Skip to main content
Alplink

Privacy Policy

Last updated: March 2026

1. Data Controller

The controller responsible for processing your personal data is:

Alplink OÜ

Registry code: [REGISTRY_CODE]

Harju maakond, Tallinn, Estonia

Email: privacy@alplink.eu

Website: alplink.eu

2. Personal Data We Collect

We collect only the data necessary to provide our managed cloud hosting services (Odoo, WordPress, Nextcloud, Matomo) and to operate this website.

a) Contact form & enquiries

Name, email address, and message content. Stored in our self-hosted Listmonk instance on Hetzner infrastructure in Germany.

b) Newsletter

Email address only. Managed via Listmonk (self-hosted). You can unsubscribe at any time using the link in every email.

c) Customer accounts

When you create an account on dash.alplink.eu, we collect your name, email address, and payment information (processed by Stripe).

d) Service data

Data you store within your managed instances (Odoo, WordPress, Nextcloud, Matomo). This data belongs to you; we process it only to provide the service.

e) Appointment booking

Name, email, and selected time slot when you book a demo or consultation via Cal.com.

f) Technical logs

IP address, browser user agent, timestamps, and request data. Collected automatically for security, abuse prevention, and debugging purposes.

3. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Contract performance (Art. 6(1)(b)) — to create and manage your account, provide hosting services, and process payments.
  • Legitimate interest (Art. 6(1)(f)) — to maintain security, prevent abuse, improve our services, and respond to enquiries.
  • Consent (Art. 6(1)(a)) — for newsletter subscriptions. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to meet tax, accounting, and regulatory requirements.

4. Where Your Data Is Stored

All primary data — customer instances, databases, backups, emails, and logs — is stored exclusively on servers located in the European Union (Germany and Finland), operated by Hetzner Online GmbH.

Some data may be processed outside the EU by the sub-processors listed in Section 5 (Cloudflare, Stripe, Cal.com). In each case, appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs).

5. Sub-processors

We use the following third-party services to deliver our platform:

Provider Purpose Location / Safeguards
Hetzner Online GmbH Server infrastructure, object storage, backups Germany & Finland (EU)
Cloudflare Inc. CDN, DNS, DDoS protection USA — EU SCCs in place
Stripe Inc. Payment processing USA — EU SCCs in place
Cal.com Inc. Appointment booking USA — EU SCCs in place
Listmonk (self-hosted) Email & newsletter management Germany (EU) — Hetzner

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. Data Retention

  • Account data — retained while your account is active, plus 5 years after closure for tax and legal compliance.
  • Service data — retained while your subscription is active. Deleted within 30 days of account termination unless legally required otherwise.
  • Technical logs — retained for 90 days, then automatically purged.
  • Newsletter subscriptions — retained until you unsubscribe.
  • Contact form messages — retained for up to 12 months after the enquiry is resolved.

7. Cookies

Our website uses only essential cookies required for the site to function (e.g., language preference). We do not use advertising or tracking cookies. For full details, see our Cookie Policy.

8. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — ask us to restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@alplink.eu. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (TLS) and at rest for all customer data.
  • Regular automated backups with encrypted off-site storage.
  • Access controls and audit logging on all infrastructure.
  • DDoS protection and web application firewall via Cloudflare.

10. Data Processing Agreement

If you are a customer using Alplink services to process personal data of your own users or clients, we can provide a Data Processing Agreement (DPA) on request. Contact privacy@alplink.eu.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Andmekaitse Inspektsioon

(Estonian Data Protection Inspectorate)

Tatari 39, 10134 Tallinn, Estonia

Website: aki.ee

You may also contact your local EU data protection authority.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to active account holders or via a notice on our website. The "last updated" date at the top reflects the most recent revision.

13. Contact

For any questions about this privacy policy or how we handle your data:

Alplink OÜ

Email: privacy@alplink.eu

Website: alplink.eu