Data Privacy FAQ

Last change on 2021-03-11 • Created on 2020-03-18


Data privacy is an important topic here at Hetzner. This article provides answers to common questions regarding this topic.

Web hosting packages and managed servers:

Which data is stored in the log files?

For our customers' websites, the log files store, among other things, the IP address, the browser visitors use, the time and date of the visits, and the system that visitors use. We at Hetzner Online only store pseudonymised IP addresses of visitors to the website. At the web server level, this happens by default by storing an IP address <123.123.123.XXX> in the log file instead of the visitor's actual IP address, for example, <>. The XXX is a random value between 1 and 254, so it is no longer possible to establish the true identity of the visitor.

How long does Hetzner Online store log files?

  • Mail server log: Hetzner Online stores these log files for 7 days.
  • Apache log: Customers can configure the length of time to store their log files. They can configure this themselves by going to their account on konsoleH. To do this, go to Administration > Maintenance > Account Maintenance and then click on Activate own rules to change this setting.
  • Backups: Hetzner Online stores encrypted backups for 14 days.

If you do not want to record log files, please add a file to your account.

Data processing

When is there an official order or commission for data processing?

As soon as you or your customer stores personal data on a server with us, it is defined as an order or commission for data processing according to Article 28 of the GDPR (General Data Protection Regulation, a European Union regulation). If this applies to you, you are required by law to complete a Data Processing Agreement (DPA).

Where can I find the Data Processing Agreement (DPA)?

For our web hosting products and managed servers:

Please log into konsoleH with your customer account. Under the menu item Administration on the left side, you will find the menu item Account details. And underneath that you will see Data processing.

Or go directly here.

For the following products: dedicated root server, Hetzner Cloud server, colocation server, auction server, vServer, and storage box

You can find the new DPA form when you log into your customer account.

If you do not have an account yet with us, and would like to view the DPA in advance, please send an email to <>.

How should I fill out the Data Processing Agreement (DPA)?

At the top of the form, you will first see the information about yourself/your company that we have stored. You will also see your existing contracts here.

In the section called Types of data, you can add additional categories of data for different types of personal data that you have stored with us. You can either choose from the examples already listed or add other categories.

In the section called Affected People, you have a similar choice. You can either select from the list of affected groups of people or add other types of people who are affected.

If you need to add anything to Types of data or Affected People after you finish the DPA, you can simply create a new agreement and delete the old one. Or you can create a completely separate DPA. You can have up to six different DPAs at the same time. If you need more than 6 for any reason, please contact our data protection officer at <>.

After the Affected People section, you will see a new section with the title Data Processing Agreement in Accordance with Article 28 of the General Data Protection Regulation (GDPR). This is the actual DPA itself, which you can download.

The next text section is called Technical and organizational measures in accordance to Art. 32 GDPR and Amendments. Here you will find the technical and organizational measures regarding information security. You can also download this section and/or preview it.

Once you have consented to the DPA, our system will automatically create your digital DPA. The DPA will include your personal data, the content of the DPA itself, Appendix 1 with the Types of data and Affected People, and Appendix 2 with the Technical and organizsational measures in accordance to Art. 32 GDPR and Amendments.

The contract will include our automated signature. All you have to do is print out the DPA, sign it, and put it somewhere safe with any other data protection documents you have.

If you have any questions, please contact us at <>.

Table of Contents