User Data Collection

This article clarifies why we are forced to collect the users legal name, contact method (e.g e-mail), country and billing information (e.g card number).

Written By Cptcr

Last updated About 1 year ago

Introduction

As a German-based hosting provider, we are legally required to collect specific user data, including real first and last names, email addresses, billing information, and country details. These requirements stem from both European Union (EU) regulations and German national laws that mandate businesses, especially those in the digital services sector, to verify customer identities and maintain accurate records for compliance purposes.

This article clarifies why we collect your personal data and provides references to the relevant legal frameworks that enforce these requirements.

Legal Basis for Collecting User Data

1. General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)

While the GDPR primarily regulates the processing of personal data, it also allows for the collection of such data when required for specific legal purposes, including:

  • Contract Performance (Article 6(1)(b)): We collect and process personal data necessary for fulfilling a contract (e.g., providing hosting services to customers).

  • Legal Compliance (Article 6(1)(c)): If legal obligations require us to maintain billing records or verify user identity, we must comply.

  • Legitimate Interest (Article 6(1)(f)): Data collection can be justified when necessary for fraud prevention, security, and service integrity.

2. Anti-Money Laundering (AML) Directives (AMLD5 & AMLD6)

The Fifth and Sixth Anti-Money Laundering Directives (AMLD5 & AMLD6) impose stricter Know Your Customer (KYC) requirements on businesses, especially financial institutions, hosting providers, and cloud service providers.

  • Customer Due Diligence (CDD) (Directive (EU) 2018/843, Article 13): Hosting providers must collect customer identity details (real name, country, billing details) to prevent money laundering, fraud, and illicit financial activities.

3. German Telemedia Act (Telemediengesetz - TMG)

The Telemedia Act (TMG) requires online service providers, including hosting companies, to collect and store customer information.

  • Section 14 TMG – User Identification: Hosting providers must ensure that they collect user data for billing and contractual purposes.

  • Section 15 TMG – Usage Data: Hosting providers can collect and store user information necessary to facilitate service delivery.

4. Payment Services Directive 2 (PSD2) (Directive (EU) 2015/2366)

If we offer paid hosting services, we must comply with PSD2, which requires strong customer authentication (SCA) and proper identity verification for secure transactions.

  • Strong Customer Authentication (Article 97): Payment service providers (including businesses processing online payments) must collect real user details for authentication and fraud prevention.

5. German Tax Laws (AO & UStG - VAT Act)

German tax regulations require businesses to maintain accurate invoicing records, including:

  • Abgabenordnung (AO) – General Fiscal Code: Businesses must keep financial records, including customer identity details, for at least 10 years.

  • Umsatzsteuergesetz (UStG) – VAT Act: Companies must include proper billing details (name, address, VAT number where applicable) in invoices for tax compliance.

6. Digital Services Act (DSA) (Regulation (EU) 2022/2065)

The DSA strengthens transparency and security obligations for online platforms and hosting services.

  • Article 22 – Trader Traceability: Digital platforms and hosting providers must verify and maintain records of business users’ identities, ensuring accountability.

7. German Network Enforcement Act (NetzDG)

For platforms and services that host user-generated content, the NetzDG requires identity verification to prevent misuse and facilitate law enforcement requests.

  • Hosting providers must maintain accurate records to comply with content moderation and reporting obligations.

Conclusion

Due to a combination of EU regulations (GDPR, AMLD, PSD2, DSA) and German laws (TMG, AO, UStG, NetzDG), we are legally obligated to collect and store personal data such as your real name, email, billing information, and country. These requirements exist to ensure security, legal compliance, fraud prevention, and transparent financial transactions.

We take data protection seriously and process all personal information in accordance with the GDPR and other relevant privacy laws.

Legal References

European Union Regulations

  1. General Data Protection Regulation (GDPR)

  2. Anti-Money Laundering Directive 5 (AMLD5)

  3. Payment Services Directive 2 (PSD2)

  4. Digital Services Act (DSA)

German Laws

  1. Telemedia Act (Telemediengesetz - TMG)

  2. General Fiscal Code (Abgabenordnung - AO)

  3. Value Added Tax Act (Umsatzsteuergesetz - UStG)

  4. Network Enforcement Act (NetzDG)

By registering and using our services, you acknowledge and consent to the collection of necessary data to comply with legal obligations and ensure a secure and transparent hosting environment.

If you have any questions about how your data is managed or your privacy, don’t hesitate to send us an [e-mail](mailto:support@cptcr.cc) or open a [Ticket](https://cptcr.shop/ticket)