Privacy Statement (EU)

This privacy statement was last updated on 27/03/2026 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

The data controller for this website is TPC Management s.r.l., Str. Lahovari 8C, 077016 Dumbraveni, com. Balotesti, Ilfov County, Romania (fiscal code: RO35691219), operating under the brand name TPC Hosting.

In this privacy statement, we explain what we do with the data we obtain about you via https://tpc-hosting.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

• we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
• we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
• we first request your explicit consent to process your personal data in cases requiring your consent;
• we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
• we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

Obligation to provide data. Providing your personal data is necessary for entering into and performing a contract with us. If you do not provide the required data, we may not be able to create your account, process your order, or deliver our services.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following:

1.1 Payments

For this purpose we use the following data:

• A first and last name
• Account name or alias
• A home or other physical address, including street name and name of a city or town
• An email address
• A telephone number
• IP Address

The basis on which we may process these data is: Performance of a contract (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR) for fiscal record-keeping.

Retention period: Invoice and billing data are retained for 10 years after the end of the financial year in which the transaction occurred, as required by Romanian fiscal law. Other payment-related data are deleted 30 days after account termination.

1.2 Registering an account

For this purpose we use the following data:

• A first and last name
• Account name or alias
• A home or other physical address, including street name and name of a city or town
• An email address
• A telephone number
• IP Address
• Geolocation data

The basis on which we may process these data is: Performance of a contract (Art. 6(1)(b) GDPR).

Retention period: We retain this data for the duration of the service. Account data are permanently deleted 30 days after account termination.

1.3 Newsletters

For this purpose we use the following data:

• An email address
• A first and last name

The basis on which we may process these data is: Consent (Art. 6(1)(a) GDPR).

Retention period: We retain this data until you unsubscribe. Your data are deleted promptly after unsubscription.

1.4 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

• A first and last name
• Account name or alias
• A home or other physical address, including street name and name of a city or town
• An email address
• A telephone number
• IP Address

The basis on which we may process these data is: Performance of a contract (Art. 6(1)(b) GDPR).

Retention period: We retain this data for the duration of the service. Account data are permanently deleted 30 days after account termination.

1.5 Compiling and analyzing statistics for website improvement

For this purpose we use the following data:

• IP Address
• Geolocation data

The basis on which we may process these data is: Consent (Art. 6(1)(a) GDPR).

Retention period: Analytics data are retained for a maximum of 14 months, in line with the default retention settings of our analytics tools.

1.6 Contact – Through phone, mail, email and/or webforms

For this purpose we use the following data:

• A first and last name
• An email address
• IP Address

The basis on which we may process these data is: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to your inquiry and provide the requested information.

Retention period: We retain this data for up to 3 years after the last communication, in line with the general statute of limitations for civil claims.

1.7 To be able to offer personalized products and services

For this purpose we use the following data:

• An email address
• IP Address
• Geolocation data

The basis on which we may process these data is: Legitimate interest (Art. 6(1)(f) GDPR) — to display relevant content, currency, and service options based on your location and browsing behaviour.

Retention period: This data is processed during your browsing session or until you withdraw consent. It is not stored beyond what is necessary for the purpose.

1.8 Identity verification (KYC)

When required for fraud prevention or regulatory compliance, we may ask you to verify your identity. For this purpose we use the following data:

• A government-issued photo ID (passport, national ID card, or driving licence)
• Proof of address documents
• A selfie or live photo for identity matching
• Business registration documents (for legal entities)

Identity verification is performed by our processor Sumsub, which processes your documents and biometric data (facial image) on our behalf. Documents are used solely for verification purposes.

The basis on which we may process these data is: Legal obligation (Art. 6(1)(c) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention and platform security. For biometric data (facial image matching), processing is based on your explicit consent (Art. 9(2)(a) GDPR), which is requested at the time of verification.

Retention period: Identity verification documents are retained for the duration of the contractual relationship plus 5 years, as required by anti-fraud and anti-money laundering regulations. Documents are deleted after this period.

2. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

4. Data processors and third-party recipients

We share your personal data with the following categories of recipients, solely for the purposes described in this privacy statement:

We have concluded Data Processing Agreements (DPAs) with all processors where required by GDPR. We do not sell your personal data to any third party.

5. International data transfers

Some of the third-party services we use are based in the United States. This means that your personal data may be transferred to, stored, or processed in countries outside the European Economic Area (EEA). We only use providers that offer appropriate safeguards for your data, including:

• Google (Google Analytics 4) — certified under the EU-US Data Privacy Framework
• Stripe (payment processing) — certified under the EU-US Data Privacy Framework
• PayPal (payment processing) — certified under the EU-US Data Privacy Framework

Where the EU-US Data Privacy Framework does not apply, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, before any transfer takes place.

6. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

The security measures we use consist of:

• Login Security
• DKIM, SPF, DMARC and other specific DNS settings
• (START)TLS / SSL / DANE Encryption
• Security measures of hardware that contain, or process personal data
• HTTP Strict Transport Security and related Security Headers and Browser Policies
• Website Hardening/Security Features
• ISO27001/27002 Certification

7. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

8. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

9. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

• You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
• Right of access: You have the right to access your personal data that is known to us.
• Right to rectification (Art. 16): you have the right to supplement or correct your personal data whenever you wish.
• Right to erasure (Art. 17): you have the right to have your personal data deleted or blocked.
• Right to withdraw consent: if you give us your consent to process your data, you have the right to revoke that consent at any time and to have your personal data deleted.
• Right to restriction of processing (Art. 18): you have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of your data is being verified.
• Right to data portability (Art. 20): you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
• Right to object (Art. 21): you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

10. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the supervisory authority. For Romania, this is the Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP):

B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, 010336 Bucharest, Romania
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

If you are located in another EU/EEA member state, you may also lodge a complaint with your local data protection authority.

11. Contact details

TPC Management s.r.l.
Str. Lahovari 8C
077016 Dumbraveni, Balotesti, jud. Ilfov
Romania

Website: https://tpc-hosting.com
Email: Contact us
Phone number: +40 316318254

For any questions or requests regarding this privacy statement or the processing of your personal data, please contact us using the details above.