hereafter, we will refer to this tool as the “PII tool”; “PII” is short for personally identifiable information.) If you enter personal data in the chatbot, such as your name or your email address, the tool will automatically recognize it. The chatbot will then respond by asking you to enter your request/question again, but this time without personal data.
Important note: Despite our best efforts, we cannot completely guarantee that the PII tool will recognize personal data if you enter it in the chatbot.
If you have a question/request that requires you to include personal data, please instead write a support request at https://accounts.hetzner.com.
We process your data soley for the purpose of providing you with our services and to continually improve our services. The legal bases for the processing of your personal data in relation to the PII tool is Art. 6 para. 1 lit. f of the GDPR.
Kapa.ai uses the enterprise version of ChatGPT. The enterprise version of ChatGPT does not process personal data. You can find more information about this in ChatGPT’s privacy policy: https://openai.com/enterprise-privacy.
2.1 reCaptcha
When you use the chatbot, the tool reCaptcha is used. It is a tool that Google has developed, and it is used to make websites more secure. You can find more information about reCaptcha at https://www.google.com/recaptcha/about/. Google Fonts are loaded when you use the reCaptcha tool in the chatbot. You can find more information about Google Fonts at https://fonts.google.com/about.
3. Data recipients / data transfer
Because the PII tool is in use, your data may be transferred to and processed using a server from kapa.ai Inc. which is located in the USA.
4. Data storage and processing
The chatbot will store the complete chat history between you and the chatbot, and the time you used the chat (the date and time you accessed it) with kapa.ai after your question/request is processed. The chatbot will not ask you for your personal data and will not store any personal data that it recognizes.
We at Hetzner use the chat histories solely to monitor the quality of the chatbot’s responses, and to correct any mistakes. Your personal data will not be used for any training purposes for any large language models (LLMs). Any feedback that you provide about the chatbot’s answers will be used to improve future answers. We are constantly working to expand the database that the chatbot uses as part of our maintenance and review process.
5. Cookies
In order to use the chatbot, you will need to accept all cookies. If you have only accepted the necessary cookies when you first accessed our website, you will be asked again whether you agree to the use of all cookies when you click on the “Ask AI” symbol. If you agree, these cookies will be used:
-
Session-Cookie
The session cookie is saved in the main memory of your device. The cookie contains an identifications number (session ID) as well as information about its origin and storage period. The cookie will only be stored for the duration of your visit to our website. After you leave our website, or after you close your broswer window, the cookie will be deleted. The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f of the GDPR because the session cookie is absolutely necessary for the chatbot to work. -
Google-Cookies
When you use the chatbot, the tool Google reCaptcha will also be used (hereafter called “reCaptcha”). This is a service that is operated by Google Inc., whose address is: Google Inc., 1600 Amphitheatre Parkway, Mountainview, California 94043, USA (hereafter called “Google”). This service makes websites more secure because it checks to see if data that is entered comes from humans or from automated programs. This process runs automatically in the background when you access our website. It includes information such as your IP address and the duration of time that you spend on our website. That data is then sent to Google. You can find more information about reCaptcha at https://www.google.com/recaptcha/about/. Google Fonts are loaded when you use the reCaptcha tool in the chatbot. You can find more information about Google Fonts at https://fonts.google.com/about. The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f of the GDPR; the legitimate interest lies in preventing bad actors from spying on and spamming the chatbot.
You can find more information about how Google processes your data in Google’s privacy policies: https://policies.google.com/privacy. - If you are logged onto your Google account in the background while you visit our website, Google will use additional cookies. Please see Google’s privacy policies for more information on that.
6. Creation of log files
Information is automatically storied on kapa.ai’s servers while the chatbot is in use; this is to make the chatbot run more smoothly and to improve the chatbot. This information includes the date and time of day, whether or not access to the chatbot was successful, and the URL. This data is stored for a maximum of 30 days in a log file, and it may make it possible to identify you.
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f of the GDPR; the collection and storage of this data is absolutely necessary for the chatbot to work.
7. Security
Your data will be transferred to the chatbot using an HTTPS connection. We at Hetzner and kapa.ai take several technical and organizational measures to ensure that your personal data remains safe from unauthorized access by third parties.
Social media data
YouTube
We integrate videos from the YouTube platform provided by Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://youtube.com/opt-out.
The legal basis for this data processing is Art. 6 (1) lit. f GDPR.
Online presence on social media
We maintain online presence on social networks and platforms in order to communicate with our customers, interested parties, and users and to inform them about our services. We use Facebook, Twitter, and Instagram, among others. When visiting each of these platforms, you as a user agree to the terms and conditions and the data processing guidelines of the corresponding operator.
Unless stated otherwise in our data privacy notice, we process user data if users communicate with us on these social networks and platforms, e.g. publish posts on our pages or send us messages.
We at Hetzner Online process users' data only when it is in the customer's legitimate interest for us to do so in accordance with Art. 6, (1) lit. b GDPR. As a company, we have a legal right to obtain general customer information to use in customer accounts. We also use customers' data for communication purposes. If any of the providers below request users for consent for processing their data, the legal basis for data pracessing is Art. 6 para. 1 lit. a. GDPR.
For detailed information about the data processing operations of the providers below, as well as their opt-out options, please check the links that we have listed below.
- Facebook:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads. - X (former Twitter):
Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland.
Privacy policy: https://twitter.com/privacy
Opt-Out: https://help.twitter.com/safety-and-security/privacy-controls-for-tailored-ads - Instagram:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.
Privacy policy: https://instagram.com/about/legal/privacy/
Opt-Out: https://instagram.com/about/legal/privacy/ - Youtube:
Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Privacy policy:https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
Surveys
We conduct surveys in order to constantly improve ourselves and our products. Participation is voluntary. We use the LimeSurvey tool (https://www.limesurvey.org/) for the survey.
If personal data is collected as part of the survey, it is processed and stored directly by the provider. You can access the company's data protection information via the following link: https://www.limesurvey.org/privacy-policy
Your rights as a "data subject"
You have the right to information about your personal data that we process. If you do not make requests for information in writing, please bear in mind that we might ask you to provide proof that you who you claim to be. Furthermore, you have a right to rectification or deletion or restriction of processing, as it is applicable to you under the law. Furthermore, in accordance with legal requirements, you have the right to object to us processing your data. You also have the right of data portability.
Right to lodge a complaint
You have the right to lodge a complaint about the processing of your personal data by us to a supervisory authority for data protection.
Voluntary nature of data provision
There is no statutory obligation for you to provide your data to Hetzner Online GmbH. However, you cannot use some of our services if you do not provide your data to us. Your decision to provide us with your personal data is completely voluntary.