Privacy Policy

This Privacy Policy explains how Winservers.NET collects, uses, stores and discloses personal data in connection with the website, customer account, order processing, support channels and related services. It is written for the English-language version of the site and applies to visitors, registered users and customers.

1. Data controller

The data controller is Winservers.NET, operated by K.S.M. Trade Sp. z o.o., Aleja Jana Pawla II 27, 00-867 Warsaw, Poland. For privacy questions, data requests and rights requests, please use the contact channels listed on the website.

2. Categories of personal data

We may process the following categories of personal data:

identity and contact data, such as name, email address, telephone number and billing details;
account data, such as login information and customer profile data;
order and payment-related data required to process purchases and invoices;
technical data, such as IP address in anonymized or truncated form, browser type, operating system, time stamp and referrer;
communication data, including support requests sent by email, forms or messengers;
website usage data and cookie-related identifiers where consent or legitimate interest applies.

3. Customer-controlled data stored on servers

Customers may upload, store, generate or otherwise process their own data inside rented VPS, dedicated servers, remote desktop environments, trading terminals, scripts, databases, files, logs and backups. Such customer-controlled data is not reviewed, selected, organized or actively monitored by Winservers.NET in the normal course of service.

For customer-controlled data, the customer is responsible for determining the purpose and means of processing. This means the customer is responsible for having a lawful basis, providing notices to their own users or counterparties, responding to data subject requests, deciding what data may be stored, deciding retention periods, and ensuring that the customer's own use of the service complies with applicable law.

Winservers.NET acts only as an infrastructure provider and, where applicable, as a processor or sub-processor for customer-controlled data that is technically hosted on rented infrastructure. Winservers.NET does not become the controller of customer-controlled data merely because such data is stored on a VPS, dedicated server or other hosting environment.

4. Customer responsibilities for hosted data

The customer remains responsible for:

the legality, accuracy, security classification and retention of data uploaded to or processed on rented infrastructure;
obtaining all required consents, notices, authorizations and lawful bases for processing personal data;
not uploading unlawful, excessive, sensitive or unnecessary personal data unless the customer has a valid legal basis and appropriate safeguards;
configuring operating system users, passwords, remote access, firewall rules, application settings and access permissions;
maintaining backups unless a separate written backup service is purchased and confirmed;
encrypting sensitive files, databases, trading logs, exported reports and any regulated or confidential data where appropriate;
promptly deleting data that is no longer necessary or that the customer is no longer entitled to process;
not using the infrastructure to violate privacy, data protection, financial, communications, intellectual property, anti-abuse or criminal laws.

Unless a separate written agreement states otherwise, Winservers.NET is not responsible for the content, completeness, legality, business value, trading value, recoverability or regulatory status of data that the customer stores, deletes, changes, encrypts, exports or processes inside the rented environment.

5. Purposes and legal bases

Purpose	Legal basis
Order processing, service delivery and customer administration	Art. 6(1)(b) GDPR, contract performance
Billing, accounting and tax compliance	Art. 6(1)(c) GDPR, legal obligation
Customer support, troubleshooting and follow-up communication	Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR, legitimate interest
Website security, abuse prevention, diagnostics and log analysis	Art. 6(1)(f) GDPR, legitimate interest
Cookies and analytics that are not strictly necessary	Consent, where required by law
Marketing messages or newsletter delivery	Consent, where required by law

6. Retention periods

Data type	Retention
Registration and customer account data	Deleted after account deletion, when no longer required, or after the applicable statutory retention period.
Order and billing records	Stored for the period required by commercial and tax law.
Server and security logs	Stored for a limited period necessary for operation, troubleshooting and security.
Support messages	Stored as long as needed to handle the request and to keep evidence of communications where required.
Cookies	Stored for the cookie lifetime configured in the browser or consent tool.
Customer-controlled data on rented servers	Controlled by the customer. It may remain on the rented environment until the customer deletes it, the service is terminated, the server is reinstalled, or the data is removed under law, abuse handling, unpaid service handling or contract enforcement.

7. Recipients and processors

We may disclose personal data only when needed to operate the service or when required by law. Recipients can include:

hosting, infrastructure and datacenter providers;
payment service providers and banking partners;
messenger and communication providers used for support;
email delivery and newsletter providers;
accounting, tax and audit service providers;
debt collection or legal service providers where unpaid invoices or legal claims are involved;
public authorities and courts where disclosure is legally required.

8. Processor role and data processing agreement

Where Winservers.NET processes customer-controlled personal data on behalf of a customer, the parties may need a data processing agreement or equivalent written terms that satisfy Article 28 GDPR. In that case, the customer acts as controller and Winservers.NET acts as processor for the relevant hosted data, unless the facts of a specific processing activity require another role allocation.

Customer instructions must be lawful, documented and technically feasible. Winservers.NET may refuse or suspend instructions that appear unlawful, abusive, technically unsafe, outside the purchased service, or inconsistent with the service contract.

9. International transfers

Data may be transferred outside the European Economic Area only where the GDPR allows it. This may include an adequacy decision, standard contractual clauses or another valid transfer mechanism. We aim to limit cross-border transfers and to use European processing locations where feasible.

10. Cookies and similar technologies

We use cookies and similar technologies for essential site functionality, security, session handling and, where enabled, analytics or marketing. Non-essential cookies should only be placed after the required consent step where the applicable law requires consent.

strictly necessary cookies for login, navigation and security;
preference cookies for storing user choices;
analytics cookies for usage measurement and performance analysis;
marketing cookies, if used, only subject to the applicable consent rules.

11. Support communications and messengers

If you contact us via WhatsApp, Telegram, email or web forms, we process the content of your message and the related contact details to answer the request and keep records of the communication. Please avoid sending sensitive data unless it is necessary for the request.

If a customer voluntarily sends passwords, screenshots, log files, trading reports, personal data or confidential files through a messenger or support channel, the customer is responsible for ensuring that such disclosure is lawful and necessary. Winservers.NET may process that information only to provide support, verify the request, prevent abuse, maintain service records or comply with law.

12. Security measures

We apply reasonable technical and organizational safeguards, which may include:

access control and role-based access to customer data;
encrypted transport for supported services;
logging and monitoring for security purposes;
data minimization and limited internal access;
vendor review for service providers that process data on our behalf.

Security of customer-controlled data also depends on customer configuration, software choices, installed applications, passwords, trading platform settings, remote access rules and backup practices. Winservers.NET is not responsible for loss, disclosure, corruption or unauthorized access caused by customer-side configuration, weak credentials, compromised customer devices, third-party software, customer-installed scripts, exposed remote access, customer deletion, customer encryption keys, or instructions issued by the customer or their authorized users, except where mandatory law provides otherwise.

13. Backups, storage and data loss

Unless a separate written backup service is expressly included in the purchased plan, customers are solely responsible for creating and maintaining their own backups. Hosting services are not a substitute for independent backup, archival, compliance retention or disaster recovery systems.

Winservers.NET does not guarantee that customer files, trading data, logs, exported reports, databases, application states or backups can be restored after customer deletion, software failure, malware, misuse, unpaid service suspension, account termination, reinstallation, migration, force majeure, hardware failure or third-party service failure, except where a specific written service commitment applies or mandatory law states otherwise.

14. Limits of responsibility for customer data

To the maximum extent permitted by applicable law, Winservers.NET is not responsible for the customer's decision to store, process, transmit, disclose, delete or retain personal data inside the rented infrastructure. The customer remains responsible for the lawfulness of their own processing activities and for any personal data, trading data, account data, business records, logs, scripts, files, terminal history, exported reports or databases placed on the service by the customer or their authorized users.

Nothing in this Privacy Policy excludes liability that cannot be excluded under applicable law, including mandatory liability under the GDPR or consumer protection law where such law applies. These terms allocate operational responsibility for customer-controlled hosted data and do not reduce statutory rights that cannot legally be waived.

15. Your rights

Subject to the conditions of the GDPR, you may request:

access to your personal data;
rectification of inaccurate data;
erasure of data;
restriction of processing;
objection to processing based on legitimate interests;
data portability;
withdrawal of consent, where processing is based on consent;
complaint to the competent data protection authority.

If your request concerns data stored by one of our customers inside their rented server environment, we may not be the controller of that data. In such cases, we may direct you to the relevant customer or handle the request as processor in cooperation with the customer, where the GDPR requires it.

16. Automated decision-making

We do not use automated decision-making or profiling in a way that produces legal effects concerning you or similarly significantly affects you, unless explicitly stated for a particular service.

17. Children

Our services are intended for business and trading users. We do not knowingly collect personal data from children.

18. Changes to this policy

We may update this policy from time to time to reflect legal, technical or operational changes. The current version is shown on this page with the last updated date.

If you want to exercise a privacy right, request deletion or ask for clarification, use the public contact channels on the website and include enough information to identify your account or request.