Terms & Policies
1. What we need
Our Personal Data Protection Policy governs the use and storage of your data. You can see our Personal Data Protection Policy.
Divio AG is a Controller of the personal data you (data subject) provide us. Divio collects information from a variety of sources, including:
- Information we collect from you directly
- Information we collect about you when you call us, visit our sites or use our web applications or services
We collect the following types of personal data from you:
- Email address
If any paid services are selected, following personal billing data are collected.
- Billing Email
- Billing address
- Billing postal code
- Billing city
- Billing state
- Billing country
Billing data are stored on secure servers and handled by reputable payment systems.
All the information Divio collects about you may be combined to improve our communications with you, to provide you with the services you have signed up for, and to and to develop and improve our services..
2. Why we need it
We take your privacy seriously and will only use your personal information for Divio business purposes such as:
- To provide the products and services you request
- To tell you about Divio products and services and those offered by our carefully selected business partners
- To manage our sites and services
We will never sell your personal information to other companies or organisations. We may share your information:
- With our carefully selected business partners for co-promotions or other joint-programmes, but only if we have previously obtained your consent.
- With our third-party service providers.
- When required by law and /or government authorities.
From time to time we would like to contact you with details of other product and services we provide via email.
However, if you do not wish to grant this consent, we may not be able to provide the products and services you request or to tell you about other products and services offered by Divio.
3. What we do with it
Your personal data is processed either in our central administration in Stockholm or in one of our subsidiaries, either in Zurich or in New York City. Hosting and storage of your data takes place either via Amazon Web Service (AWS), Germany; AWS in the US; Exoscale, Switzerland; or via Nine, Switzerland. No third-party providers have access to your data on our systems, unless specifically required by law.
Divio has signed Data Processing Agreements (DPA) with its providers - namely, AWS (DPA), Exoscale, and Nine - incorporating a model clauses contract. This contract also includes a standard set of provisions defined and approved by the European Commission to ensure that your personal data can be transferred securely by Divio in Europe to the US.
3.1. Data processing and handling within Divio's systems
We may process or otherwise use your personal data within our own systems in order to provide you with the services you have signed up for.
3.2. Third party systems
Divio has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own.
These include hosting and server co-location services, data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, email distribution and monitoring services, session recording and remote access services, performance measurement data optimisation, marketing and sales services, content providers, and our legal and financial advisors (collectively, “Third Party Service(s)”).
Such Third Party Services may receive or otherwise have access to your personal information in its entirety or in part - depending on each of their particular roles and purposes in facilitating and enhancing our services and business, and may only use it for such purposes.
Divio will take care to ensure that all selected Third Party Services are reputable, comply with GDPR and adhere to good data security practices. Divio will be accountable for the correct and safe transfer of personal data to Third Party Services, and for any instructions we give them for processing of your data. However, we can not be responsible for all use or handling of your data by Third Party Services.
4. How we keep it
Under Swiss law, we are required to keep your documents as indicated in our Data Retention Policy. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
Please see Data Retention Policy for more information on our personal data retention schedule.
5. What are your rights?
Should you believe that any personal data we hold on you are incorrect or incomplete, you may request to see this information, rectify it or have it deleted. Please contact us through Data Subject Access Request Form
In the event that you wish to complain about how we have handled your personal data, please contact our representative in the European Union, at firstname.lastname@example.org or the CEO, Christian Bertschy at email@example.com, who will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Swedish Data Protection Authority via the following link and email address: