Servers.com (referred to as ‘we’,’us’,’our’, ‘Servers’ or the ‘Company’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data we collect and process depends on the product or service requested and agreed in each case.
In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you (the “Data Subject”) and which includes, for example, your name, address, identification number.
Process, Processed, Processing shall mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means. Operations performed may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data. For the avoidance of doubt when we are providing our service we are acting as Data Controllers.
Data Processor - the entity that processes data on behalf of the Data Controller.
GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
There are various ways and purposes for which we may collect your personal data. Please see below for more information.
- When you place an order through Servers.com you first need to be registered and logged into your account. In order to create an account and register with us we will need to collect the following
Personal Data: Your full name, email address, phone number address, identification data, birth date (as we need to be sure that the person/s placing an order with us are 16 years old and above) and when you are placing an order on behalf of a company we will need to collect company information including but not limited to name of company, registration number, registered office address, VAT number etc.
- When you contact us via any form of communication for any reason on our website or through email or otherwise we will collect and process your full name and email address including any Personal Data you willingly provide to us when contacting us solely for the purpose of addressing your query.
- When placing your order online you will need to input your card details in order to process your order. If you pay using a credit card, we do not collect and store any payment information such as credit card numbers or verification codes. You disclose this information only to the respective payment service provider who needs it in order to process your order.
- We may collect and process your personal data such as full name, passport, drivers’ licence or identification data as well as photo for face matching and banking details for the purposes of conducting identification diligence compliance and conducting further checks against the data in multiple databases, including inter alia, internationally politically exposed persons and sanctions, country specific sanctions lists as well as criminal and financial lists. The provision of such data may also be necessary where you have changed your payment method or you have requested to obtain a free trial of our service etc. It should be noted that such collection and processing shall be done through our supplier Sum & Substance Ltd (UK) and more information on such processing can be found at https://help.sumsub.com/v1.0/faq/sumsub-compliance-and-data-protection-policy
- To address your query/ies when you have contacted us via any form of communication for any reason on our website or via email or otherwise;
- In order to register you as a new account user of our websites;
- Performance of a contract. To manage and fulfil your order and perform the contract entered into between us following the completion of your order but also to be able to complete our acceptance procedure so as to enter into a contract with prospective customers;
- to the extent that you have consented to being contacted for marketing purposes, we will use your personal data for the purposes of providing you with email newsletters, surveys, any other communication for the purposes of advertising and marketing of our services as well as providing you with targeted advertisements on our or third party websites. You have the right to revoke consent at any time by contacting us at firstname.lastname@example.org. Or by clicking unsubscribe on the email you will receive from us.
- As indicated above, where you have been selected for the purposes of conducting identification diligence compliance and further checks against the data in multiple databases and sanctions lists or where you have requested a free trial of our services or have changed your payment method as otherwise set out in the paragraph further above which is necessary in order to protect our legitimate interests against fraud, misuses of our terms and conditions and for ensuring that the person paying for the service is the rightful owner of the Servers account and bank card used for the purposes of payment.
- In order to comply with legal obligations to which we are subject (including tax, VAT accounting, AML laws, compliance with court or other regulatory orders etc.) and
- for the purposes of our legitimate interests or those of a third party in line with applicable data protection legislation. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include but are not limited to:
- (i) Initiating legal claims and preparing our defense in litigation procedures,
- (ii) Measures to manage business and for further developing products and services;
- (iii) to help verify accounts and activity, and to promote safety and security on and off of our services, such as by investigating suspicious activity or violations of Servers.com terms or policies
It should be noted that depending on the reason why the Personal Data is collected and processed more than one legal basis of processing may apply in each situation.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within Servers and its affiliates, partners, service providers, or agents for the purposes of achieving and fulfilling the purposes for which the Personal Data was originally provided. Various service providers and suppliers may also receive your personal data so that we may perform our obligations, such as billing service providers, card processing providers, identification and fraud diligence via Sum & Substance Ltd (UK) etc. Such service providers and suppliers enter into contractual agreements with Servers by which they observe confidentiality and data protection according to the applicable data protection law and GDPR. Servers may disclose your information where required to do so by law, is subject to subpoena or other legal proceeding or if you have given your consent.
Under the circumstances referred to above, recipients of personal data may be, for example:
As mentioned above, to facilitate our global operations, we transfer information to the United States in some instances depending on where the service is provided or what services are being provided and/or where the client is based. In addition to Standard Contractual Clauses and other transfer mechanisms, as may be appropriate in each case, we also rely on the EU-U.S. Privacy Shield Framework to safeguard the transfer of information we collect and transfer to the US.
Servers will renew its EU-U.S. Privacy Shield Framework and certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Servers is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body under the EU-U.S. Privacy Shield Framework. Moreover, we note that Servers may be required in some instances to disclose Personal Data in response to lawful requested by public authorities. Including to meet national security or law enforcement requirements but shall always do so within the remits of the law.
With respect to any complaints relating to this Policy that cannot be resolved through Servers’ internal processes, Servers agrees to cooperate with the data protection authorities in the EU and to participate in the dispute resolution procedures of the panel established by the EU Data Protection Authorities to resolve disputes pursuant to the EU-U.S. Privacy Shield principles. In the event that Servers or such authorities determine that Servers did not comply with this Policy, Servers will take appropriate steps to address any adverse effects and to promote future compliance. Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of “last resort”. In compliance with the EU-U.S. Privacy Shield Framework principles, Servers commits to resolve complaints about your privacy and our collection or use of your Personal Data. EU individuals with questions or concerns about the use of their Personal Data should contact us at: email@example.com
We endeavor to protect the security of your Personal Information. We use a variety of security technologies and procedures to try to protect your Personal Information from unauthorized access, use, or disclosure. For example, we store the Personal Information you provide on computer servers with limited access that are located in controlled facilities.
Servers may engage in automated decision-making of a potential customer prior to entering into, or to performing, a contract with the customer to, inter alia, determine the suitability of the customer, whether or not the customer shall be using the services for legitimate purposes, for detecting fraud and misuses of its terms and conditions or where the customer changes their payment method or as part of Servers’ randomly selected fraud and identification diligence checks on its customers or where a customer has requested a free test of Servers’ services using the automated service provided by its supplier Sum& Substance Ltd (UK). To clarify, Servers shall not be using such automated means of processing solely to make any decisions regarding the customer’s account.
Servers will retain personal data it processes for as long as needed in accordance with applicable laws and regulations.
You have the following rights in terms of your personal data we hold about you.
(a) The right to access This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
(b) The right to rectification You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Please always keep us informed if any of your Personal Data changes.
(c) The right to erasure In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions to the right of erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of our legal claims.
(d) The right to object to processing Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much is related to direct marketing.
If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
(e) The right to restrict processing In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; SERVERS.com no longer needs the personal data for the purposes of SERVERS.com processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, SERVERS.com may continue to store your personal data. However, SERVERS.com will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
(f) The right to data portability You have the right to request to receive a copy of your personal data in a format that Is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by Servers to other organisations you will name.
(g) The right to complain to a supervisory authority If you have exercised any or all of your data protection rights and still feel that its concerns about how the Company uses your personal data have not been adequately addressed by the Company, you have the right to complain.
(h) The right to withdraw consent. You have right to withdraw the consent that you have given to the Company with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.