Terms & Conditions

1. DEFINITIONS OF TERMS

Article 1.1. This document contains the terms and conditions of use of the services offered by SC CHROOT NETWORK SRL (hereinafter referred to as CHROOT) through www.chroot.ro. This document defines the framework within which CHROOT agrees to provide products and services to its customers and users. This document represents an agreement between CHROOT and its CUSTOMERS. All CUSTOMERS and users of the hosting services are subject to these terms and conditions, therefore the use of CHROOT services implies acceptance of and compliance with these Terms and Conditions of Use.

Article 1.2. The terms presented below have contractual value and are regulated by the provisions of the following legal acts:

• ORDINANCE no. 130 of 31 August 2000 on the legal regime of distance contracts, approved by Law no. 51/2003
• LAW no. 365 of 7 June 2002 on electronic commerce
• LAW NO. 677/2001 for the protection of individuals with regard to the processing of personal data and the free movement of such data
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016.
• REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on a Single Market for Digital Services – Digital Services Act (DSA).
• Romanian Law no. 50/2024 establishing measures for the application of Regulation (EU) 2022/2065 on a Single Market for Digital Services.

Article 1.3. CHROOT – is defined and hereinafter referred to as SC CHROOT NETWORK SRL, CUI: RO21052851, Trade Register: J40/2745/2007 Account: RO22 INGB 5551 9999 0054 1063, Bank: ING Bank, Address: Str. Liviu Rebreanu, no. 46-58, Sc. H, Et. 6, Ap. 66, Sector 3, Postal code 031793, Bucharest and has the status of PROVIDER of hosting and domain registration services that can be contracted and purchased through CHROOT.

• The USER is a natural or legal person who uses CHROOT services.
• The CUSTOMER is a natural or legal person who initiates an order.
• ORDER means a request addressed to CHROOT by a natural or legal person requesting website hosting or domain registration services.

Article 1.4. INFORMATION ON THE PROTECTION OF PERSONAL DATA

SC CHROOT NETWORK SRL is a personal data controller, registered with the National Authority for the Supervision of Personal Data Processing under no. 18185/17.11.2010. The data necessary for proper communication with our CUSTOMERS is requested in compliance with the following principles:

• the principle of accountability – as a data controller we are responsible for compliance with legal provisions and with the ethics governing the processing of personal data;
• the principle of transparency – respected through complete, correct and objective information regarding the data collected and the purpose of the collection;
• the principle of purpose limitation – the data will be used only for the purpose for which it is collected, as indicated below;
• the principle of data accuracy – collected personal data must be accurate and constantly updated;
• the principle of storage limitation – personal data will not be kept for a longer period than necessary for the purpose for which it was collected;
• the principle of integrity and confidentiality – we are required to ensure the protection of personal data against both external risks and possible internal incidents.
• CHROOT attaches great importance to data confidentiality. For this reason, we request only the data necessary for proper communication with our CUSTOMERS. It should also be noted that CHROOT processes personal data only for the sole purpose of providing services to its customers, namely data necessary for billing customers and communicating with them in order to provide the services purchased from us.

This article is intended to provide details about how we collect this data, why we collect it and for what purpose we use it. We also describe how you can view and manage this data.

Article 1.4.1. WHAT INFORMATION DO WE COLLECT? HOW DO WE COLLECT THIS INFORMATION?

We collect personal data in order to provide you with the best possible experience when using our services. Most of this data is obtained directly from you in the following situations:

• When you create a CHROOT customer account by ordering a service from our website, billing data including first name, last name, address, email and phone number is collected;
• When you order a domain, in certain situations and at the request of the registries responsible for those domains, we may also collect the Romanian personal identification number (CNP);
• When you send a message through the contact form or submit a support ticket.

We also collect certain information through methods that may be less obvious, as explained below:

• Information related to the customer account collected while you use our services, such as account number, purchases, expiration dates and information requested in support tickets;
• Cookies and similar technologies allow us to identify partial browsing history, accessed links, purchased services, the type of device used and information about how you interact with our services. We use this data only to improve the display of content on our website and the services in our offer. More about the cookie policy can be found here: www.chroot.ro/en/about-cookies/
• Data about the use of our services is automatically collected when you use or interact with our services, such as metadata, logs and location information. More about the cookie policy can be found here: www.chroot.ro/en/about-cookies/

The personal data mentioned above is collected with the express and unequivocal consent expressed by free transmission and by informing the purpose for which the data is collected as provided in Art. 1.4.2, the CUSTOMER/USER having the right to withdraw consent.

Article 1.4.2. PURPOSE OF COLLECTING THIS DATA

• For communication with the customer, administrative, commercial and technical;
• For billing;
• For domain registration.

THE DATA IS NOT USED FOR PURPOSES OTHER THAN THOSE RELATED TO PROPER COMMUNICATION WITH THE CUSTOMER. THE DATA IS NOT SOLD FOR MARKETING OR COMMERCIAL PURPOSES.

Data may also be processed for account administration, provision of contracted services, technical support, operational communications, service security, fraud and abuse prevention, management of security incidents, management of abuse/DSA reports, fulfillment of legal and fiscal obligations, cooperation with competent authorities and defense of the rights and legitimate interests of the PROVIDER.

Article 1.4.3. WHO HAS ACCESS TO THIS DATA?

Access to personal data is limited to the persons and entities for which access is necessary in order to provide the services, manage the contractual relationship, fulfill legal, fiscal and accounting obligations, ensure the security of the services or defend the rights and legitimate interests of CHROOT.

Depending on the nature of the services used and the specific situation, the data may be accessed or transmitted to the following categories of recipients:

• CHROOT staff, strictly to the extent necessary for account administration, service provision, technical support, billing, security and management of the contractual relationship;
• The external accounting service, strictly for the data necessary for accounting, fiscal records and legal reporting;
• Providers of administrative, accounting, fiscal, billing, payment, infrastructure, security, audit, technical support and related services, strictly to the extent necessary for the provision of services, fulfillment of legal obligations and administration of the contractual relationship;
• Payment processors and financial institutions involved in processing payments or collections, including banks and financial service providers such as ING Bank, Banca Transilvania, Revolut or other similar providers, strictly in relation to the transactions performed;
• National or international domain registries and registrars, including RoTLD and other similar providers, strictly for the registration, administration, transfer or renewal of domains ordered by the CUSTOMER/USER;
• Collaborators or technical providers who may have punctual access to data in justified situations, such as security audits, maintenance, technical diagnosis, incident investigation, remediation of operational issues or development and maintenance of platforms used by CHROOT;
• Providers of infrastructure, connectivity, colocation, security, monitoring, backup, communications, email services, DNS, software licensing or other technical services, to the extent that access is necessary for the provision, security or maintenance of the contracted services;
• Public authorities, courts, criminal investigation bodies, supervisory authorities, tax authorities, regulatory authorities or other competent institutions, national or international, where there is a legal obligation, a valid official request or an applicable legal basis.

Third-party access to data is limited to what is necessary for the respective purpose and may be permanent, periodic or punctual, depending on the nature of the service, legal obligation or technical situation. CHROOT does not sell personal data to third parties for commercial or marketing purposes.

Article 1.4.4. HOW YOU CAN VIEW, MODIFY AND DELETE THE INFORMATION WE STORE ABOUT YOU

You can access your CHROOT customer account at www.chroot.ro/login both to view the personal data we store about you and to modify or delete it.

If you request deletion of data, this request will be honored within a maximum of 30 days provided that the data is not still used in our relationship with you regarding purchased and active services, or if it is not necessary in other legal situations, such as tax legislation or legislation on the prevention and combating of cybercrime.

Article 1.4.5. HOW WE SECURE AND STORE DATA ABOUT YOU

We follow generally accepted standards for collecting, storing and securing data, including encryption in certain situations. CHROOT keeps this data for as long as necessary to provide you with the services purchased from us and afterwards for certain legal reasons, such as:

• Based on law, contract or other similar obligations applicable to our field of activity;
• To preserve, resolve, defend and enforce our contractual rights;
• To keep accounting records.

Data is kept for the duration of the contractual relationship and afterwards for as long as necessary to fulfill legal, fiscal, accounting, security, audit and dispute resolution obligations, to defend the rights of the PROVIDER or to comply with requests from competent authorities.

Article 1.4.6. AGE RESTRICTIONS

Our services are available for purchase by persons over the age of 16, in accordance with applicable law. If you know or reasonably suspect that one of our services was purchased by a person who does not meet this age limit, please contact us.

Article 1.4.7. CHANGES TO THE PRIVACY POLICY

CHROOT reserves the right to make changes to the privacy policy. Material changes to this policy will be notified to you 30 days before they enter into force by publication on this page or in any other places we consider necessary, and we will notify you by email at the address in your customer account.

Article 1.4.8. COMPETENT AUTHORITY FOR DATA PROTECTION

National Authority for the Supervision of Personal Data Processing:

• Address: B-dul G-ral. Gheorghe Magheru 28-30
• Sector 1, postal code 010336, Bucharest, Romania
• Email: anspdcp@dataprotection.ro
• Phone: +40.318.059.211; +40.318.059.212
• Website: www.dataprotection.ro

Article 1.4.9. QUESTIONS, CONCERNS, COMPLAINTS OR DELETION REQUESTS

If you have questions, concerns, complaints or deletion requests, please send us your message by opening a support ticket at www.chroot.ro/tichet-de-asistenta or by phone at 0731/247668. The telephone support schedule is available on our contact page – www.chroot.ro/en/contact/.

We will respond to your request within a maximum of 30 days.

2. RIGHTS AND OBLIGATIONS OF THE USER AND THE CUSTOMER

Article 2.1. The USER/CUSTOMER undertakes to use the Service in full compliance with Romanian law.

Article 2.2. The USER/CUSTOMER has the obligation to keep confidential the identification data and the data hosted on the PROVIDER’s equipment, being solely responsible for any consequences that their disclosure to a third party may have, regardless of whether the disclosure was intentional, negligent or imprudent.

Article 2.3. The USER/CUSTOMER undertakes to immediately notify the PROVIDER of any change regarding their Identification Data. Otherwise, the PROVIDER does not assume responsibility for the accuracy of data not updated by the USER/CUSTOMER.

Article 2.4. Without prejudice to other contrary provisions of this Contract, the USER/CUSTOMER understands and agrees that the information displayed through the website, except for the page containing the general form of this contract, is presented for informational purposes and may not constitute the subject of any objections, legal actions or evidence in such judicial proceedings. The only information that may constitute the subject of any objections or legal actions is the information mentioned in direct correspondence with us.

Article 2.5. The USER/CUSTOMER is solely responsible for the information transmitted on the internet through the abusive use of the contracted services.

Article 2.6. The PROVIDER’s equipment shall not be used in any form or under any circumstances for the transmission, storage or publication of materials, or for undertaking actions considered illegal under the laws of Romania, the European Union and/or the USA. Illegal materials or actions include, but are not limited to:

• Sending unsolicited commercial or non-commercial emails to recipients, whether or not reported as SPAM, but which may be considered as such, including newsletter-type messages;
• Violation of copyright or any other right of any third party;
• Materials protected by trade secrets or any other status;
• Materials intended to encourage hatred or discrimination;
• Threats, abuse, harassment, defamatory statements;
• Adult content, nudity, pornography, any image or text with sexual or obscene content;
• Promotion of illegal activities, including hacking, cracking, warez, etc.;
• Information or software about or containing any type of virus or Trojan, except those from companies specialized in combating, removing or protecting against them and only in compliance with applicable copyright laws;
• Collection of personal information for illegal purposes or for any purpose without the consent of the persons whose data is collected;
• Any content or action considered by the PROVIDER to be harmful or illegal;
• Sending more than 100 messages within one hour.

For web hosting services with shared resources, the use of malicious scripts or scripts with known security issues is not allowed.

The use of the following scripts is also prohibited, without limitation:

• Scripts that facilitate P2P traffic or file sharing traffic, such as torrent scripts or file upload/download scripts;
• Scripts for proxy or IRC services;
• PhpShell or similar scripts for executing commands;
• FormMail-type scripts;
• Chat room-type scripts;
• Applications that abusively and unlawfully use allocated resources to obtain virtual currencies;
• Scripts or applications that contain known security issues.

NOTE: Any notification received in this regard and confirmed may lead to the immediate suspension of the respective account without prior notice to the USER/CUSTOMER.

For shared web hosting and reseller web hosting services, technical limits apply to the sending of email messages, established to protect the infrastructure, the reputation of IP addresses and the quality of the services provided.

For shared web hosting and reseller web hosting services, the standard sending limit is a maximum of 100 messages per minute and a maximum of 500 messages per hour, per hosting account, domain, email account or other technical unit determined by the PROVIDER.

These limits are considered maximum operational limits and do not represent a guarantee that sending such volume is permitted in every situation. The PROVIDER may apply stricter limits, temporarily or permanently, where there are suspicions of spam, phishing, malware, compromised account, complaints, blacklist listings, abnormal sending behavior or risk to the reputation of the infrastructure.

Email services included in shared web hosting and reseller web hosting are intended for normal and legitimate communication, not for bulk email campaigns, mass mailing, cold mailing, unsolicited newsletters or other activities that may affect the reputation of the infrastructure.

For legitimate email marketing campaigns, mass notifications or high volumes of messages, the CUSTOMER/USER must use specialized email delivery services, properly configured and compliant with applicable law.

Art. 2.7. The use of online forms for sending emails is allowed only through secured scripts where access is restricted by password or anti-robot systems. Failure to comply with these provisions leads to deactivation of the scripts or suspension of the account.

Art. 2.8. Pornography or any other materials with sexual or obscene content, as well as links related to pornography, are prohibited on our servers.

Art. 2.9. The use of proxy or IRC scripts is not allowed.

Art. 2.10. The administration of the servers, equipment and infrastructure necessary for the performance of this contract is offered as a free bonus and does not engage us with any responsibility. We reserve the unilateral right to discontinue this offer in relation to a customer in exceptional cases, including but not limited to cases where the customer abuses software administration requests or insults the PROVIDER’s employees. Also, if server or equipment maintenance/administration services require an increased number of working hours strictly for the customer in order to ensure the proper operation of the contracted services, we reserve the right to submit to the customer a paid offer for this type of service and to discontinue the free administration.

Art. 2.11. The CUSTOMER/USER shall ensure that payment for the contracted Services is made on time without exceeding the due date.

Art. 2.12. The CUSTOMER/USER shall not disclose the access password to persons other than authorized persons. The beneficiary also undertakes to cooperate with the provider in order to ensure the security of access to the provider’s services and servers and to inform the provider of any action of which they are aware and which represents or could represent an attack on internet security and ethics.

Art. 2.13. The CUSTOMER/USER shall comply with the rules of global networks when using the PROVIDER’s services to connect to them.

Art. 2.14. The CUSTOMER/USER shall not abusively use the PROVIDER’s equipment in a way that disrupts its operation.

Art. 2.15. The CUSTOMER/USER shall bear any costs, fees or expenses arising from damages of any kind caused to the provider or to a third party due to non-compliance with these obligations, if their fault is proven.

Art. 2.16. The CUSTOMER/USER shall ensure an external backup of all data and information hosted on the PROVIDER’s equipment, the PROVIDER not being in any way responsible for the loss or alteration of the customer’s data, regardless of the cause. The PROVIDER only provides the means by which these backups can be performed under proper conditions, but cannot control the factors that may corrupt this data or, for example, cases where the customer’s original data is already corrupted when the backup is performed. It is the customer’s responsibility to verify the integrity of both the hosted data and the backups. CHROOT routinely backs up data for web hosting services to a location other than the one where the services run, in order to have a restoration point in case of disaster, without this creating an obligation. The PROVIDER provides all necessary utilities and the possibility to download backups through the hosting account management system; this information is detailed in the Frequently Asked Questions section.

Art. 2.17. The CUSTOMER/USER shall administer the websites hosted on the services contracted from the PROVIDER, being the only party able to control the content of their own websites.

Art. 2.18. The CUSTOMER/USER shall comply with the provisions of this document for each type of service.

Article 2.19. RIGHT OF WITHDRAWAL

In accordance with Emergency Ordinance no. 34/2014 on consumer rights in contracts concluded with professionals and amending and supplementing certain legal acts, except in cases expressly provided by law, the consumer benefits from a period of 14 days to withdraw from a distance contract or an off-premises contract, without having to justify the withdrawal decision and without bearing other costs.

The withdrawal period mentioned above expires within 14 days from the date of conclusion of the contract, in the case of service contracts.

With respect to distance contracts and off-premises contracts, contracts for the provision of services after the complete performance of the services are excluded from the right of withdrawal if performance has begun with the consumer’s prior express consent and after the consumer has confirmed that they have acknowledged that they will lose the right of withdrawal after the full performance of the contract by the professional.

The consumer may unilaterally terminate, for any reason, contracts concluded for shared web hosting services within 14 days from the date of conclusion of the contract, with a full refund of the amount paid. The price paid will be refunded in full when a request is submitted to SC CHROOT NETWORK SRL. The date of conclusion of the contract is considered the date of payment of the service price.

The following categories of services are excluded from the right of withdrawal, being considered fully performed and involving direct costs or advanced access to infrastructure:

• Virtual server (VPS) and dedicated server services, with or without management;
• Technical administration services or advanced interventions;
• Storage, backup or on-demand infrastructure services;
• Software licenses;
• Services involving the allocation of IP addresses, IP blocks (IPv4/IPv6) and Autonomous System (AS) numbers;
• Internet domain registration, with or without discount;
• Any other service that involves root access or direct access to the operating system;
• Extension of existing services.

In all these cases, the consumer declares that they are aware that they lose the right of withdrawal after the full performance of the contract by SC CHROOT NETWORK SRL and agrees to the performance of the contract starting from the date of payment of the price. The consumer’s prior express consent is deemed to be automatically obtained at the time of payment for the services mentioned above.

To exercise your right of withdrawal, you must inform us of your decision to withdraw from the contract using an unequivocal statement, for example a letter sent by post, fax or email. For this purpose, you may use the Withdrawal Form, although its use is not mandatory.

To comply with the withdrawal deadline, it is sufficient to send the communication regarding the exercise of the right of withdrawal before the withdrawal period expires.

If you withdraw, we will refund any amount received from you no later than 14 days from the date on which we are informed of your decision to withdraw from the contract. The refund will be made using the same payment method as the one used for the initial transaction, unless you have agreed to another method. In any case, no fees will be charged to you as a result of such refund.

Art. 2.20 THE RIGHT TO BE FORGOTTEN, THE RIGHT TO DATA PORTABILITY AND THE RIGHT TO OBJECT TO PROCESSING

Art. 2.20.1 The USER/CUSTOMER has the right to have their personal data deleted from any record and from any computer medium where it may be stored, in compliance with the applicable internal legal rules regarding retention periods.

The controller is obliged to delete personal data if one of the following reasons applies:

• the personal data is no longer necessary for the purposes for which it was collected;
• the data subject withdraws consent on which the processing is based and there is no other legal basis for the processing;
• the data subject objects to the processing.

Art. 2.20.2 The USER/CUSTOMER has the right to receive the personal data concerning them and which they have provided to the controller in a structured, commonly used and machine-readable format and has the right to transmit that data to another controller without hindrance from the controller to whom the personal data was provided, if:

• the processing is based on consent;
• the processing is carried out by automated means.

Art. 2.20.3 The USER/CUSTOMER has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them, including profiling based on those provisions, except where the processing is necessary for the performance of a task carried out in the public interest or resulting from the exercise of official authority vested in the controller, and where processing is necessary for the legitimate interests pursued by the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject prevail, especially where the data subject is a child.

3. RIGHTS AND OBLIGATIONS OF THE PROVIDER

Art. 3.1. The PROVIDER is responsible for ensuring the operation of the equipment and data transmission network and permanent internet access, guaranteeing an uptime of 99.9%, except for the Cluster VPS/VDS service, for which it guarantees an uptime of 99.982%.

Art. 3.2. The PROVIDER is not responsible for the alteration of information transported outside its own data communication system.

Art. 3.3. Internet access services are available NON STOP. The provider ensures at least two separate internet access links and guarantees 99.95% functionality. Exceptionally, an IP may be filtered by the provider or by its internet providers to certain destinations on the internet in the event of a flood attack with an unidentified source whose virulence endangers the proper functioning of the equipment of internet providers transiting that traffic. This procedure is recognized by internet service providers as the only protection method until the source of the attack is identified.

Art. 3.4. The PROVIDER shall provide:

• online telephone support at 0731/247668 between 10:00 and 17:00, Monday to Friday;
• non-stop intervention to resolve provider-specific issues, such as hardware failures in the data center;
• non-stop email support.

Art. 3.5. For web hosting services with shared resources, the Provider reserves the right to implement a uniform server configuration for all CUSTOMERS, but with technical limitations, such as limiting sending to a maximum of 100 emails per hour per customer, limiting resources depending on the chosen service, running scripts in cron at intervals of less than 15 minutes, etc., which facilitate competitive access to resources for customers hosted on the respective equipment.

Art. 3.6. DSA COMPLIANCE AND ILLEGAL CONTENT REPORTING

Art. 3.6.1. The PROVIDER makes available dedicated channels for reports and communications submitted under Regulation (EU) 2022/2065 on digital services – the Digital Services Act (DSA) and Romanian Law no. 50/2024.

Art. 3.6.2. For reporting allegedly illegal content hosted on the PROVIDER’s infrastructure, USERS, CUSTOMERS, natural persons, legal entities or interested third parties may use the dedicated channel available at:
https://www.chroot.ro/en/dsa-illegal-content-reporting/.

Art. 3.6.3. For official communications submitted by competent authorities under the DSA, the PROVIDER makes available a dedicated contact point through the same page:
https://www.chroot.ro/en/dsa-illegal-content-reporting/.

Art. 3.6.4. Reports concerning allegedly illegal content must allow the clear identification of the content concerned. The report must include, where applicable, the exact URL, domain name, IP address or affected service, a clear description of the reported content, the reasons why the content is considered illegal, the contact details of the person or entity submitting the report and any relevant documents or information.

Art. 3.6.5. Incomplete, general, manifestly unfounded reports or reports that do not allow the clear identification of the content concerned may require additional clarification. Until the necessary clarifications are received, the PROVIDER may not be able to fully assess the report or apply measures to the reported service.

Art. 3.6.6. Submitting a report does not automatically result in the removal of content, restriction of access, suspension of the service or termination of the contract. Each report is assessed based on the information provided, the applicable legal framework, the nature of the affected service and the PROVIDER’s role as an intermediary service provider.

Art. 3.6.7. The PROVIDER does not perform general preventive monitoring of the content published, transmitted, stored or administered by the CUSTOMER/USER through the contracted services. The CUSTOMER/USER remains solely responsible for the content, applications, files, data, services, communications and activities carried out through the contracted services, within the limits of the law and these Terms and Conditions.

Art. 3.6.8. Depending on the nature of the report, the seriousness of the situation, the technical or legal risks and the information available, the PROVIDER may apply one or more proportionate measures, including but not limited to:

• requesting additional clarification from the person or entity that submitted the report;
• recording and assessing the report in the internal support/audit systems;
• identifying the affected service, domain name, IP address or customer;
• notifying the CUSTOMER/USER responsible for the affected service;
• requesting remediation within a reasonable timeframe or within a timeframe imposed by the nature of the incident;
• temporarily restricting access to an affected service, domain name, IP address, account or resource;
• temporarily suspending the affected service;
• terminating the service in serious, repeated or unresolved cases;
• preserving data, to the extent permitted or required by law;
• cooperating with competent authorities, within the limits of the applicable legal obligations.

Art. 3.6.9. In urgent, obvious or high-risk cases, such as phishing, malware, compromise of systems, cyberattacks, distribution of manifestly illegal content, infringement of third-party rights, imminent harm or official requests from competent authorities, the PROVIDER may apply immediate measures to restrict, suspend or isolate the affected service, without prior notice, with the CUSTOMER/USER being informed afterwards where permitted by law.

Art. 3.6.10. In the case of VPS services, dedicated servers, colocation, services with root access, services with direct administrative access or other services where the CUSTOMER/USER controls the operating system, applications or content, the PROVIDER has no obligation and, in many situations, no technical possibility to directly modify the hosted content. In such cases, the available measures may include customer notification, remediation request, access restriction, service suspension, data preservation or service termination, as applicable.

Art. 3.6.11. When the PROVIDER applies a measure of restriction, suspension, removal, disabling or termination in relation to a DSA report, the CUSTOMER/USER may receive information regarding the general reasons for the measure, to the extent that such information is not prohibited by law, by an official request from a competent authority or by the need to protect an investigation, service security or the rights of other persons.

Art. 3.6.12. The CUSTOMER/USER may submit clarifications, remediation details or appeals regarding the measures applied through the opened ticket or through the support channels indicated by the PROVIDER. The appeal must contain sufficient information for reassessment of the situation, including identification of the affected service, the reasons for the appeal and relevant documents.

Art. 3.6.13. The PROVIDER may keep internal records regarding DSA reports, official communications, measures applied, decisions taken and related correspondence, including through the ticketing system, logs, internal notes and other audit means. These records may be used to demonstrate compliance, to defend the PROVIDER’s rights, to fulfill legal obligations or to cooperate with competent authorities.

Art. 3.6.14. The PROVIDER may periodically or annually publish a DSA report with aggregated information regarding received reports, categories of requests, measures applied and any appeals. The public report will not include personal data, customer data, domain names, IP addresses, confidential information, commercial details or information that may affect investigations, service security or the rights of the persons concerned. The DSA report is available at:
https://www.chroot.ro/en/dsa-report/.

Art. 3.6.15. DSA channels are not intended for commercial requests, ordinary technical support requests, billing issues, sales requests, routine administrative issues or other communications that do not fall within the scope of Regulation (EU) 2022/2065. For these situations, the CUSTOMER/USER must use the usual support departments available in the customer portal.

Art. 3.7. EXTERNAL SERVICES USED BY THE CUSTOMER: PROXY, CDN, DNS, FIREWALL AND SIMILAR SERVICES

Art. 3.7.1. The CUSTOMER/USER may use external services such as proxy, CDN, DNS, web application firewall, DDoS protection, cache, traffic filtering or other intermediary services provided by third parties.

Art. 3.7.2. If the CUSTOMER/USER configures such an external service in front of the services provided by the PROVIDER, the contractual relationship, configuration and operation of that external service belong to the CUSTOMER/USER and the respective third-party provider.

Art. 3.7.3. The PROVIDER is not responsible for unavailability, errors, messages such as “Host Error”, “Origin Error”, “DNS Error”, “Timeout”, “Connection Failed”, certificate errors, cache errors, traffic blocks, firewall rules, filtering, DNS propagation issues, rate limiting, incorrect configurations or other problems generated by external services used by the CUSTOMER/USER.

Art. 3.7.4. When using a proxy, CDN, DNS, firewall or other intermediary service, the diagnosis of an issue must take into account the entire technical path: end user – third-party provider – PROVIDER’s infrastructure – CUSTOMER/USER’s service. An error displayed by the third-party provider does not automatically represent a defect of the PROVIDER’s services.

Art. 3.7.5. The CUSTOMER/USER is responsible for correctly verifying and administering DNS, proxy, CDN, SSL/TLS, firewall, cache and any other settings made in external platforms used in connection with the contracted services.

Art. 3.7.6. The PROVIDER may provide best-effort assistance to identify the cause of a problem, but has no obligation to administer, modify, repair or guarantee the operation of external services contracted directly by the CUSTOMER/USER from third parties.

Art. 3.7.7. If the PROVIDER’s services operate correctly at origin/origin server level, but the problem is generated by a proxy, CDN, DNS, firewall or other third-party service used by the CUSTOMER/USER, the incident will not be considered unavailability attributable to the PROVIDER and will not generate rights to compensation, refund or SLA application against the PROVIDER.

Art. 3.7.8. The PROVIDER may request the CUSTOMER/USER to temporarily disable the third-party service, change DNS, bypass the proxy, test the origin service directly or provide logs and technical information for the correct diagnosis of the situation.

4. NOTIFICATION OF SECURITY BREACHES

Article 4.1. The PROVIDER shall report to the supervisory authority any personal data security breach within 72 hours of becoming aware of it. The notification shall include specific information, a description of the measures taken to resolve the incident and to mitigate possible side effects.

Article 4.2. If the security breach presents a high risk and may affect the rights and freedoms of natural persons, the PROVIDER shall contact the affected CUSTOMERS/USERS without undue delay. Contacting CUSTOMERS/USERS by the PROVIDER shall not be made if the security breach concerns encrypted data that cannot be accessed.

5. BILLING AND PAYMENT POLICY

Article 5.1. Any order shall be placed online on the website www.chroot.ro. CUSTOMERS/USERS undertake to enter complete, correct and truthful data in the form. Domain registration is performed in accordance with applicable laws. CHROOT cannot be held liable in any way for any inconvenience caused by customers providing incorrect or incomplete information.

Article 5.2. After completion of the order, a proforma invoice is automatically sent to the email address entered in the form. The proforma invoice contains all information necessary to make the payment and is available in the Customer Account. The proforma invoice has no fiscal value.

Article 5.3. The CUSTOMER/USER agrees to pay the value of our services in advance for the period during which they are provided.

Article 5.4. All proforma invoices shall be sent by email. CUSTOMERS/USERS must pay the invoice in advance at the beginning of each payment period, within 5 working days from the date of issuance of the proforma invoice.

Article 5.5. Prices for products and services are established based on the general price offer displayed online on the website www.chroot.ro.

The PROVIDER shall provide the CUSTOMER/USER with its services based on the general price offer and the calculations resulting from the use of additional facilities.

Article 5.6. The prices of the services are established in Euro at the BNR exchange rate + 2%, do not include VAT, and payment shall be made by the CUSTOMER/USER in Romanian lei, including VAT, according to the proforma invoice. The CUSTOMER/USER undertakes to pay the price of the services provided, as well as any other fees necessary for access to optional services offered by the PROVIDER.

Article 5.7. The tariffs of services and products may be modified by agreement of the parties.

The PROVIDER may propose to the CUSTOMER/USER changes to tariffs and services if legislative changes, changes in the PROVIDER’s prices and tariffs or changes in costs would influence the tariffs established by contract and justify such initiative.

Article 5.8. After payment is made and the money is collected, the fiscal invoice is issued.

Article 5.9. Fiscal invoices are sent exclusively by email, in PDF format. Signing and stamping fiscal invoices are not mandatory according to Art. 155 of the Fiscal Code, paragraph 6 (http://codfiscal.money.ro/art-155-facturarea/).

Article 5.10. CHROOT recommends confirming payments by sending a copy of the payment instrument certifying the payment by email to contact@chroot.ro. CUSTOMERS benefit from CHROOT services within a maximum of 12 hours from payment confirmation.

Article 5.11. The payment date shall be considered the date on which the amounts paid by the CUSTOMER/USER entered the PROVIDER’s bank account.

Article 5.12. In case of payment delay of more than 7 (seven) calendar days from the due date, the PROVIDER reserves the right to suspend, limit or restrict access to the services related to the unpaid invoice, without any further prior notice, until all outstanding amounts are paid in full.

Article 5.13. Any extension of the payment term is at the discretion of the PROVIDER and must be confirmed in writing. Failure to apply suspension immediately after the payment term has expired does not represent a waiver of the PROVIDER’s right to suspend, limit, restrict or terminate the services later, if the outstanding amounts are not paid.

Article 5.14. Data deletion – The PROVIDER reserves the right to permanently delete the data related to web hosting services after 30 (thirty) calendar days from the due date of the proforma invoice, if payment has not been made. Any extension of this term is at the discretion of the PROVIDER.

6. DOMAIN REGISTRATION

CHROOT is an authorized RoTLD partner – the official authority/registry for .RO domains.

Article 6.1. Registration of .RO domains is performed within a maximum of 48 hours after payment confirmation or receipt of the equivalent value of the proforma invoice issued for the registration services. Registration of .RO domains is performed in accordance with the following terms and conditions:

• Registration rules – www.rotld.ro/reguli-de-inregistrare/
• Registration contract – www.rotld.ro/registration-agreement/

Article 6.2. Registration of international domains, except for domains requiring additional documents, is performed within a maximum of 15 minutes from payment confirmation.

Article 6.3. International domains do not benefit from Whois/ID Protect protection. The data provided for the registration of international domains appears publicly when querying the Whois of the international domain.

This data may be hidden through the Protect Whois/ID Protect option, which may be activated upon request through a support ticket to the Customer Support Department, at an additional cost.

7. RETURN POLICY

Article 7.1. The customer benefits, for shared web hosting services, from a commercial full refund guarantee within 30 calendar days from the date of service activation or from the date the service is made available to the customer, whichever occurs first, regardless of the date of payment.

This commercial guarantee applies exclusively to shared web hosting services and does not affect the statutory rights of consumers provided by applicable law.

The refund request shall be submitted by opening a support ticket at www.chroot.ro/tichet-de-asistenta, in which the customer must provide identification data, the reason for the request and the information necessary for returning the funds. The refund shall be made within no more than 30 calendar days from the date of approval of the request.

Article 7.2. Non-refundable services

The following categories of services do not benefit from the return policy and are non-refundable, regardless of whether they have been used partially or in full:

• Virtual servers VPS/VDS, with or without management;
• Dedicated servers, with or without management;
• Colocation services;
• Technical administration, intervention, configuration, troubleshooting, migration, restoration or customization services;
• Storage servers, external backup, customized infrastructure solutions or on-demand services;
• Software licenses, regardless of whether they are monthly, annual, activated, ordered, configured or purchased through intermediation;
• SSL certificates, regardless of whether they are commercial, ordered, issued, renewed or configured;
• Registration, transfer or renewal of internet domains, including domains offered free of charge, promotionally or at a discount;
• Services that include the allocation of IP addresses, IP blocks, IPv4/IPv6 prefixes, AS numbers, BGP sessions or other network resources;
• Services that involve root access, administrative access, direct access to the operating system or direct control over the infrastructure;
• Services activated at the customer’s request, specially ordered services, customized services or services involving unrecoverable external costs;
• Extension or renewal of existing services;
• Any other similar service which, by its nature, involves immediate activation, direct costs, resource allocation, licensing, manual intervention, access to infrastructure or the impossibility for the PROVIDER to recover the costs.

Article 7.3. The return policy does not apply in case of extension or renewal of services.

Article 7.4. Refund requests from customers who have violated the contractual terms and conditions will not be honored.

Article 7.5. The money-back guarantee is not valid for the services listed in Art. 7.2, including where they have been used partially or only activated.

Article 7.6. The unit billing period is considered the calendar month. Proportional refunds for periods shorter than this unit are not accepted. If the customer has benefited from even one day of service in an invoiced month, the customer is considered to have used the entire period from a financial perspective.

Article 7.7. Changing the nameservers of a hosted domain without prior notice to the Provider is considered a voluntary waiver of the contracted web hosting service. In this situation, the customer automatically loses the right to benefit from technical support and the return policy.

Article 7.8. Actual expenses related to the return of money, such as bank fees, payment fees, postal fees, etc., may be deducted from the refundable amount.

Article 7.9. Repeated refund requests for the same type of service, submitted by the same customer, will no longer be honored.

8. LIMITATION OF LIABILITY

Article 8.1. We cannot be held responsible for damages caused by the temporary unavailability of our servers, regardless of the reason causing it. This provision also includes damages resulting from the deterioration or loss of data. The customer agrees to indemnify and hold us harmless in connection with any claims, damages, including but not limited to damages caused to third parties, resulting as a consequence of the use of services causing damage by our customer.

Article 8.2. CHROOT provides limited technical support to all customers in order to ensure the proper operation of the services provided.

Article 8.3. CHROOT is not responsible for the withdrawal of certain scripts offered free of charge and does not provide support for such scripts.

Article 8.4. The PROVIDER is not the author, editor or editorial administrator of the content published, transmitted, stored or administered by the CUSTOMER/USER through the contracted services. The CUSTOMER/USER is solely responsible for the legality, security, integrity and compliance of the content, applications, files, data, communications and activities carried out through the contracted services.

Article 8.5. As an intermediary service provider, the PROVIDER may benefit from the liability limitations provided by applicable law, to the extent that the legal conditions are met. The PROVIDER may act after receiving a sufficiently clear notification, an official request or after obtaining information that allows the identification of a potentially illegal activity or content, without this constituting a general assumption of editorial control over the customer’s content.

9. FINAL CLAUSES

Article 9.1. If, for any reason, you are not satisfied with the services we offer, please contact us and let us know what the problem is so that we can resolve it. If we cannot resolve your problem and you wish to terminate the contract, you may inform us of this and you will then receive the money for the prepaid web hosting services. Payment for domain registration or other related services is not refundable.

Article 9.2. We will allocate all necessary resources to investigations into acts of violation of the security of systems or networks, and we will cooperate with authorities in the case of offences. CUSTOMERS who violate these provisions may be criminally or civilly liable.

Article 9.3. For customers with multiple accounts or resellers, we reserve the right to suspend all accounts if the owner of the main account violates these provisions to an extent considered by us to be very serious.

Article 9.4. Any CUSTOMER/USER whom the PROVIDER determines to have violated any provision of this Acceptable Use Policy will receive a written warning and may be subject, as the PROVIDER deems appropriate, to a temporary suspension of the provided services, provided that they agree in writing to refrain from any future violations of these provisions. USERS in relation to whom the PROVIDER determines that they have committed a second violation of any provision of this Acceptable Use Policy will be subject to immediate suspension or interruption of the services provided.

Article 9.5. We are the only party entitled to judge what constitutes a violation of the above terms and conditions. Failure to comply with the above terms and conditions constitutes grounds for suspension or deactivation of the account.

10. PROMOTIONS

Article 10.1. All promotions will be announced on the website in the promotions section.

Article 10.2. Promotions are valid only during the period announced on the website.

Article 10.3. Promotional codes, promotional discounts and loyalty discounts cancel any other discounts applicable to the purchased service.

The terms and conditions of use are supplemented by the contract concluded by the parties.

This document is a translated version of the Romanian Terms and Conditions. The document is governed by Romanian law. In case of discrepancies or differences of interpretation between the Romanian version and this English translation or any other translation, the Romanian version shall prevail. The English version has an informative role, unless the parties expressly agree otherwise in writing.

Changes to this document enter into force on the date of publication, unless another date is indicated or the law provides otherwise. The PROVIDER reserves the right to modify this document, operational policies, technical conditions, tariffs, limitations or service specifications depending on legislative, operational, technical, commercial or security changes.

Update history: