May 25th, 2018.
DreamHost's Vision Statement: People have the freedom to choose how their digital content is shared.
If you have questions about our practices or any of your rights described below, you may contact us at email@example.com. This inbox is actively monitored and managed so that we can deliver an experience you can trust.
1.1 DreamHost offers a variety of services to customers ("you") which range from hosting and website services (including shared, VPS, and dedicated hosting, WordPress hosting, Remixer, email hosting (the "Hosting Services")), cloud services (DreamObjects and DreamCompute) (the "Cloud Services") and domain registration services (the "Domain Registration Services") among others.
1.2 The services offered by DreamHost are collectively referred to as the Services in this Notice.
1.3 We also have a website (the "Website") where website visitors, prospective customers and potential job applicants can find out more about us and our Services.
This section explains our privacy practices in relation to the data we collect when we provide Hosting and Cloud Services to you.
In this section, "client" refers to businesses to which we provide the Hosting and Cloud Services.
2.1.1 When clients use our Hosting and Cloud Services, they provide us with third party data. We only collect this data in accordance with our client's instructions. This means that our clients are in control of the data they upload to our platforms.
2.1.2 We enter into agreements with our clients that set out our legal obligations in relation to that data, and explain that we may only use such data to provide the Services to our client (i.e. to provide Hosting Services, Cloud Services or the Domain Registration Services). In many legal jurisdictions, particularly those within the European Economic Area ("EEA"), DreamHost is considered to be a "data processor" in relation to such client data. Each of our clients would be considered to be a "data controller". As a controller, each DreamHost client is responsible for complying with the requirements for controllers under the General Data Protection Regulation ("GDPR") which requires notice, disclosure and specific legal bases for transferring data to DreamHost and using the Hosting and Cloud Services. As a processor, DreamHost has some - but not all - of those responsibilities.
2.1.3 If you would like more information about the data collected by a particular DreamHost client and, in turn, transferred to DreamHost, please refer to that client's privacy notice which would typically be located on their website.
2.2 Information that you provide
2.2.1 The personal information we collect from you when we provide you with Services will depend on the type of service or support you require.
2.2.2 Some personal information is collected directly from you when you:
2.2.3 We will also collect and process other data that might be less obvious to you. For example, account-related information is collected in association with your use of the Services (like the types of services you have used, your payment history, the amount of your payments, your domain name, information about when products renew or expire, customer service requests, information requests, etc.).
2.2.4 Some of this data may be personal data. We may use this information to contact you from time to time about our products, promotions and other services that relate to your account. You can manage and choose the information you want to receive. Please see Section 11 for more information.
2.2.5 Most of the personal information that we collect is necessary to keep all of our Services functional and accessible by you. If we’re asking for personal information beyond this scope, we’ll make sure to clearly let you know why we need it (and what the effects of not providing it may be).
2.3 Information we collect automatically
2.3.1 When you use our Hosting Services, we may collect certain information automatically from your device. This may include information like your IP address, your device type, any unique device identification numbers, browser types, information about your broad geographic location (for example, country or city level location) and other technical information that may identify you.
2.3.2 By way of example, data about usage of services is automatically collected when you use and interact with our Services, including metadata, log files and cookie/device IDs. This information includes specific data about your interactions with the features, content and links (including those of third parties, such as social media plugins) contained within the Services as well as the information listed in the previous paragraph.
2.4 Information we collect from third party sources
2.4.1 In our capacity as a data controller, we may collect information from third parties. This may include information from partners in order to maintain functionality of your Services (such as domain name registrations and third-party email suites). We may combine this data with information we already have so that we can properly update, analyze, and expand our Services. This information will only be used for the specific reason for which it was provided to us.
3.1.1 Information you provide
DreamHost receives and stores information you provide to us though your use of the Website.
Additionally, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring / exit pages, operating system, date / time stamp and / or clickstream data.
We may combine this automatically-collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics or site functionality.
Our Website contains social media features such as the Facebook button and other widgets that operate on our Website. These features may collect information such as your IP address and the pages you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website. Your interactions with these features are governed by the privacy statement of the company providing the applicable feature.
[Targeted advertisements or interest based offers may be presented to you based on your activities on our webpages, other websites and based on products you currently own. These offers will display as varying product banners presented to you while browsing. We also partner with third parties to manage our advertising on our webpages and other websites. Our third party partners may use features like cookies to gather information about such activities in order to provide you with advertising based upon your browsing activities and interests and to measure advertising effectiveness. If you wish to opt out of interest-based advertising click here.
We use the following types of cookies:
4.1 We will share your information (such as WHOIS info) to the extent necessary to comply with ICANN or any other regulations and policies when you register a domain name with us.
General Data Processing Information in Connection with our Services and the Website
5.1 To the extent that we are a data controller, we use the information collected through your use of our Services for the following purposes:
5.2 Often, much of the data is aggregated or statistical data about how people use our Services or Website and is not linked to any personal data. To the extent that this data is itself personal data, or is linked to personal data, we treat it accordingly.
6.1 Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
6.2 If we ask you to provide personal information to comply with a legal requirement or to perform our contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information while relying on our legitimate interests (or those of a third party), we will make clear to you at the relevant time what those legitimate interests are.
7.1 With the exception of trusted business affiliates and/or associates who work on behalf of or in connection with us, we will not provide to or sell to any third party your personal information and will keep all such data confidential. For example, we share information with third parties where the functionality and maintenance of our Services depends on it (such as sharing data with domain registries in order to maintain your Services or domain registrations).
Third parties and trusted affiliates or associates
7.2 We may contract with third parties to assist us in optimizing our Services, including assistance related to the authorization and processing of payments, fulfilment of service requests, and requests for assistance.
7.3 We may utilize third-party platforms to provide web-based and email-based advertisements for our Services after you have visited and left our Website.
7.4 We also use web analytics services to improve the usability of our customer experience. These services may record anonymous data such as mouse clicks, movement, and scrolling activity, but we'll never use them to collect personal data from you. We only use this data internally to help us understand and enhance your DreamHost experience.
7.5 DreamHost's primary business operations are located in California in the United States and we are subject to the laws and regulations in that jurisdiction. We may be called upon by various law enforcement agencies to comply with ongoing investigations. Compliance may include the secure handover of client data to a legally-authorized government agency.
7.6 Outside the United States, DreamHost may also be required to disclose personal information to other law enforcement bodies, regulatory, government agency, court or other third party in compliance with applicable laws or regulation to which DreamHost may be subject.
7.7 We will only disclose this information where we believe disclosure is necessary (i) as a matter if applicable law or regulation (ii) to exercise or defend our legal rights or (iii) to protect your vital interests or those of any other person.
8.1 If you are a resident of the EEA you have the following data protection rights:
9.1 Contact information: DreamHost customers with established accounts may review and alter the contact information associated with their DreamHost account(s) in the DreamHost Panel.
9.2 Web-based advertisements: DreamHost and its advertising partners comply with “opt out” signals provided either by a user's web browser automatically, by a user manually opting-out of web-based advertisements at http://www.networkadvertising.org/choices/.
9.3 Email marketing: To unsubscribe from promotional marketing emails you can click the unsubscribe link in a promotional email or modify your preferences on the Privacy page of the DreamHost Panel.
9.4 Cookies and other tracking technologies:
For information on how to manage cookie settings click on the links below:
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include reducing log retention where possible to the minimum level required to enable our systems administration and security staff to ensure services are running smoothly.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible.
707 Wilshire Blvd Suite 5050
Los Angeles, CA 90017