GDPR Commitment

Last Updated: 3 December 2025

This page describes how Astronova Host (“Astronova”, “we”, “our”, or “us”) supports compliance with the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, where applicable.

1. Role Under the GDPR

For most Customer Content processed via our infrastructure, Astronova acts as a processor, while our customers act as controllers determining the purposes and means of processing. For certain data (such as account and billing information), Astronova may act as an independent controller.

2. Lawful Basis and Transparency

When acting as a controller, we process personal data on lawful bases including contract performance, legitimate interests, legal obligations, and consent where appropriate. Our Privacy Policy provides additional transparency about these activities.

3. Data Processing Agreement

Astronova offers a Data Processing Agreement (DPA) that incorporates GDPR-compliant terms, including subject matter and duration of processing, types of data and categories of data subjects, security measures, subprocessing, and international transfer mechanisms.

4. Data Subject Rights

We provide tools and processes that help controllers respond to data subject requests (access, rectification, deletion, restriction, portability, and objection). Where we act as controller, individuals may contact us directly to exercise their rights.

5. Security and Technical Measures

We implement technical and organizational measures designed to protect personal data, including:

• Secure data center infrastructure.
• Network-level protections (firewalls, segmentation, DDoS mitigation).
• Access controls and multi-factor authentication for internal systems where applicable.
• Encryption in transit and, where applicable, at rest.
• Backup, logging, and monitoring.

6. Subprocessors

We may engage subprocessors to support our operations. We use written agreements to impose appropriate data protection obligations on subprocessors and remain responsible for their performance.

7. International Data Transfers

Where personal data is transferred from the EEA or UK to countries not considered to provide an adequate level of protection, we implement appropriate safeguards such as standard contractual clauses or other lawful mechanisms.

8. Data Breach Notification

We maintain incident response procedures and, where applicable, will notify controllers without undue delay after becoming aware of a personal data breach so they can meet their obligations under the GDPR.

9. Data Protection by Design and Default

We consider privacy and security in the design of our infrastructure and Services, including implementing default settings that aim to limit personal data processing to what is necessary for the intended purposes.

10. Contact and Data Protection Queries

For questions about GDPR and our data protection practices, contact:

Privacy Office
Astronova Host
Email: legal@astronovahost.com

11. Disclaimer

This page is for informational purposes only and does not constitute legal advice. Controllers remain responsible for assessing their own GDPR compliance obligations.