Privacy Policy

This privacy policy explains how European Web Services SG UG (haftungsbeschränkt) ('euBackups', 'we', 'us', 'our') collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Version: 2.1
Last updated: 22 January 2026
Effective date: 22 January 2026

See dokument on koostatud inglise keeles, mis on siduv keel.

1. Data Controller

European Web Services SG UG (haftungsbeschränkt)
Scharnhorststraße 24
10115 Berlin, Germany
Email: legal@eubackups.com

2. Key Definitions

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, such as collection, storage, use, or deletion.
Data Subject: The individual whose personal data is being processed.
User: Any individual who accesses our website or services.
Customer: An individual or organisation that has an account with us.
Data Processor: An entity that processes personal data on behalf of the data controller.
Sub-processor: A third party engaged by us to process personal data.

3. Types of Personal Data We Collect

3.1 Account Information

Names, email addresses, company details, and billing addresses provided during registration.

3.2 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers on our servers.

3.3 Service Usage Data

IP addresses, browser information, device details, and feature engagement metrics.

3.4 Customer Data (Data You Protect with Our Services)

Files, databases, and emails protected through our backup services. This data is encrypted and we cannot access its contents.

3.5 Communications

Support tickets, emails, and chat records when you contact us.

3.6 Marketing and Analytics

Website cookies, engagement tracking, and referral sources to improve our services.

4. Legal Basis for Processing

4.1 Contractual Necessity (Article 6(1)(b) GDPR)

Processing necessary to perform our contract with you and provide our services.

4.2 Legal Obligations (Article 6(1)(c) GDPR)

Processing required to comply with legal requirements such as tax laws, anti-money laundering regulations, and data retention requirements.

4.3 Legitimate Interests (Article 6(1)(f) GDPR)

Processing necessary for our legitimate business interests, including fraud prevention, service improvement, and security.

4.4 Consent (Article 6(1)(a) GDPR)

Where required, we obtain your consent for specific processing activities such as marketing communications and non-essential cookies.

5. How We Use Your Personal Data

Providing and maintaining our backup and cyber protection services
Processing payments and managing your subscription
Communicating with you about your account and services
Providing customer support
Improving our services and developing new features
Ensuring security and preventing fraud
Complying with legal obligations
Sending marketing communications (with your consent)

7. International Data Transfers

Your data is primarily stored and processed within the European Union. When transfers outside the EU are necessary, we ensure appropriate safeguards are in place:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Binding Corporate Rules where applicable

8. Data Retention

We retain your personal data for as long as necessary to:

Provide our services to you
Comply with legal obligations (e.g., tax records for 10 years)
Resolve disputes and enforce our agreements

When your account is closed, we delete or anonymise your data within 90 days, except where retention is required by law.

9. Sub-Processors and Service Providers

We work with the following categories of service providers:

Stripe: Payment processing (Ireland/USA)
Acronis: Backup infrastructure (EU)
Hetzner: Cloud hosting (Germany)
Amazon Web Services: Cloud infrastructure (EU region)
Mailgun: Email delivery (EU)

A complete list of sub-processors is available upon request.

10. Your Customer Data

When you use our backup services, you may upload files, databases, and other data. This "Customer Data" is:

Encrypted in transit and at rest using AES-256 encryption
Stored in EU data centres
Accessible only by you (we cannot decrypt your data)
Deleted within 30 days of account termination

You remain the data controller for any personal data contained within your Customer Data.

11. Data Security

We implement appropriate technical and organisational measures to protect your data:

End-to-end encryption for all backup data
TLS 1.3 encryption for data in transit
Multi-factor authentication
Regular security audits and penetration testing
ISO 27001 certified data centres
24/7 security monitoring

12. Your Data Protection Rights

Under GDPR, you have the following rights:

12.1 Right of Access

You can request a copy of your personal data.

12.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

12.3 Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

12.4 Right to Restrict Processing

You can request that we limit how we use your data.

12.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

12.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

12.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

12.8 Exercising Your Rights

To exercise any of these rights, contact us at legal@eubackups.com. We will respond within 30 days.

13. Cookies and Tracking Technologies

13.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They are automatically sent to our servers with every request. We use minimal cookies and only with your consent for analytics.

13.2 What is Browser Storage?

Browser storage allows websites to store data on your device. Unlike cookies, this data is not sent to our servers with every request. Some data persists until you clear it or log out, while other data is automatically cleared when you close the browser tab. We use browser storage for functional purposes across our services.

13.3 Marketing Site (www.eubackups.com)

Cookies (consent required):

Name	Purpose	Duration
`_pk_id.*`	Matomo analytics - unique visitor identification	13 months
`_pk_ses.*`	Matomo analytics - session tracking	30 minutes

Browser Storage: Your cookie consent preference, so we don't ask again.

13.4 Our Analytics Approach

We use Matomo, a privacy-focused analytics platform that we self-host in the European Union. Key features:

No data is sent to third parties
All analytics data stays within the EU
No tracking until you give consent
IP addresses are anonymised
We do not use analytics for advertising or profiling

13.5 No Marketing Cookies

We do not use marketing cookies, advertising trackers, or third-party tracking scripts. We do not serve advertisements on our website.

13.6 Cookie Management

You can manage your cookie preferences at any time:

Open Cookie Settings or click "Cookie Settings" in our website footer to change your preferences
Use your browser settings to delete existing cookies
Clear browser storage through your browser's developer tools

13.7 Browsing Without Cookies

If you decline analytics cookies, our website remains fully functional. We will still track anonymous page views (without cookies) to understand general traffic patterns, but no personal data or browsing history will be stored.

13.8 Checkout Portal (checkout.eubackups.com)

Strictly Necessary Cookies:

Name	Purpose	Duration
`connect.sid`	Session management during checkout	24 hours
`__stripe_mid`	Stripe fraud prevention	1 year
`__stripe_sid`	Stripe session identification	30 minutes

Cookieless Analytics:

We use Matomo analytics in cookieless mode on checkout to understand checkout flow interactions and improve the user experience. This tracking does not set any cookies and does not require consent. No payment card information is ever stored on our servers—all payment processing is handled securely by Stripe.

Browser Storage: Your business/individual selection (persists for future visits) and temporary checkout data such as form inputs and order progress (cleared when you close the tab).

13.9 Billing Portal (billing.eubackups.com)

Browser Storage: Authentication tokens, session state, and navigation data required for the billing portal to function. This data is cleared when you log out. When making payments, Stripe may set its fraud prevention cookies.

13.10 Strictly Necessary Exemption

All cookies and browser storage described in sections 13.8 and 13.9 are strictly necessary for the checkout and billing services to function. They are exempt from consent requirements under GDPR Article 5(3) and the ePrivacy Directive. Neither portal uses analytics tracking that requires consent.

14. Marketing Communications

14.1 Types of Communications

We may send newsletters, product updates, promotional offers, and surveys.

14.2 Opt-Out

You can unsubscribe from marketing communications at any time using the unsubscribe link in our emails, through your account portal, or by contacting us.

14.3 Service Communications

Important service-related communications (such as security alerts and billing notices) will continue regardless of your marketing preferences.

15. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

16.1 Right to Know

You can request information about what personal data we collect and how we use it.

16.2 Right to Delete

You can request deletion of your personal data.

16.3 Right to Opt-Out of Sale

We do not sell your personal information. No opt-out is necessary.

16.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

16.5 Exercising CCPA Rights

California residents can exercise these rights by contacting us at legal@eubackups.com.

17. Do Not Track

Our website does not currently respond to "Do Not Track" (DNT) browser signals. We honour opt-out preferences set through our cookie consent mechanisms.

18. Changes to This Privacy Policy

18.1 Updates

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements.

18.2 Notification

We will provide 30 days advance notice of significant changes via email or through a notice on our website.

18.3 Review

We encourage you to review this policy periodically.

18.4 Continued Use

Continued use of our services after changes constitutes acceptance of the updated policy.

19. Data Protection Officer

Although not legally required for our organisation, we have designated a data protection contact:

Email: legal@eubackups.com
Address: Scharnhorststraße 24, 10115 Berlin, Germany

20. Contact Us

For privacy-related inquiries:

Email: legal@eubackups.com
Support Portal: billing.eubackups.com
Address: Scharnhorststraße 24, 10115 Berlin, Germany

We aim to respond to all inquiries within 48 hours.

21. Supervisory Authority

You have the right to lodge a complaint with the German federal data protection authority:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Straße 153
53117 Bonn, Germany
Phone: +49 228 997799-0
Email: poststelle@bfdi.bund.de
Website: www.bfdi.bund.de

22. Additional Information

22.1 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

22.2 Data Minimisation

We only collect personal data that is necessary for the specified purposes.

22.3 Accuracy

We take reasonable steps to ensure personal data is accurate and up to date.

22.4 Transparency

We are committed to being transparent about how we collect and use your data.