Terms Of Service
Service Agreement
Privacy Policy
Domain Agreement
Resource Usage Policies
General Data Protection Regulation
Affiliates Terms Of Service
Terms Revisions

General Data Protection Regulation (GDPR)

Effective Date: August 14, 2017
Last Updated: May 28, 2026

What is GDPR?

The General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, is the EU's main data-protection law. It came into force on May 25, 2018 and replaced the EU Data Protection Directive 95/46/EC and the patchwork of national laws that implemented it. The GDPR applies whenever an organisation processes personal data of people in the EU or EEA, regardless of where the organisation itself is based.

The United Kingdom's UK GDPR and Switzerland's revised Federal Act on Data Protection (revFADP) are close cousins of the GDPR. Most of what is described below applies to all three regimes; this page mentions UK and Swiss specifics where relevant.

Is ChemiCloud GDPR-compliant?

CCHosting, Inc. (trading as ChemiCloud) is committed to transparent and secure handling of all personal data on our network. Our processes are designed to meet the requirements set out in the GDPR, the UK GDPR, and the Swiss revFADP, and we continuously review and improve our practices to maintain alignment. The full details are in our Privacy Policy.

What is ChemiCloud's role with respect to GDPR?

ChemiCloud is both a data controller and a data processor, depending on the data in question:

  • For data we collect to administer your account, bill you, provide customer support, and operate our website (your name, billing address, support tickets, etc.), ChemiCloud is a data controller;
  • For the personal data your End Users entrust to you that you host on our infrastructure as part of your use of our Services (your databases, your customers' contact lists, the contents of your email inboxes routed through us, etc.), ChemiCloud is a data processor on your behalf.

See Privacy Policy §1 for the full statement of roles.

What are my rights under GDPR?

If you are in the EU, EEA, UK, or Switzerland, you have the following rights regarding your personal data:

  • Right of access (GDPR Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (the "right to be forgotten", Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Rights related to automated decision-making (Art. 22)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with your national supervisory authority

The full text of each right, and how to exercise it, is in Privacy Policy §6.2.

How do I exercise my rights?

Email [email protected] with your request. We respond within one (1) month, extendable by two further months for complex requests (we will notify you of any extension). We do not charge a fee for handling these requests, except where they are manifestly unfounded or excessive.

Before responding, we may need to take reasonable steps to verify your identity, for example by asking you to confirm details that match those on your account.

Does ChemiCloud have a Data Protection Officer (DPO) or EU representative?

ChemiCloud has designated George Duduman as our Privacy Officer and as our EU Representative under GDPR Article 27, supported by our Privacy Team in handling all GDPR enquiries.

GDPR Article 37 does not strictly require ChemiCloud to designate a formal Data Protection Officer (DPO), because our processing does not meet the mandatory-DPO criteria of that Article (large-scale processing of special-category data, large-scale systematic monitoring, or public-authority status). Our designation of a Privacy Officer is voluntary and reflects our commitment to clear accountability for personal-data matters.

EU/EEA/UK/Swiss residents may contact our Privacy Officer, our EU Representative, or the Privacy Team directly at [email protected] to exercise any of their rights under the GDPR.

Where is my data stored? Do you transfer data outside the EU?

Because ChemiCloud operates globally, your personal data may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer personal data from the EU, EEA, UK, or Switzerland to a country that has not been deemed by the European Commission (or the equivalent authority) to provide an adequate level of protection, we rely on the Standard Contractual Clauses ("SCCs") approved by the European Commission (Decision 2021/914) and, for UK transfers, the UK International Data Transfer Addendum. Several of our sub-processors are certified under the EU–U.S. Data Privacy Framework, including Stripe, Cloudflare, and Google. Where personal data is transferred outside the EEA, we perform a Transfer Impact Assessment ("TIA") in line with European Data Protection Board Recommendations 01/2020, and apply supplementary safeguards (technical, contractual, or organisational) where the assessment identifies a need.

See Privacy Policy §4.2 for the full text on international transfers, and §4.1 for the current list of sub-processors and their jurisdictions. Our server locations for each Service tier are listed in Service Agreement §1.2 and on chemicloud.com/server-locations.

Can I choose where my data is stored?

Yes. You may select an EU/EEA datacenter at the time of order:

  • Shared, WordPress, and Reseller Hosting: Frankfurt or London;
  • Cloud VPS: Amsterdam, London, Frankfurt, Milan, Madrid, Paris, or Stockholm.

Email Hosting and Managed WordPress Hosting are currently served from US-based servers and cannot be relocated to the EU/EEA at this time. The current, up-to-date list of all available datacenter locations is published at chemicloud.com/server-locations and in Service Agreement §1.2.

How does ChemiCloud handle a data breach?

In the unlikely event of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify our lead supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, in accordance with Article 34. See Privacy Policy §8.1.

Does ChemiCloud offer a Data Processing Addendum (DPA)?

Yes. If GDPR applies to your organisation and you need a signed DPA under Article 28 to satisfy your own compliance obligations, you can download our current DPA at GDPR Addendum. In order for it to be binding, please return the executed document to [email protected].

Where can I lodge a complaint?

If you believe our processing of your personal data infringes the law, you have the right to lodge a complaint with your national data-protection supervisory authority:

  • A list of EU/EEA authorities is available at edpb.europa.eu;
  • The UK Information Commissioner's Office is at ico.org.uk;
  • The Swiss Federal Data Protection and Information Commissioner is at edoeb.admin.ch.

We invite you to contact us first at [email protected] so that we can try to resolve any concerns directly.

Where can I find the full legal text?

The complete and binding statement of how ChemiCloud handles personal data — including legal bases, sub-processors, international transfers, retention periods, your rights, cookies, security, and breach notification — is in our Privacy Policy. This page is a friendly overview; the Privacy Policy is the authoritative document.

For domain-specific WHOIS disclosures, see Domain Registration Agreement §17.

Contact

Mailing address:
CCHosting, Inc.
Attn: Privacy Team
1111B S Governors Ave # 48212
Dover, DE 19904
United States

Revisions

A dated history of changes to our legal documents is published at terms revisions.