Privacy Policy

  1. Home
  2. Privacy Policy

Privacy Policy for "DEDIXLAB.COM"
dated March 07, 2019

Last updated on November 17, 2025

This Privacy Policy (the "Privacy Policy") is an official document of VMachines & Servers OÜ (the "Contractor" or "Operator") and is an annex to, and forms an integral part of, the Paid Services Agreement (the "Agreement") concluded between VMachines & Servers OÜ and the Customer. VMachines & Servers OÜ acts as the Contractor under the Agreement and as the Operator of the "DEDIXLAB.COM" website (the "Website").

This Privacy Policy describes how the Contractor collects, uses, stores, discloses and protects personal data (the "Personal Data") of natural persons (the "Data Subjects") who visit or use the Website, register an account, order or use the Services, or otherwise interact with the Contractor as Customers or as representatives, employees or other contacts of Business Customers within the meaning of the Agreement.

For Customers who qualify as Consumers under applicable law, this Privacy Policy is subject to mandatory consumer protection and data protection provisions of the European Union and the Republic of Estonia. Nothing in this Privacy Policy shall be construed as limiting or excluding any mandatory statutory rights of Consumers.

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), the Contractor acts as the data controller in respect of the Personal Data processed in connection with the Website and the Services.

Capitalised terms used in this Privacy Policy have the meanings given to them in the Agreement and the Terms and Conditions, unless otherwise defined herein.

  1. General Provisions

    1. The collection, storage, use, disclosure and protection of Personal Data in connection with the Website and the Services are governed by:

      • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR");

      • the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus) and the Estonian Personal Data Protection Implementation Act;

      • other applicable data protection laws of the European Union and the Republic of Estonia; and

      • this Privacy Policy and other official documents of the Contractor.

    2. The Contractor is committed to protecting the privacy and security of Personal Data and has implemented appropriate technical and organisational measures to ensure compliance with the GDPR and other applicable data protection laws.

    3. This Privacy Policy provides information required under Articles 13 and 14 of the GDPR about the processing of Personal Data by the Contractor. By visiting or using the Website, creating an account, contacting the Contractor, or ordering or using the Services, Data Subjects do not provide consent to the processing of their Personal Data; rather, the Contractor processes Personal Data on the legal bases described in Section 2 of this Privacy Policy.

      Where the Contractor relies on the Data Subject's consent as a legal basis for specific processing activities (for example, for certain direct marketing communications), such consent is requested separately in a clear and specific manner and may be withdrawn at any time as described in this Privacy Policy.

    4. The Contractor generally relies on the Personal Data provided directly by the Data Subject or the Customer and does not independently verify its accuracy by separate means, except where such verification is:

      • necessary for the performance of the Agreement or the provision of the Services;

      • required for compliance with applicable law, including anti-money laundering, counter-terrorist financing, fraud prevention, sanctions screening, tax or other regulatory requirements; or

      • carried out in accordance with the KYC Customer Verification Policy, this Privacy Policy, the Agreement or the Terms and Conditions.

      Data Subjects and Customers are responsible for ensuring that the Personal Data they provide to the Contractor is accurate, complete and up to date, in accordance with Clause 4.2 of the Agreement. Data Subjects may request the correction or updating of their Personal Data and exercise other rights described in Section 8 ("Customer's rights regarding Personal Data") of this Privacy Policy.

  2. Purposes and Legal Bases for Processing Personal Data

    1. The Contractor processes Personal Data in connection with the Website and the Services for the purposes and on the legal bases set out in this Section 2. For each processing activity, the Contractor relies on one or more of the following legal bases under Article 6(1) of the GDPR:

      • Contract performance (Article 6(1)(b)): processing is necessary for the performance of the Agreement or to take steps at the Data Subject's request prior to entering into the Agreement;

      • Legal obligation (Article 6(1)(c)): processing is necessary to comply with a legal obligation to which the Contractor is subject, including tax, accounting, anti-money laundering, counter-terrorist financing and regulatory requirements;

      • Legitimate interests (Article 6(1)(f)): processing is necessary for the purposes of the legitimate interests pursued by the Contractor or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject;

      • Consent (Article 6(1)(a)): where the Data Subject has given consent to the processing for one or more specific purposes, such as direct marketing communications; and

      • Vital interests (Article 6(1)(d)): processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, in situations where the Data Subject is physically or legally incapable of giving consent.

    2. The Contractor processes Personal Data for the following purposes:

      • Account management and service provision: to register and manage Customer accounts, to process Orders, to provide the Services, and to communicate with the Customer in connection with the performance of the Agreement (legal basis: contract performance);

      • Identity verification: to verify the identity of the Customer or their representatives in accordance with the KYC Customer Verification Policy, including for fraud prevention, anti-money laundering, counter-terrorist financing and sanctions screening purposes (legal bases: contract performance, legal obligation, legitimate interests);

      • Billing and payments: to calculate, invoice and collect fees for the Services, to process payments and refunds, and to manage debt collection where necessary (legal bases: contract performance, legal obligation, legitimate interests);

      • Customer support: to respond to enquiries, complaints and support requests submitted through the Client Area, email, live chat or other communication channels (legal bases: contract performance or legitimate interests, in particular for pre-contract enquiries or other communications not strictly required by the Agreement);

      • Security and fraud prevention: to detect, prevent and investigate fraud, abuse, security incidents and violations of the Agreement, the Terms and Conditions or applicable law, and to protect the Contractor's infrastructure, other Customers and third parties (legal basis: legitimate interests);

      • Legal compliance and enforcement: to comply with applicable laws and regulations, to respond to lawful requests from competent authorities, to establish, exercise or defend legal claims, and to enforce the Agreement and the Terms and Conditions (legal bases: legal obligation, legitimate interests);

      • Compliance with the TCO Regulation: to comply with Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online, including the retention of removed content and related data as required by Article 6 of the TCO Regulation (legal basis: legal obligation);

      • Service improvement and analytics: to analyse the use of the Website and the Services for the purposes of improving their quality, functionality and security (legal basis: legitimate interests, without prejudice to any consent requirements under applicable e-privacy laws); and

      • Marketing and promotional communications: to send marketing communications, newsletters, promotional offers and information about new services, where the Data Subject has given consent or where permitted by applicable law under the soft opt-in exception for existing Customers (legal bases: consent, or legitimate interests where permitted by law and subject to applicable e-privacy rules).

    3. Where the Contractor relies on legitimate interests as a legal basis, the Contractor has carried out a balancing assessment to ensure that such interests are not overridden by the Data Subject's rights and freedoms. Data Subjects may request information about the Contractor's legitimate interests assessments by contacting the Contractor as described in Section 8 of this Privacy Policy.

    4. The Data Subject is free to decide whether to provide certain Personal Data to the Contractor. However:

      • where Personal Data is required for the performance of the Agreement or to comply with a legal obligation, failure to provide such data may result in the Contractor being unable to enter into or perform the Agreement, or to provide certain Services; and

      • where Personal Data is requested on the basis of consent (for example, for certain direct marketing purposes), the Data Subject is free to refuse to provide such Personal Data or to withdraw consent at any time, without affecting the provision of the Services.

    5. Where the Contractor relies on consent as the legal basis for processing, the Data Subject may withdraw such consent at any time by:

      • using the unsubscribe link in any marketing communication;

      • updating preferences in the Client Area; or

      • contacting the Contractor as described in Section 8 of this Privacy Policy.

      Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Withdrawal of consent does not affect processing carried out on other legal bases (such as contract performance or legal obligation) and does not, by itself, terminate the Agreement or the Services.

    6. The Contractor may disclose Personal Data to third parties where:

      • disclosure is necessary for the performance of the Agreement (for example, to payment service providers, data centre operators, KYC verification providers or other service providers engaged by the Contractor);

      • disclosure is required by applicable law or a binding order of a competent authority;

      • disclosure is necessary to establish, exercise or defend legal claims;

      • disclosure is necessary to protect the vital interests of the Data Subject or another person;

      • the Data Subject has given consent to such disclosure; or

      • disclosure is otherwise permitted under applicable data protection law.

      The Contractor does not sell Personal Data to third parties. Further information on recipients of Personal Data is provided in Section 5 of this Privacy Policy.

    7. The Contractor does not rely on consent as the legal basis for:

      • processing Personal Data that is necessary for the performance of the Agreement or the provision of the Services;

      • mandatory identity verification (KYC) required for the use of the Services, as described in the KYC Customer Verification Policy; or

      • processing required to comply with a legal obligation to which the Contractor is subject.

      Such processing is carried out on the legal bases described in Clauses 2.1 and 2.2 of this Privacy Policy.

  3. Procedure for the implementation and changes of the Privacy Policy

    1. The Privacy Policy takes effect from the moment of its posting on the Website and is valid indefinitely, until its replacement with a new Privacy Policy.

    2. The current edition of the Privacy Policy is a public document available to any Internet user.

    3. The Operator of the Website has the right to make changes to this Privacy Policy. When changes are made the Operator notifies the Customers by posting a new edition of the Privacy Policy on the Website. The previous edition of the Privacy Policy become no longer valid. The Operator advises you to check this page regularly to see if any changes have been implemented. If the Operator implements a change in how the Operator deals with Personal Data with respect to which the Operator requires your consent, the Operator will re-request the Customer consent.

    4. The Operator advises you to check this page regularly to see if any changes have been implemented. If the Operator implements a change in how the Operator deals with Personal Data with respect to which the Operator requires the Customer's consent, the Operator will re-request the Customer consent.

  4. The scope of Personal Data

    1. Personal Data is provided by the Customer voluntarily, meaning the Customer's consent to the Personal Data processing. The Personal Data includes:

      1. the minimum Customer's Personal Data required for communication: surname, name, patronymic, address, telephone number, email address, and other similar information;

      2. other Personal Data (including gender, age, date of birth, address, etc.) is provided by the Customer at will and if necessary at the Operator's request for communication with the Customer and the implementation of actions related to the performance of the Operator's obligations to the Customer;

      3. the Customer's account information with the Website – such as the Operator's Information services the Customer ordered, domain name registration information, the IP addresses assigned to the Customer, the Customer's IDs, service charges owed and received, the use of the Operator's Information services or any other information related to the Customer's account;

      4. the Customer's contact with the Operator – such as a note or recording of a call the Customer makes to the Operator, a chat record when the Customer engages in a chat session with the Operator, an email or letter the Customer sends to the Operator or other records of any contact the Customer has with the Operator;

      5. information about the Customer's payment method, such as credit card number, bank account number, online payment processor's data or other payment information;

      6. information provided by the Customer to the Operator when the Customer notifies the Operator of a (suspected) breach of the Operator’s acceptable use policies;

      7. documents and information that certify the Customer's identity, including copies or photographs of government-issued identification documents (with non-essential numbers redacted where reasonably possible);

      8. identity verification photographs, including photographs of the Customer holding a handwritten statement and identification document, used solely for manual visual comparison to verify the Customer's identity. Such photographs are not processed using automated facial recognition technology and do not constitute biometric data within the meaning of Article 9 GDPR.

    2. Other information about the Customers processed by the Operator of the Website.

        The Operator of the Website also processes other information about the Customers, which includes:

      1. standard data automatically received by the server when the Customer accessing the Website and subsequent actions of the Customer. This includes data such as, the website features the Customer uses, the services the Customer purchases from the Website, the web pages the Customer visits, the time the Customer spends on these pages, and the search terms the Customer enters. This also includes data about the Customer's devices, including IP addresses, devices identifiers, regional and language settings, and data about the networks, operating systems, browsers or other software the Customer uses to connect to the Website.

      2. data automatically obtained by means of cookies when the Customer accesses the Website. Cookies is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies help the Operator to provide the Customer with a good browsing experience and also allow the Operator to improve its Website.

        You can view and manage your cookies through the privacy and security settings in your browser (and/or web developer tool of your browser) or manage this through browser add-ons or extensions. Moreover, you can block the cookie settings by using an ad-blocker in your browser. Please note that if you do refuse the use of cookies by any of these means, you may not be able to use the full functionality of the Operator's Website.

        More specifically, the Operator’s Website uses cookies for the following purposes:

        • Essential Cookies. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
        • Performance cookies. The Website also places cookies on your device to make navigating the Website easier. These cookies are used to allow the website to remember choices you made and provide for enhanced, more personal features. For instance, these cookies can be used to remember the status of your shopping cart, or to allow you to return to a previous page or it stores your preferred language or the region that you are in.
        • Web Analytics Cookies. The Website uses web analytics services i.e. Google Analytics. These tools place cookies on your device to help distinguish between different visitors and to analyze what the user did during his visit on the website. The cookies placed on your device by these tools are used to collect certain information, such as the date and time that a user visits the Website, the number of times a user has visited the Website and the website that has directed the user to the Website. More information on the use of cookies can be found on their websites.
        • Marketing Cookies. The Operator uses advertising services from search engines (i.e. Google, Bing), ad networks (i.e. Google) and social media (Facebook, Twitter, LinkedIn), which can place cookies on your device to serve ads based on your prior visits to the Website. More information on the use of cookies by these services can be found on their respective websites. The Operator also uses marketing automation services (i.e. OneSignal).
        • Social Media Cookies. Social media can place cookies through the Website to integrate social media (i.e. LinkedIn, Twitter, Google+ and Facebook). You agree to place these cookies on your device by clicking on the social media buttons to activate them. These social media have their own privacy and cookie policies, which Operator does not control. Please check the social media websites for more information about their cookies and how to manage them.

      3. data obtained as a result of actions of the Customer on the Website.

      4. data obtained as a result of actions of other users on the Website.

      5. data which is required to identify the Customer to access the services of the Website.

      6. Identity verification documents and photographs collected under the KYC Customer Verification Policy are retained for the duration of the contractual relationship and for seven (7) years thereafter, in accordance with applicable Estonian tax, accounting and regulatory requirements. Upon expiry of the retention period, such documents are securely deleted in accordance with the Contractor's data retention procedures.

  5. Processing of the Customers' information

    1. The processing of Personal Data is based on the following principles:

      1. The Contractor does not process special categories of Personal Data within the meaning of Article 9 GDPR for identity verification (KYC) purposes. Identity verification photographs are reviewed manually by the Contractor's staff and are not processed through automated technical means that would qualify them as biometric data.

      • Lawfulness, fairness and transparency — the Operator will process Personal Data lawfully, fairly and in a transparent manner in relation to the data subject.

      • Purpose limitation — the Operator will only collect Personal Data for a specific, explicit and legitimate purpose. The Operator will clearly state what this purpose is, and only will collect data for as long as necessary to complete that purpose.

      • Data minimisation — the Operator will ensure that personal data which will be processed will be adequate, relevant and limited to what is necessary in relation to the processing purpose.

      • Accuracy — the Operator will take every reasonable step to update or remove data that is inaccurate or incomplete. The Customers have the right to request that the Operator erase or rectify erroneous data that relates to them.

      • Storage limitation — the Operator will delete Personal Data when it is no longer needed.

      • Integrity and confidentiality — the Operator will keep Personal Data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

    2. Collection of Personal Data.

      1. The Operator may collect your Personal Data when:

        • you browse or use the Website https://www.dedixlab.com;
        • you order Information Services on the Website https://www.dedixlab.com;
        • you use the Website’s Client Area section at https://www.dedixlab.com/clientarea.php;
        • you use the Website’s Live Chat https://livechat.dedixlab.com;
        • you enter a promotional codes on the Website;
        • you participate in the Operator's survey;
        • you subscribe to the Website's newsletter;
        • you subscribe to the Website's push messages;
        • you ask the Operator for more information about a service, or contact the Operator with a question, comment or complaint;
        • you submit an abuse notification to the Operator;
        • you use the Operator's network and equipment, the Operator's infrastructure and/or other Operator's services.

      2. The Customer's Personal Data is collected on the Website upon the Customer enters data on its own initiative at the time of communicating with the Operator or the Website.

      3. The Customer provides their last name, first name, patronymic, email address and phone number for feedback.

      4. Other personal information is provided by the Customer on its own initiative or the request of the Operator by means of the relevant sections and resources of the Website, for example, for ordering, and required only for the conclusion and performance of the Agreement by the Operator to which the Customer is a party.

    3. Transfer of Personal Data

      1. Personal Data of the Customers is not transferred to any person, except in the cases specifically provided by this Privacy Policy.

      2. The Operator may share Data about the Customer with:

        • partners or agents involved in delivering the Information services the Customer has ordered with the Operator;
        • fraud prevention agencies and services;
        • domain name registries when the Operator registers a domain name on the Customer's behalf;
        • debt collection agencies or other debt recovery organisations;
        • law enforcement agencies, regulatory organisations, courts or other public authorities to the extent required by law;
        • competent authorities of Member States of the European Union for the purposes of receiving, processing and executing removal orders and other requests issued under Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online (TCO Regulation);
        • the Operator's customer, if you notify the Operator that this customer use of the Operator's services violates the applicable law;
        • a third party that has claimed that use of the Operator's services by the Customer violates the applicable law (to the extent such sharing is required by law).

      3. Applications used by the Customers on the Website are maintained by third parties (developers) who operate independently of the Operator and do not act on behalf of or at the request of the Operator. Customers are required to familiarize themselves with the rules for the provision of Information services and the policy of protecting Personal Data of such third parties (developers) prior to the use of the relevant applications.

    4. Retention and destruction of Personal Data

      1. Personal information of the Customers is stored solely on electronic media and is processed by the use of automated systems except where the manual processing of the Customers' Personal Data is required in order to comply with the requirements of the legislation.

      2. The Operator will store the Customer's Personal Data as long as necessary to perform the purposes of processing as stated in this Privacy Policy; unless otherwise required by law. Therefore, the exact retention period of your Personal Data may vary on case-by-case basis.

      3. The Operator is obligated to produce taxation reporting and keep financial records for a period of time therefore the Operator needs to keep Customer's Personal Data such as contact details, order history, invoices and other important information connected with the Customer's orders, if any. The minimum required list of the Customer's Personal Data that the Operator is legally obliged to store will include at least:

        • Customer's first name and last name;
        • Customer's Email;
        • Customer's invoice mailing address;
        • the content of the invoice’s.

      4. Upon termination of the applicable purpose of the processing of Personal Data, or upon Customer's written request, the Operator will either destroy the Customers Personal Data unless otherwise required by law. The request must contain identification data which expressly indicates the Customer's ownership of Personal Data.

      5. Without prejudice to the general retention periods described above, where the Operator removes or disables access to content that is considered "terrorist content" within the meaning of Regulation (EU) 2021/784 (TCO Regulation), the Operator will retain the removed or disabled content and related Personal Data (including logs, timestamps, identifiers and account information necessary to comply with the TCO Regulation) for a period of six (6) months from the date of removal or disabling, or for such longer period as may be specifically requested by a competent authority or court.

        The processing of such data is carried out on the legal basis of compliance with a legal obligation under Article 6(1)(c) of the GDPR (specifically, compliance with the TCO Regulation).

        Access to such retained content and Personal Data is strictly limited to:

        • competent authorities and courts acting within their legal powers; and

        • a limited number of authorised employees or contractors of the Operator who require access strictly for the purposes of:

          • executing and documenting removal orders and other legal requests;

          • handling complaints submitted by Customers in accordance with Section 7.7 of the Terms and Conditions; or

          • complying with statutory obligations under applicable law.

  6. Collection of Personal Data.

    1. 6.1. Personal Data hosted, transmitted or processed on infrastructure controlled by the Customer is governed by this paragraph. The Customer of the Operator that has ordered the Operator's Information services, will be responsible for determining the purposes and means of the processing of Personal Data, and this Operator's Customer (or its customers) will be the data controller in regards to such processing. If at any time the Operator has access to personal data stored on infrastructure controlled by the Customer, then the Operator shall be a data processor, and any actions performed by the Operator in relation to such data shall be solely governed by the agreement concluded between the Operator and the Customer.

  7. Measures to protect Personal Data.

    1. The Operator takes technical, organizational and legal measures in order to protect Personal Data of the Customer against unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions.

    2. In accordance with international data protection laws, in particular the GDPR, the Operator observe adequate procedures to prevent unauthorized access to, and the misuse of, Personal Data. The Operator uses appropriate business systems and procedures to protect and safeguard the Customer's Personal Data. The Operator also uses security procedures and technical and physical restrictions for accessing and using the Customer's Personal Data.

  8. Customer's rights regarding Personal Data

    1. In accordance with data protection laws, you have a number of rights regarding your Personal Data and the processing thereof:

      • to view and, if necessary, change Personal Data in the Client area at any time;
      • to know what information the Operator has collected about the Customer;
      • to make changes to the Personal Data the Customer has seen the Customer cannot change in the Client area;
      • to obtain from the Operator the erasure of the Customer's Personal Data (right to be forgotten);
      • in addition, the Customer, under certain circumstances, has the right to restriction of the processing of their Personal Data;
      • to object, on grounds relating to a particular situation, at any time to processing of Personal Data;
      • to receive Personal Data, which the Customer has provided to the Operator, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller when the processing is based on the Customer's consent or is necessary for the performance of a contract;
      • to lodge a complaint with the competent supervisory authority.

    2. Please note that the rights described in this section may be limited where the Operator is required to retain certain Personal Data in order to comply with a legal obligation, to perform a task carried out in the public interest, or to comply with binding requests from competent authorities (including obligations arising under Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online).

  9. Limitations of the Privacy Policy

    1. This Privacy Policy does not apply to actions and Internet resources of third parties.

    2. The Operator is not responsible for the actions of third parties who get access to information about the Customer and the consequences of using of this information, which, due to the nature of the Website is available to any Internet user as a result of using the Internet or the services of the Website.

    3. The Operator recommends that Customers take a responsible approach to deciding how much information about themselves will be transmitted through the Website the Operator.