Privacy Policy

Effective as of 12 of june of 2023

Privacy policy

Privacy Policy

1.- Why a Privacy Policy

Your privacy is critically important to us. At WPHercules, we have a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.
  • We aim to make it as simple as possible for you to control what information on your website is shared publicly (or kept private), indexed by search engines, and permanently deleted.
  • We help protect you from overreaching government demands for your personal information.
  • We aim for full transparency on how we gather and use your personal information.

This document is WPHercules Privacy Policy, which incorporates and clarifies these principles. This Privacy Policy consists of the following documents: this Privacy Policy, Cookie Policy and Security Policy. Collectively these documents are referred to herein as the "Privacy Policy". They are referred to by their individual names if a particular paragraph applies to that document alone.

2.- Who we are and what this policy covers

WPHercules is a trading name of Ángel Fernández Plaza. This Privacy Policy applies to information that we collect about you when you:

  • Use or browse any of our websites: wpherc.com, wpherc.es, wphercules.com, wphercules.es and any subdomain.
  • Purchase any product or service from our website or directly to WPHercules (by email or in person).

Throughout this Privacy Policy we’ll refer to our website and other products and services collectively as "Services." WPHercules is a worldwide service. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information according to the European Union’s General Data Protection Regulation (GDPR). This means that you and us enter into an agreement according to the requirements set in the European Union’s General Data Protection Regulation (GDPR) Article 28(3). Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information. If you have any questions about this Privacy Policy, please contact us using the contact form on this website or at privacy @ wpherc.com

We adhere to the principles set out by the GDPR and ensure all data is:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes.
  • Adequate, relevant and limited to what is necessary.
  • Accurate and where necessary, kept up to date.
  • Stored only as long as necessary.
  • Secure.

2.1.- Controller & Data Processor

WPHercules is the controller and data processor and we are responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy notice).

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

3.- Information we collect

WPHercules only collect information about you if we have a reason to do so–for example, to provide our Services, to communicate with you, or to make our Services better. We collect information in some different ways: if and when you provide information directly to us, automatically through operating our services and from outside sources.

3.1.- Information you provide to us

It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:

  • Basic Account Information: We collect personal information you provide us when you sign up for our Services, submit forms on our websites, and send us support or sales inquiry emails. That process provides us with your email and name and other contact information.
  • Transaction and Billing Information: If you buy something from us you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name, company business id, credit card information, and contact information. We do not store the card information on our servers but we use a third-party payment processor such as Stripe.
  • Content Information: Depending on the Services you use, you may also provide us with information about you in the draft and published content for your website. For example, if you write a blog post to your site that includes biographic information about you, we will have that information, and so will anyone with access to the Internet, if you choose to publish the post publicly. This might be obvious to you
    but it’s not to everyone!
  • Credentials: Depending on the Services you use, you may provide us with credentials for your other services outside WPHercules (like SSH username and password), to, for example, transfer your website, or to allow us to troubleshoot problems on a site outside WPHercules services.
  • Communications with Us: You may also provide us information when you respond to surveys, communicate with our support about a support question. If you contact us for technical or account support, we keep a record of the correspondence between us so that that we can refer to it in the future and provide better support to you.

3.2.- Information we collect automatically

We also collect some information automatically:

  • Data logs: We collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, language preference, referring site, the date and time of access. We collect this information when you use our Services. As an essential service for troubleshooting we also collect that same information from visitors that use websites that you have created and are hosted by our service. The primary purpose of logs with IP addresses is for security.
  • Login Information: For security, we record the IP address of any computer used to log in to your User Area in WPHercules. We only use this to verify that there has been no unauthorised access since your last login.
  • Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and users perform on any site that we host–in other words, who did what, when and to what thing on a site (e.g., [WordPress plugin] [installed/activated] at [time/date] by [IP]/[User]). We collect this information for security and to provide Services to you. We do not use this information for marketing purposes.
  • Website Analytics tools: We may use analytics services by third parties to collect information about the use of our websites, such as number of visits, pages visited, popularity of certain content. Analytics tools use tracking technologies (like cookies) to recognize your device and compile information about you. They collect information such as what pages you visit and how much time you spend on these pages, the IP address assigned to you, what operating system and web browser you use, and what site you visited prior to visiting our website. We only have our own Analytics on our websites.
  • Email tags: We also monitor with a pixel tag some of the emails we sent to you. Pixel tags (also called web beacons) are small blocks of code placed on websites and e-mails. We only use those to know if an email is opened or not. We do not use any other pixel tracking system on the websites.
  • Cookies & Other Technologies: A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies and other technologies to help us identify and track visitors for the Affiliate program. You can read more about the cookies we use on this document: Cookie Policy.

4.- How we use the information

We use information about you as mentioned above and as follows:

  • To provide our Services–for example, to set up and maintain your account, host your website, backup and restore your website, or charge you for any of our paid Services.
  • To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of WPHercules and others;
  • To communicate with you about updates and security of your websites, your account or any issues we may find.
  • We also may use your email to write to you to solicit your feedback or keep you up to date on WPHercules and our products and Services.
  • Also, we need your payment and billing information together with your contact details, to open a Client or Partner account for you, to process your orders and renewals, to enter into a contractual agreement for any Services, to invoice you and to fulfill our legal obligations for tax calculations.

5.- How do we share the information

We will not sell, rent, share or otherwise disclose personally identifiable information for commercial purposes in any way that is contrary to the commitments made in this Privacy Policy. We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:

  • Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Policy for personal information that we share with them.
  • Service Providers: We work with other companies who help us run our business ("Service Providers"). These companies provide services to help us deliver customer support, process credit card payments, provide marketing support, and otherwise operate and improve our Services. You can find a list of our sub-processors at https://wpherc.com/terms/privacy-policy/third-party-subprocessors/
  • WPHercules Affiliates: We may also share with our affiliates your website address and Services information, but only with the one that recommend you to us.
  • As Required by Law: We may disclose information about you in response to a subpoena, court order, or other valid governmental request.
  • To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of WPHercules, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that WPHercules goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, we will contact you to ask for permission and we won´t share your information unless we have written confirmation that you agree to that transfer of information.
  • With Your Consent: For any other purposes we may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as when you want a third party WordPress plugin developer to troubleshoot your site.

6.- Information shared publicly

We do not share any information publicly. As we are hosting your website, any information that you choose to make public in your websites is–you guessed it–disclosed publicly. That means, of course, that information like your posts, files, other content that you make public on your website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

7.- Your rights and choices

You have several choices available when it comes to information about you:

  • Limit the information that you provide: If you have an account with us, you can choose not to provide the optional account information and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services–for example, Maintenance plans–may not be accessible.
  • See the information that we have: If you have an account with us, you can request to see the information that we have on you. We will provide this information in a reasonable time.
  • Request data removal: At any time you may request us to remove all the personal data we have on you. If at the time of the request you have paid or unpaid WPHercules Services in use, those Services will be also terminated unless your transfer those Services to another person. Note that we are separately required to keep financial records for up to 6 years so any invoices on your account will be retained even after your information has been erased.
  • Opt-out of electronic communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account or legal notices.
  • Set your browser to reject cookies: You can choose to set your browser to remove or reject browser cookies before using WPHercules’ websites or Services. We want to make WPHercules fully available without cookies. If you find that something is not working properly without cookies, please let us know.

We will consider all those requests. However, certain personal information may be exempt from those requests in certain circumstances, which include a need to keep processing information for our legitimate interests or to comply with a legal obligation. If such an exception applies, we will notify you when responding to your request. Please note that we may ask you to provide us with information necessary to confirm your identity before responding.

8.- Age restrictions

In accordance with WPHercules Terms of Service, we do not sell products, provide services or collect information from any individual under the age of 18. If you are under the age of 18, you are not allowed to use our website and you must request your parent or guardian to use our Website instead. Should you have an evidence that someone under the age of 18 has bought services and provided their personal information to us, please contact us.

9.- Data security, data integrity and access

We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place appropriate technical and administrative measures to safeguard and secure your information, and we make use of technologies such as encryption to increase privacy and security. If you want to read information about the security measures that WPHercules takes you can review our Security Policy.

9.1.- Data retention

Information collected on our website will only be retained for as long as necessary to fulfill the purpose for which it was collected.

  • You website data: We will remove permanently your website data, including the database and the files, 7 days after you finish your contract with us. This includes any staging or development copy we may have created.
  • Backups: We keep a minimum of 7 days of backups of your websites, which could be more depending of the services you have selected. We will remove all backups 7 days after you finish your contract with us. Backups are encrypted and secured on a third party provider.
  • Server Logs: We keep 7 days of access and error logs for all websites we host.
  • Information logs: We keep login information and other information about what happen on your website for 30 days.
  • Communications: We will keep the support and email communications for 2 years.
  • Login account on our website: We will keep your account/client information on our websites as client for two years.
  • We are required to keep financial records and basic information about our customers (including Contact, Identity, Financial and Transaction Data) for up to 6 years so any invoices on your account will be retained even after your information has been erased.

10.- International transfers

We share your data within our services including any of our subsidiary companies and on occasion with third party suppliers where required and listed specifically within our third party document. This might involve transferring your data outside the United Kingdom (UK) / European Economic Area (EEA).

Some of our external third parties are based outside the UK and/or European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the UK / EEA. Whenever we transfer your personal data out of the UK / EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

We ensure your personal data is protected by requiring all our third parties to follow the same rules when processing your personal data.

We host, store or otherwise handle your personal information within the borders of European Economic Area (EEA). During the order process, the Customer has the option to choose the desired location for their web service and the data it contains from a provided list of locations available. Some of these locations are outside of the European Economic Area (EEA).

Please refer to the Third-Party sub-processors document https://wpherc.com/terms/privacy-policy/third-party-subprocessors/ for more information about their Privacy Policies. In any event, your information will be processed in accordance with this Privacy Policy.

If you would like further information about the global handling of your personal information, please contact us.

10.1.- Transfer as Data Processor

If, in the course of providing the Services, you are a Controller and we are your Processor in respect of any Personal Data, and the United Kingdom is or becomes a "third country" for the purpose of Chapter V of Regulation 2016/679, unless and until such time as the European Commission has decided that the United Kingdom ensures an adequate level of protection for the purposes of Chapter V of Regulation 2016/679, we and you shall, in respect of any transfer of Personal Data subject to Chapter V of Regulation 2016/679 which is neither on the basis of an adequacy decision nor subject to any of the permitted derogations set out in that Chapter V, enter automatically into the Standard Contractual Clauses for the transfer of personal data to processors established in third countries (controller to processor transfers) approved by the European Commission by Commission Decision 2010/87/EU, currently available athttps://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087

For the purposes of any Standard Contractual Clauses which we enter into with you by virtue of this clause, we are the "data importer" and you are the "data exporter". We will Process the Personal Data only for the purpose of providing the Services. The Data Subjects are anyone whose Personal Data you include in the data you upload to the Services, most probably your staff or your users, or people linked with your users. The Personal Data transferred, including any special categories of data, are decided solely by you. You confirm that you will inform us prior to any data transfer if you feel that the jurisdiction the data is being transferred to is a jurisdiction where the data subjects’ rights are not enforceable (where rights such as access, rectification and deletion are undermined) and effective legal remedies (particularly in case of access to data by public authorities in the recipient country) are not essentially equivalent. We will also keep this situation under regular review in order to ensure we only transfer data to countries where their laws that impose requirements to disclose personal data to public authorities are limited to what is necessary and proportionate in a democratic society.

10.2.- Transfer as Data Controller

If, in the course of providing the Services, you are a Controller and you transfer Personal Data to us as a Controller, and the United Kingdom is or becomes a "third country" for the purpose of Chapter V of Regulation 2016/679, unless and until such time as the European Commission has decided that the United Kingdom ensures an adequate level of protection for the purposes of Chapter V of Regulation 2016/679, we and you shall, in respect of any transfer of Personal Data subject to Chapter V of Regulation 2016/679 which is neither on the basis of an adequacy decision nor subject to any of the permitted derogations set out in that Chapter V, enter automatically into the Standard Contractual Clauses for the transfer of personal data from the Community to third countries (controller to controller transfers) annexed to the European Commission Decision 2004/915/EC (Set II), currently available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915

For the purposes of any Standard Contractual Clauses which we enter into with you by virtuu of this clause, we are the "data importer" and you are the "data exporter", and we both elect option (iii) (the data processing principles set forth in Annex A) for the purpose of clause II(h). We will Process the Personal Data only for the purposes set out in this Privacy Policy. The Data Subjects are anyone whose Personal Data is provided to us during account registration, most probably your staff. The Personal Data transferred concerns basic personal details, contact information, data related to your staff’s internet connectivity (in the form of IP addresses) and, if you contract with us as an individual, your payment information. We do not collect any sensitive data. You confirm that you will inform us prior to any data transfer if you feel that the jurisdiction the data is being transferred to is a jurisdiction where the data subjects’ rights are not enforceable (where rights such as access, rectification and deletion are undermined) and effective legal remedies (particularly in case of access to data by public authorities in the recipient country) are not essentially equivalent. We will also keep this situation under regular review in order to ensure we only transfer data to countries where their laws that impose requirements to disclose personal data to public authorities are limited to what is necessary and proportionate in a democratic society.

11.- Our customers’ websites

If you are a visitor to one of our Customers’ websites please note that this privacy policy doesn’t apply to you in regard to that specific site. We process information that visitors provide to our users’ websites on behalf of our users and in accordance with our user agreements. We encourage our users to post a privacy policy that accurately describes their practices on data collection, use, and sharing of personal information.

12.- About WPHercules and your responsibilities as Customer

12.1.- Every website owner is a data controller

From the perspective of the Data Protection Regulation WPHercules act as the data processor and each of the WPHercules hosting service site owner is the data controller. Each WPHercules Maintenance and Hosting Customer is responsible for themselves about what is been done with data that their site collects, as well as how to ensure the realization of the rights. We do not monitor the data stored by you, but the information security practices are designed in a manner that you can store personal data in your web service.

12.2.- Your responsibilities

If you handle personal data with your web service, you will act as the data controller and we as the data processor. You are responsible for determining what sort of data is recorded, how the data is handled (including possible pseudonymization) and how the data is shared. You are responsible for ensuring the correct design and development of your web service, either by a third-party developer or subcontractor or by yourselves. If the website is a part of a larger information system, especially one that handles sensitive information (such as medical records), you are responsible for the proper separation of the individual systems in order to prevent a major leak in case of a security breach on the website.

12.3.- The rights of the data subjects on your websites

We do not handle any third-party GDPR or data protection related requests on behalf of you from your visitors or users. The requests are forwarded to you as is, who must then verify the authenticity and take responsibility for the requests as the data controller.

12.4.- Third party software or plugins in your website

As a site owner or developer you should be mindful what plugins or themes you install and what they do with your site data. If you’d like to use third party software like plugins with our Services, please keep in mind that when you interact with them you may provide information about yourself to those third parties. We don’t own or control these third parties and they have their own rules about collection, use and sharing of information. You should review their rules and policies when installing and using third party software.

12.5.- What information does WPHercules store about my site’s visitors?

We collect the IP address of anyone visiting your website and store it in your site’s access logs. We also keep logs of errors of your site. We keep those information logs for 7 days. We also keep login information and other information about what happen on your website for 40 days. We use this information to track attacks on websites we host and allow us take steps to prevent those attacks. We also use this information to find out about issues with your installation so we can help you to solve any problems with updates and compatibilities. What other information you collect from your site’s visitors is up to you, and if you store it in a database or file on your account, we will be holding onto that data for you.

12.6.- Data Processing Agreement

One way we are fulfilling our commitment is by providing a Data Processing Agreement, which is a contract that documents WPHercules compliance with the GDPR requirements that apply to us as a data processor for your site. The Agreement also satisfies the requirement for standard model clauses that govern the transfer of your data to WPHercules and its subsidiaries.

The Data Processing Agreement is an amendment to our Terms of Service and is available to all WPHercules clients.

Having a DPA does not change any of our privacy and security practices for site visitors. Everyone using our service gets the same high standards of privacy and security.

These terms set out the additional terms requirements and conditions on which we will process personal data when providing services to you. This Agreement contains the mandatory clauses required by article 28(3) of the General Data Protection Regulation ((EU) 2016/679) for Agreements between data controllers.

By purchasing our services you confirm that you accept these terms of data processing and you agree to comply with them. If you do not agree with these terms, you must not purchase services from us.

We recommend that you print a copy of these terms for your future reference. If you require a signed copy from us, please request it and we will send one to you.

The full Data Processing Agreement can be found on this link, so it is easier to print and copy.

Data Processing Agreement

13.- Privacy Policy Changes

Although most changes are likely to be minor, WPHercules may change its Privacy Policy from time to time. WPHercules encourages visitors to frequently check this page for any changes to its Privacy Policy. If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will notify you through our Services, by email, or using other communication. The previous version of this Policy can be viewed here.

14.- Contact Information

If you have any questions about this Privacy Policy, you can contact us using the contact form on this website or at support @ wpherc.com

One More Thing: This Policy Is Available Under a Creative Commons Sharealike License

This policy is modified and adapted version of original Pilvia.com policy which is also from wordpress.com. This is available under a Creative Commons Sharealike license. You can copy it, adapt it, and repurpose it for your own use. Just make sure to revise the language and content so that your policy reflects your actual practices.