Respect for Privacy of Users
The protection of your privacy is a first priority for the company Master Internet since this is the only way to achieve long-term confidence and cooperation. As the lead operator of data centers and hosting services, Master Internet is well aware of the importance of the way how your personal data and information are used and shared.
All our company procedures and processes including processing of information are regularly certified within the system of quality management ISO 9001:2015 and especially of information security ISO 27001:2013.
This document defines the basic information on what type of data, information and personal data we use and what kind of security measures is applied to protect them safely.
Which Information is Collected?
Information collected and processed by Master Internet depends especially on the type of the service that you are using. They are, in most cases, the data necessary for your secure authorization and access to the technologies you are authorized to use. Below you can see the types of stored data, overview of services with a short description of the stored data, and description of protection of these data and your privacy.
Data Necessarily Provided by You
We collect verified personal data and information provided by you mostly at the conclusion of the contract for the new service via our web page or during personal meeting. We collect, among others, your name and surname, address, contact e-mail address, phone number and other information necessary for your secure authorization for access and support of your services, and identification data required directly by the law.
This information is collected when:
- you create an user account, enter an order or register a service;
- ask for support or make a request for the already registered service;
- ask for information on products and services offered by us;
- take part in surveys and marketing actions.
Your Data on Servers or Related Services
The working method with your data depends especially on the type of the provided service. The short description of work with the data and access to them for the services provided by us:
Housing and renting of dedicated server (your server or server rented from us and located in our data center) – during this service we do not work with data in any way; the data are located in any technology related to these services. We do not provide third parties with information of the client or any data from such technologies without written consent of the client, with the exception of their demand by the authorized authority in accordance with generally binding legislation.
Rackhousing (rental space in data switchboard in our data center) – during this service we do not work with data in any way; the data are located in any technology related to rackhousing. Only authorized client has an access to a secured rack. We do not provide third parties with information of the client or any data from such technologies without written consent of the client, with the exception of their demand by the authorized authority in accordance with generally binding legislation.
Virtual server and cloud hosting (renting of computational performance and data center storage) – renting of part of physical server as service when you take care only of performance configuration, similarly like with the dedicated server. HW administration including virtualization platform is provided by us. You take care on the data on this server yourself and only you have an access to the data of this service. We do not provide third parties with information of the client or any data from such technologies without written consent of the client, with the exception of their demand by the authorized authority in accordance with generally binding legislation.
Managed server/service (administration of physical or virtual server or service provision using SaaS) – service identified as managed server is characterized by our access to the data located in the specific technology. In practice, it means our unlimited access (root access) to the server under this service. It is our responsibility to ensure especially a smooth functioning of this technology. Only our administrators have an access to these servers. We do not provide third parties with information of the client or any data from such technologies without written consent of the client, with the exception of their demand by the authorized authority in accordance with generally binding legislation.
Automatically Collected Information and Data
Operational and Localization Data
During the use of services of company Master Internet, operational data from customers are being collected. It is only recording and storing information on data flow, without recording the own content of the data. These data are collected in accordance with the Act No. 127/2005 Coll. (Electronic Communications Act); it follows from the Act that the service providers are obliged to retain all operational data for the period of 6 months in accordance with the Decree No. 357/2012 Coll. on storage, transfer and liquidation of operational and localization data.
Also localization data processed in networks of electronic communications determining geographical location of your terminal equipment (namely number, name and location of a terminal point of network, etc.). Act No. 127/2005 Coll. (Electronic Communications Act) imposes an obligation on all providers to retain, among others, localization and operational data for the purpose of criminal proceedings and other purposes provided by law. The precise extent of these data is specified in the Decree No. 357/2012 Coll., on the retention, transfer and liquidation of operational and localization data.
We would like to assure you that we intend to protect all your personal data to a maximum extent and all obtained information is treated confidentially and only in accordance with relevant legislation, especially with the Act No. 127/2005 Coll. (Electronic Communications Act) and the Act No. 101/2000 Coll., on the protection of personal data. Under no circumstances we will provide or sell your personal data other organizations, so-called third parties.
In all our data centers and related areas the recording from our camera system is stored. The recording is used only for the purposes of identification or proving of activities in the data center, mostly based on your complaint and also as evidential basis for crime detection within investigation of the Police of the Czech Republic or courts.
The CCTV recording is one on the most important elements of protection of your data and technologies; only online monitoring without analysing the recording itself is mainly used.
Storage of Data
Your data are kept stored only for as long as it is necessary for the purpose for which it is collected or further processed, or in accordance with generally binding legislation.
Your registration information and data are stored for the whole period of the validity of your account or for the time necessary to provide services and related support for you. Your registration information is also kept no longer than is necessary to meet our obligations, resolve disputes and to accomplish mutual agreements.
Client data on servers and related services are stored for the period of the service; in case of service termination the data are kept for at least 8 weeks. After this time, the data are securely deleted (overwritten several times).
Use of Personal Data
We assure you that protection of your personal data and all of the data is an absolute priority for us. Only employees of our company with a strictly specified authorization and processors who provide appropriate safeguards and whose processing of personal data meets the requirements of applicable law and ensures adequate protection of users’ rights have an access to your personal data. The rules for the allocation of rights together with the rights for access and handling the data are controlled by the regularly authorized directions and procedures.
The processors of personal data are providers of accounting/payroll services and systems, administrators of IT systems, providers of legal and tax advice, providers of marketing services and public authorities to which the administrator is obliged to provide personal data.
Personal data is only transferred within the member states of the European Union. Upon request, the provider shall provide the user with an up-to-date list of processors.
As a provider we are also entitled to interrupt your service and access to your data in case of exposing ourselves, our employees or other people to the risk of criminal responsibility, or if you do not follow up your commitments towards our company in the agreed time. These measures are however used only in extreme cases and they are to limit possible negative impacts arising from illegitimate operation of the service.
Information Security and Accuracy
We intend to protect your personal data and the data stored in our systems in agreement with proven methods for information protection. We are constantly improving and implement state-of-the-art technical, physical and administrative protective measures to help to protect your personal information, data and collected information from unauthorised use.
Our data centers are protected against the access of unauthorized subjects and are constantly monitored by a complex CCTV system. Continuous supervision over physical access is assured by the technical support assistant who proactively manages any unauthorized intervention. Therefore, the access is possible only after authorization of the subject by the technical support person. To ensure successful access to required technologies, this subject must be specified as a subject for the access in the client’s account.
Other security features of our data centers include the entry through the coded door and a modern extinguishing system with the fire control panel (immediate extinguishing of fire thanks to extinguishing using inert gas FM200). Accurate air conditioning with a high reserve of cooling performance are responsible for cooling of the technology.
The so-called cookies are tiny text files sent to the user’s browser when he or she visits our website. Cookies help us record information about your visit to our sites.
We use both a type of cookies that expire when your browser visit ends and another type of cookies that have a set date of expiration.
Cookies allow us to distinguish users through arbitrarily assigned ID numbers, keep track of a number of visits to our sites, throttle server request rates and access information about users’ visits of our sites, from which sites the users have arrived, what their session states currently are and when they end. This information is used for running and improving our services and is shared only with our analytics, advertising and social media partners. You can read about how they use your data here.
Most common browsers offer a way to manage cookies. This method may be to some degree limited in mobile browsers. You can find more information about managing cookies in the help or support sections of your browsers.
In accordance with the Act No. 171/2023 Coll., on the protection of whistleblowers, Master Internet has established an internal whistleblowing channel through which individuals can report any illegal or unethical conduct by persons involved in the company’s activities. These concerns can be securely reported via the online form.
To ensure proper handling of the received complaints, it is not possible to submit a report anonymously. However, strict confidentiality will be maintained for all information submitted regarding your identity and the details provided in the notification. The online notification form is hosted on the qHlas platform, which complies with all legal requirements, including those for security, confidentiality, and data integrity.
Data Processing in Whistleblowing
The controller of personal data transmitted via the internal reporting system is Master Internet, s. r. o. The data processor is QCM, s. r. o., the operator of the qHlas platform.
The legal basis for the processing and storage of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 6(1)(c) GDPR, compliance with a legal obligation. In the context of whistleblowing, the following personal data are processed:
– Date of receipt of the report.
– Name, surname, date of birth, and contact address of the whistleblower.
– Summary of the content of the report.
– Date of completion of the assessment of the report’s validity by the relevant person and the outcome of this assessment.
The relevant person is obliged to retain the reports submitted via the internal reporting system for a period of five years from their date of receipt. Access to the records of reports submitted through the internal reporting system is exclusively granted to the relevant person, and in the case of further handling of the matter, access is provided in accordance with legal regulations to the competent public authorities.