Privacy Policy

Below we inform you about how your personal data is processed when using our website and products and what rights you have in this regard.

Who is the data controller?

The data controller (hereinafter "Controller") is the company "Serhii Rostilo", which operates at the address: , and provides services through the service.

How can the data controller be contacted?

You can contact the Controller in one of the following ways:

  • Mailing address - Serhii Rostilo,

  • Email address - info@pan.host

  • Contact form - available at: https://www.pan.host/en/contact

Has the controller appointed a data protection officer?

In accordance with Art. 37 of the GDPR, the Controller has not appointed a data protection officer.

For matters concerning data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data and what are their sources?

The data is obtained from the following sources:

  • from the data subjects
  • in the case of registration via social networks, with the explicit consent of these individuals, from these social networks

What is the scope of the personal data we process?

The service processes ordinary personal data voluntarily provided by data subjects (For example, name, surname, login, email address, phone, IP address, etc.)

The exact scope of processed data is available in the privacy policy.

What are the purposes of data processing?

Personal data voluntarily provided by users is processed for one of the following purposes:

  • Provision of electronic services:
    • Registration services and maintenance of the user account in the service and associated functions
    • Domain registration services
    • Hosting services
    • Newsletter services (including sending advertising content with consent)
  • Communication of the Controller with users regarding matters related to the service and data protection
  • Protection of the legitimate interests of the Controller

What are the legal bases for data processing?

The service collects and processes user data on the basis of:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
    • Art. 6(1)(a) of the GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
    • Art. 6(1)(b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
    • Art. 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • Federal Data Protection Act (BDSG).
  • Telemedia Act (TMG).
  • Copyright Act and Related Rights (UrhG).

What is the legitimate interest pursued by the Controller?

  • To assert, exercise, or defend against potential claims - the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR), which consists in safeguarding our rights, including, among others;
  • To assess the risk of potential customers
  • To evaluate planned marketing campaigns
  • To carry out direct marketing

How long do we process personal data?

Generally, the provided personal data is retained only for the duration of providing the service within the framework of the service operated by the Controller. It will be deleted or anonymized within 30 days after the termination of the service (e.g., deletion of the registered user account, removal from the newsletter list, etc.).

In exceptional cases, this period may be extended to safeguard the legitimate interests of the Controller. In such cases, the Controller will not retain the provided data for longer than 3 years from the date of the user's request for deletion if the provisions of the service agreement are violated by the data subject or there is a suspicion of violation.

Who is the recipient of the data, including personal data?

Generally, the sole recipient of the data is the Controller.

However, data processing may be transferred to other entities providing services to the Controller to maintain the service. These entities may include, among others:

  • Hosting companies providing hosting services or similar services to the Controller
  • Companies providing domain registration services

Are your personal data transferred outside the European Union?

Personal data is not transferred outside the European Union unless it has been published due to an individual action by the user (e.g., posting a comment or a post), resulting in the data being accessible to each visitor of the service.

Are personal data used for automated decision-making?

Personal data is not used for automated decision-making (profiling).

What rights do you have regarding the processing of personal data?

  • Right to Restriction of Processing of Personal Data
    Users have the right to restrict the processing of their personal data in the cases mentioned in Art. 18 GDPR, including challenging the accuracy of the personal data; this is done upon request to the data controller.

  • Right to Data Portability
    Users have the right to receive their personal data from the data controller in a structured, commonly used, and machine-readable format; this is done upon request to the data controller.

  • Right to Object to the Processing of Personal Data
    Users have the right to object to the processing of their personal data in the cases mentioned in Art. 21 GDPR; this is done upon request to the data controller.

  • Right to Lodge a Complaint
    Users have the right to lodge a complaint with the supervisory authority responsible for data protection.