Table of Contents
Privacy Policy ConsulHosting B.V.
Published on 1 May 2026
ConsulHosting B.V., based at Postbus 156, 4100 AD Culemborg, the Netherlands, processes personal data as described in this privacy statement.
Contact page: https://consulhosting.com/contact/
Email: [email protected]
When this privacy statement applies
This privacy statement applies to personal data processed by ConsulHosting relating to customers, prospective customers, contact persons of business customers, suppliers, partners, website visitors, and people who contact us.
Our role: controller or processor
ConsulHosting may process personal data either as a controller or as a processor.
As controller, we process personal data for our own purposes, such as account management, orders, payments, invoicing, support, security, abuse prevention, domain registration, our website and marketing.
As processor, we process personal data that customers store or process through our services. In that case, the customer determines why and how the personal data is processed. We only process that data on the customer’s behalf to provide, manage, secure and support the service.
We do not actively review or use customer data for our own purposes. We only access customer data where necessary, for example for support at the customer’s request, technical management, maintenance, migration, backup, recovery, security, incident investigation, abuse prevention, or to comply with a legal obligation or a binding request from a competent authority.
Where required, we enter into a data processing agreement with our customers.
What personal data we process
- name, company name and contact person;
- address details;
- email address and phone number;
- account and login-related data;
- payment, invoice and transaction data;
- communication data, such as emails, tickets and chat messages;
- IP addresses;
- browser, device and system data;
- log, usage and security data;
- data you provide to us yourself.
As a rule, we do not process special categories of personal data unless this is required by law, you provide it to us yourself, or it is processed by a customer through our services.
Why we use personal data
We only process personal data for clear purposes and on a valid legal basis.
Providing and managing our services
We use personal data to provide our services and keep them running properly.
Legal basis: performance of a contract.
Invoicing, administration and legal obligations
We process personal data for payments, invoices, administration and compliance with tax and other legal obligations.
Legal basis: performance of a contract and legal obligation.
Support and customer contact
We process personal data to answer questions, provide support, resolve incidents and stay in contact with you.
Legal basis: performance of a contract, pre-contractual steps and/or legitimate interests.
Service improvement and internal AI models
We may use personal data from our own support communications and customer contact to develop, train, test and improve internal AI models and other automated tools. We only do this to improve our services, such as providing faster and more efficient support and better customer service. This use is limited to communications that we process ourselves as controller. We do not use encrypted messages submitted through ConsulHosting’s help ticket system for this purpose.
Legal basis: legitimate interests.
Security, monitoring and abuse prevention
We process personal data to secure our network and systems, monitor performance, resolve issues, manage backups, prevent fraud and abuse, combat spam and malware, and protect our customers and services. As part of this, we may compare data or signals linked to an order, account or use of our services with fraud prevention services and fraud prevention databases, or have them checked against those services or databases, where necessary to prevent or investigate fraud, abuse or other unlawful use. Where there is fraud, abuse, serious payment default or other unlawful use, we may also record relevant data or signals in, or report them to, such fraud prevention databases.
Legal basis: legitimate interests and, where applicable, legal obligation.
Domain registration
When registering, transferring or managing domain names, we process personal data needed for administration, contact and communication with registrars and registries.
Legal basis: performance of a contract, legal obligation and/or legitimate interests.
Marketing and website improvement
We may use personal data for newsletters, offers, website analytics and improving our services.
Legal basis: consent where legally required, and otherwise legitimate interests.
Where we receive personal data from
We usually receive personal data directly from you or from the organisation you work for. In some cases, we also receive data through:
- a reseller or intermediary;
- a colleague or another contact person within your organisation;
- payment providers;
- registrars or registries;
- security or fraud prevention partners;
- public sources, where necessary for verification, compliance or abuse prevention.
Who we share personal data with
- payment providers;
- registrars and registries;
- data centre, network and infrastructure providers;
- software, support and security providers;
- backup, monitoring, anti-spam and anti-malware services;
- fraud prevention services and fraud prevention databases, where necessary to check orders, accounts or abuse indicators, or to register or report fraud, abuse, serious payment default or other unlawful use;
- accountants, legal advisers or collection agencies;
- competent authorities.
Where third parties process personal data on our behalf, we enter into a data processing agreement or other binding arrangements where required.
International transfers
If personal data is processed outside the European Economic Area, we implement appropriate safeguards where required, for example through an adequacy decision of the European Commission, standard contractual clauses or another legally permitted transfer mechanism.
Retention periods
We do not retain personal data longer than necessary for the purpose for which it was collected, unless we are required to keep it longer by law or because of a legal dispute.
In general, the following applies:
- financial and administrative data is generally retained for 7 years;
- account, support and customer data is retained for the duration of the customer relationship and afterwards for as long as necessary for administration, support, disputes or evidence;
- log and security data is retained for as long as necessary for security, continuity and incident investigations;
- backups may continue to contain data for a limited period until they are overwritten or deleted in the normal backup cycle.
Mandatory provision of data
Some personal data is required in order for us to enter into or perform a contract with you, or to comply with a legal obligation. If you do not provide this data, we may not be able to create an account, register a domain name, process a payment or properly provide our services.
Automated checks and decision-making
We may use automated systems to detect risks relating to fraud, abuse, spam, malware, payment issues or violations of our terms. These systems may, for example, look at incorrect or inconsistent order details, IP or network data, abuse reports, technical risk indicators, or previous fraud or abuse signals.
We use these checks to assess orders, accounts or activities, request additional verification, carry out manual review, or apply temporary security measures. If a solely automated decision has legal effects on you or similarly significantly affects you, such as refusing an order or temporarily restricting a service, you can contact us for human intervention, an explanation and a review.
Cookies
We use cookies and similar technologies on our website. Where legally required, we ask for prior consent for non-essential cookies. More information about the cookies we use and how you can manage your preferences can be found in our cookie policy.
Security
We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. This includes access restrictions, logging, monitoring, network security, backups, security updates and confidentiality obligations.
Your rights
Where ConsulHosting acts as controller, you have the right to:
- access your personal data;
- have your personal data corrected;
- have your personal data deleted where legally possible;
- restrict the processing of your personal data;
- object to processing based on legitimate interests;
- withdraw your consent, without affecting the lawfulness of processing based on consent before its withdrawal;
- receive your data in a portable format, where legally applicable;
- request human intervention in relation to solely automated decisions with significant effects.
You can contact us using the email address at the top of this privacy statement. To prevent misuse, we may ask for additional information to verify your identity.
If we act only as processor for personal data processed by a customer through our services, you should in principle direct your request to that customer.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority, where applicable.