PRIVACY POLICY

ProClanHosting ("we", "us", "our") operates proclanhosting.com and provides game server hosting services. This policy describes how we collect, process, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Applies to account holders, authorized users, and website visitors. We act as data controller for data collected directly from you and as data processor for data stored within your hosted game servers.

Where we act as data processor, our Data Processing Agreement governs how we handle that data on your behalf.

ACCOUNT: Name, email, billing address, company name, phone number, payment details for service delivery and invoicing. Collected during registration and account management.

TECHNICAL: IP addresses, browser type, operating system, device identifiers, referring URLs, server access logs, API request metadata, game server connection logs. Collected automatically for diagnostics and security.

USAGE: Server resource consumption (CPU, RAM, bandwidth, storage, player slots), game server configurations, login timestamps, session durations, feature utilization. Used for maintenance, capacity planning, and optimization.

COMMS: Support tickets, emails, feedback — all correspondence with our team for issue tracking, quality assurance, and service improvement.

CONTRACT (Art. 6(1)(b)): Processing required to deliver purchased services — provisioning, server deployment, billing, support.

LEGITIMATE INTEREST (Art. 6(1)(f)): Security monitoring, fraud prevention, DDoS mitigation, service improvement, capacity planning. Your fundamental rights are never overridden.

LEGAL OBLIGATION (Art. 6(1)(c)): Tax records, financial reporting, regulatory compliance, lawful authority requests.

CONSENT (Art. 6(1)(a)): Where applicable. Withdrawable at any time. Prior processing remains lawful.

European Union data centers. AES-256 encryption at rest. TLS 1.3 in transit. Tenant isolation enforced at network and storage layers. Redundant power, environmental controls, physical access restrictions.

SECURITY STACK: Role-based access + mandatory MFA, network segmentation, multi-layer firewalls, DDoS protection with multi-Tbps mitigation, automated vulnerability scanning and patch management, 24/7 intrusion detection, physical biometric access controls, full audit logging.

BREACH PROTOCOL: Notification to affected users and supervisory authority within 72 hours per GDPR Article 33. Documented incident response for containment, investigation, and remediation.

ACCOUNT: Active + 30 days post-closure to handle outstanding matters.

BILLING: 7 years (tax/financial regulation compliance within the EU).

SERVER LOGS: 14 days for security monitoring and troubleshooting.

ACCESS LOGS: 90 days for security monitoring and abuse prevention.

SUPPORT: Duration of active account + 30 days for quality assurance.

GAME CONFIGS: Deleted upon account closure.

Post-retention: cryptographic erasure + multi-pass overwrite. Earlier deletion available on request, subject to legal retention obligations.

Essential only. No tracking. No analytics. No advertising.

AUTH: Maintains login state and prevents unauthorized access. CSRF: Prevents forgery attacks and ensures form integrity.

SESSION: Load balancing across infrastructure. PREFS: Language/timezone settings for consistent experience.

No pixel trackers, web beacons, or fingerprinting. Cookies cannot be disabled without impairing functionality. Legal basis: legitimate interest (platform operation).

PAYMENT PROCESSOR: PCI DSS-compliant. Card data never stored on our servers. Minimum data for transaction processing. We only receive transaction confirmations.

EMAIL PROVIDER: Transactional only — invoices, notifications, password resets. No marketing via third-party platforms.

All providers bound by GDPR-compliant data processing agreements. Regular compliance reviews conducted. We never sell, rent, or trade personal data. Disclosure only if required by law — you'll be notified where legally permitted.

Primary processing: EEA only. No routine transfers outside the EEA.

Where a third-party provider operates outside the EEA, safeguards enforced: EU adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules, or supplementary technical measures.

Request copies of transfer safeguards at any time by contacting our privacy team.

Services not directed at individuals under 16. No data knowingly collected from minors.

Contact [email protected] for prompt deletion if you believe a child has provided personal data. If we become aware of collection without parental consent, data will be deleted within a reasonable timeframe.

Posted here with revised date. Material changes affecting data collection, use, or sharing notified via email at least 14 days before taking effect.

Continued use after changes constitutes acknowledgment. Previous versions available upon request.

[email protected]

We resolve all privacy inquiries promptly and transparently. If unsatisfied, lodge a complaint with your local data protection supervisory authority within the European Economic Area.