.svg)
Privacy Policy
European Web Services SG UG (haftungsbeschränkt)
Effective Date: 06 November 2025
1. Introduction
European Web Services SG UG (haftungsbeschränkt), trading as "euBackups" ("euBackups", "we", "us", or "our") operates the website https://eubackups.com and provides backup, security, and IT management services (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
European Web Services SG UG (haftungsbeschränkt)
Scharnhorststraße 24
10115 Berlin
Germany
Email: legal@eubackups.com
Website: www.eubackups.com
We are the data controller responsible for processing your personal data in connection with the Services.
3. Key Definitions
- Personal Data: Information relating to an identified or identifiable natural person (e.g., name, email address, IP address)
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion
- Data Subject: The individual to whom personal data relates
- User: Any person who uses our Services
- Customer: A registered user who subscribes to our paid Services
- Data Processor: A third party that processes personal data on our behalf
- Sub-processor: A third party engaged by our data processors
4. Types of Personal Data We Collect
4.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- Company name (for business accounts)
- Billing address
- VAT identification number (if applicable)
- Password (encrypted)
4.2 Payment Information
When you subscribe to paid Services, we collect:
- Payment method details (processed by our payment processors)
- Billing history
- Transaction records
Note: We do not store credit card numbers or payment card details. This information is processed directly by our PCI-DSS compliant payment processors (Stripe).
4.3 Service Usage Data
When you use our Services, we automatically collect:
- IP address
- Browser type and version
- Operating system
- Device information
- Pages visited and time spent
- Features used
- Backup and recovery activities
- Security alerts and events
- Error logs and diagnostic data
4.4 Customer Data (Data You Protect with Our Services)
Your files, databases, emails, security monitoring data, and other content processed through our Services ("Customer Data") are processed by us solely on your behalf. We act as a data processor for this data. See Section 11 for details.
This includes data from:
- Backup and recovery operations
- Security services (EDR, XDR, MDR, email security, DLP)
- Management services (endpoint monitoring, asset inventory)
4.5 Communications
- Support ticket content
- Email correspondence
- Live chat transcripts
- Phone call records (if applicable)
4.6 Marketing and Analytics
- Website cookies and tracking technologies
- Email engagement (opens, clicks)
- Marketing preferences
- Referral sources
5. Legal Basis for Processing Personal Data
Under GDPR, we process your personal data based on the following legal grounds:
5.1 Contractual Necessity (Article 6(1)(b) GDPR)
We process your data to:
- Provide the Services you've subscribed to
- Process payments
- Maintain your account
- Provide customer support
5.2 Legitimate Interests (Article 6(1)(f) GDPR)
We process your data for:
- Service improvement and development
- Fraud prevention and security
- Network and information security
- Internal administration
- Business analytics
5.3 Legal Obligations (Article 6(1)(c) GDPR)
We process your data to comply with:
- Tax and accounting requirements
- Anti-money laundering regulations
- Court orders and legal processes
- Data retention obligations
5.4 Consent (Article 6(1)(a) GDPR)
We process your data with your consent for:
- Marketing communications (you may withdraw consent at any time)
- Optional cookies and analytics
- Surveys and feedback requests
6. How We Use Your Personal Data
We use your personal data for the following purposes:
6.1 Service Delivery
- Creating and managing your account
- Providing backup, security, and management services
- Processing backups and restores
- Detecting and responding to security threats
- Monitoring service performance and uptime
- Providing technical support
6.2 Billing and Payments
- Processing subscription payments
- Generating invoices
- Managing payment disputes
- Preventing fraud
6.3 Communications
- Sending service-related notifications
- Responding to support requests
- Sending account updates and security alerts
- Providing product updates and announcements
6.4 Marketing (with consent)
- Sending newsletters and promotional materials
- Informing you about new features or services
- Conducting customer surveys
- Personalising marketing content
You can unsubscribe from marketing communications at any time using the unsubscribe link in emails or by contacting us.
6.5 Analytics and Improvement
- Analysing service usage patterns
- Improving service performance and reliability
- Developing new features
- Conducting research and analytics
- Troubleshooting technical issues
6.6 Legal and Compliance
- Complying with legal obligations
- Enforcing our Terms of Service
- Protecting against fraud and abuse
- Resolving disputes
- Responding to legal requests
7. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We share your data only in the following circumstances:
7.1 Service Providers and Processors
We engage trusted third-party service providers to help us operate our Services. These processors have access to personal data only to perform specific tasks on our behalf and are obligated to protect it. See Section 10 for our list of sub-processors.
7.2 Business Transfers
If we are involved in a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred to the successor entity. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
7.3 Legal Requirements
We may disclose your personal data if required to do so by law or in response to:
- Court orders or legal processes
- Government or regulatory requests
- Law enforcement requirements
- Protection against fraud, abuse, or security threats
- Enforcement of our legal rights or Terms of Service
7.4 With Your Consent
We may share your data with third parties when you have given us explicit consent to do so.
7.5 Aggregated and Anonymised Data
We may use and share aggregated statistics that cannot identify you or your business individually. This helps us improve our Services, understand usage patterns, and report on industry trends. This data is completely anonymised and contains no customer-specific information.
8. International Data Transfers
8.1 Data Storage Locations
Your personal data and Customer Data are primarily stored in data centres within the European Union (Germany). However, some of our service providers may process data outside the EU/EEA.
8.2 Transfer Safeguards
When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for countries deemed to provide adequate data protection
- Binding Corporate Rules where applicable
- Your explicit consent where required
8.3 Key International Processors
- Stripe, Inc. (USA): Payment processing - protected by Standard Contractual Clauses
- Webflow, Inc. (USA): Website hosting - protected by Standard Contractual Clauses
All international transfers comply with GDPR Chapter V requirements.
9. Data Retention
9.1 Account and Personal Data
We retain your personal data for as long as:
- Your account is active
- Necessary to provide Services to you
- Required by law or for legitimate business purposes
9.2 Retention Periods
- Active account data: Retained while your account is active
- Customer Data: Retained according to your chosen retention policies
- After account closure: Personal data deleted within 30 days, except where retention is required by law
- Billing records: Retained for 10 years as required by German tax law
- Support tickets: Retained for 3 years for quality assurance
- Marketing data: Retained until you unsubscribe or withdraw consent
9.3 Legal Hold
We may retain data longer if required by law, litigation, investigation, or dispute resolution.
9.4 Your Customer Data
Upon service termination, your Customer Data is retained for 30 days to allow for retrieval. After this period, it is permanently deleted. You are responsible for downloading your data before the retention period expires.
10. Sub-Processors and Service Providers
We engage the following categories of sub-processors to help deliver our Services:
10.1 Infrastructure and Hosting
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Hetzner Online GmbH | Data centre and server hosting | Germany (EU) | GDPR compliant |
| Webflow, Inc. | Website hosting | USA | Standard Contractual Clauses |
10.2 Payment Processing
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing | USA | Standard Contractual Clauses, PCI-DSS certified |
10.3 Cloud Storage Providers (Optional)
When you choose to use third-party cloud storage:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Microsoft Azure | Cloud storage (optional) | EU/User choice | Microsoft Privacy Shield successor framework |
| Google Cloud Platform | Cloud storage (optional) | EU/User choice | Google Privacy Shield successor framework |
10.4 Backup Technology
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Acronis International GmbH | Backup, security, and management platform technology | Switzerland/EU | GDPR compliant, Standard Contractual Clauses |
10.5 Business Communications
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Ireland Limited (Google Workspace) | Internal business email and customer communications | Ireland (EU)/USA | Standard Contractual Clauses, GDPR compliant |
10.6 Sub-Processor Changes
We may engage new sub-processors or change existing ones. We will update this list and notify customers of material changes via email at least 30 days in advance. You may object to a new sub-processor within 30 days of notification.
11. Your Customer Data (Data Processing)
11.1 Your Role as Data Controller
When you use our Services to protect data containing personal information (e.g., employee records, customer data, security logs), you are the data controller and we act as your data processor.
11.2 Our Obligations as Processor
We process your Customer Data only on your documented instructions and:
- Do not access, use, or disclose your Customer Data except as necessary to provide Services or as required by law
- Implement appropriate technical and organisational security measures
- Assist you in responding to data subject requests
- Assist you in ensuring compliance with GDPR obligations
- Delete or return data upon termination of Services
Customer-Managed Encryption: We support encryption of your backup data with your own encryption keys. If you enable this option, your backup data is encrypted before it reaches our systems, and only you hold the decryption keys. This means:
- We cannot access your unencrypted backup data
- In the event of a legal request for your backup data, we can only provide encrypted data
- Only you can decrypt your backup data with your keys
- This provides an additional layer of privacy protection while we maintain our legal compliance obligations
11.3 Data Processing Agreement (DPA)
Our relationship regarding your Customer Data is governed by our Data Processing Agreement (DPA), available at /data-processing-agreement and incorporated into our Terms of Service.
11.4 Your Responsibilities
As the data controller of your Customer Data, you are responsible for:
- Ensuring you have a legal basis to process personal data
- Providing privacy notices to your data subjects
- Handling data subject requests (access, deletion, etc.)
- Determining data retention periods
- Ensuring compliance with applicable data protection laws
12. Data Security
12.1 Technical Measures
We implement industry-standard security measures to protect your data:
- Encryption in transit: TLS 1.3 for all data transmissions
- Encryption at rest: AES-256 encryption for stored data
- Customer-managed encryption (optional): You can enable encryption of your backup data with your own keys, ensuring only you can decrypt your backup data
- Access controls: Role-based access with multi-factor authentication
- Network security: Firewalls and network protection
- Secure data centres: ISO 27001 certified facilities within the EU
- Resilient infrastructure: Redundant systems with geo-replication options
- Security monitoring: 24/7 monitoring and incident response
12.2 Organisational Measures
- Regular security audits and penetration testing
- Employee security training and background checks
- Confidentiality agreements with all staff and contractors
- Incident response and business continuity plans
- Regular software updates and patch management
- Secure development practices
12.3 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours (as required by GDPR)
- Notify affected individuals without undue delay if there is a high risk
- Provide details about the breach and mitigation measures
- Document all breaches in our breach register
12.4 Limitations
While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.
13. Your Data Protection Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights:
13.1 Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you. You can access most of your account data directly through your customer portal at https://billing.eubackups.com.
13.2 Right to Rectification (Article 16)
You have the right to correct inaccurate or incomplete personal data. You can update your account information directly in your customer portal or by contacting us.
13.3 Right to Erasure ("Right to be Forgotten") (Article 17)
You have the right to request deletion of your personal data when:
- It is no longer necessary for the purposes for which it was collected
- You withdraw consent (where processing was based on consent)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
- Deletion is required to comply with a legal obligation
Note: We may retain data where required by law or for legitimate purposes (e.g., billing records for tax compliance).
13.4 Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing when:
- You contest the accuracy of the personal data
- Processing is unlawful and you oppose erasure
- We no longer need the data, but you need it for legal claims
- You have objected to processing pending verification of legitimate grounds
13.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller. This applies to data you provided based on consent or contract.
13.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
13.7 Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
13.8 Right to Lodge a Complaint (Article 77)
You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or place of alleged infringement.
German Supervisory Authority:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: https://www.bfdi.bund.de
13.9 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: legal@eubackups.com
- Customer Portal: https://billing.eubackups.com
We will respond to your request within one month. This period may be extended by two additional months where necessary, taking into account the complexity and number of requests.
We may request additional information to verify your identity before processing your request.
14. Cookies and Tracking Technologies
14.1 What Are Cookies?
Cookies are small text files placed on your device when you visit our website. They help us provide, improve, and secure our Services.
14.2 Types of Cookies We Use
Essential Cookies (Required)
- Authentication and session management
- Security and fraud prevention
- Service delivery and functionality
- Load balancing
These cookies are necessary for the website to function and cannot be disabled.
Functional Cookies (Optional)
- Remember your preferences and settings
- Provide enhanced features
- Customise your experience
Analytics Cookies (Optional, with consent)
- Usage statistics and performance metrics
- Understanding how visitors use our Services
Marketing Cookies (Optional, with consent)
- Remarketing and advertising
- Measuring campaign effectiveness
- Personalising marketing content
14.3 Cookie Management
You can control cookies through:
- Our cookie consent banner on first visit
- Browser settings to refuse or delete cookies
Note: Disabling essential cookies may affect website functionality.
14.4 Cookie Retention
- Session cookies: Deleted when you close your browser
- Persistent cookies: Retained for up to 24 months
14.5 Third-Party Cookies
Our website may contain links to third-party websites. We are not responsible for their cookie policies. Please review their privacy policies.
15. Marketing Communications
15.1 Types of Communications
With your consent, we may send you:
- Newsletters
- Product updates and new feature announcements
- Special offers and promotions
- Customer surveys
- Educational content
15.2 Opt-Out
You can opt out of marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Updating preferences in your customer portal
- Emailing us at legal@eubackups.com
15.3 Service Communications
We will continue to send essential service-related communications (e.g., security alerts, billing notifications, Terms of Service updates) even if you opt out of marketing.
16. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will take steps to delete such data from our systems.
17. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
17.1 Right to Know
You have the right to request information about the categories and specific pieces of personal data we have collected about you.
17.2 Right to Delete
You have the right to request deletion of your personal data, subject to certain exceptions.
17.3 Right to Opt-Out of Sale
We do not sell personal data. We have not sold personal data in the past 12 months.
17.4 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
17.5 Exercising CCPA Rights
To exercise these rights, contact us at legal@eubackups.com. We will verify your identity before processing your request.
18. Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals because there is no universally accepted standard for how to interpret them.
19. Changes to This Privacy Policy
19.1 Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
19.2 Notification
We will notify you of material changes by:
- Email to your registered email address
- Prominent notice on our website or customer portal
- Update notification when you log in
Changes will be effective 30 days after notification, unless a longer period is required by law.
19.3 Review
We encourage you to review this Privacy Policy periodically. The "Effective Date" at the top indicates when it was last updated.
19.4 Continued Use
Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.
20. Data Protection Officer
While not legally required for our size, we have designated a Data Protection Contact:
Data Protection Contact:
European Web Services SG UG (haftungsbeschränkt)
Attn: Data Protection
Scharnhorststraße 24
10115 Berlin
Germany
Email: legal@eubackups.com
21. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: legal@eubackups.com
Support Portal: https://billing.eubackups.com/submitticket.php
Address:
European Web Services SG UG (haftungsbeschränkt)
Scharnhorststraße 24
10115 Berlin
Germany
Response Time: We aim to respond to all enquiries within 48 hours.
22. Supervisory Authority
If you have concerns about how we handle your personal data, you can contact your local data protection authority or the German federal data protection authority:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Tel: +49 (0)228 997799-0
Fax: +49 (0)228 997799-5550
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de
23. Additional Information
23.1 Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
23.2 Data Minimisation
We collect only the personal data necessary to provide and improve our Services. We do not collect excessive or irrelevant data.
23.3 Accuracy
We take reasonable steps to ensure personal data is accurate and up to date. You can help us by keeping your account information current.
23.4 Transparency
We are committed to being transparent about our data practices. If anything in this Privacy Policy is unclear, please contact us.
Last Updated: 06 November 2025
Version: 2.0
*This Privacy Policy should be read in conjunction with our Terms of Service and Data Processing Agreement.*
