Dutch datacenters99.9% average uptime24/7 human support
Contact

Privacy statement

Last updated: 7 July 2026

Hosteiland ("Hosteiland", "we", "us") provides hosting, web development, and marketing services from the Netherlands. This privacy statement explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have. It applies to visitors of our website, prospective and existing customers, and - where relevant - to the end users of the websites and applications our customers host with us.

1. Who is responsible for your data

Hosteiland, registered in the Netherlands with its office at Giottoplantsoen 18, 1328 VM Almere, is the data controller for the personal data described in this statement, unless stated otherwise below.

For most of the data we process about our own website visitors and customers, Hosteiland determines the purpose and means of processing and therefore acts as the data controller. When we host, store, or transmit data on behalf of our customers - for example, the content, databases, or visitor data belonging to a website our customer runs on our infrastructure - we act as a data processor on our customer's instructions, and our customer remains the controller for that data. This statement addresses our role as a controller; our role as a processor is governed by the data processing agreement we conclude with our hosting and development customers.

2. What personal data we collect

The personal data we collect depends on how you interact with us:

Website visitors: when you browse hosteiland.com or hosteiland.nl, we automatically collect technical data such as your IP address, browser type, device information, pages visited, and referring URL through cookies and similar analytics technologies. If you submit our contact form, we collect the name, email address, phone number (optional), company name, and message content you provide.

Customers and prospective customers: when you request a quote, sign up for hosting, domain, web development, or marketing services, we collect your name, company name, billing and invoicing details, email address, phone number, domain and hosting account information, and payment details (processed by our payment providers - we do not store full card numbers ourselves). We also keep records of support requests and correspondence.

End users of customer websites: if you are a visitor of a website that one of our customers hosts with us, we generally have no direct relationship with you and do not knowingly collect your personal data for our own purposes. Any data collected through such a website (for example via forms or analytics the website owner has installed) is processed by us solely as infrastructure on behalf of our customer, who is responsible for informing you about that processing.

3. Why we process your data and on what legal basis

We process personal data for the following purposes and legal grounds under the GDPR (AVG):

To perform our contract with you - setting up and managing hosting accounts and domains, delivering web development and marketing services, billing, and customer support (necessary for the performance of a contract).

To respond to enquiries submitted through our contact form and to prepare quotes (necessary for the performance of a contract, or based on our legitimate interest in responding to your request).

To improve our website and services, understand how visitors use our site, and measure the effectiveness of our marketing (based on our legitimate interest, or on your consent where required for non-essential cookies).

To send marketing communications about our services (based on your consent, or on our legitimate interest for existing customers, subject to your right to object at any time).

To comply with legal and regulatory obligations, such as Dutch tax and accounting law (necessary for compliance with a legal obligation).

Cookies and similar technologies are addressed in detail in our separate Cookie Policy, which explains which cookies we use, their purpose, and how you can manage your preferences.

4. Sharing data with third parties

We share personal data with third parties only where necessary to provide our services or where we are legally required to do so. Categories of recipients include:

Payment service providers, to process invoices and online payments securely.

Hosting, network, and email infrastructure subprocessors that support the technical delivery of our own services (for example, datacenter operators, backup providers, and transactional email services).

Analytics and advertising platforms that help us understand website usage and measure marketing performance, in line with your cookie preferences.

Professional advisers, such as accountants or legal counsel, where necessary for our legitimate business operations.

Public authorities, where we are required by law to disclose information.

We require all third parties who process personal data on our behalf to sign a data processing agreement and to apply appropriate technical and organisational security measures. We do not sell personal data to third parties.

5. International data transfers

Hosteiland's own infrastructure and datacenters are located in the Netherlands, and we primarily process personal data within the European Economic Area (EEA). Where we engage a subprocessor located outside the EEA - for example for certain analytics or email delivery tools - we ensure an adequate level of protection is in place, such as an adequacy decision by the European Commission or Standard Contractual Clauses, together with any additional safeguards required by law.

6. How long we keep your data

We retain personal data only for as long as necessary for the purposes described in this statement. As a general rule, customer account and contract data is kept for the duration of our contractual relationship, plus a limited period afterwards to handle any follow-up questions or claims.

Financial and invoicing records are retained for the statutory retention period required under Dutch tax law, currently seven years. Contact form submissions that do not lead to a customer relationship are generally deleted after a reasonable period if no further action is required. Where data is processed on the basis of consent, such as marketing communications, we retain it until you withdraw your consent or object.

7. Your rights under the GDPR (AVG)

As a data subject, you have the following rights regarding your personal data: the right of access to the data we hold about you; the right to rectification of inaccurate data; the right to erasure of your data in certain circumstances; the right to restrict our processing; the right to object to processing based on legitimate interest or direct marketing; and the right to data portability, where applicable.

You can exercise these rights by contacting us using the details on our Contact page. We will respond to your request within the timeframe required by law. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we are not processing your personal data lawfully.

8. How we protect your data

We take the security of personal data seriously and apply appropriate technical and organisational measures, including encryption of data in transit and at rest where appropriate, role-based access controls, regular security patching of our systems, firewalls and network monitoring, and staff confidentiality obligations. Access to personal data is limited to employees and subprocessors who need it to perform their role.

9. Questions and how to reach us

If you have questions about this privacy statement or would like to exercise any of your rights, please get in touch via our Contact page. We aim to respond to all privacy-related requests as quickly as possible and within the timeframe required by law.

10. Changes to this statement

We may update this privacy statement from time to time, for example to reflect changes in our services or in applicable law. We will post any changes on this page with a revised "last updated" date. We encourage you to review this statement periodically.