From 1st July, 2018 all BHost services will be provided by Mythic Beasts Ltd.
BHost collects information during the registration process. You may update any of your details at any time by contacting us, or using the online control panel. BHost will not sell, lease or rent its client information to any third parties.
BHost will not send you any unsolicited information, including e-mail, except as mentioned below. BHost may send periodic member letters to announce important service changes, new features, technical issue updates and news about other products and services. BHost may also contact you to conduct research about your opinion of current and prospective services via e-mail surveys. We may contact you with special offers, discount coupons or to remind you about an incomplete order. BHost will not share your e-mail address or any of your personal data with any third parties.
BHost keeps your personally identifiable information private and does not share it with any third parties. BHost will not disclose your Personal Information unless acting under a good faith belief that such action is necessary to: (1) conform to legal requirements or comply with legal process; (2) protect and defend the rights or property of BHost; (3) enforce the BHost Terms and Conditions; or (4) act to protect the interests of its clients or others.
As a U.S. entity, we are an active participant in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides BHost a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.
General Data Protection Regulation (GDPR)
BHost fully complies with the GDPR requirements. We employ robust compliance, security, and data privacy practices to ensure the protection of all customer data. We will continue to invest in the security of our products and services to ensure they remain compliant with applicable legislation.
Purpose of collecting data
We collect personal data of our customers for account management, billing, internal marketing, fraud prevention purposes and provision of our internet hosting services. Information we collect includes customer name, address, email address, IP address, billing information, and phone number. We may share such data with third parties who provide us with billing, marketing, anti-fraud and account management tools. To enhance the security of our overall platform we log traffic flows to and from our network which can involve IP address information of non-customers. This data is purely for statistical purposes and does not contain any personally identifiable information. We never request or intentionally process sensitive personal data, and deliberately limit our exposure to personal data.
In order to provide our services we need to store and process your data as described. If you wish to withdraw consent, you must terminate all services with us and contact our support team to request deletion of your account.
We operate our internal services from our Amsterdam and London data center locations. More details about the physical security of these facilities can be found on our infrastructure page. Access to our physical infrastructure is strictly controlled and audited.
All communications to our website and customer portal (my.BHost) uses TLS (HTTPS) encryption. All internal data movement (e.g. API calls) also uses TLS (HTTPS) encryption.
Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). Only authorized engineering personnel have access to server systems or databases, and all access to these systems by our personnel is logged and audited on a regular basis. Personnel have access to customer services purely for the purposes of diagnosing issues and providing technical support, as well as preventing abuse. Any such access is logged and audited on a regular basis.
Our applications are protected by an industry-leading web application firewall (WAF) and all software releases are subject to internal peer-review and security-compliance checks.
Customer Virtual Machines
Customers can rely on our compliance with GDPR for the purposes of their own data protection compliance bearing in mind your obligations to implement effective security practices. We recommend customers implement best security practices such as using key-based authentication, whitelisting authorized access IPs, etc.
Responsible Vulnerability Disclosure
Our goal is to keep BHost safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.
If you have discovered a potential vulnerability we would greatly appreciate you informing our SIRT team at management@BHost.net.