SiteGround Privacy Policy 

This Privacy Policy (the “Policy”, the “Privacy Policy”) applies to the processing of personal data by SG Hosting Inc., registered and existing under the laws of Delaware, USA, with registered address: 901 N. Pitt St, Suite 325, Alexandria 22314 VA, USA ("SiteGround", "we", "us" and "our") in its capacity as a data controller of personal data.

The Policy explains our data privacy practices in regard to the processing of personal data of individuals (“data subjects”, “you”, “your”) who visit our website (the "Site") and/or use the services and/or products ordered or accessed through the Site (the “Services”). For the avoidance of doubt, this Policy does not apply to the processing of your personal data by third parties whose websites are not owned and operated by us. 


I. Categories of data subjects and types of personal data 

For the purposes of this Policy, the natural persons, whose personal data is subject to data processing under this Policy, respectively the types of their personal data processed by us, may be categorised as follows: 


  1. Website Visitors 

a. Definition: Individuals who visit our Site. For the avoidance of doubt, websites hosted by us but operated by our Customers are not part of the definition of Site. Our Site and Services may contain links to third-party websites, which are not under our control, and we are not responsible for their content. In the event that you follow a link to such pages, please note that there are other respective privacy policies that may apply and we do not have control over such pages. We encourage you to review the privacy policies of these parties before using such other websites.

b. Types of personal data: 


  1. Customers  

a. Definition: Persons who enter into an agreement with us for the provision of Services. 

b. Types of personal data:


  1. Users

a. Definition: Individuals who access and/or administer any of the Services for our Customers.

b. Types of personal data:  


  1. Registrants

a. Definition: Owners of domain names, registered with us. 

b. Types of personal data: 

  1. End Users

a. Definition: Persons who visit, access, use and/or interact with our Customers’ websites.

b. Types of personal data: 

  1. Affiliates

a. Definition: Persons who participate in our Affiliate Program.

b. Types of personal data: 


  1. Participants in events/promotions

a. Definition: Individuals, who participate in raffles, surveys and/or register to attend events, webinars and other promotions (co)organised and/or sponsored by us or any of the companies part of SiteGround Group. 

b. Types of personal data: 


  1. Other individuals

a. Definition: Individuals, who may not fall under the scope of the definitions listed above, such as potential customers, third parties, part of ownership account disputes, complainants, followers in our social media channels, etc. 

b. Types of personal data:

 

II. Sources of data collection

Apart from you, being the main source of information we collect about you, we may also collect information from publicly accessible sources (e.g. companies trade register, WHOIS, local national list(s) of sanctioned persons) and/or third parties, such as our affiliates, trusted partners, including but not limited to marketing, advertising, security service providers, etc.

 

III. Purposes of and legal basis for data processing 

We strive to collect only the minimum personal data necessary for the completion of the purposes of data processing, as set out below:

 

IV. Cookies, beacons, tags, pixels

We use cookies to collect some of the information set out in this Policy. Cookies can store your account identifier, ordering status, personalisation or website tracking. They can also be used for technical purposes such as keeping track of your current shopping session and enabling you to proceed to checkout and pay for your according order or to save information which has already been entered (languages preference, and your region), so that we can offer improved and more personalised Services, products and other relevant communication tailored to you. Cookies also allow us to fulfil our contractual obligations to third parties and partners if you have made a purchase on our Site by following a link from theirs. 

We also use remarketing pixels provided by third parties to collect the information that you have visited our Site and were interested in certain offers.  

We also use beacons, tags, click tracking codes and scripts to analyze trends and movements of users around the Site, gather information about the user base as a whole and how we can improve the Services and Site, to provide advertising based upon activities and interests and to measure advertising effectiveness. As a result we may display targeted, or interest-based, offers to you based on the products you currently own or have recently viewed and deliver other communication more relevant to you and your interests outside of our Site, on other websites part of the third party's network.

You can find detailed information about our use of cookies in our Cookie Policy

 

V. Sharing of personal data

We disclose entire or part of your personal data in the following circumstances and always ensure that the appropriate safeguards on your privacy are undertaken:

  1. To provide the Services and run our business - We may engage third-party service providers in the delivery of the Services and also for administrative, billing, tax and all other purposes related to the management of your account and our operations. In such cases your personal data may be shared with companies part of SiteGround Group, business partners, independent contractors, external consultants, auditors, collaborators, etc. Those third-party service providers include companies that operate in different industries such as fraud detection, technology service, internet information providers, payments and data processors, couriers, providers from the finance, media, internet content and information industries, advertising and marketing, technologies, analytics, etc. and that may be located worldwide (including but not limited to the EU, EEA, Switzerland, UK, USA, Australia, Singapore, Japan, etc.). 

  2. To comply with the applicable legislation and to exercise rights - We may share personal data with companies, organisations or individuals when we believe in good-faith that access, use, preservation or disclosure of such data is necessary to meet any applicable law, comply with regulations, legal procedures, enforceable requests and/or competent authority requirements; to enforce our terms, defend against claims and protect the rights, property or safety of SiteGround, our Customers and/or the public as required and/or permitted by law.

  3. To comply with ICANN's and ICANN-accredited registrar providers’ rules, regulations and policies - SiteGround, in its capacity as a reseller of domain names, shares Registrant’s data for the purposes of domain name registration and/or to comply with the applicable rules, regulations and policies of ICANN and the relevant registrar providers (such as TuCows (OpenSRS), ENOM, Openprovider, etc.).

  4. In case of business reorganization, transfers and/or acquisitions - We may share your information to third parties in connection with any prospective or completed business reorganization, merger, sale of company assets, or acquisition of all or a portion of our business by another entity, or in the unlikely event that SiteGround goes out of business or enters bankruptcy. If any of these events happens, we may take any reasonable steps to notify you and this Policy would continue to apply to your personal data processing.

  5. To comply with your instructions - We may share your information with third parties with your explicit consent or at your direction. We will not, however, sell, rent, share or otherwise disclose personal data for commercial purposes in any way that is contrary to the commitments made in this Policy. 

  6. We also may share data with Google whose invisible reCaptcha service we use to protect our website from malicious activity. Use of the invisible reCaptcha is subject to Google's Privacy Policy and Terms of Service.

 

VI. International data transfers

In the course of our business operations and for the delivery of the Services we may transfer personal data around the world (including but not limited to the EU/EEA, UK, Australia, Singapore, Japan) where we and/or the third parties, specified in Section III above, use data centers, facilities and/or maintain data processing operations.  

In the event that we receive personal data of data subjects from the EU/EEA and/or the UK, and in cases where we transfer such personal data received to other countries which are not considered to provide an adequate level of data protection, we will ensure that:

We also comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. SG Hosting Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/participant?id=a2zt00000008ToFAAU&status=Active 

 

VII. Security measures

We use Secure Sockets Layer (SSL) protocol to encrypt the information you enter on our Site in order to protect its security during transmission to and from our Site. When storing information, we protect its security by encrypting critical data. Access to this information is severely restricted, logged and reviewed periodically. When we collect credit card data and payments (we do not store full credit card numbers and CVV codes), the credit card data is subject to tokenisation and strong security measures applied by our payment processors in accordance with the PCI DSS requirements.

We maintain physical, logical, electronic and procedural safeguards when collecting, storing and disclosing personal data. Our security procedures require us in some cases to request proof of identity before disclosing personal data to you.

To protect against unauthorised access to your account and information, we implement session management, strong authentication requirements, login expiration mechanisms and the option of using 2-factor authentication for Client Area access. Authentication data is encrypted. As an additional safety measure, we ask you to sign out when you finish using your account and your computer. 

Although we take appropriate technical and organizational measures to maintain the safety and security of your personal data against loss, theft and unauthorized use, access or modification, please note that no transmission of information over the Internet is completely secure. Consequently, please note that we cannot fully guarantee the security of any personal data that you transfer over the Internet to us. 

 

VIII. Retention periods

Information collected on our Site will only be retained for as long as necessary to fulfil the purpose for which it was collected. In general, we will automatically and securely delete your Client Area account information 2 years after you no longer have any active Services with us. Since we offer a Service for customers worldwide and we need to comply with regulations across the globe in regard to retention of personal information related to contractual agreements, provision of Services, financial, billing, invoicing operations, tax calculations etc., a versioned copy of your order, payment and billing documentation may be stored for a period of 10 years after the termination of your customer account. Your personal data is deleted automatically by our systems in accordance with these retention periods. 

 

XI. Your rights 

By visiting the “Owner Profile Details” section in your Client Area, you can access, correct, and delete certain personal data associated with your account. 

In addition, by submitting your inquiry to the email specified in the “Contact information” section of this Policy you may request from us any of the following actions:

We will review and address your request(s) within one month as of the date of receipt. Please note that if your request is particularly complex or you have made a number of requests, it may take us longer than a month to respond to you. In this case, we will notify you and keep you updated. Please note that we may ask you to provide us with additional information necessary to verify your identity prior to our response. However, in certain circumstances such as to comply with the applicable legislation, we may be unable to honour your request, for which you will be duly notified. 

 

X. Age Restrictions 

In accordance with SiteGround Terms of Service, our Site and Services are designated for use by individuals who are at least 18 years old. If you are under the age of 18, you must request your parent or guardian to use the Site instead. Should you have evidence that someone under the age of 18 has bought Services and provided their personal data to us, please contact us using the details set out in the “Contact information” section below. If we become aware that we process personal data of a person under the age of 18, we will delete the data and terminate the use of the Services.

 

XI. Changes to the Privacy Policy

We reserve the right to modify this Policy at any time. If we decide to change our Policy, we will post the updates in the Site and in any other place we deem appropriate, so that you are aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it.

If we make material changes to this Policy, we will notify you here, by email, or by means of a notice via our Site, at least ten (10) calendar days before the changes take effect.

 

XII. Data Protection Authority

You have the right to direct questions or lodge a complaint about the processing of your personal data at any time with the competent supervisory authority for data protection - for US consumers - the Federal Trade Commission (FTC), at https://www.ftc.gov/, and for the rest of the data subjects - the Spanish Data Protection Agency, at https://www.aepd.es/es. 

 

XIII. Contact information 

For any data processing related questions and/or requests, please contact us at privacy@siteground.com.  

Latest revision: September 28, 2022.  Previous version may be found here.  



SiteGround California Consumer Privacy Act Addendum

This Addendum supplements the information contained in the SiteGround Privacy Policy and applies to Website visitors, Customers, Users, Registrants, End Users, Affiliates and other individuals (incl. households) who are residents of the State of California, USA (“consumer”, “you”, “your”). 

For avoidance of doubt, the term “data subject” used in the Privacy Policy shall correspond to the term “consumer” used herein and the term “personal data” in the Privacy Policy shall be equivalent to the term “personal information” used herein. All other terms which are not explicitly defined in this Addendum shall have the meaning as set forth in the Privacy Policy. 

This Addendum is drafted in compliance with the California Consumer Privacy Act (“CCPA”) and other relevant California privacy laws and its purpose is to provide additional privacy disclosures and to inform you of your additional rights as a California resident.


I. Categories of personal information we collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).

Section I (“Categories of data subjects and types of personal data”) of the Privacy Policy describes in detail what categories of personal information we have collected from consumers within the last twelve (12) months.

 

II. Sources of personal information collection

Apart from you, being the main source of information we collect about you, we may also collect personal information from publicly accessible sources (e.g. companies trade register, WHOIS, local national list(s) of sanctioned persons) and/or third parties, such as our affiliates, trusted partners, including but not limited to marketing, advertising, security service providers, etc.

 

III. Purposes for collection of personal information 

The business and commercial purposes for which we collect, use and disclose personal information about consumers is described in detail in Section III (“Purposes of and legal basis for data processing”) of the Privacy Policy.

 

IV. Sharing of personal information

We may disclose and share personal information to categories of third parties as set forth in Section V (“Sharing of personal data”) of the Privacy Policy. 

 

V. Sale of personal information 

In the course of provision of our Services we do not sell any personal information related to consumers.

Under the CCPA, “sell,” “selling,” “sale,” or “sold,’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration. Therefore, it does not necessarily mean money was exchanged for the transfer of personal information, but the transfer may still be considered a “sale”. 

SiteGround has taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we evaluate some of our third-party relationships periodically.

 

VI. Consumer rights under the CCPA

The CCPA provides consumers with specific rights with respect to their personal information as follows:

  1. Right to opt-out from sale of personal information

A consumer shall have the right, at any time, to direct SiteGround not to sell the consumer’s personal information (“the right to opt-out”). Such a request of the consumer shall be respected for at least twelve (12) months before requesting that the consumer authorizes again the sale of the consumer’s personal information. In order to process the consumer’s request, SiteGround may use any personal information collected from the consumer in connection with the submission of the consumer’s opt-out request solely for the purposes of complying with the opt-out request. 

The opt-out right may be exercised at the following link: “Do Not Sell My Personal Information”.

  1. Right to know request

Pursuant to the CCPA, you have a right to request information about the collection, use, and disclosure of your personal information performed by SiteGround over the preceding twelve (12) months, as well as to ask to provide you with these specific information:

As per the CCPA SiteGround shall take into consideration the following requirements when answering a consumer’s request:


  1. Right to delete request - you also have a right to request that we delete a part of or all your personal information, subject to certain exceptions (i.e., when the information is necessary to: complete a transition or provide a service requested by you; debug or repair expected product functionality; detect or investigate cyber threats, etc.). Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.


  2. Right to remain non-discriminated - SiteGround shall not discriminate against a consumer because the latter exercised any of the consumer’s rights under the CCPA, including, but not limited to, by:

If you have additional questions regarding your rights under the CCPA, please refer to the SiteGround Privacy Policy and contact us at privacy@siteground.com. 

Close Window