Back to hesk.com Hesk Knowledgebase Other
Privacy policy
Suggested knowledgebase articles:

Privacy policy

Effective date: 1 January 2026
Version: 2.0
Controller: StyledWeb d.o.o., Novi trg 10, 8000 Novo mesto, Slovenia ("Hesk", "we", "us", or "our")

This Privacy Policy explains how Hesk collects, uses, shares, and protects personal data when you visit hesk.com, contact us, create or use a Hesk Cloud account, purchase our products or services, or otherwise interact with us.

This Privacy Policy should be read together with the Hesk Cloud Terms of Service and, where Hesk processes personal data on behalf of a Hesk Cloud customer, the Hesk Cloud Data Processing Agreement.

1. Our role

  • Controller: We act as controller for website, account, billing, payment, support, marketing, security, and business-contact data.
  • Processor: For personal data in tickets, attachments, messages, contacts, and other Customer Data submitted to Hesk Cloud by a customer, we generally act as processor on behalf of that customer. The customer is responsible for the lawfulness of that data and for deciding why and how it is processed.

2. Personal data we collect and use

We may collect and process:

  • account and contact data, such as name, email address, company name, account details, and login information;
  • billing and transaction data, such as plan, invoice, purchase, renewal, refund, payment status, and tax information;
  • support and communication data, such as messages, tickets, emails, forms, feedback, and attachments you send us;
  • Hesk Cloud service data, such as Customer Data, account settings, users, logs, metadata, and usage information;
  • technical and website data, such as IP address, browser, device, operating system, referring pages, pages viewed, timestamps, cookies, and similar technologies; and
  • security and compliance data, such as abuse reports, access logs, fraud-prevention records, and information needed to enforce our terms or comply with law.

We use personal data to provide, secure, maintain, improve, and bill for our products and services; manage accounts; provide support; communicate with you; send permitted marketing with an option to unsubscribe; prevent abuse, fraud, spam, malware, unauthorized access, and security incidents; enforce our Terms; and comply with legal, tax, accounting, regulatory, and dispute-resolution obligations.

Where GDPR applies, our legal bases may include performance of a contract, legitimate interests, consent, legal obligations, and establishment, exercise, or defence of legal claims.

You must not submit sensitive, restricted, or high-risk data except as permitted by Section 7 of the Hesk Cloud Terms of Service. If you submit such data without approval, you are responsible for the resulting risks and obligations.

3. Sharing personal data

We do not sell personal data.

We may share personal data with hosting, infrastructure, email, security, analytics, support, billing, payment, and other service providers; professional advisers; authorities, courts, regulators, or law-enforcement bodies where required or appropriate; parties involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction; and other parties where you instruct us, consent, or where sharing is necessary to provide the services or protect rights, safety, security, or legal interests.

For Hesk Cloud subprocessors, see the Hesk Cloud Subprocessor List.

4. International transfers

We are based in Slovenia, but we may use service providers or process personal data in other countries. Where required, we use lawful transfer mechanisms, such as adequacy decisions, standard contractual clauses, international data transfer agreements or addenda, derogations, or other mechanisms permitted by law. Where Hesk acts as processor, international transfers are handled as described in the Hesk Cloud Data Processing Agreement.

5. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Account, billing, tax, accounting, legal, security, abuse-prevention, and dispute-resolution records may be retained as needed for those purposes.

Customer Data in Hesk Cloud is retained and deleted as described in the Hesk Cloud Terms of Service and, where applicable, the Hesk Cloud Data Processing Agreement. Backup copies may remain until overwritten or deleted in the ordinary backup cycle.

6. Security

We use technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

No online service is completely secure. You are responsible for keeping your account credentials secure, managing access permissions, and maintaining appropriate backups or exports.

7. Cookies, analytics, and marketing

We use cookies and similar technologies to operate our website and services, remember preferences, keep users signed in, improve performance, understand usage, and support marketing or advertising where permitted.

We may use analytics, advertising, remarketing, email, or social-media tools where enabled. These providers may process information according to their own terms and privacy policies.

You can control cookies through your browser settings and, where required, through any cookie-consent tools we provide. Some features may not work properly if cookies are disabled.

If you subscribe to marketing emails, you can unsubscribe at any time using the unsubscribe link or by contacting us. We may still send non-marketing messages, such as service, security, billing, legal, and account notices.

8. Your rights

Depending on where you live and the law that applies, you may have rights to access, correct, delete, restrict, object to processing of, or receive a copy of your personal data. Where processing is based on consent, you may withdraw consent at any time without affecting processing already carried out.

To exercise privacy rights, contact us at privacy@hesk.com. We may need to verify your identity before responding.

If your request relates to personal data processed by Hesk Cloud on behalf of one of our customers, we may redirect you to that customer or handle the request according to the customer's instructions.

You may also complain to a data-protection authority. In Slovenia, the supervisory authority is the Information Commissioner of the Republic of Slovenia.

9. Automated decision-making and children's privacy

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.

Our services are not intended for children who are not old enough to use online services under applicable law. If you believe a child has provided personal data to us without appropriate permission, please contact us.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new effective date or version number. Where required by law, we will provide additional notice.

11. Contact

StyledWeb d.o.o.
Novi trg 10
8000 Novo mesto
Slovenia

Privacy contact: privacy@hesk.com

Was this article helpful? Yes | No

Article Details

Article ID:
78
Category:
Other
Rating :

Related articles