Last Updated: 2018/06/07
Collection of Information
Plesk gathers information in most of its interactions with you, whether directly or indirectly. Although some of the information may be considered as Personal Identifiable Information (“PII”), most of the gathered information is not PII. PII is defined as information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Plesk has taken extensive safety and operational precautions, including administrative, physical and technical safeguards to protect personal information. Furthermore, Plesk deploys reasonable safeguards across the company databases to prevent unauthorized access, disclosure or loss of personal information.
Information received from you directly
Plesk collects and stores information during the registration of products, the creation of online profiles, the application via our website and any contact for support or other matters (e.g. contact forms). Examples of your information:
Plesk does not collect or process any credit card data during purchases. Any credit card purchase is made through our reliable and secure online payment processor (Worldpay), with the result that Plesk is never furnished with your sensitive credit card information;
Plesk does not forward any personal information (especially names or email addresses) to third parties without your express permission, unless bindingly and mandatorily required by the applicable laws or prosecution authorities. Whenever Plesk engages subcontractors for the fulfillment of its contractual obligations with you, you will be specifically informed about such engagement in the respective data privacy statement and/or the corresponding consent text.
Plesk has an extensive data protection policy in place across its organization, which every Plesk employee or contractor must adhere to at all times. Such data protection policy sets forth the mandatory way, information is expected to be handled within Plesk and describes the necessary internal processes and to the required level of confidentiality to be maintained in order to be compliant with national and international data protection laws (like e.g. GDPR).
Plesk strives to comply with the concept of data minimization (“privacy by default”) by only collecting as much information as needed for the intended and approved purpose. Only information which is relevant to such purpose and which has been provided to Plesk in free and informed manner by you as the data subject will be maintained by Plesk for as long as needed for the purpose. Thereafter, any PII is subject to a defined deletion routine as defined in Plesk’s record of processing activities created and maintained in accordance to Article 30 of the GDPR.
Information Collected Automatically
Plesk may automatically collect and store information about how users utilize the Plesk website(s) and applications. This may include anonymized IP addresses of website visitors, browser type and other information such as search terms, which helps us to improve our services and our website to provide you with the best possible services and user experience. Any so collected data which may be considered as PII is subject to immediate encryption and/or anonymization prior to its collection with the result that the automatically-collected data will not allow Plesk to identify you (non-PII) but for example find out from which country our website is visited. Please find out more about such anonymized automatic collection in the section concerning “Google Analytics” and other data and analysis services below.
Data Protection for Minors
The Plesk website as well as its contents, services and offers are not directed at children or minors. Accordingly, Plesk does not want and does not assume that any information collected on the Plesk website or any forum will be personal data pertaining to children or minors.
The Use and Processing of Information
Plesk also uses anonymized customer and visitor information for research into improving its products and services, for planning new features and updates and to customize and improve its websites. For the safety of Plesk customers and its employees, Plesk may use collected information to detect and prevent potential or actual claims and prohibited behaviors, such as fraud or attempts to breach the Plesk information security. In this regard, Plesk primarily observes IP addresses of Plesk installations to protect Plesk as well as you as license owner from software piracy and associated losses.
Plesk only sends newsletters, which may contain advertising components with your express consent or on basis of a legal permission (e.g. in order to inform you about required security measures). Newsletter subscription is always based on Double-opt-in, which means that you will receive a confirmation email after your online subscription, which provides an activation link to be clicked in order to confirm your subscription. In the subscription will be documented in accordance to the GDPR. This includes, besides information you submitted yourself during the subscription, a documentation of the time of the subscription as well as the IP address used for the subscription. Plesk only uses provided information (i.e. your name and email address) to personalize its newsletters. At any time, you may cancel your subscription by clicking the unsubscribe link in any of the new set of emails or sent a request to firstname.lastname@example.org.
Wherever legally required and possible, you will have the option to not provide your information to Plesk.
Though, that will likely prevent Plesk from providing certain services or website functionalities to you which may adversely affect your user experience. At all times, you may choose to revoke your consent to receive Plesk marketing materials, newsletters and subscriptions by using the provided “unsubscribe” links, consent revocation options or by sending an email with your requests to email@example.com. Notwithstanding the foregoing, Plesk retains the right to send you messages concerning your purchases, critical updates and other administratively necessary information associated with your product License Agreement. You cannot opt-out of these messages as they are required for the fulfillment of Plesk’s contractual obligations towards you and protect you while using Plesk products.
You may give or withhold permission for Plesk to share your PII for marketing purposes with trusted 3rd parties and partners.
Plesk has implemented appropriate technical and organizational measures related to the respective processing purpose in order to protect the PII provided by you against abuse and loss. PII and other information about you are stored in a secure operating environment that is not accessible to the public. In addition, each of Plesk’s employees is contractually bound by comprehensive confidentiality and non-disclosure terms and is further required to abide by the Plesk data protection policy at all times.
Your Rights as the Data Subject
The applicable data protection regulations and laws give you the following general rights in respect to the PII you provide to Plesk for all other reasons:
– Information rights: At all times, you have the right to be informed about where, for which purpose and for how long your PII is collected by Plesk.
– Access rights: You further have the right to receive complete and accurate information from Plesk about if and which of your PII is processed by Plesk, the purpose and duration of processing, the recipients of your PII (in and outside of the EEA), as well as the safeguards implemented for any cross-border transfer of your PII.
– Portability: Finally, you may at all times request to receive the PII stored about you in a structured, commonly-used and machine-readable format to transit your PII to another data controller.
Any of your rights as the data subject can be exercised by contacting Privacy@Plesk.com and specifying the subject of your request as well as the kind of data your request refers to. Plesk may ask you to provide a proper identification of yourself before performing any PII-related action to avoid misuse.
Sharing of Information
In order for Plesk to execute its business processes in a convenient and optimal manner, it may be necessary for certain data to be processed by trusted 3rd parties and reliable partners. These 3rd parties may process payments, fulfill orders, send email or conduct other activities on behalf of Plesk. However, Plesk only shares such information needed to serve the specific purpose for which the 3rd parties were engaged. Plesk ensures that these 3rd parties are under similar obligations to maintain confidentiality as Plesk’s own employees are and that they will handle your information in the way and to the extend as Plesk itself is permitted to. If legally required, your prior express consent will be requested for such processing, defining the 3rd party as well as the kind of processing by the 3rd Party on behalf of Plesk. Plesk does not allow any 3rd party to use your information for any purposes for which the information was not collected.
Should Plesk merge with or be acquired by another company or Plesk sells product lines, service activities or other assets, it is likely your information will be transferred as is appropriate and relevant to ensure that your Plesk products and/or services will remain uninterrupted.
Information Retention & Destruction
Plesk only maintains your PII for as long as it is required for the intended and approved purpose. If your PII is no longer needed to serve the purpose of its collection, Plesk has implemented revolving routines to anonymize or delete your data, create aggregated, anonymous records to aid the Plesk research and to improve Plesk products, services, and communications. Plesk employs data destruction techniques designed to completely destroy data and prevent any future recovery in all such routines.
Cross-Border Disclosure of Data
Plesk will only disclose your PII abroad, if it’s necessary for the intended purpose of processing. However, as a member of the worldwide Plesk group of companies, every local Plesk entity may maintain or perform data processing operations in countries outside the EEA or in countries without an adequate level of data protection, if it is required for the fulfillment of our obligations or the underlying agreement with you. Furthermore, subcontractors of Plesk which Plesk engages to act on its behalf in respect to the processing of your PII may be domiciled in such areas.
In order to secure such transfer and processing in accordance to chapter 5 of the GDPR, Plesk has implemented and requests the required technical and organizational measures as well as has entered into the appropriate contractual frameworks with group companies and subcontractors which make sure that the recipient of data has implemented an adequate level of data privacy in its organization as required by the GDPR. This includes signature of Data Processing Agreements as well as EU standard contractual clauses issued by the EU commission in the event, your information may be shared with entities outside the EEA. These precautions are appropriate safeguards as requested by article 46 of GDPR and local data protection laws in effect, which make sure that your information will be treated securely, confidentially and in accordance to the applicable data protection laws in your place of residence, wherever it is subject to processing by or on behalf of Plesk.
A cookie is a piece of data stored on your computer, tied to information about you. Plesk may use all kinds of cookies. This may either include cookies which terminate and the erase once you close your browser or log out or cookies stored on your computer for an extended timeframe.
Plesk has established a comprehensive “Statement Regarding Cookies and Other Technologies”, describing the different kinds of cookies and technologies used by Plesk, the purpose of their use as well as ways to avoid cookies and other technologies. The Plesk statement is subject to periodic updates by Plesk from time to time if required. Relevant changes will be highlighted in future versions. The Plesk Statement Regarding Cookies and Other Technologies can be found at https://www.plesk.com/legal/#cookie-statement .
Links to 3rd Parties
Accordingly, Plesk disclaims any responsibility and liability for actions of any 3rd parties or the observance of data protection regulations by 3rd parties, linked to from Plesk’s websites. In the event you envisage any shortcomings or breaches of data protection regulations by one of the 3rd parties linked on the Plesk website, please immediately contact Plesk per the address below to allow Plesk to take the appropriate actions to stop this misbehavior.
Version: v.3 (issued 24.05.2018)
This Policy applies to Plesk International GmbH and its direct affiliates of the Plesk group of companies.
This policy is subject to periodic revisions and may be amended by Plesk from time to time if necessary. A change log at the end of the policy will define changes made as well as the date of such changes. If required, Plesk will further inform you about changes to this policy via the appropriate communication channels directly.