1. Data controller
Controller / Representative: Noemí Catalá
Tax ID (NIF): 52115375C
Address: C/ José Sánchez Pescador, 7, 28007 Madrid, Spain
Website: https://www.mihosting.com
General contact: ayuda@mihosting.com
Data protection contact: delegadopd@mihosting.com
This policy is governed by the GDPR (EU Regulation 2016/679) and the LOPDGDD (Spanish Organic Law 3/2018). We apply the principles of lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality (Art. 5 GDPR).
2. Who this policy applies to
This policy applies to:
- Website visitors.
- Customers who contract hosting, domain, email or other services.
- Resellers and affiliates.
- Commercial leads and users who interact through any channel (form, chat, phone, ticket).
Use of the website and contracting of services imply acceptance of this policy and confirmation that the information provided is accurate and current.
3. What data we process
- Identification and contact: name, surname, ID/Tax ID (DNI/NIF/CIF), postal address, email, phone.
- Credentials: username and encrypted password.
- Contracting and billing: contracted services, order history, payment data (processed by payment gateways; we do not store card data).
- Communications: technical support records, tickets and customer service interactions.
- Technical data: IP address, browser type, pages visited, server logs.
- Domain data: registrant details and administrative/technical contacts as required by ICANN and each TLD's registry.
We do not request or process special category data (Art. 9 GDPR).
4. Purposes and legal basis (Art. 6 GDPR)
- Service delivery — contract performance (Art. 6.1.b).
- Billing, collections and accounting/tax obligations — legal obligation (Art. 6.1.c).
- Handling commercial enquiries and support — legitimate interests / pre-contractual measures (Art. 6.1.f and 6.1.b).
- Security, fraud prevention and service quality — legitimate interests (Art. 6.1.f).
- Service communications — contract performance / legitimate interests (Art. 6.1.b and 6.1.f).
- Marketing and remarketing — consent (Art. 6.1.a), always revocable.
- Personnel selection and collaborations — pre-contractual measures / consent (Art. 6.1.b and 6.1.a).
- Compliance with authority requirements and sector obligations — legal obligation (Art. 6.1.c).
Purposes based on legitimate interests are subject to a proportionality review; you may object at any time.
5. Recipients and processors
We share data with the following recipients, who are contractually bound to GDPR compliance (Art. 28 GDPR):
- Infrastructure providers and data centres.
- Payment gateways: Stripe and PayPal.
- CDN and support/communications systems.
- Analytics and marketing platforms.
- Domain registrars and ICANN registries.
- Competent authorities, when legally required.
6. International data transfers
Some processors handle data in Germany and the United States. Transfers to the USA are underpinned by the EU–US Data Privacy Framework and, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Retention periods
We retain personal data for as long as the commercial relationship lasts. After it ends, data is blocked and retained solely for the statutory limitation periods:
- 6 years for commercial obligations.
- 4 years for tax obligations in Spain.
8. Individual rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing, data portability and withdrawal of consent at any time by emailing delegadopd@mihosting.com with a copy of your identity document. We will respond within one month.
You may also lodge a complaint with the Spanish Data Protection Authority (AEPD, www.aepd.es).
9. Security
We implement technical and organisational measures appropriate to the risk: least-privilege access controls, encryption in transit and at rest, firewalls and IDS, regular backups, logging and monitoring, strong password policies, staff training and incident management procedures. We work with our providers to ensure an adequate level of security.
10. Minors
Services are directed exclusively at adults. When we identify accounts belonging to minors, we will proceed to cancel them and delete the corresponding data without delay.
11. Automated decisions and profiling
We do not make automated decisions with legal effects on users. We carry out basic profiling for security/anti-fraud purposes (legitimate interests) and for marketing purposes only if you have accepted the relevant cookies (consent). You may object or opt out at any time.
12. Cookies and similar technologies
- Strictly necessary technical cookies: essential for website operation. No consent required.
- Optional cookies (analytics and marketing): activated only if you accept them.
You can configure your preferences or withdraw consent at any time from the website's cookie preferences panel.
13. Policy changes
We will publish changes on this page. For material changes, we will notify you with reasonable advance notice by email or via a notice in the Client Portal so that you can evaluate them or, where applicable, object.
14. Dispute resolution and governing law
This policy is governed by Spanish law. The parties submit to the courts and tribunals of Madrid, except where mandatory law provides otherwise, and without prejudice to the right to lodge a complaint with the AEPD.
15. Domain-specific information
To register, transfer or renew domains, we share registrant data with the relevant registrars and TLD registries, in accordance with ICANN policies. Email and identity verification is required, and data is published in a limited form in RDAP/WHOIS in accordance with each registry's applicable policies. The legal basis is contract performance and compliance with sector-specific obligations.
16. Indicative list of processors (non-exhaustive)
- Payments: Stripe, PayPal.
- Infrastructure: data centres and CDN.
- Support and communications: ticketing and messaging systems.
- Analytics and marketing: web analytics platforms.
- Domains: ICANN-accredited registrars and TLD registries.
We maintain records of processing activities and data processing agreements in accordance with Art. 30 GDPR.
17. Countries outside the EU/EEA
For processing carried out outside the European Economic Area, we sign Standard Contractual Clauses (SCCs) and apply additional technical and organisational measures (encryption, minimisation, pseudonymisation) to ensure a level of protection equivalent to that of the GDPR.
18. How to contact us
Data protection: delegadopd@mihosting.com
General contact: ayuda@mihosting.com
Postal address: C/ José Sánchez Pescador, 7, 28007 Madrid, Spain