More

Privacy Policy


This Privacy Policy describes the rules followed by us to process your details, including personal data and cookies.


1. General information.

  1. The website operator is: H88 S.A. with its registered seat in Poznań, ul. Franklina Roosevelta 22, 60-829 Poznań, entered in the National Court Register by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register under KRS no. 0000612359, REGON 364261632, NIP 7822622168, initial capital of PLN 215,228.00 paid up in whole.
  2. The operator is the Personal Data Controller for data provided voluntarily by users when opening the services, using them and participating in any marketing campaigns which may be organised by the Operator (e.g. competitions, newsletters etc.).
  3. The data provided by the users to use the services is used in the process of the service initiation and provision. This includes the following activities:
    • Technical start of services,
    • Invoicing,
    • Processing and storing financial documents based on specific provisions, including fiscal, accounting and bookkeeping ones etc.,
    • Notifying of the service expiry dates and their possible extension,
    • Notifying of scheduled technical works,
    • Notifying of any material configuration changes,
    • Notifying of rules’ amendments,
    • Providing technical support, including answers to the users’ inquiries,
    • Explanations concerning settlements,
    • Direct commercial contacts, if requested by the user.
    • Sending marketing information by e-mail/SMS/over the phone/using other channels, if the user consents to such forms of contact (e.g. by subscribing to a newsletter, marking a relevant consent during the service registration or in the customer’s panel. The detailed rules, scope of the consent and relevant regulations can be found in the consent location),
  4. The Operator, being a hosting company, can be also a Personal Data Processor with respect to any data for which the data controllers are the customers and which was entrusted to them against a relevant agreement. In such circumstances the detailed terms and conditions are stipulated in the said agreement. This Policy does not refer to using such data. The Operator is not a data controller for them.
  5. This Policy does not cover any information on the services, goods or websites belonging to any entities other than the Operator.
  6. The website obtains information on the users and their behaviour in the following way:
    • By data entered voluntarily in forms which are entered in the Operator’s systems.
    • By saving cookie files in the user devices.
    • By saving technical logs on the network server, in the e-mail and the Operator’s application.

2. Detailed Information on Personal Data Processing

Personal data processing takes place in accordance with the provisions of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal EU L no. 119), hereinafter referred to as GDPR, and the Act on providing services by electronic means and other applicable regulations.

  1. Personal Data Controller

    The Data Controller shall be: H88 S.A. with its registered seat in Poznań, ul. Franklina Roosevelta 22, 60-829 Poznań, entered in the National Court Register by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register under KRS no. 0000612359, REGON 364261632, NIP 7822622168, initial capital of PLN 215,228.00 paid up in whole.

    Contact details of the Data Controller: ul. Franklina Roosevelta 22, 60-829 Poznań, e-mail: info@ssl4less.eu, phone: +48 12 446 63 77

  2. Data Protection Officer

    The Data Protection Officer for the Data Controller shall be Dariusz Sikorski (hereinafter DPO) who can provide more information on the rights of the person and their personal data at the e-mail address:

  3. Voluntary personal data sharing

    The Provider would like to inform that unless it is stipulated otherwise in particular forms (e.g. indicating the data sharing is voluntary), the Provider’s services cannot be used anonymously or by means of an alias. Consequently, any refusal to share the personal data can entail refusal to execute an agreement and provide the ordered service.

  4. To create a customer’s account to order the Provider's service, it is required to create a login and provide:

    For an individual not running their business activity

    For an entrepreneur

    • name and surname
    • place of abode
    • e-mail address
    • phone number
    • PESEL

      (Mandatory data)

    • name and surname
    • company name
    • business address
    • e-mail address
    • phone number
    • Taxpayer’s ID (NIP)

      (Mandatory data)

  5. Types of processed data, purposes, legal grounds for data processing by the Provider and the anticipated period of storage

    Data type

    Processing purpose

    Legal grounds

    Storage period

    Mandatory data

    Contact details of the Customer's personnel (including name and surname, e-mail address, phone number)

    Keeping the customer’s account on the website, provision of the ordered services, ensuring contact in connection with service provision

    Article 18 section 1 of the Act on providing services by electronic means

    Article 6 section 1 item b) GDPR (mandatory for the agreement performance)

    Until the customer’s account is deleted

    Pursuit or defence of claims

    Article 6 section 1 item f) GDPR (legitimate interest)

    Until the expiry of the claims’ limitation period

    Marketing and direct marketing of the Controller’s products or services, including e.g. the Customer’s satisfaction survey etc.

    Article 6 section 1 item f) GDPR (legitimate interest)

    Until any objections are made pursuant to Articles 21–22 GDPR

    Sending commercial information by electronic means (advertising e-mails and SMSes), making telephone calls to present promotional or customised offers

    Article 6 section 1 item a) GDPR in connection with Article 172 section 1 of the Telecommunications Law and Article 10 section 2 of the Act on providing services by electronic means (Consent)

    Until the consent is revoked or any objections are made pursuant to Articles 21–22 GDPR

    Data required because of the selected service settlement method, including but not limited to:

    Details of the bank account used to make the payment

    Data included in the issued bills (VAT invoices)

    Data of the ordered and performed services (order history)

    Settlement of the provided services

    Article 18 section 2 of the Act on providing services by electronic means

    Article 6 section 1 item b) GDPR (mandatory for the agreement performance)

    Until the expiry of the claims’ limitation period or the termination of the obligation when the accounting documents need to be retained

    Fulfillment of legal obligations concerning accounting and bookkeeping

    Article 6 section 1 item c) GDPR (fulfillment of legal obligations concerning accounting)

    Pursuit or defence of claims

    Article 6 section 1 item f) GDPR (legitimate interest)

    Data included in any communication with the Data Controller (in any filled-in contact forms, application system, e-mail, chat application, traditional communication)

    Telephone call recordings

    Communication, handling applications, requests, inquiries or complaints. Disclosing the content of any statements or requests made by the person

    Article 6 section 1 item c) GDPR (fulfillment of legal obligations concerning responding to the data subjects’ requests)

    Article 6 section 1 item f) GDPR (legitimate interest)

    Until the expiry of the claims’ limitation period

    Pursuit or defence of claims

    Article 6 section 1 item f) GDPR (legitimate interest)

    Data characterising the way of using a service provided electronically (operating data):

    Identification no. ascribed to the person based on the data held

    Numbers identifying the telecommunications network terminal or an IT system used by the person

    Information on starting, ending and scope of every use of the service provided by electronic means

    Information that the customer used services provided by electronic means

    Ensuring service quality parameters and optimisation

    Ensuring safety measures

    Handling inquiries

    Determining any prohibited use of the service and sharing data with authorised bodies

    Article 18 section 5–6 of the Act on providing services by electronic means

    Article 6 section 1 item f) GDPR (legitimate interest)

    Up to 6 months

    With respect to any data concerning access to the customer’s panel and placement of orders, instructions or requests — throughout the service term, and later until the expiry of the claims’ limitation period.

    All the above-mentioned personal data processed by the Data Controller in the IT systems.

    Making and storage of backup copies, ensuring the ability to provide continuous confidentiality, integrity, accessibility and resistance of systems and processing services; ensuring the ability to restore the accessibility of personal data and access to them quickly in the case of any physical or technical incident.

    Article 6 section 1 item c) in connection with Article 32 section 1 items b) and c) GDPR (fulfillment of legal obligations related to ensuring data security, integrity and accessibility)

    Compliant with the internal backup copy schedule

  6. Right to withdraw the agreement

    If the Data Controller processes personal data based on a consent, such a consent can be withdrawn any time. The consent withdrawal does not affect the legitimacy of processing carried out before the withdrawal.

  7. Rights of the data subject related to their personal data processing

    The data subject shall have the following rights concerning their personal data:

    Right to access the data

    Article 15 GDPR.

    Essence of the law: The Data Subject shall be entitled to obtain a confirmation their personal data is processed from the Data Controller and if so they shall be entitled to access it and the information provided in the said provision.

    Right to have the data corrected and complemented

    Article 16 GDPR

    Essence of the law: The Data Subject shall be entitled to request the Data Controller to correct their personal data immediately if it is incorrect. Based on the processing purposes, the Data Subject shall be entitled to request that any incomplete personal data is complemented, including by making an additional statement.

    Right to have the data deleted

    Article 17 GDPR

    Essence of the law: The Data Subject shall be entitled to request the Data Controller to delete their personal data immediately and the Data Controller shall be obliged to delete such personal data without undue delay if one circumstance stipulated in the said provision occurs.

    Right to have the data processing restricted

    Article 18 GDPR

    Essence of the law: Processing restriction means marking the personal data kept to restrict its future processing. Given such data marking, its processing, other than storage, is possible solely based on the consent or for purposes stipulated in this provision. Restriction can be demanded in the cases stipulated in this provision.

    Right to have data transferred

    Article 20 GDPR

    Essence of the law: The Data Subject shall be entitled to receive their data submitted by them to the Data Controller in a structured, popular, machine-readable format and also to send such data to another data controller with no objections on the Data Controller’s part

    Right to object

    Article 21 GDPR

    Essence of the law: If the personal data is processed for the purposes of direct marketing, the Data Subject shall be entitled to object to processing their personal data for the purpose of such marketing any time, including profiling, in the scope the processing is connected with such direct marketing.

    The right to object applies also in other cases stipulated in Articles 21–22 GDPR.

    The Data Subject can exercise the said right by contacting the Data Controller in any way stipulated hereinabove. This refers also to the withdrawal of any consents granted. During remote contact, the Data Controller may request the Data Subject to provide personal data to verify their identity.

  8. Data recipients

    The data can be shared with entities commissioned by the Data Controller or providing services for them, including but not limited to:

    • Entities running registers of subscribers of Internet domains ordered by the data subject or agents registering a given domain;
    • Entrepreneurs in the advertising and marketing sector (advertising agencies, call-centers, programme platforms for e-mail or SMS sending, chat communication);
    • Entrepreneurs providing services related to the pursuit or defence of claims and legal and accounting services (debt collection, legal or tax offices, accounting firms);
    • Subcontractors and technicians;
    • Auditors;
    • Postal service providers and courier services.

    The data can be also disclosed to:

    • Bodies which are authorised to demand its disclosure based on the applicable regulations, including but not limited to courts, prosecutors’ offices, the Police, tax and customs administration;
    • Other entities authorised to demand access to data under the applicable law.
  9. Data transfer to third countries

    As a rule, personal data is not transferred to any third country or international organisation outside the European Economic Area (EEA). However, the transfer can take place in the below-mentioned scope.

    Personal data can be transferred outside EEA in connection with the Data Controller’s use of analytical or advertising services provided by Google LLC, including Google Adwords and Google Analytics. In such a case, the data is transferred to the United States of America based on the European Commission decision (the so-called Privacy Shield) ascertaining the appropriate personal data protection degree is ensured for the scheme participants, including for the provider of the said services, Google LLC, Mountain View, California.

    The data can be transferred also if any service requiring to transfer personal data to any third country is ordered, i.e. including but not limited to the registration of an Internet domain the register of which is handled by an entity with its seat in a country not belonging to EEA or a SSL certificate handled by such an entity. In such a case the personal data is transferred regardless of whether there was the European Commission ascertaining the appropriate data protection level issued or if there were any other security measures stipulated in Article 46 or 47 GDPR issued for the said third country or international organisation. The data shall be transferred solely in the scope required to perform the ordered service.

    Given the fact that it is impossible to specify and describe all the likely situations when personal data can be transferred outside EEA in connection with domain registration, purchase of SSL certificates or ordering any other services offered by the Data Controller in this document (there are more than 1,500 domains, including domestic, international and nTLD ones in the IANA database, the registers of which are frequently kept by separate organisations), the detailed information can be obtained:

    What is more, the detailed information on data transfer outside EEA in connection with particular service provision can be obtained from the Data Protection Officer (e-mail address: iod@h88.pl).

  10. Profiling

    With respect to the Data Subject there can be activities consisting in automated decision-making carried out, including profiling to provide services pursuant to the executed agreement and for the Data Controller to carry out direct marketing. They have no legal effects and are not based on any data belonging to any special category.

  11. Right to complain

    The Data Subject shall be entitled to complain to the supervisory body, i.e. the President of the Personal Data Protection Office if they believe their personal data is not processed compliant with the applicable law.

3. Selected methods of data protection.

  1. The Operator uses various protection mechanisms for personal data, including but not limited to:
    • Protection from unauthorised access;
    • Protection from data loss;
  2. Users’ passwords are not saved in the database in a explicit way or enciphered in a convertible way.
  3. The locations where logging in takes place and where personal data is entered are protected in the data link layer (SSL certificate).
  4. The Operator uses the means of protection from data loss (e.g. drive arrays, regular backup copies).
  5. The Operator uses adequate measures to protect processing locations from fire (e.g. dedicated extinguishing systems).
  6. The Operator uses adequate measures to protect processing systems in case of a sudden power failure (e.g. double power supply lines, generators, uninterruptible power supplies).
  7. The Operator uses the measures of physical access control to the data processing locations (e.g. access control, monitoring).
  8. The Operator uses the means of ensuring appropriate environmental conditions for servers as the data processing system components (e.g. control of the environmental conditions, special air-conditioning systems).
  9. The Operator uses organisational solutions to ensure the highest possible level of protection and confidentiality (training, internal rules, password policies etc.).
  10. The Operator appointed a Data Protection Officer.

4. Information in forms.

  1. The Website collects data provided voluntarily by the user, including personal data, if provided.
  2. The Website can save information on the connection parameters (duration, IP address).
  3. In certain cases, the Website can save the information facilitating linking the data in the form with the e-mail address of the user filling in the form. In such circumstances the user’s e-mail address appears in the url address of the page where the form can be found.
  4. Data provided in the form is processed for the purpose resulting from the function of a given form, e.g. to perform the process of handling the service request or commercial contact, service registration etc. The context and description of every form indicates clearly its purpose.

5. Logs.

  1. Information on certain user behaviours is logged. Such data is used to administer the website and to ensure the best provision of hosting services.
  2. The following may be logged:
    1. Resources marked with the URL ID (addresses of the requested resources, e.g. pages, files);
    2. Query reception time;
    3. Response sending time;
    4. Customer’s station name (identification via a HTTP);
    5. Information on any errors in the course of the HTTP transaction;
    6. An URL address of the page visited by the user previously (a referer link), if the Website is visited via a reference link;
    7. Information on the user’s browser;
    8. Information on the IP address;
    9. Diagnostic information related to the process of ordering services via the loggers on the website;
    10. Information related to the operation of an e-mail if the user uses the e-mail service provided by the Operator.

6. Information on cookies.

  1. The website uses cookies.
  2. Cookies are information data, including but not limited to text files, stored in the device of the Website User and designed for using the Website pages. Cookies usually contain the name of the page they come from, their storage time in the user device and a unique number.
  3. The entity placing cookie files in the Website User’s device and obtaining access to them is the Website Operator.
  4. Cookie files are used for the following purposes:
    1. Creating statistics which promote understanding of how the Website Users use the websites which enables to improve their structure and content;
    2. Maintaining the Website User’s session (after logging in) thanks to which the User need not enter the login and password again on every Website page;
    3. Maintaining information on the service referrals for the referral programme;
    4. Specifying the user profile to display matching materials in advertising networks, including but not limited to in Google network, to them.
  5. The Website uses two basic types of cookies: Session cookies and persistent cookies. Session cookies are temporary files stored on the User’s device until they log out, leave the page or switch off the software (the browser). Persistent cookies are stored on the User’s device for the time specified in the cookie files parameters or until they are removed by the User.
  6. The software for browsing websites (browser) usually permits cookie file storage in the User’s device by default. The Website Users may change the settings in this respect. The browser enables to delete cookie files. It is also possible to block cookies automatically. Detailed information can be found in the Help section or the documents of the browser.
  7. Restricted use of cookie files may affect certain functionalities available on the Website pages.
  8. Cookies saved in the Website User’s device may be used also by entities cooperating with the Website Operator, including but not limited to: Google (Google Inc. with its seat in the U.S.), Facebook (Facebook Inc. with its seat in the U.S.), Twitter (Twitter Inc. with its seat in the U.S.).
  9. The Operator uses the Google Analytics service to analyse traffic on the website.
  10. The Operator uses remarketing i.e. activities, thanks to which advertising networks may display advertising messages matching their behaviour in the Website. The technological prerequisite for such activities is the enabled cookies.
  11. With respect to the information on the user preferences collected by the Google advertising network, the user may browse and edit information resulting from cookies using the following tool: https://www.google.com/ads/preferences/

7. Cookie management — How to grant and revoke consent?

  1. If a user does not want to receive cookies, they can change their browser settings. We reserve disabling cookies required for the authorisation, security and maintaining user preferences processes may hamper or even prevent using websites.
  2. To manage cookie settings, select a browser you use in the list below and follow the instructions:

    Mobile devices: