Last revised 18 February 2026
This privacy notice ("Privacy Notice") for SPACELAMA KFT ("the Company", "we", "us", or "our") explains how and why we collect, use, disclose, and otherwise process ("process") personal data when you interact with us.
This Privacy Notice applies when you:
For the purposes of Regulation (EU) 2016/679 ("GDPR"), this Privacy Notice describes the categories of personal data we process; the purposes and legal bases for processing; the recipients of personal data; applicable retention periods; international data transfers; and your rights as a data subject.
The Company's details
Name: SPACELAMA KFT
Registration Number: 13-09-234900
Registered Office: 15, Ráckeve, Március, Apt.: 3/B, 2300, Hungary
Contact: support@spacelama.com
Where required under Regulation (EU) 2016/679 ("GDPR"), we act as either:
Questions or concerns?
Reading this Privacy Notice will assist you in understanding your privacy rights and options. Should you have further questions or concerns, please reach out to us at support@spacelama.com
Personal Data – Any information relating to an identified or identifiable natural person (GDPR Art. 4(1)).
Customer – Any individual or legal entity purchasing Services.
Account Data – Data required to create and maintain a SpaceLama account.
Hosted Data – Content, files, databases, emails, and other information stored in a hosting account.
We act as Data Controller when we determine the purposes and means of processing personal data. This applies to personal data collected for the following purposes:
Processing in this context is carried out to provide, manage, and improve our Services, and to comply with applicable legal obligations.
For Hosted Data stored in a Customer's hosting account:
In some cases, SpaceLama may process personal data on behalf of third-party service providers, including:
In these situations:
When you register a domain through SpaceLama, we act as a reseller of an ICANN-accredited registrar or other registry-accredited reseller. Under our agreements with the registrars (ConnectReseller, NameSilo, CentralNic Reseller, ResellerClub) and applicable ICANN or registry rules:
We collect and process personal data to provide, operate, and improve our Services. The type of data we collect depends on your interactions with us, the Services you use, and the choices you make. This includes both data you provide and data we collect automatically.
We gather personal data that you willingly share when you:
The personal information you provide may include the following categories:
Account Registration & Identification Data include:
In some cases, we may request additional verification information if legally required, for fraud prevention, or if unusual activity is detected.
When registering a customer account, certain personal information is required as "mandatory fields," generally including:
This information is used for customer identification, account management, and service provision. The legal basis for processing this data is the necessity to fulfill contractual or pre-contractual obligations.
You may also voluntarily provide additional information for our legitimate interest in verification, fraud prevention, and more efficient communication.
To access your account, you will create a User-ID and password. It is essential to ensure that your login credentials remain confidential and are not accessible to unauthorized individuals.
We collect and process payment-related personal data necessary to manage subscriptions, billing, and secure transactions for our Services.
This may include:
We do not store full card numbers or sensitive authentication data on our servers.
The legal basis for processing these data is generally the performance of a contract with you (Art. 6(1)(b) GDPR) or compliance with legal obligations (Art. 6(1)(c) GDPR). Certain voluntary data may be processed based on our legitimate interests (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR).
When you visit, use, or interact with our Services, we automatically collect certain information to maintain the security, functionality, and performance of the Services, as well as for internal analytics and reporting. This information does not specifically identify you but may include the following categories:
(a) Log and Usage Data
(b) Device Data
(c) Location Data
(d) Cookies and Other Tracking Technologies
We also use cookies and similar technologies from third-party service providers to improve analytics, functionality, and security. These technologies may include session or persistent cookies, web beacons, and local storage objects. For more details, please see our Cookie Policy.
(e) Temporary Data Storage
We do not intentionally collect or process special categories of personal data within the meaning of Article 9 of the General Data Protection Regulation ("GDPR"), or personal data relating to criminal convictions and offences under Article 10 GDPR, when acting as a Data Controller.
However, in the context of providing hosting and related infrastructure services, we may process personal data — including special categories of personal data — solely in our capacity as a Data Processor, where such data is included in content hosted or transmitted by our customers.
In such cases:
Customers are responsible for ensuring that their use of our Services complies with applicable data protection laws.
We utilize your data to provide, improve, and manage our Services, communicate with you, ensure security, prevent fraud, and comply with legal obligations. Additionally, we may use your information for other purposes with your consent. This includes:
We use your information to create, maintain, and manage your Spacelama account, including facilitating access to hosting, domain registration, and SSL certificate services.
We use your information to provide, manage, and maintain the services you request. This includes:
(a) Hosting Services:
We use your data to provide the hosting services you have requested, including account provisioning, cPanel access, email accounts, backups, and third-party software integrations.
(b) Domain Registration and SSL Certificates:
For domain name and SSL certificate registration, we process your information to submit required data to registries or Certificate Authorities, ensure compliance with registry rules, and facilitate management of your domains and SSL certificates. These services are separate products with their own terms and obligations. For SSL certificates, we submit information to Certificate Authorities to issue and manage certificates in accordance with their rules and industry standards.
(c) Public Registry / WHOIS Compliance:
In certain jurisdictions and pursuant to ICANN or registry rules, domain registration information may be made publicly available through WHOIS searches. We store this information and may provide it to registries, escrow providers, or authorities as required.
(a) Customer support:
We use your information to provide support, respond to inquiries, and resolve any issues related to the services you have requested.
(b) Mandatory communication:
We also send essential account, service, and billing notifications that cannot be opted out of while your account is active. These include updates about your account status, service availability, billing, and compliance matters.
(c) Optional communication:
In addition, we may send optional administrative, marketing, and promotional communications according to your preferences. You can manage or opt out of these communications at any time.
To process and manage orders, payments, refunds, exchanges, and domain/SSL renewals or transfers.
We use your data to request feedback and to contact you about your experience with our Services.
We may use your information to facilitate communication between users of our Services, such as interactions between sub-accounts, where the functionality is supported by the Service.
To ensure the security and integrity of our Services, we monitor and analyze activity to detect and prevent fraud, abuse, spam, security incidents, unauthorized access, and other threats. This includes protection against DDoS attacks, server or network incidents, and compliance with registry and Certificate Authority requirements (e.g., handling abuse reports).
We use your information to monitor and analyze interactions with our Services to optimize performance, improve system functionality, and enforce fair use. This may include combining data in aggregated or anonymized form to identify usage trends, assess service performance, and enhance the overall user experience.
We utilize your personal information to send you marketing and promotional messages according to your marketing preferences. You can opt out of our marketing emails at any time. For more information, see below.
We use your information to create and display personalized content and advertisements tailored to your interests and location. For more information, see our Cookie Policy.
We utilize your information to assess the success of our marketing and promotional efforts and make them more relevant to you.
To protect individuals from imminent harm or to address security threats.
We retain personal and account information only for as long as necessary to provide our Services, as well as to comply with legal obligations, registry, ICANN, and Certificate Authority requirements, enforce agreements, maintain backups, and resolve disputes.
We process your personal data in accordance with applicable data protection laws, including the GDPR, and only when we have a valid legal basis to do so. The legal basis for processing your data may vary depending on your location, the Services you use, and the purpose of the processing.
The primary legal bases we rely on include:
We may process your data if you have explicitly given permission to use your personal information for a specific purpose, such as:
You can withdraw your consent at any time.
We may process your data when necessary to fulfill our contractual obligations to you. This includes:
We may process your data to comply with legal requirements, such as:
We may process your data when reasonably necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. Examples include:
In certain situations or jurisdictions, we may process personal data without explicit consent where permitted by local laws, including but not limited to:
In certain situations or jurisdictions, we may process personal data without explicit consent where permitted by local laws, including but not limited to processing information produced during employment, business, or professional activity consistent with its original purpose.
We may share the personal information we collect with your consent and in the following situations:
We may share personal data with authorized personnel, departments, or any member of our corporate group, including subsidiaries or holding companies as defined by Hungarian law. This sharing is limited to purposes necessary to provide, manage, and improve our Services, including hosting, domain registration, SSL certificate management, customer support, and Service Protection (Section 4.1–4.7).
We may share personal data with business partners, suppliers, or sub-contractors to fulfill contracts with them or with you in connection with the Services we provide. This includes partners who assist with hosting, domain registration, SSL certificates, payment processing, or other Service-related operations (Section 4.2–4.4).
We may share personal data with service providers who perform data-related services on our behalf, or who help us maintain, enhance, and optimize our website, Services, or customer experience. Examples include analytics, backup, infrastructure, or technical support providers (Section 4.7–4.8).
We may share personal data with third parties in the event of a business or asset sale, equity transaction, merger, acquisition, or in preparation for such transactions, while ensuring continued protection of your information (Section 4.4 Order Fulfillment, 4.5 Feedback Requests).
We may disclose personal data to comply with applicable laws, court orders, or regulatory requirements, or to enforce our legal rights or obligations. This includes domain registration compliance, ICANN/registry requirements, Certificate Authority obligations, and data retention as required by law (Section 4.2 Domain Registration & SSL Certificates, 4.2 Public Registry / WHOIS Compliance, 4.13 Data Retention).
We may share personal data when necessary to protect our rights, property, or safety, as well as the rights, property, or safety of our customers or others. This includes handling abuse reports, fraud prevention, service security, and emergency situations (Section 4.7 Service Protection, 4.12 Vital Interests).
Our Services may include links to third-party websites, online services, mobile applications, or advertisements from entities not affiliated with SpaceLama. These links or advertisements may direct you to other websites, services, or applications.
SpaceLama may process certain information related to visitors and users of websites, applications, or services operated by our customers ("Users of Users") solely on behalf of those customers.
(a) Roles and Responsibilities
(b) Customer Responsibilities
Customers are responsible for:
(c) SpaceLama Responsibilities
When acting as a Data Processor, SpaceLama:
(d) Visitor Guidance
If you are a visitor or end-user of a website or service hosted by SpaceLama for customer, please contact that website owner directly to exercise your privacy rights or ask questions about data processing. SpaceLama does not have a direct relationship with visitors and cannot act on requests except as instructed by the customer.
When creating an Account on the SpaceLama Platform, you can manage your preferences regarding the receipt of communications, including marketing offers, service expiration reminders, and renewal notifications, through your email, phone (SMS or WhatsApp), or your Account settings.
We may send marketing communications (e.g., newsletters, special offers, or other Service-related updates) to your email only if you have explicitly consented at registration or thereafter (Art. 6(1)(a) GDPR). This allows us to provide you with information about products, services, and updates relevant to you.
We may also contact you via email with surveys or feedback requests, only if you have provided consent (Art. 6(1)(a) GDPR). This helps us understand customer needs and improve the quality of our Services.
For active users, SpaceLama may send marketing communications based on legitimate interest (Art. 6(1)(f) GDPR) for up to 90 days after last interaction (e.g., subscription expiration or termination), after which explicit consent is required.
Transactional messages necessary to complete an unfinished purchase (e.g., payment reminders, order confirmations) are not considered marketing and may be sent under our legitimate interest (Art. 6(1)(f) GDPR), even if you have not provided explicit marketing consent. Basic reminders to complete an unfinished purchase may also be sent under legitimate interest. Any additional marketing content, such as upsell or promotional offers included in these communications, requires your explicit consent (Art. 6(1)(a) GDPR).
We only send marketing messages via SMS or WhatsApp if you have explicitly consented (Art. 6(1)(a) GDPR). You may withdraw your consent at any time. Consent for phone communications is valid for up to 36 months after your last interaction (e.g., subscription expiration or termination), unless withdrawn earlier. After this period, we will request renewed consent before sending further messages.
We may send important transactional messages regarding:
These messages are not marketing communications and are sent based on our legitimate interest (Art. 6(1)(f) GDPR) to ensure proper Service provision, account security, and prevent service disruptions. Some transactional messages may be mandatory under applicable laws or regulations (e.g., ICANN rules for domain registration) and cannot be opted out of.
Depending on your preferences, communications may be personalized using information you have provided (e.g., location, purchase history) or data collected through your use of the Service.
You may withdraw consent or object to direct marketing at any time by:
We use third-party payment service providers to facilitate payments for our Services.
When you choose to pay by card or other electronic method (including balance top-ups and automatic renewals), the transaction is processed by an external payment service provider.
Depending on the specific processing activity, such providers may act:
In their capacity as independent controllers, payment service providers determine the purposes and means of processing in accordance with their own privacy policies.
Financial institutions involved in the transaction (including acquiring and issuing banks), payment networks, and supervisory authorities may also process payment-related personal data under their own legal and regulatory responsibilities.
Where payment is made via invoice and bank transfer:
For subscription-based Services, recurring payments may be processed by payment service providers.
Such providers may process payment data on our behalf for technical execution of recurring charges, while also acting independently where required for fraud monitoring, compliance, dispute handling, or financial risk management.
We may share limited transaction-related information with external tax or accounting service providers for the purpose of VAT calculation, reporting, and statutory financial compliance. These providers act on our behalf under appropriate contractual safeguards.
We may employ cookies and other tracking technologies to collect and store your information.
Our use of cookies and similar tracking technologies (such as web beacons and pixels) helps us access and store information. For comprehensive details about how we utilize these technologies and how you can manage your cookie preferences, please refer to our Cookie Policy.
We conduct business globally and may transfer your personal information to our trusted partners and service providers with servers located outside the European Economic Area (EEA). The privacy and data protection laws in these countries may differ from, and potentially be less stringent than, those in your own country. As a result, your personal data may be subject to access requests by government authorities, courts, or law enforcement under local applicable laws.
For transfers of personal data from the EEA, Switzerland, or the United Kingdom, we implement appropriate safeguards to ensure the lawful processing and protection of your personal data. These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission.
We are committed to taking all necessary measures to protect your personal information in compliance with this Privacy Notice and applicable laws.
We retain your personal information only for as long as it is necessary to provide and manage our Services, including hosting, domain registration, SSL certificate issuance, and related functionalities, or to comply with applicable legal obligations. Once your data is no longer required for these purposes, we will ensure it is securely deleted or anonymized in accordance with our retention policies.
For hosting services, customer-uploaded content and hosted data are retained for the duration of the active service and for up to 30 days following suspension or termination due to non-payment or account closure, after which such content is deleted from active systems. Certain account-related metadata, including transactional records, billing information, and security logs, may be retained for longer periods where required by law or for legitimate business purposes as described below.
You may request that we erase your personal information and close your SpaceLama Account at any time. Upon such request, we will remove or anonymize your personal identifiers while retaining necessary data for legal compliance or legitimate business interests as described below.
Certain personal data may be retained after account closure to comply with statutory or contractual obligations, including but not limited to:
We may retain limited personal data after account closure for legitimate business purposes, including:
Such retention is time-limited and proportionate to the purpose (for example, up to 1 year for security- or fraud-related purposes), after which the data will be anonymized or deleted. This may include limited account metadata, authentication logs, IP records, and transactional information necessary to maintain system integrity and protect against abuse.
Customer support communications and support tickets are retained for up to 3 years after resolution for operational, quality assurance, dispute resolution, and legal compliance purposes, unless a longer retention period is required by law.
Where possible, personal identifiers such as name, email address, and contact details will be removed or replaced (e.g., user@deleted.com) while preserving necessary operational or transactional information, including:
This allows us to maintain compliance, resolve disputes, and protect our systems without retaining identifiable personal data longer than necessary.
Certain information may remain publicly visible or with third parties even after account closure:
Residual copies of personal information may persist temporarily in backups for operational resilience, disaster recovery, or technical reasons. These backups are maintained in accordance with our data protection and security measures and are not used for active processing.
We implement appropriate technical and organizational measures to protect personal data in accordance with GDPR Art. 32. These measures include firewalls, server isolation (e.g., CloudLinux), account-level resource limits, access controls with restricted administrative support, regular backups (e.g., JetBackup), and DNS/email security (SPF, DKIM, DMARC).
While we take all reasonable steps to secure your data, no system is completely secure. Transmission or storage of personal data is at your own risk, and we recommend using secure environments and strong passwords.
Sub-Processors
SpaceLama may engage sub-processors for hosting infrastructure, domain registration, backups, and support software. Customers authorize sub-processor use under the Hosting Agreement (GDPR Art. 28(2)). We maintain a current list of sub-processors and make it available to customers upon request.
Automated Decision-Making (GDPR Art. 22)
We do not perform automated decision-making that produces legal or similarly significant effects.
Data Breach Notification (GDPR Arts. 33–34)
SpaceLama will notify affected users without undue delay where required by law. Supervisory authorities will be informed as mandated. For Hosted Data breaches caused by customer applications, the Customer is responsible for managing notifications.
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. We do not knowingly seek out or engage in marketing activities targeted at children under 18 years old. By using our Services, you confirm that you are at least 18 years old. Should we learn that we have unintentionally collected personal information from users under the age of 18, we will deactivate the account and promptly remove the data from our records. If you become aware that we have collected information from a child under 18, please notify us at support@spacelama.com.
You are entitled to certain rights regarding your personal information and how it is processed.
Your Rights
You have the right to withdraw your consent to data processing at any time when consent is the legal basis for processing. To exercise any of these rights, please contact us as described in the "How Can You Contact Us" section below.
Filing a Complaint
If you have concerns about how we process your personal data, please contact us, and we will try to resolve your issues. If you feel your concerns are not addressed, you may file a complaint with your local supervisory authority:
We may update this Privacy Notice periodically. Each new version will be marked with a "Revised" date and will take effect once posted. For significant changes, we will notify you by prominently posting a Policy of the changes or by sending you a direct notification. We encourage you to review this Privacy Notice regularly to stay informed about how we are protecting your information. The updates will be effective from the date posted, and that users should check the Policy before using Services.
For questions, comments about this Privacy Notice, or to file a complaint or request, you may contact us by email at support@spacelama.com, or by mail at:
SPACELAMA KFT
15, Ráckeve, Március, Apt.: 3/B, 2300, Hungary
