Privacy Policy

Privacy Policy

1. General

Data protection and data security when using our website are very important to us.

If you would like an introduction to the topic of data protection and the General Data Protection Regulation, you can find further information on the website of the Federal Data Protection Commissioner, for example, at https://www.bfdi.bund.de/DE/Home/home_node.html.

Below we explain how we collect your personal data when you visit our website and for what purposes we use it. As changes to the law or changes to our internal company processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly. The privacy policy applies to the SABAY HOST website, which can be accessed under the domain www.sabayhost.com.

2. Information on the controller and data protection officer

2.1 The controller responsible for the processing of your personal data is Sabayhost Head, #31E Street 104, Khan Russey Keo, Phnom Penh, Cambodia. You can contact us for general questions either by (telephone or telegram) on +855 158 108 53 or by email at support@sabayhost.com. Further information can be found on our website at https://sabayhost.com.

2.2 If you have any questions regarding data protection or the exercise of your rights under data protection law (see section 10), you can contact our data protection officer, Mr. Rotha Run, LL.S., either at the address #31E Street 104, Khan Russey Keo, Phnom Penh, Cambodia. or by e-mail at support@sabayhost.com.

3. General information on data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that we cannot link to your person (or only with disproportionate effort), e.g. by anonymizing the information, is not personal data.

The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

4. Provision and use of the website

The following is a list and detailed description of all processing operations in connection with your personal data that may become relevant when using our website and our services.

4.1 Provision and use of the website
a. Type and scope of data processing
For the purpose of providing our website, we process the personal data that your browser automatically transmits to our servers. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
  • IP addresses
  • Access time
  • Information on browser, operating system, language settings and screen resolution,
  • The page or file called up in each case
  • Access status (successful or error code) for each page view of all website visitors

For the purpose of detecting and defending against attacks on our website and technical infrastructure (e.g. hacking, denial of service attacks), we process personal data including

  • Identification data
  • Connection data or
  • Localization data (including IP addresses)

For this purpose, we use the Content Delivery Network (CDN) of Cloudflare Inc, 101 Townsend St San Francisco, CA 94107, with whom we have concluded a Data Processing Agreement in accordance with Art. 28 GDPR to ensure the security of your personal data. Personal data may be processed in Cloudflare's server log files.

You can find more information on data protection at Cloudfare at: https://www.cloudflare.com/privacypolicy/

b. Legal basis
Art. 6 (1) lit. f GDPR serves as the legal basis for the aforementioned data processing. The data processing is technically necessary to enable the use of our website and to prevent and detect attacks on our website and thus serves to safeguard a legitimate interest of our company.

c. Storage period
As soon as the aforementioned data is no longer required to display the website, it will be deleted. The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. Consequently, the user has no option to object. Further storage may take place in individual cases if this is required by law.

4.2 Registration on the website
a. Type and scope of data processing
On our website, we offer you the opportunity to register by providing personal data in order to be able to use the functionalities of our website that require registration, such as the user and customer portal. We process the following personal data for the purpose of registration and verifying the identity of the person making the request:
  • IP addresses
  • First name
  • Surname
  • Gender
  • Address
  • Country
  • E-mail address
  • Status as a private individual or business customer

If applicable, company name and tax identification number or comparable company identification information for business customers

b. Legal basis
The processing of the personal data described serves the fulfilment of a contract between you and Sabayhost GmbH or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR. For persons who are not party to the contract but representatives of their company, the legal basis for data processing is Art. 6 (1) lit. f GDPR.

c. Storage period
As soon as the processed data is no longer required for the performance of the contract, it will be deleted. Thereafter, the processing of the data will be restricted until the expiry of any statutory retention periods and will no longer be used for identification and access to website functions that require registration.

d. Cancellation of the registration / deletion of the user account
As a registered user, you have the option of cancelling your registration at any time. You can change the data stored about you at any time via the settings of your user account.

However, if the processed data is required for the execution/termination of a contract, premature deletion of the data is not possible.

Persons who represent their company and whose data is therefore processed on the basis of Art. 6 (1) lit. f GDPR have the right to object to the processing of their data in accordance with Art. 21 GDPR as described in section 10.

4.3 Order processing
a. Type and scope of data processing
For the purpose of processing customer orders for our products and services and delivering the products and services, we process the following personal data provided during registration on the website:
  • IP addresses
  • First name
  • Surname
  • Gender
  • Address
  • Country
  • E-mail address
  • Status as a private individual or business customer
  • If applicable, company name and tax identification number or comparable company identification information for business customers

b. Legal basis
The processing of the personal data described serves the fulfilment of a contract between you and Sabayhost GmbH or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR.

c. Storage period
As soon as the processed data is no longer required for the performance of the contract, in particular if the customer has terminated all their contracts, it will be deleted. Thereafter, the processing of the data is restricted until the expiry of any statutory retention periods and is no longer used for other purposes.

4.4 Payment processing
a. Type and scope of data processing
For the purpose of processing payments for products and services, we process the personal data provided when registering on the website:
  • IP addresses
  • First name
  • Surname
  • Gender
  • Address
  • Country
  • E-mail address
  • Status as a private individual or business customer
  • If applicable, company name and tax identification number or comparable company identification information for business customers
  • Payment and transaction data
  • the products and services ordered

If the customer does not pay the entire amount for the entire term of the contract in advance, the data will be transmitted to the respective payment service provider selected by the customer, e.g. PayPal (Europe) S.à.r.l & Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland or Skrill (Paysafe Payment Solutions Limited, 70 Sir John Rogerson's Quay, Dublin 2,D02 R296, Ireland).

In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

The following data is transmitted to the payment service provider and credit institutions involved as part of payment processing:

  • Name of the invoice recipient
  • Billing address
  • Name of the recipient of the service
  • Shipping address
  • Order number
  • Credit card number, if applicable
  • Account number
  • Bank code
  • Invoice amount
  • Currency
  • Transaction number

b. Legal basis
When processing your personal data that is required to fulfil a purchase contract concluded with us, i.e. in particular for payment processing, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. In some cases, we may also be legally obliged to transfer the above-mentioned data concerning you (implementation of strong customer authentication in accordance with Directive EU 2015/2366 (PSD 2) or the Payment Services Supervision Act (ZAG)). Insofar as we are legally obliged to transfer data, Art. 6 (1) lit. c GDPR in conjunction with the corresponding provisions of Directive EU 2015/2366 (PSD 2) or the Payment Services Supervision Act (ZAG) is used as the legal basis.

c. Storage period
We store the account information for the duration of the active customer relationship and for six months thereafter. Subsequent processing is limited to this purpose and will be deleted after all statutory retention periods have expired.

4.5 Fraud prevention
a. Type and scope of data processing
For the purpose of protection against payment fraud or misuse of our products or services for illegal purposes (e.g. spamming, hosting illegal content), we process the following personal data provided during registration on the website:
  • IP addresses
  • First name
  • Surname
  • Gender
  • Address
  • Country
  • E-mail address
  • Status as a private individual or business customer
  • If applicable, company name and tax identification number or comparable company identification information for business customers

We transmit IP addresses to Maxmind, Inc., based at 14 Spring Street, 3rd floor, Waltham, MA 02451 USA, whose MinFraud tool determines whether it is a proxy address. We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR, which guarantees data protection at the provider.

Further information on how Maxmind handles data protection can be found at: https://www.maxmind.com/en/privacy-policy

b. Legal basis
The processing and transfer are necessary to safeguard our legitimate interest in fraud prevention (Art. 6 (1) lit. f GDPR). It serves the legitimate interest of minimizing the risk of payment defaults, misuse and fraud.

c. Storage period
We will store the data until you request the deletion of your account. The processing of the data will then be restricted and no longer used for fraud prevention. The data will be stored by the provider for 18 months and then deleted.

4.6 Sanctions list screening
a. Type and scope of data processing
We use the controlled service provider Refinitiv Germany GmbH to carry out the sanctions list screening as part of order processing within the meaning of Art. 28 GDPR. Further information on how Refinitiv uses your personal data to carry out the sanctions list screening can be found in its data protection information at https://www.refinitiv.com/en/policies/privacy-statement.

b. Legal basis
Processing is required by law and is therefore based on Art. 6 (1) lit. c GDPR.

c. Storage period
The personal data will be stored until the purpose for which it was collected is achieved or ceases to apply and then deleted.

4.7 Customer and product support
a. Type and scope of data processing
In order to process all customer and product support requests that reach us by e-mail or telephone, we process
  • Name
  • First name
  • E-mail address
  • Phone number
  • If applicable, other personal data specified in the e-mail and information on the content of the request.

b. Legal basis
The processing is necessary to process the request or concern (Art. 6 (1) lit. b GDPR).

c. Storage period
Depending on the content of the request, processing is limited to the specific purpose of the request and is terminated immediately after the request has been processed. The data will be deleted after all mandatory retention periods have expired.

4.8 Typeform
a. Type and scope of data processing
We use the Typeform tool (Typeform S.L., Bac de Roda 163, 08018 Barcelona, Spain) on our website for the purpose of recording and transmitting customer inquiries and feedback using forms. The following personal data is processed by you:
  • Name
  • E-mail address
  • Your message
  • Customer feedback

We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR, which guarantees data protection at the provider.

Further information on how Typeform handles data protection can be found at: https://www.typeform.com/help/a/what-happens-to-my-data-360029581691/

5. Cookies and web analysis

a. Type and scope of data processing We use cookies on our website. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website. This website uses cookies to improve your experience and to provide you with personalized content and functions. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. In this notice, we would like to inform you about the different types of cookies we use and how you can manage your cookie settings. More detailed information on the individual cookies can be found below and in our cookie banner.

(1) Required cookies:
These cookies are essential to ensure that the website functions properly. For example, they enable you to navigate the website and fill in forms. Without these cookies, certain services on our website cannot be provided.

(2) Performance and marketing cookies:
These cookies collect information about how you use our website. They help us measure and improve the performance of our website by providing statistics and analytics. We use this information to optimize the user-friendliness and relevance of our content. This enables us to make our website more user-friendly and effective for you.

However, you can change your cookie settings at any time by clicking on the cookie settings option on our website. You have control over your cookie preferences.