SiteGround Privacy Policy 

This Privacy Policy (the “Policy”, the “Privacy Policy”) applies to the processing of personal data by SG Hosting Inc., registered and existing under the laws of Delaware, USA, with registered address: 700 N. Fairfax St, Suite 614, Alexandria 22314 VA, USA ("SiteGround", "we", "us" and "our") in its capacity as a data controller of personal data.

The Policy explains our data privacy practices in regard to the processing of personal data of individuals (“data subjects”, “you”, “your”) who visit our website (the "Site"), and/or use the services and/or products ordered or accessed through the Site (the “Services”) and/or as otherwise described in the Policy below. For the avoidance of doubt, this Policy does not apply to the processing of your personal data by third parties whose websites are not owned and operated by us.

I. Categories of data subjects and types of personal data 

For the purposes of this Policy, the individuals, whose personal data is subject to data processing under this Policy, respectively the types of their personal data processed by us, may be categorized as follows:

1. Website Visitors 

a. Definition: Individuals who visit our Site. For the avoidance of doubt, websites hosted by us but operated by our Customers are not part of the definition of Site. Our Site and Services may contain links to third-party websites, which are not under our control, and we are not responsible for their content. In the event that you follow a link to such pages, please note that there are other respective privacy policies that may apply and we do not have control over such pages. We encourage you to review the privacy policies of these parties before using such other websites.

b. Types of personal data: 

• Contact information - We may collect personal data such as first and last name, email address and other contact and personal information when you sign up for our newsletter, register and get access to a demo version of any of our Services (e.g demo version of our Site Tools), download materials from our Site, such as e-books, communicate, comment, review and/or discuss topics in the sections provided for this on our Site.
• Personal data, contained in log files - When you visit our Site we may process information such as your IP address, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data. 
• Personal data collected through website analytics tools - We may collect information about your use of our Site, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (such as cookies) to recognise your device and compile information about you. They collect information such as what pages you visit and how much time you spend on these pages, the IP address assigned to you, what operating system and web browser you use, and what site you visited prior to visiting our Site. 

2. Customers  

a. Definition: Persons who enter into an agreement with us for the provision of Services.

b. Types of personal data:

• Customer account information - We process personal information such as first and last name, name of the legal entity and its legal representative, address, phone number, email address, language preferences, IP address, payment and billing information (i.e. credit card information and/or PayPal account, personal or TAX identification number etc.), so you can place orders, request information, get support and use the Services. You may also opt to provide information about your Facebook and/or Twitter accounts. 
• Personal data, contained in log files - When a Customer visits our Site we may process information such as IP address, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data. 
• Personal data collected through website analytics tools - We may collect information about Customer’s use of our Site, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (such as cookies) to recognise the device used and compile the information. They collect information such as what pages the Customer visits and how much time the Customer spends on these pages, its IP address, what operating system and web browser the Customer uses, and what site the Customer visited prior to visiting our Site.
• Other types of personal data - When the Customer contacts us, including via any of our support channels, we may process the personal data provided to us (including voice) in order to deal with the Customer’s query. In addition, if the Customer loses access to its account, we may request certain documents in order to verify its identity. Those documents may contain personal data such as name, address, nationality, date of birth, identification document number, etc.

3. Users

a. Definition: Individuals who access and/or administer any of the Services for and on behalf of  our Customers.

b. Types of personal data:  

• User information - We may process personal information such as first and last name, address, phone number, email address, so you can access and/or administer the Services, request information and get support.

• Personal data, contained in log files - When a User visits our Site we may process information such as IP address, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data.

• Personal data collected through website analytics tools - We may collect information about User’s use of our Site, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (such as cookies) to recognise the device used and compile the information. They collect information such as what pages the User visits and how much time the User spends on these pages, the IP address assigned to the User, what operating system and web browser the User uses, and what site the User visited prior to visiting our Site.

Other types of personal data - When the User contacts us, including via any of our support channels, we may process the personal data provided to us in order to deal with the User’s query. 

4. Registrants

a. Definition: Owners of domain names, registered with us. 

b. Types of personal data: 

• Domain name ownership information - We process personal data such as first and last name, name of the legal entity and its legal representative, address, phone number and email address of the Registrants, as well as the domain name and its status, name server, IP address etc.
  
  

5. End Users

a. Definition: Individuals who visit, access, use and/or interact with our Customers’ websites.

b. Types of personal data: 

• Personal data, contained in log files - When an End User visits our Customer’s website we process End User’s information such as IP address, domain name, date, request method, URI user agent, referrer, TLS version, cache data.
  
  

6. Affiliates

a. Definition: Persons who participate in our Affiliate Program.

b. Types of personal data: 

• Affiliate account information - We process personal information such as first and last name, date of birth, name of the legal entity and its legal representative, address, phone number, email address, IP address, payment information (i.e. PayPal account and/or bank account information, personal or TAX identification number etc.). 
• Personal data, contained in log files - When an Affiliate visits our Site we may process information such as IP address, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data.
• Personal data collected through website analytics tools - We may collect information about Affiliate’s use of our Site, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (such as cookies) to recognise the device used and compile the information. They collect information such as what pages the Affiliate visits and how much time the Affiliate spends on these pages, the IP address assigned to the Affiliate, what operating system and web browser the Affiliate uses, and what site the Affiliate visited prior to visiting our Site.
• Other types of personal data - We may process our communication with the Affiliate, as well as any personal information about the Affiliate which is made publicly available (e.g. in the social media accounts and channels of the Affiliate). We will also process any personal information voluntarily provided by the Affiliate to us. When the Affiliate contacts us, including via any of our support channels, we may process the personal data provided to us in order to deal with the Affiliate’s query. In addition, if the Affiliate loses access to its account, we may request certain documents in order to verify its identity. Those documents may contain personal data such as name, address, nationality, date of birth, identification document number etc.

7. Participants in events/promotions

a. Definition: Individuals, who participate in raffles, surveys, campaigns and/or register to attend events, webinars and other promotions (co)organised and/or sponsored by us or any of the companies part of SiteGround Group.

b. Types of personal data: 

• Contact information - We may process Participant’s data such as first and last name, email address, address, phone number, social media username, etc. 
• Other types of personal data - We may process your image and voice, if the event/promotion is being recorded. In case the promotions take place on our Site, when you visit it we may process information such as your IP address, referral URL, exit URL, browser software, operating system, date/time and/or clickstream data. We may also collect information about your use of our Site, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (such as cookies) to recognise your device and compile information about you. They collect information such as what pages you visit and how much time you spend on these pages, the IP address assigned to you, what operating system and web browser you use, and what site you visited prior to visiting our Site. 

8. Other individuals

a. Definition: Individuals, who may not fall under the scope of the definitions listed above, such as potential customers, potential affiliates, third parties, part of account ownership disputes, complainants, inquirers, followers in our social media channels, etc. 

b. Types of personal data:

• Contact information - We may process information such as first and last name, name of the legal entity and its legal representative, email address, address, phone number,  social media username, etc.
• Other types of personal data - We may process our communication with you, including your voice, if you contact us by phone, and/or your image, in case you share such data with us. We may also process personal information which is made publicly available (e.g. in the social media or on other webpages) or any other types of personal data provided to us in order to deal with your query.

 

II. Sources of data collection

Apart from you, being the main source of information we collect about you, we may also collect information from publicly accessible sources (e.g. companies trade register, WHOIS, local national list(s) of sanctioned persons, social media and other webpages) and/or from third parties, such as our affiliates, trusted partners, including but not limited to marketing, advertising, security service providers, etc. 

III. Purposes of and legal basis for data processing 

We strive to collect only the minimum personal data necessary for the completion of the purposes of data processing, as set out below.

If you are residing in a country from the EU/EEA or in the UK, or in any other country where the processing of personal data shall be subject to a legally defined lawful basis, the following purposes and legal basis shall be applicable to the processing of your personal data by SiteGround:

• To provide, administer, maintain and secure the Services (including our network, information systems and the server functionality operated by us) and fulfill our obligations under the applicable agreements and terms, including to administer any promotions (co)organized and/or sponsored by us or any of the companies part of SiteGround Group. In such cases the legal basis for the data processing is the performance of a contract and compliance with a legal obligation.
• To maintain and secure our Site, network, information systems and the server functionality operated by us, including but not limited to investigating and preventing fraudulent transactions, unauthorized access to the Services and other illegal activities, to address any queries, to enforce our terms, to defend against claims and protect the rights, property or safety of SiteGround, to notify you for any Service-related matters, to invite you (via separate email or during our interaction with you via any of our communication channels) to give your feedback and/or review regarding the quality of our Services and/or your experience with us and our interaction, to improve and/or develop the Services for the benefit of our Customers, and for statistical purposes. In such cases the legal basis for the data processing is our legitimate interest.
• To promote our brand and Services, including to send marketing communication, newsletters, surveys, monitor and analyze activities for advertising purposes etc. In such cases the legal basis for the data processing is your consent. The consent to such marketing communication is voluntary and can be revoked at any time. The revocation can take place in the settings in the Customer account or via the unsubscribe link in every such marketing email sent by us.
• To fulfill our legal obligations, such as compliance with court orders, orders/requests or other documents issued by competent authorities, applicable legislation, etc. In such cases the legal basis for the data processing is the compliance with a legal obligation to which we are subject.
• For other purposes which may not fall under the scope of the above-mentioned purposes we will obtain your consent.

If you are residing in a country governed by privacy laws under which consent is the only or most appropriate legal basis for processing personal data, your acceptance of this Privacy Policy or your use of our Site and/or Services, or your communication with us (as the case may be) will be considered your consent to the processing of your personal data for the purposes detailed herein.

 

IV. Cookies, beacons, tags, pixels

We use cookies to collect some of the information set out in this Policy. Cookies can store your account identifier, ordering status, personalisation or website tracking. They can also be used for technical purposes such as keeping track of your current shopping session and enabling you to proceed to checkout and pay for your according order or to save information which has already been entered (languages preference, and your region), so that we can offer improved and more personalized Services, products and other relevant communication tailored to you. Cookies also allow us to fulfill our contractual obligations to third parties and partners if you have made a purchase on our Site by following a link from theirs.

We also use remarketing pixels provided by third parties to collect the information that you have visited our Site and were interested in certain offers.

We also use beacons, tags, click tracking codes and scripts to analyze trends and movements of users around the Site, gather information about the user base as a whole and how we can improve the Services and Site, to provide advertising based upon activities and interests and to measure advertising effectiveness. As a result we may display targeted, or interest-based, offers to you based on the products you currently own or have recently viewed and deliver other communication more relevant to you and your interests outside of our Site, on other websites part of the third party's network.

We may share a unique code (such as a hashed email address) with аdvertising platforms and social networks to allow us to track online conversions from different sources and to direct targeted advertising to you or to a custom audience who share similar traits. 

You can find detailed information about our use of cookies and you may also adjust your preferences as described in our Cookie Policy.

 

V. Sharing of personal data

We disclose entire or part of your personal data in the following circumstances and always ensure that the appropriate safeguards on your privacy are undertaken:

1. To provide the Services and run our business - We may engage third-party service providers in the delivery of the Services and also for administrative, billing, tax, compliance and all other purposes related to the management of your account and our operations. In such cases your personal data may be shared with companies part of SiteGround Group, business partners, independent contractors, intermediaries, external consultants, auditors, collaborators, etc. Those third-party service providers include companies that operate in different industries such as fraud detection, technology service, internet information providers, payments and data processors, couriers, providers from the finance, media and communication, internet content and information industries, advertising and marketing, technologies, analytics, etc. and that may be located worldwide (including but not limited to the EU, EEA, Switzerland, UK, Canada, Australia, Singapore, Japan, Brazil, etc.). 

1.1. We may share personal data with our payment partner PayPal (through its service Braintree) which is acting as an independent controller for the purpose of processing the personal data shared. The processing of the personal data by PayPal is governed by the PayPal privacy statement available athttps://www.braintreepayments.com/legal/braintree-privacy-policy. 

1.2. We also may share data with Google whose invisible reCaptcha service we use to protect our website from malicious activity. Use of the invisible reCaptcha is subject to Google's Privacy Policy and Terms of Service. 

1.3. We may use artificial intelligence (AI) models and tools and integrate them into our Services for various purposes (such as SiteGround search tools, text and visual content generation, customer support, including but not limited to quality evaluation and improvement, etc.). We will disclose any such use on the respective webpage where the AI models and tools are integrated. In the course of using the AI models and tools integrated into our Services, we will not disclose any personal data to the third-party providers of AI models and tools. Although we take all necessary and reasonable care to obfuscate/anonymize any personal data before sharing any information with the third-party AI models and tool providers, we strongly advise you not to include any personal data in the AI tools integrated into our Services. 

2. To resell products and/or services of our contractors and comply with their applicable rules, regulations, and policies - When we act as resellers of products and/or services of our contractors (e.g. domain name registrars, SSL certificate providers, etc.), we may share your personal information contained in the respective order for the purchase of the products/services with these contractors to provide the respective services or products. The contractors further process the personal data shared following their privacy policies and practices. 

3. To comply with the applicable legislation and to exercise rights - We may share personal data with companies, organizations or individuals when we believe in good-faith that access, use, preservation or disclosure of such data is necessary to meet any applicable law, comply with regulations, legal procedures, enforceable requests and/or competent authority requirements; to enforce our terms, defend against claims and protect the rights, property or safety of SiteGround, our Customers and/or the public as required and/or permitted by law.

4. In case of business reorganization, transfers and/or acquisitions - We may share your information to third parties in connection with any prospective or completed business reorganization, merger, sale of company assets, or acquisition of all or a portion of our business by another entity, or in the unlikely event that SiteGround goes out of business or enters bankruptcy. If any of these events happens, we may take any reasonable steps to notify you.

5. To comply with your instructions - We may share your information with third parties with your explicit consent or at your direction. We will not, however, sell, rent, share or otherwise disclose personal data for commercial purposes in any way that is contrary to the commitments made in this Policy.

6. We also may use the services of third-party service providers for reviews (such as Trustpilot, etc.) to collect your feedback and/or review regarding our Services, their performance, our overall service quality and/or your experience with us and our interaction. In this case your name, email, chat or ticket ID, or other reference data will be shared with such third-party service providers, and they will process your data under their own privacy policies and practices.

 

VI. International data transfers

In the course of our business operations and for the delivery of the Services we may transfer personal data around the world (including but not limited to the EU/EEA, UK, Canada, Australia, Singapore, Japan, Brazil, etc.) where we and/or the third parties, specified in Section V above, use data centers, facilities and/or maintain data processing operations.

In the event that we receive personal data of data subjects from the EU/EEA, the UK and/or Switzerland, and in cases where we transfer such personal data received to other countries which are not considered to provide an adequate level of data protection, we will ensure that:

• we have provided appropriate and proportional technical and organizational data protection and cybersecurity risk mitigation measures, as well as we have performed the appropriate risk assessments;
• we have provided appropriate safeguards to protect the personal data by virtue of making available the Standard Contractual Clauses, approved by the European Commission and also recognised by the Swiss FDPIC (when the data subject is located in the EU/EEA or in Switzerland) or the International Data Transfer Agreement, issued by the competent authority in the UK (when the data subject is located in the UK), as transfer mechanisms. 

Data Privacy Framework (EU-US, UK Extension and Swiss-US). Data protection authorities

SG Hosting Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. SG Hosting Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. SG Hosting Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visithttps://www.dataprivacyframework.gov/.

As explained in Section V above we may provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's use and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations. We remain liable to you in case of any damage caused as a result of onward transfers of personal information to such third parties, unless we prove we are not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, SG Hosting Inc. commits to resolve DPF Principles-related complaints about the collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact SG Hosting Inc. at:  privacy@siteground.com. 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, SG Hosting Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. You also have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other available DPF mechanisms. To learn more about the process for invoking binding arbitration, please visit this link.

The Federal Trade Commission has jurisdiction over SG Hosting Inc.’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

VII. Security measures

We use Secure Sockets Layer (SSL) protocol to encrypt the information you enter on our Site in order to protect its security during transmission to and from our Site. When storing information, we protect its security by encrypting critical data. Access to this information is severely restricted, logged and reviewed periodically. When we collect credit card data and payments (we do not store full credit card numbers and CVV codes), the credit card data is subject to tokenization and strong security measures applied by our payment processors in accordance with the PCI DSS requirements.

We maintain physical, logical, electronic and procedural safeguards when collecting, storing and disclosing personal data. Our security procedures require us in some cases to request proof of identity before disclosing personal data to you.

To protect against unauthorized access to your account and information, we implement session management, strong authentication requirements, login expiration mechanisms and the option of using 2-factor authentication for Client Area access. Authentication data is encrypted. As an additional safety measure, we ask you to sign out when you finish using your account and your computer. 

Although we take appropriate technical and organizational measures to maintain the safety and security of your personal data against loss, theft and unauthorized use, access or modification, please note that no transmission of information over the Internet is completely secure. Consequently, please note that we cannot fully guarantee the security of any personal data that you transfer over the Internet to us. 

VIII. Retention periods

Information collected on our Site will only be retained for as long as necessary to fulfill the purpose for which it was collected. In general, we will automatically and securely delete your Client Area account information 2 years after you no longer have any active Services with us. Since we need to comply with applicable regulations in regard to retention of personal information related to contractual agreements, provision of Services, financial, billing, invoicing operations, tax calculations etc., a versioned copy of your order, payment and billing documentation may be stored for a period of 10 years after the termination of your Customer account. Your personal data is deleted automatically by our systems in accordance with these retention periods.

 

IX. Your rights 

You are entitled to the following rights in relation to your personal data:

• Right to be informed: You have the right to be informed about the collection and use of your personal data.

• Right to access: You have the right to view and request copies of your personal data.

• Right to rectification: You have the right to request inaccurate, incomplete or outdated information be updated or corrected.

• Right to erasure (“to be forgotten”): Under certain circumstances you have the right to request your personal data be deleted.

• Right to data portability: You have the right to ask for your data to be transferred to another controller or provided to them (if technically feasible) in a machine-readable electronic format.

• Right to restrict processing: Under certain conditions you have the right to request the restriction of the processing of your personal data.

• Right to withdraw consent: You have the right to withdraw your given consent to the processing of your personal data, where we rely on your consent as a legal basis for processing;

• Right to object: Under certain conditions you have the right to object to the processing of your personal data (e.g. where we are relying on our legitimate interests as a legal basis for processing);

• Right to object to automated processing: You have the right to object to decisions being made with your data solely based on automated decision making or profiling.

• Right to opt-out from sale of personal data (for US residents only*): If you are a US resident, you have the right to opt-out from the sale of your personal data. Although we do not sell your personal data (as defined in the applicable US privacy laws), you may submit a request and/or direct a query you may have related to the sale of personal data at any time via email to privacy@siteground.com.

*If you are a California resident, you can learn more about the processing of your personal data, as well as your rights in the SiteGround California Consumer Privacy Act Addendum which is incorporated herein by reference.

You can exercise any of your rights by submitting a request to the email address specified in the “Contact information” section of this Policy. We will review and address your request(s) within one month as of the date of receipt. Please note that if your request is particularly complex or you have made a number of requests, it may take us longer than a month to respond to you. In this case, we will notify you and keep you updated. Please note that we may ask you to provide us with additional information necessary to verify your identity prior to our response. However, in certain circumstances such as to comply with the applicable legislation, we may be unable to honor your request, for which you will be duly notified.

In addition to the above rights, you can also access, correct, and delete certain personal data associated with your account through the “Owner Profile Details” Section in your Client Area.

 

X. Age Restrictions 

In accordance with SiteGround Terms of Service, our Site and Services are designated for use by individuals who are at least 18 years old. If you are under the age of 18, you must request your parent or guardian to use the Site instead. Should you have evidence that someone under the age of 18 has bought Services and provided their personal data to us, please contact us using the details set out in the “Contact information” section below. If we become aware that we process personal data of a person under the age of 18, we will delete the data and terminate the use of the Services.

 

XI. Changes to the Privacy Policy

We reserve the right to modify this Policy at any time. If we decide to change our Policy, we will post the updates in the Site and in any other place we deem appropriate, so that you are aware of what personal data we collect, how we process it, and under what circumstances, if any, we disclose it.

If we make material changes to this Policy, we will notify you here, by email, or by means of a notice via our Site, at least ten (10) calendar days before the changes take effect. 

 

XIII. Contact information 

For any data processing related questions and/or requests, please contact us at privacy@siteground.com.  

Latest revision: 24 October 2023

Previous version may be found here.

---

SiteGround California Consumer Privacy Act Addendum

This Addendum supplements the information contained in the SiteGround Privacy Policy and applies to Website visitors, Customers, Users, Registrants, End Users, Affiliates and other individuals (incl. households) who are residents of the State of California, USA (“consumer”, “you”, “your”). 

For avoidance of doubt, the term “data subject” used in the Privacy Policy shall correspond to the term “consumer” used herein and the term “personal data” in the Privacy Policy shall be equivalent to the term “personal information” used herein. All other terms which are not explicitly defined in this Addendum shall have the meaning as set forth in the Privacy Policy. 

This Addendum is drafted in compliance with the California Consumer Privacy Act , as amended by the California Privacy Rights Act of 2020 (“CPRA”), together hereinafter referred to as the “CCPA”, and other relevant California privacy laws and its purpose is to provide additional privacy disclosures and to inform you of your additional rights as a California resident.

I. Categories of personal information we collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).

Section I (“Categories of data subjects and types of personal data”) of the Privacy Policy describes in detail what categories of personal information we have collected from consumers within the last twelve (12) months.

Sensitive personal information

Some of the personal information we collect may be considered “sensitive” within the meaning of Section 1798.140 (ae) of the CCPA. We may collect the following sensitive personal information: social security, driver’s license, state identification card, or passport number; account log-in information; debit card or credit card number; contents of a consumer’s mail, email, and text messages unless we are the intended recipient of the communication.

II. Sources of personal information collection

Apart from you, being the main source of information we collect about you, we may also collect personal information from publicly accessible sources (e.g. companies trade register, WHOIS, local national list(s) of sanctioned persons) and/or third parties, such as our affiliates, trusted partners, including but not limited to marketing, advertising, security service providers, etc.

III. Purposes for collection of personal information, incl. sensitive personal information

The business and commercial purposes for which we collect, use and disclose personal information, incl. sensitive personal information about consumers are described in detail in Section III (“Purposes of and legal basis for data processing”) of the Privacy Policy.

IV. Disclosing of personal information to third parties

We may disclose personal information to the categories of third parties and for the disclosure purposes as set forth in Section V (“Sharing of personal data”) of the Privacy Policy.

V. Data retention periods

The periods for which we retain your personal information are described in Section VIII (“Retention periods”) of the Privacy Policy.

VI. Sale and share of personal information 

In the course of provision of our Services we do not sell any personal information related to consumers.

SiteGround has taken substantial steps to identify whether any of our activities as well as our data sharing arrangements would constitute a “sale” or “share” under the CCPA. Due to the complexities and ambiguities in the CCPA, we evaluate some of our third-party relationships periodically.

Under the CCPA, “sell,” “selling,” “sale,” or “sold,’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration. Therefore, it does not necessarily mean money was exchanged for the transfer of personal information, but the transfer may still be considered a “sale”. “Share” is defined as sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

VII. Consumer rights under the CCPA

The CCPA provides consumers with specific rights with respect to their personal information as follows:

1. Right to opt-out from sale or share of personal information

A consumer shall have the right, at any time, to direct SiteGround not to sell or share the consumer’s personal information (“the right to opt-out”). Such a request of the consumer shall be respected for at least twelve (12) months before requesting that the consumer authorizes again the sale or share of the consumer’s personal information. In order to process the consumer’s request, SiteGround may use any personal information collected from the consumer in connection with the submission of the consumer’s opt-out request solely for the purposes of complying with the opt-out request. 

The opt-out right may be exercised at the following link: “Do Not Sell or Share My Personal Information”.

2. Right to know request. Right to access and data portability

Pursuant to the CCPA, you have a right to request information about the collection, use, and disclosure of your personal information performed by SiteGround over the preceding twelve (12) months, as well as to ask to provide you with these specific information:

• Categories and specific pieces of personal information we have collected about you;

• Categories of sources from which we collect personal information about you;

• Purposes for collecting, using, selling or sharing personal information;

• Categories of third parties to whom we disclose personal information;

• If applicable, categories of personal information sold, shared or disclosed about you and the categories of third parties to whom the personal information was sold, shared or disclosed, by category or categories of personal information for each category of third parties to whom the personal information was sold.
  
  

3. Right to delete request 

You have a right to request that we delete a part of or all your personal information, subject to certain exceptions (i.e., when the information is necessary to: complete a transition or provide a service requested by you; debug or repair expected product functionality; detect or investigate cyber threats, etc.). Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.

4. Right to correct inaccurate personal information 

You have the right to request that we correct inaccuracies in the personal information we have collected about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.

5. Right to limit the use and disclosure of sensitive personal information. 

The CCPA grants you the right to instruct a business to limit its use or disclosure of your sensitive personal information to that use which is necessary to perform the services reasonably expected by you in your request for those services and to perform certain activities permitted by the CCPA. Please note that we do not use or disclose sensitive personal data for any purposes other than those necessary to provide you with our services or as permitted by the CCPA.

6. Right to remain non-discriminated

SiteGround shall not discriminate against a consumer because the latter exercised any of the consumer’s rights under the CCPA, including, but not limited to, by:

• Denying any services to the consumer;

• Charging different prices or rates for services, including through the use of discounts or other benefits or imposing penalties; 

• Providing a different level or quality of services to the consumer; 

• Suggesting that the consumer will receive a different price or rate for services or a different level or quality of services.

VIII. Exercising your rights

If you wish to exercise any of your rights under the CCPA, please submit your request to our email address: privacy@siteground.com or via the contact form available at our website in the “Contact us” section.

As per the CCPA SiteGround shall take into consideration the following requirements when answering a consumer’s request:

• The consumer shall place a verifiable consumer request. SiteGround is not obliged to respond to the request if it cannot verify that the consumer making the request is the consumer about whom SiteGround has collected information or is a person authorized by the consumer to act on consumer’s behalf; 

• The consumer may also designate an authorized agent to make a request on his/her behalf;

• SiteGround shall respond to the request within 45 (forty-five) days of receiving it. The time period for response may be extended once by an additional 45 (forty-five) days when reasonably necessary, and upon notification to the consumer.

With respect to your right to know and data portability - SiteGround is obliged to provide the required information no more than twice in 12 (twelve) months. The provision of information by SiteGround is generally free of charge. The disclosure shall cover the 12-month period preceding the receipt of the verifiable consumer request and shall be made in writing and delivered through the consumer’s Client Area, if the consumer maintains an account with us, or by mail or electronically at the consumer’s option if the consumer does not maintain an account with us, in a readily useable format that allows the consumer to transmit this information from one entity to another without hindrance. SiteGround may require authentication of the consumer that is reasonable in light of the nature of the personal information requested, but shall not require the consumer to create an account in order to make a verifiable consumer request. If the consumer maintains an account with SiteGround, we may require the consumer to submit the request through its Client Area.

If you have additional questions regarding your rights under the CCPA, please refer to the SiteGround Privacy Policy and contact us at privacy@siteground.com.

Latest revision of the Addendum: June 27, 2023.  Previous version of the Addendum may be found here.