Our Personal Data Protection Policy governs the use and storage of your data. You can see our Personal Data Protection Policy.
Divio AG is a Controller of the personal data you (data subject) provide us. Divio collects information from a variety of sources, including:
Information we collect from you directly
Information we collect about you when you call us, visit our sites or use our web applications or services
We collect the following types of personal data from you:
If any paid services are selected, following personal billing data are collected.
Billing postal code
Billing data are stored on secure servers and handled by reputable payment systems.
All the information Divio collects about you may be combined to improve our communications with you, to provide you with the services you have signed up for, and to develop and improve our services.
We take your privacy seriously and will only use your personal information for Divio business purposes such as:
To provide the products and services you request
To tell you about Divio products and services and those offered by our carefully selected business partners
To manage our sites and services
We will never sell your personal information to other companies or organisations. We may share your information:
With our carefully selected business partners for co-promotions or other joint-programmes, but only if we have previously obtained your consent.
With our third-party service providers.
When required by law and or government authorities.
From time to time we would like to contact you with details of other product and services we provide via email.
However, if you do not wish to grant this consent, we may not be able to provide the products and services you request or to tell you about other products and services offered by Divio.
Your personal data is processed either in our central administration in Stockholm or in one of our subsidiaries, either in Zurich or in New York City. Hosting and storage of your data takes place either via Amazon Web Service (AWS), Germany; AWS in the US; Exoscale, Switzerland; or via Nine, Switzerland. No third-party providers have access to your data on our systems, unless specifically required by law.
Divio has signed Data Processing Agreements (DPA) with its providers - namely, AWS (DPA), Exoscale, and Nine - incorporating a model clauses contract. This contract also includes a standard set of provisions defined and approved by the European Commission to ensure that your personal data can be transferred securely by Divio in Europe to the US.
We may process or otherwise use your personal data within our own systems in order to provide you with the services you have signed up for.
Divio has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own.
These include hosting and server co-location services, data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, email distribution and monitoring services, session recording and remote access services, performance measurement data optimisation, marketing and sales services, content providers, and our legal and financial advisors (collectively, “Third Party Service(s)”).
Such Third Party Services may receive or otherwise have access to your personal information in its entirety or in part - depending on each of their particular roles and purposes in facilitating and enhancing our services and business, and may only use it for such purposes.
Divio will take care to ensure that all selected Third Party Services are reputable, comply with GDPR and adhere to good data security practices. Divio will be accountable for the correct and safe transfer of personal data to Third Party Services, and for any instructions we give them for processing of your data. However, we can not be responsible for all use or handling of your data by Third Party Services.
Under Swiss law, we are required to keep your documents as indicated in our Data Retention Policy. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
Please see Data Retention Policy for more information on our personal data retention schedule.
Should you believe that any personal data we hold on you are incorrect or incomplete, you may request to see this information, rectify it or have it deleted. Please contact us through Data Subject Access Request Form.
In the event that you wish to complain about how we have handled your personal data, please contact our representative in the European Union, CEO, Jon Levin at firstname.lastname@example.org, who will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Swedish Data Protection Authority via the following link and email address: