Privacy Policy
Last updated: 16 July 2026
This policy explains how Solaskinner (solaskinner.com) processes personal data when you visit the site, register, use the client panel or contact support. We comply with the EU GDPR, the Norwegian Personal Data Act (Personopplysningsloven), the Electronic Communications Act (Ekomloven) for cookies, accounting rules, and guidance from Datatilsynet. See also the Cookie Policy and Terms.
1. Data controller
Ruslan Bilohash
Drammen, Norway
Email: support@solaskinner.com
Phone: +47 462 55 885
We have not appointed a DPO under GDPR Art. 37 (not mandatory for our size/nature). Privacy requests go to the address above. Response: normally within 30 days (Art. 12).
2. Controller vs processor roles
- Controller: your account, billing, support, visits to our website, security logs, marketing consent.
- Processor: personal data you store on hosting about your own visitors/users. You remain controller for that data and need your own legal basis and privacy notice. We process it only to provide hosting under your instructions (Art. 28).
3. Who this covers
Site visitors, registered customers, business contacts, panel users and anyone who contacts us. Primarily Norway and the EU/EEA, also international use.
4. Categories of data
Identity/contact: name, email, phone, address, country, language.
Account: username, password hash, plan, status, consent timestamps.
Billing: invoices, payment status, org/VAT numbers where provided, transaction references (card numbers are not stored by us when using a PCI payment provider).
Service data: domains, DNS, installed apps, support messages.
Technical: IP, browser/OS, timestamps, server and security logs.
Cookies: see Cookie Policy.
We do not request special-category data for the account. Avoid sending health/religion/biometric data in support unless strictly necessary.
5. Purposes and legal bases (GDPR Art. 6)
- Deliver hosting, panel, domains, email, support — contract Art. 6(1)(b)
- Invoicing, accounting, tax — legal obligation Art. 6(1)(c)
- Security, abuse prevention — legitimate interests Art. 6(1)(f)
- Essential cookies/session/CSRF — necessary for the service / legitimate interests
- Optional functional cookies — consent Art. 6(1)(a)
- Marketing email — consent Art. 6(1)(a) + Norwegian Marketing Control Act § 15
You may withdraw consent at any time. You may object to processing based on legitimate interests (Art. 21).
6. Sources
From you (registration, panel, support), automatically from your device (logs, cookies), and from payment/registrar partners when you use their services through us.
7. Recipients and processors
We do not sell personal data. Recipients may include infrastructure/registrar providers (e.g. Namecheap/Newfold), payment providers (e.g. Stripe), email/DNS providers as needed, CDNs (Google Fonts, cdnjs, jsDelivr — may receive IP), and authorities when required by law. Processors are bound by Art. 28 agreements where required.
8. Transfers outside the EEA
Some providers may process data in the US or other third countries. Transfers rely on GDPR Chapter V mechanisms, typically EU Standard Contractual Clauses (SCCs) and related safeguards. Contact us for more detail on current transfers.
9. Retention
- Account/service data: during subscription, then deletion/anonymisation within ~30 days after termination (unless law requires longer)
- Accounting/invoices: up to 5 years (Norwegian Bookkeeping Act)
- Support: up to 3 years
- Server/security logs: typically 30–90 days
- Cookie consent: up to 12 months
10. Your rights (GDPR Chapter III)
Access, rectification, erasure, restriction, portability, objection, withdraw consent. Email support@solaskinner.com. We may verify identity. Complaints: Datatilsynet (Norway) or your EU/EEA supervisory authority (EDPB list).
11. Security (Art. 32)
HTTPS/TLS, password hashing, CSRF protection, access control, isolated customer folders, security updates. Breach notification to Datatilsynet within 72 hours when required, and to individuals when risk is high (Art. 33–34).
12. Automated decisions
We do not make solely automated decisions with legal effects under Art. 22, beyond technical security filters (rate limits, abuse blocks).
13. Children
Not directed at children under 16 without parental consent. Accounts clearly created in breach will be deleted when we become aware.
14. Changes
We may update this policy when the service or law changes. The new date is shown at the top. Material changes may be notified by email or panel.