Legal

Privacy Policy

Last updated: 30 March 2026

1. Who We Are

This Privacy Policy applies to Server Heron V.O.F., a company registered in the Netherlands with Chamber of Commerce (KVK) number 97570788 (hereinafter "Server Heron", "we", "us", or "our").

We operate the game server hosting platform available at serverheron.com. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and applicable Dutch privacy legislation.

For privacy-related questions, contact us at: [email protected]

2. What Personal Data We Collect

We collect the following categories of personal data:

Account data

  • Username and display name
  • Email address
  • Hashed password (we never store plain-text passwords)
  • Account creation date and last login date
  • IP address at login (used for security)
  • Optional profile avatar (uploaded by you)

Billing data

  • Payment method details (processed and stored by our payment provider — we do not store full card numbers)
  • Billing address
  • Invoice and transaction history

Service usage data

  • Server configurations and settings
  • Technical logs necessary for service operation and security

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — to create and manage your account, provision your game servers, and process payments.
  • Compliance with a legal obligation (Art. 6(1)(c)) — to fulfil tax, accounting, and regulatory requirements applicable in the Netherlands.
  • Legitimate interests (Art. 6(1)(f)) — to detect and prevent fraud, abuse, and security threats; to maintain and improve our platform.
  • Consent (Art. 6(1)(a)) — where you have explicitly provided consent, for example for optional marketing communications.

4. How We Use Your Data

  • To create, maintain, and secure your account
  • To provision and manage your game servers
  • To process payments and issue invoices compliant with Dutch VAT law
  • To provide customer support via our ticketing system
  • To send service-related transactional emails (e.g. password reset, two-factor authentication codes, maintenance notifications)
  • To detect and prevent fraud, abuse, and unauthorised access
  • To comply with our legal obligations as a Dutch company

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Processors and Third Parties

We share your data with the following categories of trusted third parties who act as data processors on our behalf, bound by data processing agreements:

  • Payment processing — your payment details are handled by Stripe, a PCI-DSS-certified payment provider. We do not have access to your full card number.
  • Cloud infrastructure — our platform runs on Hetzner, EU-based, GDPR-compliant cloud infrastructure located within the European Union. All data remains within the EU/EEA.
  • Email delivery — transactional system emails are delivered via Zoho Mail (EU data center).

We do not transfer your personal data outside the European Economic Area (EEA). All our service providers process EU customer data within EU-based data centers.

6. Data Retention

  • Active accounts — we retain your data for as long as your account is active.
  • After account deletion — personal data is deleted or anonymised within 30 days of account closure, unless we are required to retain it for longer by law.
  • Financial records — invoices and payment records are retained for 7 years in accordance with Dutch accounting law (Burgerlijk Wetboek, Boek 2).
  • Security logs — login and IP logs are retained for a maximum of 90 days for fraud prevention.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15) — request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restriction of processing (Art. 18) — request that we limit how we process your data in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Minimum Age

Our services are intended for users aged 16 and older. By creating an account, you confirm that you are at least 16 years of age.

9. Cookies and Tracking

We use strictly necessary cookies to manage your session, authenticate your account, and protect against cross-site request forgery. We do not use advertising cookies, cross-site tracking cookies, or share cookie data with third-party advertisers.

For a detailed overview of the cookies we set, please visit our Cookie Policy.

10. Security

We implement industry-standard technical and organisational security measures to protect your personal data, including:

  • TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Two-factor authentication (2FA) available for all accounts
  • Restricted access controls — staff only access data necessary for their role
  • Regular security reviews of our platform and infrastructure

In the event of a personal data breach that poses a risk to your rights, we will notify the Autoriteit Persoonsgegevens within 72 hours and affected users without undue delay, as required by GDPR Article 33–34.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify you by email or via a notice on our platform.

Continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact

For any privacy-related questions, requests, or complaints:

  • Email: [email protected]
  • Company: Server Heron V.O.F.
  • KVK: 97570788
  • Country: The Netherlands