hypesrv logo
Privacy at HypeServ
We take the protection of your personal data very seriously. On this page, we explain how we process your data.

Information on Data Processing

With our platform “HypeServ” we offer the possibility to rent your own game servers on the internet. In order to provide these and related services, it is necessary that we process personal data. How and to what extent we process your data is explained below.

By using our services (this website, HypeServ Panel, HypeServ API, contact via email or social media and other online services operated under the HypeServ brand) - hereinafter referred to as “HypeServ Services” - you confirm that you have read this privacy policy.

For individuals in the UK, we process personal data under the UK GDPR; for individuals in the European Economic Area (EEA), under the EU GDPR.

Who is responsible for processing?

The controller responsible for processing your personal data when using HypeServ Services is:

Regh & Meier Services GbR
Am Ramonchamp Platz 8
55270 Ober-Olm
Germany

E-Mail: privacy [at] onesrv.net

Hereinafter referred to as “onesrv”.

If you are an individual from the UK, the above still applies, however you can also contact our UK Representative for UK GDPR related requests:

Our responsible UK Representative is:

WHISKERSHARK LIMITED
82a James Carter Road
Mildenhall, Suffolk, IP28 7DE 
United Kingdom

E-Mail: privacy [at] onesrv.net

How do we (onesrv) process your data?

We use the personal data provided to us to make the HypeServ Services available for use, to further develop and optimize them, and, if you have given your consent, to inform you about news and offers related to HypeServ. We process your data exclusively in accordance with applicable law (GDPR) and only where a corresponding legal basis for processing exists.

An overview of the technical and organizational measures (TOMs) we use to ensure secure data processing can be found at https://onesrv.net/tom.

How is your information shared?

We do not share your data without your explicit consent unless this is necessary to provide the HypeServ Services. Below you will find an overview of the parties that process your personal data in connection with your use of HypeServ Services. In most cases, these parties act as processors on our behalf and have concluded agreements with us that ensure secure and GDPR-compliant processing of your personal data.

Cloudflare CDN (Content Delivery Network)

We use, based on our legitimate interest, the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare) to increase the security and delivery speed of our websites and services. A CDN is a network of [globally] distributed servers capable of delivering content to website users in an optimized manner.

For this purpose, personal data may be processed in Cloudflare server log files. Which data may be processed by Cloudflare in this case is listed under “Which data do we process?” in the section “When visiting the HypeServ websites”.

Cloudflare acts as a recipient of your personal data and as a processor on our behalf. Since we do not operate our own CDN, we rely on Cloudflare’s CDN based on our legitimate interest. In this context, we have concluded data processing agreements with Cloudflare.

You have, as described under “What rights can I exercise?”, the possibility to object to this processing. Whether such objection is effective will be determined within the framework of a balancing of interests. The functionality of the website and services cannot be guaranteed without this processing.

Your personal data is stored by Cloudflare for as long as necessary for the purposes described here. Further information on objection and removal options with regard to Cloudflare can be found at: Cloudflare DPA

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities in which Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf. The privacy policy of Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/.

Mollie (Payment Processing)

Until 20.10.2025 we used the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (VAT ID NL81.58.39.091.B01, Email: [email protected]) for payment processing of our online services. If you made payments to us via Mollie, Mollie receives and processes your personal data.

Which data Mollie processes, for what duration, on which legal basis, and how Mollie uses this data can be found in Mollie’s privacy policy: https://www.mollie.com/en/privacy.

You may submit an objection to the processing of your data in accordance with Mollie’s privacy policy directly to Mollie.

Stripe (Payment Processing)

For payment processing of our online services we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. If you make a payment via Stripe, Stripe receives and processes your personal data.

Stripe processes your data partly on our behalf in order to process payments (data processing agreement), and partly under its own responsibility, for example to comply with legal obligations (e.g. anti-money laundering regulations) or for fraud prevention.

Stripe may also transfer data to affiliated companies of Stripe, Inc. in the USA. Stripe ensures the protection of your personal data by using the Standard Contractual Clauses (SCCs) approved by the European Commission.

Which data Stripe processes, how long this data is stored, on which legal basis the processing takes place and how Stripe uses your data can be found in Stripe’s privacy policy: https://stripe.com/en/privacy.

You may object to the processing of your data in accordance with Stripe’s privacy policy directly with Stripe.

Stripe Cookies

If you make a payment via our services using Stripe, Stripe may place cookies and similar technologies (e.g. Local Storage or Pixel) on your device. These serve various purposes, including:

  • Required cookies – for the technical provision of the payment form, execution of the payment transaction and maintenance of a secure connection (e.g. device and session IDs).

  • Functional and analytics cookies – to analyze user behavior during the payment process, detect errors and improve the checkout process (only set with your consent).

  • Advertising cookies – to provide personalized advertising or measure the success of Stripe services (also only with your consent).

Stripe categorizes its cookies as “Essential”, “Functional” and “Advertising”. Further information about the individual cookies (e.g. __stripe_sid, __stripe_mid), their storage duration and purposes can be found in Stripe’s cookie policy: https://stripe.com/legal/cookies-policy
We do not automatically set non-essential Stripe cookies (functional and advertising cookies). You can revoke these via your browser settings.
Please note that disabling essential Stripe cookies may restrict or make the payment process impossible.

Which data do we process?

When visiting the HypeServ websites (hypeserv.com, app.hypeserv.com):

Type of data: Technical metadata (IP address, browser, device type, etc.)

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Processing for the provision of the online presence

Storage duration:

  • 14 days

  • max. 30 days in the event of a specific security incident

Please note that “Technical metadata” may also be processed by our processor Cloudflare (see “How is your information shared?” section “Cloudflare CDN”).

Type of data: Session ID or other datasets that can be clearly assigned to a natural person

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Provision of basic functions of HypeServ Services (login, etc.), as well as storage of visitors’ privacy settings.

Storage duration:

  • Session duration

  • 3 months in the context of contract fulfillment

Type of data: Anonymized metadata about website usage (browser; country of origin of the accessing IP address; access period; referrer URL; URL)

Purpose: Statistical analysis of our web offerings for the purpose of improving them.

When contacting us:

If you contact us via email, social media, telephone, contact form or other channels, we process the personal data you provide in order to respond to your inquiry.

Type of data: Personal data provided (name, email address, company name, if applicable telephone number)

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Provision of customer support; responding to (customer) inquiries of the data subject.

Storage duration: 3 years

When generally using HypeServ Services:

1. Technically required processing

Type of data: IP address (possibly shortened), browser type and version, device model, operating system version, network data, timestamps

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Provision, stability and security of the services. Without this processing, technical delivery is not possible.

Storage duration:

  • 14 days

  • max. 30 days in the event of a specific security incident

2. User account

Type of data: Name, email address, last login timestamp, account settings

Legal basis: Performance of a contract (Art. 6 para. 1 lit. b GDPR)

Purpose: Creation and management of a customer account

Storage duration:

  • During the term of the contract

  • After termination: 3 years from the end of the year in which the contract ended

  • Tax-relevant data: 8 years

3. Payment processing

Type of data: Name, email address, billing and, if applicable, delivery address, payment method, payment amount, currency, transaction ID, date and time of payment

Legal basis:
Performance of a contract (Art. 6 para. 1 lit. b GDPR),
Legal retention obligations (Art. 6 para. 1 lit. c GDPR)

Purpose: Payment processing, invoicing, accounting

Storage duration: 8 years from the end of the calendar year of invoicing/payment processing

4. Fraud and abuse prevention

Type of data: Technical access data (e.g. IP address, device and browser information, timestamps), payment status, customer number

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Protection against fraud, securing payment transactions, abuse detection

Storage duration: 3 years in the event of identified abuse, unless other statutory retention periods apply

5. Legally required processing

Type of data: Identity and verification data, where legally required

Legal basis: Legal obligations (Art. 6 para. 1 lit. c GDPR)

Purpose: Fulfilment of statutory auditing and documentation obligations

Storage duration: Depending on the applicable statutory documentation obligations

6. Error analysis and product improvement

Type of data: Error reports, technical device data (browser type, operating system), timestamps, anonymized interaction data. No IP addresses are stored.

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Detection, analysis and correction of technical errors as well as improvement of service quality

Storage duration: 30 days from collection

7. Backups

Type of data: Backup copies of customer accounts, customer server data

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Purpose: Ensuring resilience in the event of a cyberattack or data loss

Storage duration: Generally 30 days, but no more than 90 days from creation of the backup

8. Personal data on customer servers

Type of data: All personal data processed by customers on the systems provided by us

Legal basis: Performance of a contract (Art. 6 para. 1 lit. b GDPR)

Purpose: Provision of contractual services

Storage duration: Until the end of the contract term, except for backup copies as described above

On what legal basis do we process data?

We process your data strictly in accordance with the (European) General Data Protection Regulation (GDPR). How we process your data has been described above.

The GDPR requires companies to have a legal basis for processing your data. Even if we have a legal basis for processing your data, you always have the right under the GDPR to request information, rectification and erasure of your data.

In the section “Which data do we process?” we have listed in detail which of your data we process and on which legal basis.

Below we briefly explain the legal bases for processing your data:

  • Art. 6 para. 1 lit. a and Art. 7 GDPR: Legal basis for obtaining consent.

  • Art. 6 para. 1 lit. b GDPR: Legal basis for processing your data to fulfil our contractual obligations and services.

  • Art. 6 para. 1 lit. c GDPR: Legal basis for fulfilling our legal obligations.

  • Art. 6 para. 1 lit. f GDPR: Legal basis for safeguarding our legitimate interests.

  • Art. 6 para. 1 lit. d GDPR: Legal basis where vital interests of the data subject or another natural person require the processing of personal data.

Since the data provided to us and its processing are necessary for the provision of our services, exclusion from such processing may restrict your user experience or make the use of HypeServ Services impossible.

You also have the right to withdraw your consent and to request that data provided to us be transferred to you or to a person selected by you.

What rights can I exercise and how?

Right of access

You may contact us at any time to find out how and why we process your data, with whom we share or have shared it and where the data originates from.
If applicable, you may also ask how we process your data in an automated manner.

Right to correction or rectification

You have the right to ensure that the data we process about you is up to date. If you determine that personal data processed by us is not current, you may either update it yourself or contact us.

Right to erasure

You have the right to request deletion of personal data processed by us. Please note that depending on which data you request to be deleted, your balance, servers and user account may also be deleted.

Right to restriction of processing

We process your personal data until it is no longer required for the purposes stated above or until you request deletion.

Right to data portability

You are entitled to receive a copy of your data in a machine-readable format. In most cases, we provide this data as a JSON export.

Right of withdrawal

If we process your data based on your consent, you may withdraw this consent at any time without giving reasons. Please note that this may restrict or make the use of HypeServ Services impossible.

Right to object

You may object to the future processing of your personal data at any time. Please note that this may restrict your use of HypeServ Services.

Right to lodge a complaint

If you have a privacy-related complaint, please first contact us at privacy [at] onesrv.net so we can try and fix the issue you're experiencing.

If you identify violations of the GDPR, you have the right as a data subject to lodge a complaint with a supervisory authority. As our company is based in Rhineland-Palatinate, we recommend contacting the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate: https://www.datenschutz.rlp.de/. However, you may also contact supervisory authorities in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement. If you are an individual from the UK, your relevant authority is the Information Commissioner's Office (ICO): https://ico.org.uk/.

Exercising my rights

To exercise your rights, contact the controller responsible for processing. If it is unclear which controller is responsible for your request, contact us (onesrv). In order for us to assign and verify your request, please ensure that your email is sent from the email address associated with your customer account if your request relates to a HypeServ account.

The controller has 30 days from receipt of your request to respond, once all necessary information for processing has been provided.

If we (onesrv) or the responsible controller determine that your requests are repetitive, unfounded or excessive, we are entitled to charge a reasonable fee or refuse the request.

Storage duration after deletion request

If you request deletion of your data or withdraw your consent to data processing, we will delete your data unless we have other legally permissible grounds for storing your personal data or such grounds exist that override your personal interests.

Effective Date: 13.02.2026

logo
© 2026 - onesrv
Popular Games
MinecraftValheimGT:NHDiscover all Servers
Information
DomainsKnowledgebaseParental FAQTechnologyBecome a PartnerRoadmapStatus
Legal
ImprintPrivacyToSDigital Services Act
Contact
+49 6136 7960 5919
A onesrv Product
Server aus Deutschland100% Ökostrom
Rate us on trustpilot
All prices include applicable taxes.
¹. While our infrastructure is primarily powered by AMD Ryzen™ 9 9950X processors, we may occasionally deploy equivalent high-performance CPUs that deliver comparable results. This is not the standard setup and is only done when the performance level fully matches or exceeds our specifications.