All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GDPR-compliant Reseller Accounts?
Hello,
I have seen that quite often there are people asking for reseller account providers, and I have found the answers informative. However, I have noticed, that - apart from German companies, where the problem is due to its laws the most pressing -, non-German webspace providers usually do not mention on their website anything about GDPR-compatability. And, even if they do (some larger providers have discussed that on their websites last year), I find the information lacking.
I have written to a few last week - one of them even sometimes mentioned here - but no one seemed to wish to answer to my (admittedly detailed) questions. Again, German companies did, but their offers are more expensive (I have quite a few websites, but not using the account for reselling, organising better my projects - it has unlimited features and workds, and the company is responsive and helpful, in short: I like it. Unfortunately, it is a US company and small and has taken no real steps to make its offer GDPR-compatible, so I need to leave).
Therefore: Do you know any webhost which you can recommend offering unlimited or at least gracious reseller accounts, which is not under US or UK jurisdiction (instead, preferrably somewhere where the GDPR is part of the law of the land, i.e. mainly EU, potentially Iceland etc.), which does comply?
As some key aspects would have to be mentioned:
ready to provide a GDPR-compliant processing agreement in accordance with § 28 GDPR?
storing IP addresses of visitors of my websites only for at a maximum 7 days or less, then rotate them, otherwise or even then (truly) anonymising them, ideally just for seven days (including all error logs, if they contain the IP address or other personal data) - be the logs accessible to me or not. Still better, if storing could be prevented at all. Therefore: Also not using any companies (Cloudfare, DDos and Malware protection? I do not know. I would rather do without external solutions and be compliant) which would still store IP addresses or set cookies I would not have initiated.
If it is Cpanel (and also in general) making sure the installed version is entirely (!) GDPR compliant. At least a few months back it seemed Cpanel as such was not entirely, although I do not know now. One (German) webshost told me they had modifications in order to ensure that.
The servers should be located within the EU, but not in the U. K. and not in France.
I cannot imagine I am the only one looking for that, although it seems to be that most do not take it seriously enough and few actually have read the directive and some webhostes do not seem to have fully understood it.
I know, all sounds as if I best just chose a German one, but they are so much more expensive and / or offering less than providers in other countries (limited accounts, limited features or sometimes double the price etc. I am currently paying less than 10 US$)
Thank you in advance!
Comments
@starlight We have many reseller customers and we are GDPR compliant. You can also easily create a DPA using our customer interface. (See our post today on Instagram for a short video):
More info on the DPA:
https://www.hetzner.com/news/vertrag-zur-auftragsverarbeitung-gemaess-art-28-ds-gvo-steht-ab-sofort-online-zur-verfuegung-eintrag/?fbclid=IwAR3IBmXq0jTGG7cP_GIOlp5pu5JPfEnfW0Nc-CD5P4j8qcrhRaA6LbRrXr0
If you have any GDPR/data protection questions, please check our policy and feel free to write to our data protection officer: https://www.hetzner.com/rechtliches/datenschutz
You can use cPanel on our dedicated root servers (unmanaged) (https://wiki.hetzner.de/index.php/CPanel/en) or you can use something else. Our managed products use an admin interface that was developed in house called konsoleH.
If you're on a 10 dollar (a month?) budget, you have somewhat limited choices, either our managed web hosting https://www.hetzner.com/webhosting or our unmanaged cloud servers: https://www.hetzner.com/cloud
I hope this was helpful. --Katie, Marketing
Hi Katie,
Thank you for your response. I know Hetzner, it is well known in Germany and in terms of quality certainly an option. However, my budget is indeed around, 10 Euro a month or, preferrably, a bit below. Currently I am on a 5 - 7 US$ plan with unlimited features, good speed, good support, one that I would have never left without the GDPR coming into force.
Yet, within that budget, I do not see any reseller accounts at Hetzner.com (unless I have overlooked them?), and I just do not want to throw all my domains together into a normal hosting account, not only because of a lack of overview, but also for reasons of performance and because one hacked WordPress installation (for example) might lead to suspension of the entire account. Therefore, I would like to keep things separate.
Also, unamanged might turn out to be even worse than non-GDPR-compliance, unless one is a server administrator. Imagine the damages one could be sued for if or rather once - and this is not at all improbable -, a non-expertly maintained unmanaged server of vserver would start to be get hacked and to do bad things, perhaps even without one's knowing...
But thank you for all of the information!
starlight
I'd say reseller account fits the bill for the described situation. It's just the budget.
I suppose you want fast, stable, secure and GDPR compliant reseller account.
Plus EU based server, all for under 10$ per month - I'm interested to hear about that as well.
That is to say: have no idea where to find that. I'd start by looking at EU based hosting companies offers, with EU based servers - they should be GDPR compliant, whether they want to, or not.
This is probably impossible for under $10/month. You can find hosts that are GDPR compliant, but I doubt anyone will provide you with a reseller service that is GDPR compliant. What exactly do you need to be compliant?
If you need your reseller service itself to be compliant, you must show a dialog on your website where visitors agree to use cookies, and you have to deal with minor things like having a privacy policy, and sending data whenever visitors request it from you. Which may not be minor for the host, as they would basically be managing your service for you.
From the way you described in your post, you also want your clients' websites to be GDPR compliant? That's 100% impossible.
@bikegremlin
Yes, that is what I would like to have. People often say you get what you paid for, yet as my current provider fulfills all (with the exception of the GDPR-compliance : ( ) I had hoped someone here might know one.
(I do have looked through quite a few - for me, if I do not find anything that would allow me to have more accounts in my reseller package (as you are looking yourself) I might still try https://www.serverprofis.de/, but I would have just 25 accounts for my budget). (https://web-service4u.de, would offer 50, but I have not checked their compliance yet)).
@smallbibi
Well, I need everything compliant. Where I found it to be doubtful when talking to some was especially the question of log rotation and error logs. There is no clear number of days established yet that one may keep them, but in accordance with - for example - statements from one well-known IT professor, I would say that 7 days is a number where one cannot really do wrong. All the other things I am looking for are those I have already mentioned in the bullet-point-list in my first post.
Yes, of course - if cookies are used. Therefore I do not want the provider to set any cookies that I do not know about or could not impede.
Thank you, yes. I know that. There is nothing that can be done about it, though, if you address an audience within the EU.
Well, yes, but if they do have any clients, resellers or otherwise, that are located within the EU or the area where the GDPR is applicable, they simply have to do it. Otherwise they are in violation themselves. And that is valid even for companies outside of Europe as soon as they aim at or take clients from the EU. So it is not a luxury to enable compliance, but actually a necessity.
I want that if a client sets up a website, he can do it in a way that complies. That means that the webspace has to be complient. Whether they then comply or not with what they do, is, of course, outside of the hands and responsibility of the webspace provider, but he has to make it possible.
Why do you believe that to be absolutely impossible?
Nothing is impossible, but this sounds impossible for $10/month. I don't even know much about GDPR compliance and could think of so many things just based off the minimal research I done a few months ago.
Thank you for your response. Perhaps I have not expressed myself clearly enough. Again: What the webspace provider has to do is to provide a webspace that is as such GDPR-compliant. What the client does with it, is, as to the GDPR, not within the primary legal responsibility of the webspace provider. In any case, for me it is enough if the webspace is as such compliant. All else is my own responsibilty.
If, however, you are indeed referring to a case in which the webspace provider providing the reseller account (so not the resesller, but the provider where he has booked the space) does any of those things you mention and does it in violation of the GDPR and / or the agreement with the client, that is rather the provider's problem, not primarily of the client, at least, as long the latter does not know about it.
If the client should be sued because the provider was in violation, I am not entirely sure what would happen, if that even would have any chance, but even if that would happen, I guess that unless the provider would go bankrupt, the client could demand reimbursement from the provider if the provider would have violated the agreement with his client.
I can, of course, not rule out that you might be right in assuming that all those who offer something like this below 10US$ are actually in violation of the GDPR, but I do not know whether that actually is the case and believe that to be quite a bold assumption: I have seen quite a few offers below that made by providers which are situated within the EU and which do cater to an audience under EU law. If you are right, that would mean they were all in violation. It is hard for me to imagine they are willingly doing or being so, as the penalties that could be theoretically imposed can be quite severe, if it came to the worst. Therefore I had hoped that someone here might be able to tell me about a provider I have overlooked who does comply and talks about it.
As I said, I have written to providers in that price ranged - the German ones all responded at least briefly, but were more expensive (as they had very probably been even before the GDPR), most of the non-Germans simply ignored my request. That does not bode well for their legal compliance, there you are right, but I do still have hope. So anyone knowing anything in this matter is welcome to respond : )
(Edited a few times for better accuracy.)
We don't lable our products as "Reseller" products. (Many of our products have a wide variety of use cases, so don't list the potential use cases.) If you're not sure that we're right for you, I suggest writing an email via our support page: https://www.hetzner.com/support-form . Our technicians there can help you out if you list your specific requirement. Maybe we'll have something that fits for you, or maybe not. They'll give you an honest answer. --Katie
Katie, Thank you, I have done so, although I am not sure why someone would not announce that he offers to resellers, as there is often a difference in how the control panel deals with resellers and end users.
But I never have understood anyhow when providers do not write everything they have on their website. (Quite a few times - not in your case, generally speaking now - I have come across providers which asks the viewers to ask for conditions. Normally, I never do so, because I assume that if they have a good offer, they would actually announce it publically. But it seems to work for them, maybe filtering out the price-aware?)