Legal documents.
Three operative documents that govern the relationship between BIG BOX Hosting d.o.o. and our customers. Each is a transparent statement of our practices, written to be read rather than signed without reading. Where a customer has a Master Service Agreement (MSA), it prevails over these to the extent of any conflict.
Privacy Policy →
GDPR Article 13 disclosure. What personal data we process, on what legal basis, for how long, what rights you have, who the supervisory authority is, how to contact our DPO. Updated 30 January 2026.
Terms of Service →
Service definition, acceptable use, payment terms, SLA with service credits, termination, governing law (Slovenian), dispute resolution. The default contract for any Customer who has not signed a separate MSA. Updated 30 January 2026.
Data Processing Agreement →
GDPR Article 28 instrument. Sub-processor list (Annex II), Standard Contractual Clauses (Module 2 / Module 3), technical and organisational measures (Annex III), audit rights, deletion procedures. Customer-supplied DPAs also accepted. Updated 30 January 2026.
Procurement-grade documentation
For procurement-team review including sub-processor list plus security questionnaire plus technical and organisational measures plus the corporate counterparty architecture: see /trust/.
For the architectural reasoning behind these documents — why Ljubljana, why no US presence, why no certification — see the founder's note at /about/.