Last update: 22 May 2025
“UNIHOST SOLUTIONS PROVIDER” LTD, headquarters and management address: Bulgaria, Sofia, p.k. 1000, Sredets District, Sofia, Tsar Kaloyan Street No. 8, Floor 3, Office 2, referred to as the “Provider”, is an “Сontroller” that processes “personal data” on its behalf in the sense of the General Directive of Regulation (EU) 2016/679 of 27.04.2016, in force from 25.05.2018 /Regulation/ and Directive 2002/58/EC /Directive of the European Parliament and of the Council/; The Personal Data Protection Act (PDPA) and other applicable legislation of the European Union and the Republic of Bulgaria.
The Provider will apply this policy in the processing, move and protection of the personal data of the subjects – natural persons – current and potential users of the dashboard.unihost.com website at the address: https://unihost.com/ – visitors (guests) or persons who have registered user profiles by the applicable Terms and Conditions published on the same website.
With this policy, the Provider establishes, under the conditions of transparency and prior notification, the principles, rules, and rights of the entities, in compliance with which the Provider accordingly processes the “personal data” of the listed natural persons, by the above provisions.
1.1. The terms used in this policy and those listed herein have the following meanings:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) who was a current or potential user of the Provider’s goods/services provided through the website at: https://unihost.com/ – visitors or registered users in the same; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 of the General Directive of Regulation (EU) 2016/679 of 27.04.2016, in force from 25.05.2018 /Regulation/;
‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or a complaint has been lodged with that supervisory authority;
‘сhild’ – according to the Regulation, is any natural person under the age of 16, although the age may be reduced to 13 due to national legislation. The processing of a child’s personal data is only lawful if the parent or guardian of that child has given their consent. In such cases, the Controller makes reasonable efforts to verify whether the holder of parental responsibility for the child has given or has been authorized to give consent;
‘cross-border processing’ means either:
processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, where the controller or processor is established in more than one Member State; or
processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
‘сookies’ – means a package of information sent by the web server of dashboard.unihost.com to the Internet browser of the user’s computer or other device and then returned by the same browser upon request when there is Internet access to the server that was sent, used by the Provider or a third party.
2.1. The Provider processes personal data by the following principles:
personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
personal data shall be accurate and, where necessary, kept up to date; every reasonable step the Provider should be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The Provider should be able at any moment to establish before the competent supervisory authorities its compliance with the principles listed above, the present policy, and the applicable legislation in the field of personal data protection.
3.1. The Provider, on the basis of a pre-contractual relationship and by the applicable the Terms and Conditions published on the website at: https://unihost.com/, will collect personal data set out in this policy in order to: identify you as a party in pre-contractual relations and joining the Terms and Conditions for remote hosting services with the subject of goods/services offered through the website at the address; execution of obligations under the Terms and Conditions for remote hosting services; communication during operation and termination of Terms and Conditions for remote hosting services; fulfillment of obligations arising from the law – for example, from the Consumer Protection Act, Personal Data Protection Act, etc .; assist in the exercise of your rights and legitimate interests arising from the Terms and Conditions for remote hosting services or from a statutory instrument.
3.2. On the basis of its legitimate interests in order to: exercise rights arising from the applicable Terms and Conditions published on the website at: https://unihost.com/, judicial protection of such rights, including enforcement; fulfillment of obligations arising from law or other general or individual administrative acts.
3.3. The Provider, on the basis of laws and regulations of domestic law, carries out processing of personal data in order to fulfill the duties assigned to it by same legal acts, such as: keeping accurate and reasoned bookkeeping and commercial logs; issuing of invoices and other primary accounting documents, based on the applicable Terms and Conditions published on the website at: https://unihost.com/ concluded through the same website.
3.4. Based on the consent of the data subject, the Provider will process your personal data for the purposes of advertising; other forms of direct marketing.
3.5.The Provider, based on its legitimate interests or expressed consent by the data subject, processes information about the data subject – visitors to the website at: https://unihost.com/, respectively the e-shop using automated technologies, including usage of cookies of the company and of third parties – its partners, in order to: secure the use of the website; optimal use and improvement of the latter’s functionality; satisfying сonsumer expectations according to their interests; performance of statistical analysis concerning use of the website; providing advertising; other forms of direct marketing by electronic means.
3.6. The Provider may process legitimate personal data of data subjects for purposes other than those set forth in the preceding paragraphs only if not prohibited by law and after the other purposes have been transparently established; by duly informing the data subjects when there is a reason for lawful processing of personal data.
4.1. For the purposes set out in point 3.1. of Section 3:
– name (in your capacity as a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number; IP address; information about Customer’s payment methods.
4.2. For the purposes set out in point 3.2. in Section 3, the Provider processes the following personal data:
– name (in your capacity as a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number; IP address; information about Customer’s payment methods.
4.3. For the purposes set forth in point 3.3. in Section 3, the Provider processes the following personal data:
– name (in your capacity as a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number; IP address; information about Customer’s payment methods.
4.4. For the purposes set forth in point 3.4. in Section 3, the Provider processes the following personal data:
– name (in your capacity as a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number; IP address; information about Customer’s payment methods.
4.5. For the purposes set forth in point 3.5. of Section 3, the Provider processes the following data automatically:
When visiting the website at: https://unihost.com/, the Provider, or third parties – its partners from which the Provider uses services such as: Google, Facebook, Linkedin and other; performing automated data processing, including use of cookies, collecting the following information on behalf of the Provider: IP address; terminal data used; data about the browser used and operating system of terminal device; information about user behavior and activities.
Сustomer payment transactions may be processed by one of our third-party payment vendors: Stripe, Airwallex, Paysera, PayPal, CoinGate, and others. These vendors are payment providers who can process Сustomer’s payment on behalf of the Provider may share data about Сustomer with:
Partners or agents involved in delivering the services Сustomer’ve ordered with Provider;
Law enforcement agencies, regulatory organizations, courts, or other public authorities to the extent required by law;
Use Policy or applicable law (to the extent such sharing is required by law).
Before making a payment transaction, the Customer is obliged to independently read the terms, conditions, rules, and privacy policies of the third-party payment service Provider through which the payment is made. This includes, but is not limited to, information on the methods of processing, transferring, storing, and protecting the Customer’s personal and payment data. By making a payment, the Customer confirms that he/she accepts the terms and conditions of the respective payment Service provider and is aware that the Provider is not responsible for the actions of such Provider, including possible violations in the field of personal data processing or transaction security.
The Provider uses personal data only for the purposes specified in Section 3. Please note that the Provider does not control and is not responsible for any other use of your personal data by third parties. The Provider recommends reading their privacy statements to understand how they collect, use, and share your personal data, as well as how you can set your privacy preferences on their websites and applications.
For the most part, the data in question in this point is anonymous, that is, it is used in a form that does not allow identification of a particular individual, or the latter is virtually impossible, but it is technically necessary to ensure successful internet session of respective user on the websites and their pages, seamlessly using the functionality of the latter; link security and protection from abuse.
However, if data collection in this automated manner, combined with unique identifiers, including some of the Provider’s or its cookies’ partner, enables profiling and /or identification of individuals, the Provider will treat the same data as personal.
4.6. On the website, the Provider uses the open-source web analytics tool Cookieyes. Cookieyes uses cookies. These are text files that are saved on your computer and that allow Cookies to analyze how you use the Provider’s website. Cookies generate information about how you use the website, and the Provider’s server saves this information. You can prevent the software from generating cookies by changing your internet browser settings. However, if you do this, you may not be able to use all features of the Provider’s website, its pages. If you do not want the Provider to save and use your data using the Cookieyes software, you can disable it by clicking here https://unihost.com/: your internet browser will set an opt-out cookie that will prevent the Cookieyes software from creating cookies when you visit the Provider’s website. For more information about automated data collection and processing technologies, including cookies used by the Provider and its partners, you can get acquainted with the Cookies Policy, duly posted on the Provider’s official website at: https://unihost.com/.
5.1. The Provider stores the personal data on paper and/or in electronic format. Storage as a type of processing is performed by the Provider with the implementation of appropriate technical and organizational measures ensuring secure and effective protection of personal data. However, the Provider will not store personal data for a longer period than established in this policy than is necessary to achieve the established purposes for which data was collected. Once the deadlines have expired, personal data will be destroyed by ensuring data protection by applying appropriate technical or organizational measures.
5.2. Duration of data storage by the Provider is as follows:
5.2.1. For the purposes set out in point 3.1., 3.2. and 3.3. of Section 3, the Provider stores personal data according to point 4.1.,4.2. and 4.3. of section 4 for the duration of individual Terms and Conditions for remote hosting services for every users, but not more than expiration of limitation periods for emerging financial obligation implementation between the parties, regardless of termination/cancellation of the Terms and Conditions, except for this personal data referred to in this point, that needs to be stored for a longer term under current legislation and in accordance with other reasons for processing set by the Provider.
5.2.2. For the purposes set forth in point 3.4. of Section 3, the Provider stores personal data under point 4.4. of section 4 until the data subject’s consent for processing of personal data is withdrawn, unless there is another legal basis for processing, and in particular, storing the same data.
5.2.3. For the purposes set forth in point 3.5. of Section 3, the Provider shall store personal data per point 4.5. of Section 4 for a maximum period of 24 months, or until the data subject exercises his/her right to be forgotten. More information on cookie duration the Provider provides in the Cookies Policy, published on the web page at: https://unihost.com/docs/cookie-policy/.
6.1. Provision of personal data for the purpose of joining the Terms and Conditions for remote hosting services is mandatory. The same is stipulated in the Terms and Conditions posted on the website at: https://unihost.com/.
6.2. Failure to provide personal data by the entities for the stated purposes will result in the impossibility of providing hosting services and joining the Terms and Conditions for remote hosting services.
6.3. Failure to consent to the use of some of the cookies may result in the website or its pages being misused or, in particular, not capable to be used in its full functionality.
6.4. In other cases, submission of personal data by the data subject is not mandatory and is a voluntary act/a specific decision on the part of the data subject.
7.1. The Provider may legitimately provide personally processed data to the entities addressed by this policy to other persons outside its organization, a “processor of personal data” to process such personal data on behalf of the Provider.
7.2. The Provider will use only third parties – “personal data processors” that provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing is in accordance with the Regulation requirements and the applicable law of the Republic of Bulgaria. The Provider guarantees that personal processing will be done only on the basis of a documented order by the Сontroller – that is, of the Provider. Relationship between the Provider and “processor of personal data” is governed by a contract or agreement to an existing contract which made between Рarties, governing: data subjects affected by processing; type and purpose of processing; processing period; types and categories of personal data that are subject to processing; rights, obligations and responsibilities of the controller and processor as well as other obligations and responsibilities of the Рarties.
7.3. Persons processing personal data on behalf of the Provider, on the basis of a contract/agreement concluded in accordance with the current Regulations and the Personal Data Protection Act (PDPA), may be:
7.5. Persons receiving access to personal data through the Provider and processing such data on their own behalf as administrators may be:
8.1. The Provider, for the fulfillment of the relevant objectives set forth in Section 3 of this policy, collects and stores data primarily from the subjects of the latter, such as: names, address, e-mail address, telephone, IP address, tax identifiers, information about the Customer’s payment methods and others; as well as personal data generated by the Provider itself, such as the number of a particular hosting service request.
8.2. However, the Provider may collect personal data for its legitimate interests and from publicly available sources, for the purpose of exercising judicial protection of its rights or collection of its claims, namely:
9.1. In certain cases of personal data processing, it is possible to transfer it to recipients processing this data on behalf of the Provider in third countries outside the European Union. The Provider ensures that in such cases, recipients of personal data should be based in economic sectors of countries included in a specific list approved by the European Commission published in the Official Journal of the European Union and/or the Provider whom as an controller should have concluded an agreement for data processing containing standard data protection clauses approved by the European Commission, ensuring an adequate level of protection.
9.2. To date, information generated by the use of Google cookies when providing and using the services of the latter company by the Provider controller, namely: IP address of user; end device identifier; type of browser and operating system used; information about user behavior and activities; is handled directly by Google, which acts as a processor on behalf of the Provider and is directed to US-based servers. The Provider warrants that it has properly arranged its relationship with Google for this type of data processing and transfer, based on an agreement containing standard data protection clauses approved by the European Commission that ensuring an adequate level of protection; the Provider also ensures that Google is an organization that has joined the EU-US framework and the Privacy Shield Framework program, administered by the US Department of Commerce International Trade Administration, approved by the European Commission as of 12.07.2016, as appropriate to provide a mechanism for companies on both sides of the Atlantic to comply with the requirements of confidentiality and protection data when transferred to the United States.
10.1. The Provider will process personal data of the respective entities, assisting in exercising their rights and communicating without undue delay, within the time limits provided by the Regulation or the PDPA.
10.2. Personal data subjects have the following rights guaranteed by the Regulation and domestic law:
The data subject has the right of access to the personal data related to him/her and to receive feedback from the Provider within date of receipt of the request and under the terms of the Regulation and PDPA;
Right to correct personal data:
The data subject has the right to ask the controller to correct inaccurate personal data related to him/her and to receive feedback from the Provider for the actions he/she has taken in time of received request and under the terms of the Regulation and PDPA;
Right to erasure (right of subject to be forgotten):
The data subject has the right to request from the Provider to delete related personal data, and the Сontroller has the obligation to delete them when any of the following legal base is applicable:
– personal data is not necessary for purposes established by the Provider for which it is assembled or otherwise processed;
– the data subject consent for data processing has been duly withdrawn, and at the time of withdrawal, there is no other legal basis for data processing by the Provider;
– the data subject opposes processing pursuant to Article 21 (1), (exercising right of objection) as of Regulation (EU) 2016/679 of 27.04.2016, in force of 25.05.2018 (“The Regulation”) and has no legal ground for data processing, or the data subject objects to the processing under Article 21 (2) of that Regulation;
– data subject personal data has been tampered with unlawfully;
– personal data must be erased in order to comply with a legal obligation under Union law or the law of the Republic of Bulgaria, which law applies to the Сontroller;
– personal data have been collected in relation to the information society provision services under Art. 8 (1) of the Regulation.
The Provider shall inform the data subject about the actions taken by it regarding the exercise of this right within a period of one month from receipt of the request/application and under the terms of the Regulation and of the PDPA.
The Provider informs the data subjects that the right to be forgotten is not an absolute subjective right and the Сontroller may not allow a deletion request in one of the cases expressly provided for in Article 17 (3) of the Regulation as well as in cases where the Сontroller may have to prove that he/she is not in a position to identify the data subject who exercised that right;
Right to restrict the processing of personal data:
The data subject has the right to request from the Provider to restrict the processing of personal data when there is one of the following reasons:
– accuracy of personal data is disputed by the data subject for a period that allows the Provider to verify its accuracy;
– processing is illegal, but the data subject does not want the personal data to be deleted, but instead requiring a limitation of its use by the Provider;
– the Provider does not need more personal data for the purposes of processing, but the data subject requires it to identify, exercise, or protect legal claims;
– the data subject has objected to the Provider against processing of data under Article 21 (1) of the Regulation pending verification that the controller’s legal grounds have an advantage over the interests of the data subject.
Where processing is limited to exercising the right to restrict processing, such data shall only be processed, with the exception of its storage, only with the consent of the data subject or for the establishment, exercising, or protecting legal claims, or for the protection of rights of the data subject. another physical entity, or on important grounds of public interest to the Union or a Member State.
When a data subject has requested a limitation of processing, the Provider will inform him/her before the revocation of the processing restriction is lifted.
In any case, the Provider shall inform the data subject about exercising the right of limitation, the actions taken after receipt of the request/application, and under the terms of the Regulation and the PDPA.
Right of withdrawal of consent of the data subject:
The data subject shall have the right to withdraw his/her consent if processing is based on Article 6 (1) (a) or Article 9 (2) (a) of the Regulation. Right of withdrawal may be exercised at any time, without prejudice to the lawfulness of processing by consent, before it is withdrawn.
Right to personal data portability
Data subject is entitled to the portability of data, which means that he/she may ask the Сontroller to obtain the personal data processed by the latter in a structured and machine readable format to be transferred to another Сontroller or for the Provider to perform direct transfer of data to the other Сontroller, if technically feasible.
Right of objection:
The Provider informs the data subjects that, separately and independently of other listed rights, they are entitled under Article 21 of the Regulation at any time and on grounds relating to their particular situation to object to processing of personal data as based on Article 6 (1) of the Regulation (e), that is to say, “processing is necessary for the performance of a task in the public interest or in exercise of official authority conferred to the controller”; or point (5/f), i.e., “processing necessary for the purposes of legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular where the data subject is a child, including profiling, based on said regulations”. When exercising this right in such cases, the Provider will discontinue processing of personal data unless it can prove that there are convincing laws and grounds for processing that take precedence over the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
When processing personal data for the purposes of direct marketing, the data subject is entitled at any time to object to the processing of personal data related to him/her for this type of marketing, including profiling insofar as it relates to direct marketing. When the data subject opposes processing for direct marketing purposes, processing of personal data for these purposes is terminated.
In the context of information use by the information society, and notwithstanding Directive 2002/58 / EC, the data subject may exercise his/her right of objection by automated means using technical specifications.
The entity has a right not to be the subject of a decision based solely on automated processing involving profiling:
The data subject has the right not to be the subject of a decision based solely on automated processing involving profiling, which produces legal consequences for him/her or similarly affects him/her significantly.
Right to information and assistance:
The Provider shall provide the data subject with information on actions taken in connection with his/her request to exercise the rights of entities referred to in Articles 15-22 of the Regulation without undue delay and in any case within 30 days of receipt of the request unless the PDPA provides a longer term.
When the data subject submits a request by electronic means, the information is to be provided, if possible.
Right to appeal to supervisors:
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to appeal to the supervisory authority in the Member State of habitual residence, place of work or place of suspected infringement if the data subject considers that processing of personal data related to it violates the provisions of the General Regulation about protection of personal data.
All listed rights of the data subjects will be exercised by an application submitted by the e-mail: doc@unihost.com, or at: Bulgaria, Sofia, p.k. 1000 Sredets district, “Tsar Kaloyan” street, No. 8, floor 3, office 2 with the minimum required content according to the Personal Data Protection Act (PDPA).
Competent supervisory authority to which a complaint may be lodged: Personal Data Protection Commission, address: Sofia 1592, “Prof. Dr. Tsvetan Lazarov” No. 2, e-mail: kzld@cpdp.bg, website: www.cpdp.bg.
If you have any other questions, please contact us by sending an email to doc@unihost.com. The Provider will respond to your questions or comments within 5 business days.
UPDATING PERSONAL DATA PROTECTION POLICY:
The Provider has the right to periodically update this Privacy Policy. Upon a change in this policy, a message will be published on our website, as well as the updated Policy for Personal Data Protection.
+44 20 4591 3913 
