Hosting and maintenance tailored to your needs

WP Clinic Privacy Policy

Derisory Ventures B.V. (trading as “WP Clinic”)
Version: 2026-02 / v1.0 — Effective date: 15 February 2026
Contact: info@wp-clinic.com

This Privacy Policy explains how Derisory Ventures B.V., trading as WP Clinic (“WP Clinic”, “we”, “us”, “our”) collects and uses personal data when you visit our website, contact us, or use our services, including:

  • Domain name registrations & DNS management
  • WordPress website hosting (subscriptions)
  • Theme development (custom WordPress theme projects)
  • Email hosting and email management (including, where applicable, Gmail/Google services)

This policy is written to meet the requirements of the EU/EEA GDPR.

1. Roles under GDPR (Controller vs Processor)

Depending on the context, WP Clinic may act as:

  • Controller (we decide why and how personal data is processed), e.g. for our website, invoicing, sales and support administration.
  • Processor (we process personal data on your behalf), e.g. when we host your WordPress site, manage DNS, or provide email/technical services that involve personal data you control.

If we act as your processor, we can provide a Data Processing Agreement (DPA) on request.

2. Personal data we collect

2.1 When you visit our website

We may process:

  • Technical data: IP address, device/browser type, operating system, language, referral pages, pages visited, timestamps.
  • Cookie and similar technology data: depending on the cookies you accept (see Cookies section).

2.2 When you contact us or request a quote

We may process:

  • Name, company name, email address, phone number (if provided)
  • Message contents and attachments
  • Internal notes related to your request

2.3 When you purchase or use our services

We may process:

  • Account and billing details: name, company, invoicing address, email, payment status, VAT/KvK data (if applicable)
  • Domain registration details (WHOIS/registrant/admin/tech contacts) as required by registries/registrars
  • Support communications and service tickets
  • Service configuration data (DNS records, hosting settings, email settings)

2.4 Data processed through hosting/email services (Customer content)

If you use our Hosting or Email-related services, you (or your organization) may upload or process personal data in:

  • Website content, form submissions, customer databases, logs
  • Email content and address books (where relevant to your setup)

This data is typically controlled by you; WP Clinic generally acts as a processor for this content when providing the services.

3. Purposes and legal bases

We process personal data for the following purposes and legal bases (GDPR Art. 6):

  1. To provide and manage services (hosting, domains, DNS, theme development, email management)
    • Legal basis: performance of a contract (Art. 6(1)(b))
  2. To register/renew/transfer domains and manage DNS
    • Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation where registries require certain data (Art. 6(1)(c))
  3. Customer support and incident handling
    • Legal basis: performance of a contract (Art. 6(1)(b)) and/or legitimate interest (Art. 6(1)(f)) to keep services secure and reliable
  4. Billing, accounting, and collections
    • Legal basis: legal obligation (Art. 6(1)(c)) and performance of a contract (Art. 6(1)(b))
  5. Security and abuse prevention (e.g., detecting fraud, preventing attacks, monitoring for malware)
    • Legal basis: legitimate interest (Art. 6(1)(f)) and, where applicable, performance of a contract (Art. 6(1)(b))
  6. Marketing and relationship management (e.g., responding to inquiries, sending service-related updates)
    • Legal basis: legitimate interest (Art. 6(1)(f)) or consent (Art. 6(1)(a)) where required (e.g., certain newsletters/cookies)

4. Cookies and similar technologies

We may use cookies and similar technologies:

  • Strictly necessary: for core website functionality and security
  • Preferences: to remember settings
  • Analytics: to measure and improve website performance (only if enabled and/or permitted under your cookie choices)
  • Marketing: only if we deploy them and you consent

If your website uses a cookie banner, your choices can typically be changed at any time through that banner (or via your browser settings). If you want a separate cookie policy page, we can create one aligned with your cookie banner implementation.

5. Sharing personal data (recipients)

We do not sell personal data. We may share personal data with:

5.1 Service providers (processors/subprocessors)

Such as:

  • Hosting infrastructure/data center providers
  • Domain registrars and registries
  • DNS providers
  • Email platform providers (including Google, where applicable)
  • Monitoring/security tooling
  • Backup/storage providers
  • Payment providers and accounting tools
  • Customer support/ticketing tools

We require appropriate contractual safeguards (e.g., processor agreements) where applicable.

5.2 Legal or safety requirements

We may disclose personal data if required by law, court order, or to protect rights, safety, and security.

5.3 Business transfers

If we reorganize, merge, or sell assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

6. International data transfers

WP Clinic is focused on customers in Europe, but some suppliers (e.g., Google or other tooling) may process data outside the EEA.

When personal data is transferred outside the EEA, we rely on appropriate safeguards such as:

  • An adequacy decision by the European Commission, and/or
  • Standard Contractual Clauses (SCCs), and/or
  • Other lawful transfer mechanisms under GDPR

7. Data retention

We keep personal data only as long as necessary for the purposes described above, including:

  • Billing and tax records: retained according to legal requirements (often several years under Dutch/EU rules)
  • Support communications: retained as long as needed for service quality, dispute handling, and security
  • Domain registration records: retained per registry/registrar requirements and contract needs
  • Hosting logs/security logs: retained for a limited period appropriate for security and troubleshooting

Exact retention periods may vary per data category. You can request more detail via info@wp-clinic.com.

8. Security

We take reasonable technical and organizational measures to protect personal data, which may include:

  • Access controls and least-privilege permissions
  • Encryption in transit (TLS) where applicable
  • Monitoring, patching, and vulnerability management practices
  • Backups and disaster recovery measures (as applicable per service tier)

No method of transmission or storage is 100% secure, but we work to minimize risks.

9. Your rights (EEA/UK GDPR)

If you are in the EEA (and generally also under similar regimes), you have rights to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (in certain cases)
  • Restrict processing (in certain cases)
  • Data portability (for data processed by contract/consent, in certain cases)
  • Object to processing based on legitimate interests
  • Withdraw consent (where processing is based on consent)

To exercise rights, email info@wp-clinic.com. We may ask you to verify your identity.

Complaints

You can also lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

10. Domain registrations and WHOIS

Domain registries/registrars often require registrant and contact details. Depending on the TLD and registry rules:

  • certain registrant/contact data may be published in WHOIS or made available to parties with legitimate access;
  • privacy/proxy options may or may not be available.

WP Clinic acts as an intermediary and must follow registry/registrar policies for the relevant domain extension.

11. Email services (including Google)

If we set up or manage email via Gmail/Google services:

  • Google may process personal data as an independent controller or processor depending on the specific service.
  • Your use is subject to Google’s applicable terms and privacy documentation.

WP Clinic will process configuration and administration data as needed to provide the service.

12. Third-party websites

Our website or services may link to third-party sites. We are not responsible for their privacy practices. Please review their policies separately.

13. Changes to this Privacy Policy

We may update this Privacy Policy. The newest version will be published with an updated effective date. If changes are material, we will take reasonable steps to notify affected customers.

14. Contact

For privacy questions, requests, or complaints: info@wp-clinic.com.