Privacy policy and data processing statement

ICDSoft respects the right to privacy of customers, visitors of this site, and visitors of sites within ICDSoft's network. Following legislation in regards to privacy, including US privacy laws and the GDPR, ICDSoft is committed to protecting personal data. This privacy policy explains how personal information is processed and used. Your personal information will only be used in ways described in this privacy policy.

Privacy information

Every computer connected to the Internet is assigned a set of numbers that serve as that computer's IP (Internet Protocol) address. When a visitor requests a page from any website within the ICDSoft.com Network, our web servers automatically recognize that visitor's IP address. We use the IP logs to examine our traffic in aggregate, but do not collect and evaluate this information for individuals. Our web servers do not record e-mail addresses of visitors.

What are cookies?

A cookie is a small piece of data that is sent to your browser from a web server and stored on your computer's hard drive. We may send session ID cookies as well as persistent cookies. Session ID cookies terminate and are erased once you close your browser or log out, while persistent cookies are stored on your hard drive for longer periods. Cookies cannot damage your system. You can choose whether to accept cookies by changing the settings of your browser. You can reset your browser to refuse all cookies, or allow your browser to show you when a cookie is being sent. If you choose not to accept these cookies, your experience at our site and other websites may be diminished, and some features may not work as intended.

What other information do you request?

The personal information that we request and collect through online forms for ordering services and products include the following:

Your name

Your e-mail address

Postal address

Phone and fax numbers

Domain name

This type of information allows us to process and fulfill your order and to notify you of your order status. This information may also be used by us to notify you about renewal, service maintenance or upgrades, but will not be shared or sold to third parties for any purpose. We maintain a strict privacy policy which means that we do not intend to sell, rent, or otherwise give your e-mail address to third parties.

ICDSoft.com does not request or collect credit card information. We use third party billing agents to process payments made for services or products offered by us.

ICDSoft.com will always make an effort to include a link to this Privacy Policy on every page that includes a web form for collecting personal information from you.

Domain name registration and WHOIS

The Internet Corporation for Assigned Names and Numbers ("ICANN") requires collecting the following personal information during the domain name registration process:

Your full name

Mailing address

Phone and fax number

E-mail address

ICANN then requires all registrars to make the above mentioned information, as well as the creation and expiration dates of your domain name registration and the name server information associated with your domain name, available to the public via an interactive web page and a "port 43" WHOIS service. This information can be referred to as your "WHOIS Information". Please note we may not be able to control how members of the public may use the WHOIS Information.

Will you disclose the information you collect to third parties?

ICDSoft will disclose personal information only when required by law or in the good-faith belief that such action is necessary to:

Conform to the edicts of the law or comply with a legal process served on ICDSoft's site.

Protect and defend the rights or property of our site, or its visitors.

Identify persons who may be violating the law, the legal notice, or the rights of third parties.

Cooperate with the investigations of purported unlawful activities.

ICDSoft will never use your name, account data, your trademark, or any data related to the hosting account, to advertise our own hosting services in any way. An exception to this could be cases in which we receive your explicit consent on this. Except in the cases listed above, ICDSoft will not provide to third parties information whether a certain party is our customer or not. Please have in mind that information about the hosting service of a site could be obtained from other sources, such as the site IP address and its owner/maintainer.

What else should I know about my privacy when online?

Please keep in mind that whenever you voluntarily disclose personal information online - for example through e-mail, discussion lists, or elsewhere - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.

Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you're online.

Withdrawing your consent

ICDSoft cannot provide hosting and related services without access to your personal data listed in this document. Withdrawing your consent to the usage of your personal data includes the immediate discontinuation of all services you use at ICDSoft. You can request service discontinuation at any time, through the support channels offered by ICDSoft.

Site Activity and User Interfaces

To improve the quality of our services and the user-feel of our customers, we may use various tools to track user activity within the sites and interfaces maintained by us. Under this article:

we will use only pseudonymous data, by collecting and summarizing data such as visited pages, IP addresses, user agents and screen resolutions, and NO personal data such as names and email addresses.

all collected data will be used internally only - no data will be transferred to third parties.

Reaching ICDSoft.com through an affiliate link

If you reach this site (https://icdsoft.com) through an affiliate link and you purchase a hosting account, the owner of the affiliate link will be able to see the domain name associated with the hosting account you have purchased. No other personal data (name, email address, contact details) will be disclosed to the affiliate link owner.

Data Processing Statement

The purpose of this statement is to ensure the compliance of ICDSoft services with General Data Protection Regulation of EU (GDPR), and to allow customers of ICDSoft to organize their own compliance with the GDPR.

Definitions in this statement:

Provider - ICDSoft LLC, incorporated in Bulgaria, Reg. No 130948460, with address Sofia, Bulgaria, 39-41 Cvetna Gradina Str.

Customer - any person or organization that has ordered services from the Provider, having agreed with the Terms of Use of the Provider.

Site Visitor - any party that is using the site and related services, established by the Customer on the infrastructure of the Provider. The Site Visitor may be or may not be in a contractual agreement with the Customer, but is NOT in a contractual agreement with the Provider.

GDPR - General Data Protection Regulation of EU 2016/679 of the European Parliament

Data Controller - an entity which determines the purposes and means of the processing of customer data. Full definition of Data Controller is determined by the GDPR.

Data Processor - an entity which processes personal data on behalf of the controller. Full definition of Data Controller is determined by the GDPR.

Personal Data - defined in the GDPR, any data that can be used to determine a physical person or a company.

The Provider, as an owner/maintainer of the infrastructure used for the provision of services to the Customer, has access to any data that the Customer stores on the Provider infrastructure. As such, the Provider acts as a Data Processor for this data. The Provider cannot and will not act as a Data Controller of any data that the Customer stores on the infrastructure of the Provider.

With this Data Processing Statement, the Provider confirms the following:

1. Any Personal Data for which the Provider acts as a Data Processor will not be used by the Provider for any other means than for the provisioning of the ordered and paid services by the Customer. This includes any technical assistance needed for the provision of services. The Provider will never disclose any of this Personal Data to third parties, unless this is required by law.

2. The Provider has taken the needed measures to ensure the security of the server and network infrastructure. This includes the physical security at the locations where the infrastructure is located, as well as the software and network security of the devices used in the infrastructure. Information about specific security measures can be found on the Provider web page and/or related documents.

3. The Provider maintains active monitoring of their servers and network. Any possible breaches that could involve leakage of Personal Data to third parties will be immediately reported to the Customer, via the contact details provided by the Customer for the provision of the ordered services.
NOTE: The website of the Customer, as well as related software maintained by the Customer, is not considered a part of the Provider infrastructure.

4. The Provider maintains monitoring on the site of any Customer. Any possible breaches spotted by this monitoring will be reported to the Customer, to the best of the Provider abilities.

5. All personnel of the Provider that has access to Personal Data has been properly trained and instructed on the manner it should work with it.

6. To ensure the security of their own infrastructure and network, and to be able to investigate malicious activity, the Provider records the following data of all Site Visitors: IP address, User Agent.
The Provider also records the time of visit and the resources accessed. The Provider will not request a consent regarding the above Personal Data of Site Visitors. The above Personal Data will be stored for two years after its creation, and will not be used for any other purpose than for an investigation of possible malicious/fraudulent activities.

7. Except for the data listed in point 6, the Customer can manage/delete at their own discretion any other Personal Data they store on the infrastructure of the Provider.

8. To comply with the GDPR, the Customer, as a Data Controller of Personal Data of Site Visitors, must establish their own rules and practices regarding data processing.

Data erasure requests

According to the General Data Protection Regulation (GDPR), art. 17, the Customer has the right to execute a data erasure request (a.k.a. "Right to be Forgotten") from the Data Controller. Requests to ICDSoft to remove data for which ICDSoft is a Data Controller can be submitted either through a support ticket or by email. ICDSoft will process such requests in no more than three business days after receiving the request and confirming the identity of the requesting person, and will remove all customer personal data that is no longer necessary for the purpose for which it has been collected. This may include 1) all collected personal data for Customers that have not concluded any contracts with ICDSoft (eg. purchased services), or, 2) in case the Customer is or has been in contractual obligations with ICDSoft, all personal data, unless the data required by the tax, accounting, or other laws in Bulgaria, the EU, or the country where the legal presence of the customer is.

Collection and retention policy for Slack data

In order for the "ICDSoft Web Hosting" app for Slack to function and send you service-related notifications, we collect account-related data from Slack, such as user ID, team ID, and channel ID. This data is kept for as long as you have your ICDSoft account connected to your Slack account and is used with the sole purpose of notifying you about services provided by ICDSoft. You can disconnect your Slack account at any time via the ICDSoft Account Panel > My Account > Notifications for Slack > Disconnect. Upon disconnecting your Slack account, you can choose to have the Slack data we have collected for your account deleted immediately. If you do not select this option, our system will automatically delete all collected data after 90 days.