Privacy Policy
Last updated: 25 May 2025
This Privacy Policy explains how seventy7 ("we", "us", "our") collects, uses, and protects personal data in connection with the websites we host and maintain for our clients, as well as our own website at seventy7.dev.
1. Data Controller
The data controller for personal data processed through the seventy7 infrastructure is:
seventy7 Poland Contact: [email protected]
The controller for a specific hosted website is the respective website owner (our client). Their contact details are provided on that website.
2. What Data We Collect
We collect only the minimum data necessary for the operation, security, and improvement of hosted services.
2.1 Technical Logs
When you visit a website hosted by seventy7, our infrastructure automatically records:
- IP address
- HTTP request method, URL, and response code
- Browser user-agent string
- Referring URL
- Timestamp of the request
These logs are used exclusively for security monitoring, abuse prevention, and diagnosing technical issues.
2.2 Analytics
We may use privacy-respecting, cookieless analytics (aggregated page-view statistics). No personally identifiable information is collected at the analytics layer. No individual user profiles are created.
2.3 Contact & Inquiry Forms
If a website we host includes a contact or inquiry form, data submitted through that form (such as name and e-mail address) is processed by the website owner (our client). We process it on their behalf solely to deliver the service.
2.4 Cloudflare
Traffic passes through Cloudflare's network for DDoS protection, caching, and performance. Cloudflare may process your IP address and request data according to Cloudflare's Privacy Policy. Cloudflare acts as a data processor on our behalf under a Data Processing Agreement.
3. Third-Party Services on Hosted Websites
Individual websites we host may embed third-party services such as Google Maps or YouTube. These services are operated by their respective providers and may set their own cookies or collect data independently. Their privacy practices are governed by their own privacy policies:
We have no control over, and take no responsibility for, data collected by third-party services embedded by website owners.
4. How We Use Data
| Purpose | Lawful Basis |
|---|---|
| Server security, abuse prevention, and incident response | Legitimate interest (Art. 6(1)(f) GDPR) |
| Website functionality and availability | Legitimate interest / Performance of a contract |
| Aggregate analytics | Legitimate interest |
| Responding to contact form submissions | Legitimate interest / Contract performance |
We do not sell, rent, or share personal data with third parties for marketing purposes. We do not use data for automated decision-making or profiling.
5. Data Storage & Transfers
All data is stored within the European Union:
| System | Provider | Location |
|---|---|---|
| Primary web infrastructure | OVH Dedicated Server | Gravelines, France |
| CDN & DDoS protection | Cloudflare | Edge nodes, EU |
| Backups | AWS S3 | Frankfurt, Germany |
| Backups | OVH S3 | Strasbourg, France |
No personal data is transferred outside the EEA.
6. Data Retention
- Server access logs: retained for up to 30 days, then deleted automatically.
- Backup data: retained for the duration of the hosting agreement plus 30 days.
- Contact form data: retained until the inquiry is resolved or as required by the website owner's retention policy.
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR) you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data ("right to be forgotten") where there is no overriding legal basis for continued processing
- Restrict processing in certain circumstances
- Port your data to another controller
- Object to processing based on legitimate interests
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Polish Data Protection Authority (UODO) at uodo.gov.pl.
8. Security
We implement technical and organisational measures to protect personal data, including:
- Encrypted connections (TLS/HTTPS) for all hosted websites
- Firewall and DDoS mitigation via Cloudflare
- Restricted access to server infrastructure
- Regular automated backups stored in geographically separate, EU-based locations
9. Cookies
The seventy7 infrastructure itself does not set tracking cookies. Individual websites may use cookies as disclosed in their own cookie notices.
Third-party embeds (Google Maps, YouTube, etc.) may set cookies according to their own policies, typically triggered only when you interact with the embedded content.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
Questions about this Privacy Policy or data processing practices:
seventy7 [email protected] seventy7.dev