GDPR / AVG
Last updated: June 2026
This GDPR statement describes how Cernet (part of Ollix.nl) processes personal data and how we comply with the General Data Protection Regulation.
1. Data location
All personal data of our customers and their visitors is processed and stored in data centres within the European Union (Netherlands and Germany). No data leaves the EU without your explicit consent.
2. Processing purposes
- Providing hosting, email, domain and related services
- Billing and payment processing
- Customer service and technical support
- Legal obligations (tax, ICANN, abuse detection)
- Improving our services via anonymised metrics
3. Sub-processors
We share data only with a limited list of trusted sub-processors:
- Stripe and Mollie — payment processing
- SIDN, Verisign, ICANN registries — domain registration (required)
- Cloudflare — DDoS protection (EU edge)
- Microsoft Ireland — for M365 customers
The full sub-processor list with locations and purpose is available on request via [email protected].
4. Data Processing Agreement (DPA)
For business customers we offer a standard DPA per Article 28 GDPR. Request it via [email protected]; signed within 2 business days.
5. Retention periods
- Active customer data: as long as the relationship lasts
- Billing data: 7 years (NL legal requirement)
- Server & access logs: 90 days
- Email backups: 30 days after deletion by customer
6. Your rights
- Access — request a copy of your data
- Rectification — correct inaccurate data
- Erasure — request deletion (within legal limits)
- Restriction — request temporary stop of processing
- Portability — receive your data in a machine-readable format
- Objection — to marketing or profiling
Requests: [email protected]. We respond within 30 days, free of charge.
7. Complaints
You have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl) or your national DPA.
8. Data Protection Officer
Our DPO is reachable at [email protected].