Privacy Notice

This Privacy Notice explains how Rochen Limited ("Rochen", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit our website, use My Rochen, communicate with us, or use our services and platform.

This Privacy Notice is not a contract, but it should be read together with our Terms of Service and, where applicable, our Data Processing Agreement.

1. Who we are

Rochen Limited is a company incorporated in Scotland, United Kingdom (company number SC242971), with its registered office at 11 Dudhope Terrace, Dundee, DD3 6TS, United Kingdom.

Rochen Limited is the controller of personal data described in this Privacy Notice.

We work with Affiliates, including Rochen US, Inc., and personnel located in the United Kingdom, United States, Canada, Brazil, and India, to help provide, support, and operate our Services.

2. How this Privacy Notice applies

This Privacy Notice applies when:

  • you visit our website;
  • you create or use a Rochen account;
  • you purchase or use our Services;
  • you contact us for support or sales;
  • you communicate with us by email; or
  • you otherwise interact with us.

Where we process personal data on behalf of our customers as part of providing the Services, we act as a processor. This is explained further below.

3. Types of personal data we process

We process personal data in two main ways:

3.1 Customer Personal Data (processor role)

When you use our Services to host websites, applications, or other content, we process personal data on your behalf.

This includes any personal data you upload, store, or process using the Services (for example, website data, databases, user data, or email messages).

In this context:

  • you are the controller (or processor acting on behalf of another controller); and
  • Rochen acts as a processor or subprocessor.

This processing is governed by our Data Processing Agreement.

3.2 Customer Relationship Data (controller role)

We also process personal data as a controller in connection with managing our relationship with you.

This includes:

  • account details and profile information (such as full name, postal address, phone number, email address, company or organization details, and optional profile information such as profile photos or avatars);
  • billing and payment information;
  • invoices and transaction records;
  • support communications, including support tickets, files, attachments, and email correspondence;
  • communications sent to or from Rochen email addresses (e.g. sales@rochen.com, or individual staff email accounts);
  • communications sent through website contact forms;
  • service usage metadata and logs;
  • login records (including IP address and activity logs within the My Rochen portal);
  • abuse reports, security logs, and fraud prevention data;
  • communications, account permissions, and preferences, including marketing preferences; and
  • information relating to users authorized by a Customer to access the Services (such as employees, contractors, or other representatives), including account and profile details, login activity, and support interactions.

Customers are responsible for ensuring that any users they authorize to access the Services are aware of how their personal data is processed.

4. How we use personal data

We use personal data for the following purposes:

  • to provide, operate and maintain our Services;
  • to manage customer accounts and billing;
  • to process payments;
  • to provide support and respond to inquiries;
  • to translate or assist with translating support, sales, chat, account, and other customer communications where needed to communicate with you and provide our Services;
  • to communicate internally between staff for the purposes of providing support, resolving issues, and operating the Services;
  • to monitor, secure, and protect our platform;
  • to detect, manage and prevent abuse, fraud, and security incidents;
  • to improve and develop our Services;
  • to communicate with you about your account or services;
  • to send marketing communications where permitted or where you have opted in; and
  • to comply with legal and regulatory obligations.

5. Legal bases for processing

Where required by law, we rely on the following legal bases:

  • Contract – where processing is necessary to provide the Services;
  • Legal obligation – where we must comply with legal requirements (e.g. tax or accounting);
  • Legitimate interests – including operating and securing our platform, preventing abuse, and improving services;
  • Consent – for marketing communications and non-essential cookies.

6. Cookies and tracking technologies

We use cookies and similar technologies to operate our website and Services.

These include:

  • Essential cookies required for site functionality;
  • Analytics cookies (including Google Analytics and Cloudflare Web Analytics);
  • Marketing and advertising cookies (including Google, Meta, and AdRoll).

We use a cookie consent mechanism to obtain your consent where required before placing non-essential cookies.

We may use affiliate or referral tracking technologies that place cookies or similar identifiers when you arrive at our website through an affiliate link. These are used to attribute referrals and calculate commissions. Affiliates do not receive access to personal data about customers who sign up through their referral links.

You can manage your preferences through the cookie settings on our website.

7. Analytics

We use:

  • Google Analytics;
  • Cloudflare Web Analytics; and
  • a self-hosted analytics solution based on server logs.

Our self-hosted analytics processes IP addresses and device information (such as browser and operating system) derived from server access logs to help us understand usage and improve performance.

8. Third-party providers and sharing personal data

We use third-party providers and service providers to help operate, deliver, secure, support, and improve our website, Services, and platform. These providers may process personal data on our behalf or receive personal data where necessary for the purposes described in this Privacy Notice.

These providers include:

  • payment processors, such as Stripe and Worldpay;
  • domain registration providers, such as Enom;
  • infrastructure, hosting, backup storage, content delivery network (CDN), and security providers, such as Amazon Web Services, Wasabi, Cloudflare, and BunnyCDN;
  • email delivery, routing, filtering, and deliverability providers, such as Twilio SendGrid and MailChannels;
  • security and fraud prevention providers, such as MaxMind;
  • analytics and marketing providers, such as Google, Meta, and AdRoll;
  • communication and support tools, such as Chatlio for sales chat;
  • translation and localization providers used to translate or assist with translating customer communications, such as DeepL and Google Cloud Translation API;
  • internal business systems and tools used to operate our Services, such as Google Workspace for email, Slack for internal communication, and Microsoft 365 for productivity tools;
  • professional advisers, such as accountants, auditors, lawyers, insurers, and other advisers, where necessary for accounting, tax, legal, compliance, insurance, dispute resolution, or business administration purposes; and
  • our Affiliates, such as Rochen US, Inc.

These providers may process personal data such as account information, contact details, support communications, IP addresses, request metadata, usage information, security-related information, billing information, or other information necessary to provide their services to us.

We only share personal data where necessary to provide the Services or operate our business.

Further details about key third-party providers and subprocessors are available in our Third-Party Providers and Subprocessors list.

9. Domain registration and WHOIS data

When you register a domain name through us, personal data may be shared with domain registrars (such as Enom), domain registries (such as Verisign for .com domains and Nominet for .uk domains), and other parties involved in domain registration, as required to complete and manage the registration.

Certain domain registration data may be made available through WHOIS or RDAP services, subject to applicable registry rules and data protection laws.

10. Translations

Where you communicate with us in a language other than English, or where translation would help us provide support or respond to your inquiry, we may use business translation tools to translate communications between you and Rochen. Original messages and translated versions may be retained as part of the relevant support, sales, or account record.

11. International transfers

We operate globally.

Personal data may be processed in the United Kingdom, United States, Canada, Brazil, India, the European Union, and other locations where we or our service providers operate.

This includes processing through hosting, backup storage, communication, collaboration, support, security, fraud prevention, payment, analytics, and operational tools used by Rochen or its service providers.

Where required, we use appropriate safeguards, such as Standard Contractual Clauses or the UK Addendum, where applicable.

12. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Notice.

This includes:

  • retaining billing and financial records as required by law;
  • retaining account data while your account remains active and for a reasonable period afterward;
  • retaining support and operational records where necessary for business continuity, support history, or legal purposes; and
  • retaining logs and security data for a limited period for security and operational purposes.

Where possible, we may anonymize or delete personal data when it is no longer needed.

13. Your rights

We apply a consistent global approach to privacy and aim to provide all users with a high standard of data protection, regardless of location.

Depending on your location and the applicable data protection laws, you may have rights to:

  • access your personal data;
  • correct inaccurate personal data;
  • request deletion of your personal data;
  • restrict or object to processing;
  • request data portability; and
  • withdraw consent where processing is based on consent.

These rights are not absolute and may be subject to legal limitations. For example, we may need to retain certain personal data to comply with legal obligations, resolve disputes, prevent abuse, or enforce our agreements.

To exercise your rights, email us at: privacy@rochen.com

14. Security

We implement appropriate technical and organizational measures to protect personal data.

Access to personal data is limited to personnel who require it for their role, including support, operations, billing, and security functions.

Customers are responsible for securing applications and content hosted using the Services. Further details about security measures and Customer Personal Data are set out in our Data Processing Agreement.

15. Children

Our Services are not directed at children, and we do not knowingly collect personal data from children. If we become aware that personal data has been collected from a child without appropriate authorization, we will take steps to delete such data.

16. Contact us

If you have any questions about this Privacy Notice or how we handle personal data, please email: privacy@rochen.com

Rochen Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number Z9105242.

You also have the right to lodge a complaint with the UK ICO or your local data protection authority.

17. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of material changes by appropriate means, such as posting an updated version on our website.

Last updated: April 29 2026