Collection of Information
Plesk gathers information in most of its interactions with you, whether directly or indirectly. Although some of the information may be considered as “Personal Data”, most of the gathered information is not Personal Data. Personal Data is defined as information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Plesk has taken extensive safety and operational precautions, including administrative, physical and technical safeguards to protect personal information. Furthermore, Plesk deploys commercially reasonable safeguards across the company databases to prevent unauthorized access, disclosure or loss of personal information.
Where information is provided to Plesk for the purpose of the establishment or maintenance of a contractual relationship, Plesk processes your data on the basis of Article 6 I b) GDPR. In all other cases, your data is processed on basis of and in accordance to your explicit consent as required by Article 6 I a) GDPR or a legitimate interest on basis of Article 6 I f) GDPR.
Information received from you directly
Plesk collects and stores information during the registration of products, the creation of online profiles, the application via our website and any contact for support or other matters (e.g. contact or comment forms, telephone contact). Examples of information transmitted by you:
Plesk does not collect or process any credit card data during purchases. Any credit card purchase is made through a reliable and secure, external online payment processor (third-party controller), with the result that Plesk is never furnished with your sensitive credit card information.
In order to provide its services, its websites or fulfill its contractual obligations to you, Plesk may be required to forward data which may include some of your personal information to third parties. In order to follow the requirements of data minimization, the data so transferred is reduced to the necessary minimum. Those suppliers or subcontractors are required to adhere to a data processing agreement with Plesk under which they are committed to process data solely in accordance with the applicable laws (including the GDPR and other national privacy laws) and in accordance to Plesk instructions. This processing includes a required screening of your provided data against international export and economic sanctions lists by Plesk. A negative (no match) screening result is a mandatory requirement for Plesk to communicate with, deal with, do business with or provide any form of services to you. The WebPros “Export and Sanctions Compliance Policy” applies, accordingly.
Plesk has an extensive data protection policy in place across its organization, which every Plesk employee or contractor must adhere to at all times. Such data protection policy sets forth the mandatory way, information is expected to be handled within Plesk and describes the necessary internal processes and the required level of confidentiality to be maintained in order to be compliant with national and international data protection laws (like e.g. GDPR).
Plesk strives to comply with the concept of data minimization (“privacy by default”) by only collecting as much information as needed for the intended and approved purpose. Only information which is relevant to such purpose and which has been provided to Plesk in free and informed manner by you as the data subject will be processed by Plesk for as long as needed for the purpose. Thereafter, any Personal Data is subject to defined deletion routines as defined in Plesk’s record of processing activities, created and maintained in accordance to Article 30 of the GDPR.
Information Collected Automatically
Plesk may automatically collect and store information about how users utilize the Plesk website(s) and applications. This may include anonymized IP addresses of website visitors, browser type and other information such as search terms, which helps us to improve our services and our website to provide you with the best possible services and user experience. Any so collected data which may be considered as Personal Data is subject to immediate anonymization upon its collection with the result that the automatically-collected data will not allow Plesk or any other party to identify you.
Data Protection for Minors
The Plesk website as well as its contents, services and offers are not directed at children or minors. Accordingly, Plesk does not want and does not assume that any information collected on the Plesk website or any forum will be personal data pertaining to children or minors. Any data which is identified as belonging to a child or minor is subject to immediate deletion.
Is my data secure at Plesk?
Plesk has implemented appropriate technical and organizational measures related to the respective processing purpose in order to protect the Personal Data provided by you against abuse and loss. Personal Data and other information about you is stored in a secure operating environment that is not accessible to the public.
Any data transmission performed by Plesk is encrypted during transmission via SSL.
In addition, each of Plesk’s employees is contractually bound by comprehensive confidentiality and non-disclosure terms and is further required to abide by the Plesk data protection policy at all times.
What are my rights?
You have the following rights in respect to the Personal Data you provide to Plesk:
Plesk may ask you to provide a proper identification of yourself before performing any Personal Data-related action to avoid misuse.
Is my data shared with third parties?
In order for Plesk to execute its business processes in an optimal manner, it may be necessary for certain data to be processed by trusted 3rd parties and reliable partners. These 3rd parties may
on behalf of Plesk. However, Plesk only shares such information needed to serve the specific purpose for which the 3rd parties were engaged. Plesk ensures that these 3rd parties are under similar obligations to maintain privacy and confidentiality as Plesk’s own employees are and that they will handle your information in the way and to the extend as Plesk itself is permitted to. Plesk does not allow any 3rd party to use your information for any purposes for which the information was not collected.
Plesk will only disclose your Personal Data abroad, if it is necessary for the intended purpose of processing. However, as a member of the worldwide WebPros group of companies, local WebPros entities may maintain or perform data processing operations in countries in- or outside the EEA or in countries without an adequate level of data protection, if it is required for the fulfillment of our obligations or the underlying agreement with you. Furthermore, subcontractors of Plesk which Plesk engages to act on its behalf in respect to the processing of your Personal Data may be domiciled in such areas.
In order to secure such transfer and processing in accordance to chapter 5 of the GDPR, Plesk has implemented and requests the required technical and organizational measures as well as has entered into the appropriate contractual frameworks with group companies and subcontractors which make sure that the recipient of data has implemented an adequate level of data privacy in its organization as required by the GDPR. This includes signature of Data Processing Agreements as well as EU Standard Contractual Clauses (EUSCCs) issued by the EU commission. These precautions are appropriate safeguards as requested by Article 46 GDPR and local data protection laws in effect, which make sure that your information will be treated securely, confidentially and in accordance to the applicable data protection laws.
Does Plesk sell my information?
No – Plesk does not sell your information to third parties for any commercial or non-commercial interest (a traditional “sale”). However, the term “sale” may in some jurisdictions also comprise providing data to third parties to process payment for services, and, if chosen by you, the provision of your personal information to entities, whose products Plesk resells. If you opt out of the sale of your information by contacting [email protected] or clicking the link on the corresponding Plesk website, Plesk may be unable to provide services to you if your request not to sell information includes a prohibition on processing payments for the products you purchase in your jurisdiction.
How long will my data be stored?
Plesk only maintains your Personal Data for as long as it is required for the intended and approved purpose. Data which is collected on basis of your explicit consent will be retained until such consent will be withdrawn or expires. Some data (e.g. billing related data) may be subject to statutory data retention obligations, which Plesk adheres to. Product trial licenses are tied to email addresses. For fraud protection purposes, such addresses are subject to an extended retention term after license expiration. As soon as your Personal Data is no longer needed to serve the purpose of its collection and no other retention policies apply, Plesk has implemented revolving routines to delete your data. Plesk employs data destruction techniques designed to completely destroy data and prevent any future recovery in all such routines.
A cookie is a piece of data stored on your computer, tied to information about you. Plesk may use all kinds of cookies. This may either include cookies which terminate and erase once you close your browser or log out, or cookies stored on your computer for an extended timeframe.
During your first visit on the Plesk website, you will be asked to confirm the cookie categories you agree to be set. At the same time you will be provided with detailed information about the respective cookies.
Plesk has furthermore established a comprehensive “Cookie Statement”, describing the different kinds of cookies used on the Plesk website, the purpose of their use as well as ways to avoid cookies by way of editing your browser preferences or actively performing opt-out actions. The Plesk Cookie Statement can be found here.
Other Technologies (incl. Third-Party Providers)
When providing its services and websites to you, Plesk makes use of different other technologies including third party providers. Such third party providers may be located inside and outside the European Economic Area and are contractually bound to adhere to European privacy standards by Data Processing Agreements and, where necessary, EU Standard Contractual Clauses. The following technologies and third party providers are used by Plesk:
Zendesk provides software-as-a-service products related to customer support, sales, and other customer communications and is provided by Zendesk, Inc.,989 Market Street, San Francisco, California 94103 / USA. The services provided by Zendesk help us manage support inquiries and our knowledgebase. We use Zendesk services in accordance to Art. 6 Abs. 1 lit. b) and f) GDPR to either properly provide our contractually owed support services to customers (performance of a contract) or to efficiently provide our knowledgebase to visitors and customers (legitimate interest). If used for support management, Personal Data elements like names and email addresses are processed by Zendesk on our behalf to provide support services to you. The applicable Zendesk privacy notice can be found here.
Please note that US authorities may possibly gain access to personal data processed, based on US surveillance laws like the Cloud Act. This might include IP addresses, processed by Google after consent is provided for Google Tag Manager.
If you do not wish to be tracked by Google Analytics on our behalf, you always have the option to opt-out from being tracked via our consent management system (cookie solution).
Links to 3rd Parties
Accordingly, Plesk disclaims any responsibility and liability for actions of any 3rd parties or the observance of data protection regulations by 3rd parties, linked to from Plesk websites. In the event you envisage any shortcomings or breaches of data protection regulations by one of the 3rd parties linked on Plesk websites, please immediately contact Plesk per the address below to allow Plesk to take the appropriate actions to stop this misbehavior.
Responsible party: Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen / Switzerland (CHE-278.733.710), represented by its Managing Director Mr. Sascha Konzack.
Version: v.1 (issued July 24th, 2023)
This policy is subject to periodic revisions and may be amended by Plesk from time to time if necessary.