Privacy Policy

1. Introduction

When individuals are first asked to provide personal information to IWH, we provide this privacy notice. If there are changes or additional purposes for which personal data will be used, we will notify individuals before such use or before disclosure to a third party.

IWH participates in and has self-certified its adherence to the EU-U.S. Data Privacy Framework administered by the U.S. Department of Commerce. IWH complies with the EU-U.S. Data Privacy Framework Principles regarding the collection, use, and retention of personal information transferred from the EU to the United States. You can view our certification on the Data Privacy Framework List.

2. Personal data we collect

We may collect and use the following categories of personal data:

• Name.
• Contact information, such as email address and phone number.
• Demographic information, such as zip code.
• Billing information, such as credit card, bank account, and routing information.
• Service and usage data, such as IP address, requested path, user agent, device or browser type, timestamps, referring URLs, and diagnostic logs generated when you use our website or services.
• Cookie and analytics data collected through cookies or similar technologies.

We do not collect sensitive personal data, such as details about health. We collect personal data directly from customers and website visitors because it is needed to provide services, respond to requests, and operate our business. Our legal bases for processing include legitimate business interests, consent, performance of a contract, and compliance with legal obligations.

3. How we use personal data

• Provide web hosting, cloud infrastructure, and related services to individuals and businesses.
• Manage customer accounts, billing, payments, collections, and service renewals.
• Provide technical support, live chat, ticketing, identity verification, and responses to requests.
• Monitor reliability, security, abuse prevention, fraud protection, and compliance.
• Improve website performance and user experience.
• Comply with legal obligations, enforce agreements, and protect our rights.

4. Cookies and similar technologies

Cookies are small text files placed on your device when you visit a website. They help websites remember information about your visit, such as your preferences, session state, browser settings, and how you interact with pages. We may use cookies, pixels, local storage, logs, and similar technologies to keep our website functioning, secure our services, understand traffic patterns, improve performance, and support account, billing, and support features.

The types of cookies we may use include strictly necessary cookies that are required for core site and account functions; security cookies that help detect abuse, fraud, or unauthorized activity; preference cookies that remember settings; analytics or performance cookies that help us understand usage and improve the website; and functional cookies used by support, live chat, or other service tools. You can usually control or block cookies through your browser settings, but disabling some cookies may affect how the website or services function.

5. Data sharing and disclosure

We do not sell personal information. Before disclosing personal information to a third party or using it for a purpose that materially differs from the reason it was originally collected or later authorized, we will offer an opportunity to opt out where required. If we plan to use personal data for new purposes, we will notify you beforehand.

• Subsidiaries, affiliates, professional advisors, service providers, controllers, and processors acting under our instructions and privacy standards.
• Ticketing and live chat providers, including Zendesk, where communications, account metadata, email addresses, headers, IP address, user agent, chat name, and message content may be processed.
• Payment gateways, merchant processors, banks, and collection companies for billing, payment processing, and collections.
• Registrars, certificate authorities, registries, ICANN, ccTLD operators, or IP address space providers when needed for domain, certificate, or IP address services.
• Cloudflare, CDN providers, caching services, and similar infrastructure providers when customer traffic or service data passes through or is cached by those providers.
• Public authorities, regulators, courts, law enforcement, or national security authorities when required by lawful request, court order, law, or legal process.
• Other companies or organizations when we believe disclosure is necessary to protect the rights, property, or safety of IWH, our customers, or others, including cybersecurity, fraud prevention, and copyright enforcement.
• A buyer or successor in connection with a merger, restructuring, reorganization, dissolution, bankruptcy, liquidation, or sale or transfer of some or all of IWH's assets.
• Other parties with your consent or for any other purpose you provide.

For visitors to our website, IP address, requested path, and user agent may be logged for security purposes. This data is not retained past one week unless a specific security incident requires longer retention.

6. International transfers

Information collected within the EU may be transferred to and processed within the United States in accordance with the EU-U.S. Data Privacy Framework Principles. Certification to the EU-U.S. DPF is one way for U.S. companies to provide a level of privacy protection for personal data consistent with that provided within the European Economic Area.

7. Data security and management

We use administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration while it is under our control. No method of transmission or storage over the internet is completely secure, but we continuously evaluate processing risks and update our security measures as required, including assessments designed to keep data reliable, accurate, and relevant.

8. Your privacy rights

We only collect data relevant for our processing needs and do not process data in a manner incompatible with the stated purposes unless permitted by you or by law. We aim to keep personal data accurate, complete, and current, and we retain data that identifies you only for as long as relevant for processing or reasonably necessary for legal or business purposes.

Depending on your location, you may have rights to access, correct, amend, delete, or restrict the use of your personal data, object to certain processing activities, or withdraw consent at any time. You may request a copy of personal data we hold about you and ask us to correct inaccuracies unless doing so would violate others' rights or be unduly burdensome. To make a request, contact us using the details below.

9. DPF compliance, liability, and disputes

IWH maintains mechanisms designed to verify compliance with the EU-U.S. Data Privacy Framework Principles and to fix non-compliance. If we transfer personal data to a third party acting as a controller, we follow the Notice and Choice Principles and require processing only for specific, agreed-upon purposes with the same level of privacy protection. If we transfer personal data to third parties acting as our agents, we require them to provide the same level of privacy protection described in these Principles and will take corrective measures, including termination of the relationship where appropriate.

In cases of onward transfers, IWH may remain liable if a third party processes personal information in a manner inconsistent with the EU-U.S. DPF Principles and causes harm, unless we prove we were not responsible for the event giving rise to the harm. IWH is subject to the investigatory and enforcement powers of the Federal Trade Commission and any other authorized U.S. statutory body.

If you have a complaint about how we process personal data, please contact us first. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed it to your satisfaction, you may contact PrivacyTrust, an independent dispute resolution body that provides appropriate recourse free of charge. You may visit PrivacyTrust for more information or to file a complaint. If you and IWH are unable to resolve a dispute through our internal complaint resolution mechanism, you may choose binding arbitration as a last resort.

10. Children's privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

11. Changes to this policy

We may modify this policy at any time. If we make material changes, we will update the date above, post the revised version on this page, and highlight new provisions within this policy where appropriate.