v.5 – Updated November 6th, 2019
Collection of Information
Plesk gathers information in most of its interactions with you, whether directly or indirectly. Although some of the information may be considered as Personal Identifiable Information (“PII”), most of the gathered information is not PII. PII is defined as information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Plesk has taken extensive safety and operational precautions, including administrative, physical and technical safeguards to protect personal information. Furthermore, Plesk deploys reasonable safeguards across the company databases to prevent unauthorized access, disclosure or loss of personal information.
Where information is provided to Plesk for the purpose of the establishment of a contractual relationship, Plesk processes your data on the basis of Article 6 I b) GDPR. In all other cases, your data is processed on basis of and in accordance to your explicit consent as required by Article 6 I a) GDPR.
Information received from you directly
Plesk collects and stores information during the registration of products, the creation of online profiles, the application via our website and any contact for support or other matters (e.g. contact or comment forms, telephone contact). Examples of information transmitted by you:
1. Name, address, phone number, email address
2. IP addresses
3. Billing and other purchasing and shipping information;
4. Records of transactions, including purchases, inquiries and service requests;
5. Authentication data such as user name and password to verify access.
6. Application Data, CVs, profiles, pictures (additional Job Applicant Data Policy in place)
Plesk does not collect or process any credit card data during purchases. Any credit card purchase is made through our reliable and secure online payment processor (Worldpay), with the result that Plesk is never furnished with your sensitive credit card information;
In order to provide its services, its websites or fulfill its contractual obligations to you, Plesk may be required to forward data which may include some of your personal information to third parties. In order to follow the requirements of data minimization, the data so transferred is reduced to the necessary minimum. Those subcontractors are required to adhere to a data processing agreement with Plesk under which they are committed to process data solely in accordance with the applicable laws (including the GDPR and other national privacy laws).
Plesk has an extensive data protection policy in place across its organization, which every Plesk employee or contractor must adhere to at all times. Such data protection policy sets forth the mandatory way, information is expected to be handled within Plesk and describes the necessary internal processes and the required level of confidentiality to be maintained in order to be compliant with national and international data protection laws (like e.g. GDPR).
Plesk strives to comply with the concept of data minimization (“privacy by default”) by only collecting as much information as needed for the intended and approved purpose. Only information which is relevant to such purpose and which has been provided to Plesk in free and informed manner by you as the data subject will be processed by Plesk for as long as needed for the purpose. Thereafter, any PII is subject to a defined deletion routine as defined in Plesk’s record of processing activities created and maintained in accordance to Article 30 of the GDPR.
Information Collected Automatically
Plesk may automatically collect and store information about how users utilize the Plesk website(s) and applications. This may include anonymized IP addresses of website visitors, browser type and other information such as search terms, which helps us to improve our services and our website to provide you with the best possible services and user experience. Any so collected data which may be considered as PII is subject to immediate anonymization upon its collection with the result that the automatically-collected data will not allow Plesk or any other party to identify you.
Data Protection for Minors
The Plesk website as well as its contents, services and offers are not directed at children or minors. Accordingly, Plesk does not want and does not assume that any information collected on the Plesk website or any forum will be personal data pertaining to children or minors. Any data which is identified as belonging to a child or minor is subject to immediate deletion.
Is my data secure at Plesk?
Plesk has implemented appropriate technical and organizational measures related to the respective processing purpose in order to protect the PII provided by you against abuse and loss. PII and other information about you are stored in a secure operating environment that is not accessible to the public.
Any data transmission performed by Plesk is encrypted during transmission via SSL.
In addition, each of Plesk’s employees is contractually bound by comprehensive confidentiality and non-disclosure terms and is further required to abide by the Plesk data protection policy at all times.
What are my rights?
You have the following rights in respect to the PII you provide to Plesk:
1. You may at any time request Plesk to delete the data you provided or withdraw any data processing consent you provided to Plesk by contacting [email protected]
2. You may further limit the scope of processing to certain processing activities or request a correction of your data.
3. You have the right to be informed about where, for which purpose and for how long which data is collected by Plesk. You may at all times request to receive such information in a structured, commonly-used and machine-readable format to transfer your data to another data controller.
4. In the unlikely case that Plesk may, in your reasonable discretion, not comply with the applicable data protection law, you have the right to file a complaint directed at the competent regulatory authority.
Plesk may ask you to provide a proper identification of yourself before performing any PII-related action to avoid misuse.
Is my data shared with third parties?
In order for Plesk to execute its business processes in a convenient and optimal manner, it may be necessary for certain data to be processed by trusted 3rd parties and reliable partners. These 3rd parties may
1. process payments
2. fulfill orders
3. send email
4. manage communication (e.g. newsletters, security notifications, chat)
5. website hosting
6. conduct other related activities
on behalf of Plesk. However, Plesk only shares such information needed to serve the specific purpose for which the 3rd parties were engaged. Plesk ensures that these 3rd parties are under similar obligations to maintain privacy and confidentiality as Plesk’s own employees are and that they will handle your information in the way and to the extend as Plesk itself is permitted to. Plesk does not allow any 3rd party to use your information for any purposes for which the information was not collected.
Plesk will only disclose your PII abroad, if it is necessary for the intended purpose of processing. However, as a member of the worldwide Plesk group of companies, every local Plesk entity may maintain or perform data processing operations in countries outside the EEA or in countries without an adequate level of data protection, if it is required for the fulfillment of our obligations or the underlying agreement with you. Furthermore, subcontractors of Plesk which Plesk engages to act on its behalf in respect to the processing of your PII may be domiciled in such areas.
In order to secure such transfer and processing in accordance to chapter 5 of the GDPR, Plesk has implemented and requests the required technical and organizational measures as well as has entered into the appropriate contractual frameworks with group companies and subcontractors which make sure that the recipient of data has implemented an adequate level of data privacy in its organization as required by the GDPR. This includes signature of Data Processing Agreements as well as EU standard contractual clauses issued by the EU commission. These precautions are appropriate safeguards as requested by Article 46 GDPR and local data protection laws in effect, which make sure that your information will be treated securely, confidentially and in accordance to the applicable data protection laws.
How long will my data be stored?
Plesk only maintains your PII for as long as it is required for the intended and approved purpose. Data which is collected on basis of your explicit consent will be retained until such consent will be withdrawn or expires. Some data (e.g. billing related data) may be subject to statutory data retention obligations, which Plesk adheres to. Product trial licenses are tied to email addresses. For fraud protection purposes, such addresses are subject to an extended retention term of up to 12 months after license expiration. As soon as your PII is no longer needed to serve the purpose of its collection and no other retention policies apply, Plesk has implemented revolving routines to delete your data. Plesk employs data destruction techniques designed to completely destroy data and prevent any future recovery in all such routines.
A cookie is a piece of data stored on your computer, tied to information about you. Plesk may use all kinds of cookies. This may either include cookies which terminate and erase once you close your browser or log out or cookies stored on your computer for an extended timeframe.
During your first visit on the Plesk website, you will be asked to confirm the cookie categories you agree to be set (Cookie Bot). At the same time you will be provided with detailed information about the respective cookies.
Plesk has furthermore established a comprehensive “Statement Regarding Cookies and Other Technologies”, describing the different kinds of cookies and technologies used on the Plesk website, the purpose of their use as well as ways to avoid cookies and other technologies by way of editing your browser preferences or actively performing opt-out actions. The Plesk Statement Regarding Cookies and Other Technologies can be found at https://www.plesk.com/legal/#cookie-statement .
You may opt out from being targeted via cookies by either rejecting the corresponding cookie using the SolusIO cookie consent manager when entering our Site, or via the following link:
Links to 3rd Parties
Accordingly, Plesk disclaims any responsibility and liability for actions of any 3rd parties or the observance of data protection regulations by 3rd parties, linked to from Plesk’s websites. In the event you envisage any shortcomings or breaches of data protection regulations by one of the 3rd parties linked on the Plesk website, please immediately contact Plesk per the address below to allow Plesk to take the appropriate actions to stop this misbehavior.
Responsible data processor: Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen / Switzerland (CHE-278.733.710), represented by its Managing Director Mr. Sascha Konzack.
Version: v.5 (issued 06.11.2019)
This Policy applies to Plesk International GmbH, direct affiliates of the Plesk group of companies and all websites owned by Plesk.
This policy is subject to periodic revisions and may be amended by Plesk from time to time if necessary. A change log at the end of the policy will define changes made as well as the date of such changes. If required, Plesk will further inform you about changes to this policy via the appropriate communication channels directly.