Privacy Policy

This privacy policy (the “Policy”) informs you of how Servers.com, operating under Servers.com B.V. or Servers.com Inc, as the case may be (hereinafter referred to as ‘we’,’us’,’our’, ‘Servers’ or the ‘Company’) collects, uses and discloses your personal data while accessing and using our website, subscribing to marketing material, as well as when purchasing or using our services whether on a trial basis or by way of a paid service.

We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with applicable data protection laws and regulations. The personal data we collect and process depends on the product or service requested and agreed in each case.

In this privacy policy, your data is sometimes referred to as “personal data” or “personal information” and the terms may be used interchangeably but shall refer to the same thing. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.

For the purposes of this policy, personal data shall mean any information relating to you which identifies or may identify you (the “Data Subject”) and which includes, for example, your name, address, identification number.

Process, Processed, Processing shall mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means. Operations performed may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data. For the avoidance of doubt when we are providing our service we are acting as Data Controllers.

Data Processor - the entity that processes data on behalf of the Data Controller.

GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

What information do we collect and how do we use it?

There are various ways and purposes for which we may collect your personal data. Please see below for more information.

- When you place an order through Servers.com you first need to be registered and logged into your account. In order to create an account and register with us we will need to collect certain personal data about you as a customer which may include Your full name, email address, phone number, address, identification data, birth date (as we need to be sure that the person/s placing an order with us are 16 years old and above) and when you are placing an order on behalf of a company we will need to collect company information including but not limited to name of company, registration number, registered office address, VAT number etc. when providing personal data during this process, you represent that you own or have consent to provide the disclosed personal data if the personal data relates to a third party.

- When you contact us via any form of communication for any reason on our website or through email or otherwise we will collect and process your full name and email address including any Personal Data you willingly provide to us when contacting us solely for the purpose of addressing your query.

- When placing your order online you will need to input your card details in order to process your order. We do not collect and store any payment information such as credit card numbers or verification codes. You disclose this information only to the respective payment service provider who needs it in order to process your order.

- We may ask for your name, email address, physical address, and phone number to enable you to participate in events, surveys, contents, or to subscribe to marketing materials. Such participation is voluntary and you may choose whether or not to participate and therefore disclose this personal information.

- We may collect information about how you use our website, products and services (please refer to our Cookie policy for more information). 

- We may collect and process your personal data and payment/transaction data for the purposes of conducting KYC (know your customer ID verification) and/or KYT (know your transaction payment verification) as part of our commitment in maintaining a secure and compliant platform. Such personal data may include full name, passport, drivers’ licence or other identification data as well as photo for face matching and banking, payment or transaction data that may include the collection of cardholder name, expiry date, 6 and last 4 digits of the card number. ID verification data may be used for further checks against the data in multiple databases, including inter alia, internationally politically exposed persons and sanctions, country specific sanctions lists as well as criminal and financial lists. The provision of such data may also be necessary where you have changed your payment method or you have requested to obtain a free trial of our service etc. It should be noted that such collection and processing shall be done through our supplier Sum & Substance Ltd (UK) and more information on such processing can be found at https://sumsub.com/privacy-notice-service/

Why we collect and process your Personal Data

- To address your query/ies when you have contacted us via any form of communication for any reason on our website or via email or otherwise including but not limited to for the purposes of queries relating to our services, abuse/illegal content notification etc.;

- In order to register you as a new account user of our services;

- Performance of a contract. To manage and fulfil your order and perform the contract entered into between us following the completion of your order but also to be able to complete our customer verification procedure so as to enter into a contract with prospective customers;

- to the extent that you have consented to being contacted for marketing purposes, we will use your personal data for the purposes of providing you with email newsletters, surveys, any other communication for the purposes of advertising and marketing of our services as well as providing you with targeted advertisements on our or third party websites. You have the right to revoke consent at any time by contacting us at privacy@servers.com or by clicking unsubscribe on the email you will receive from us.

- As indicated above, where you have been selected for the purposes of conducting identification diligence compliance and further checks against the data in multiple databases and sanctions lists or where you have requested a free trial of our services or have changed your payment method as otherwise set out in the paragraph further above which is necessary in order to protect our legitimate interests against fraud, misuses of our terms and conditions and for ensuring that the person paying for the service is the rightful owner of the Servers account and bank card used for the purposes of payment.

- In order to comply with legal obligations to which we are subject (including tax, VAT accounting, AML laws, compliance with court or other regulatory orders etc.) and

- for the purposes of our legitimate interests or those of a third party in line with applicable data protection legislation. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include but are not limited to:

- (i) Initiating legal claims and preparing our defense in litigation procedures,

- (ii) Measures to manage business and for further developing and improving products and services;

- (iii) to help verify accounts and activity, and to promote safety and security on and off of our services, such as by investigating suspicious activity or violations of Servers.com terms or policies

It should be noted that depending on the reason why the Personal Data is collected and processed more than one legal basis of processing may apply in each situation.

Whether you have an obligation to provide us with your personal data

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.

Who receives your personal data?

In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within Servers and its affiliates, partners, service providers, or contractors for the purposes of achieving and fulfilling the purposes for which the Personal Data was originally provided. Service providers and suppliers may receive your personal data to the extent such suppliers provide services on our behalf, such as customer support, card processing providers, identification and fraud diligence via Sum & Substance Ltd (UK) etc. for the purposes for which the data was collected in accordance with this Policy.

Third party providers may only process personal information pursuant to our written instructions in accordance with applicable agreements between the parties, and in compliance with this Privacy Policy and other applicable regulations.Such affiliates, service providers and suppliers enter into contractual agreements with Servers by which they observe confidentiality and data protection according to the applicable data protection laws and the GDPR. Servers is part of a group of companies and we share personal data described in this Policy among such group of companies for our internal business purposes in compliance with this Policy and in accordance with applicable data protection laws and regulations.

Servers may be required to disclose your information where required to do so by law, where it is subject to a subpoena or other legal proceeding including to meet national security or law enforcement requirements.  or if you have given your consent.

Transfer of your personal data to a third country or to an international organisation

In order for us to, amongst others, perform the contract with you and be able to provide the services and invoice you etc. we may be required to transfer, store and process your personal data outside of the European Economic Area (“EEA”)  and some of our affiliates, contractors or service providers who provide services on our behalf  the aforementioned reasons may be located outside of the EEA. Pursuant to the applicable requirements of the GDPR, we will ensure that transfers of personal information to a country outside of the EEA shall be subject to at least the same level of privacy protection and security and be subject to appropriate safeguards as described in Article 46 of the GDPR using the appropriate transfer mechanism, as is applicable in each instance.

In the instance where there is no adequacy decision in the country where data shall be transferred to for further processing the use of Standard Contractual Clauses for international transfers shall be used (as these may be amended and/or replaced from time to time) includingany additional contractual and technical safeguards as may be necessary depending on the location of the data importer, in line with the GDPR. Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it and that all third parties respect the security of your personal data and treat it in accordance with the law and in accordance with our written instructions and solely for the purposes for which the data was originally collected. For the avoidance of doubt, this privacy policy and any collection of processing of personal data referred to hereunder does not relate to the collection and processing of personal data as part of us acting as a data processor when providing our services- this matter is addressed in detail https://www.servers.com/company/legal/personal-data-processing .

EU-US Data Privacy Framework

Servers.com Inc complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Servers.com Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Servers.com Inc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Servers.com Inc’s participation in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S may be subject to investigation and enforcement by the US Federal Trade Commission. Moreover, we note that Servers may be required in some instances to disclose Personal Data in response to lawful requested by public authorities, including to meet national security or law enforcement requirements but shall always do so within the remits of the law.

Servers.com Inc has responsibility for the processing of personal information it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S and subsequently transfers to a third party acting as an agent on its behalf as otherwise set out in this Policy. Servers.com Inc remains liable under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S if a third-party agent processes personal information covered by this Policy in a manner inconsistent with the applicable Principles, except where Servers.com Inc is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Servers.com Inc commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. In the event that Servers or such authorities determine that Servers did not comply with this Policy, Servers will take appropriate steps to address any adverse effects and to promote future compliance.

if you have any inquiries or complaints about our handling of your personal information for any reason please contact us at privacy@servers.com. We will respond to your inquiry promptly at no cost to you. Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right, as a last resort and under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel. For more information on how to submit a complaint to the EU data protection authorities or how to invoke the binding arbitration process please refer https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf

We commit to ensuring that we at all times comply with the Principles and commit to employing effective mechanisms for ensuring continued compliance with such Principles.

How We Protect and Store Personal Information

We endeavor to protect the security of your Personal Information, prevent unauthorized access to and misuse of your Personal Information. We use a variety of business systems, security, technical and physical restrictions,technologies and procedures to protect your Personal Information from unauthorized access, use, or disclosure in accordance with applicable data privacy laws and regulations.

Automated Decision-Making

Servers may engage in automated decision-making of a potential customer prior to entering into, or to performing, a contract with the customer to, inter alia, determine the suitability of the customer, whether or not the customer shall be using the services for legitimate purposes, for detecting fraud and misuses of its terms and conditions or where the customer changes their payment method or as part of Servers’ randomly selected fraud and identification diligence checks on its customers or where a customer has requested a free test of Servers’ services using the automated service provided by its supplier Sum& Substance Ltd (UK). To clarify, Servers shall not be using such automated means of processing solely to make any decisions regarding the customer’s account.

How Long We Keep Your Personal Information For

Servers will retain personal data it processes for as long as needed in accordance with applicable laws and regulations.

YOUR RIGHTS

You have the following rights in terms of your personal data we hold about you. Should you wish to contact us pertaining to the collection and use of your personal data or to exercise any of your rights identified herein below please contact us at privacy@servers.com

(a) The right to access: This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.

(b) The right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Please always keep us informed if any of your Personal Data changes.

(c) The right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions to the right of erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of our legal claims.

(d) The right to object to processing: Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much is related to direct marketing.

If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.

(e) The right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data.

(f) The right to data portability: You have the right to request to receive a copy of your personal data in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by Servers to other organisations you will name.

(g) The right to complain to a supervisory authority: If you have exercised any or all of your data protection rights and still feel that its concerns about how the Company uses your personal data have not been adequately addressed by the Company, you have the right to complain.

(h) The right to withdraw consent. You have right to withdraw the consent that you have given to the Company with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

EU Representative pursuant to Article 27 of the GDPR.

gdpr-officer@servers.com

53-55 Agios Athanasios, Michael Angelo House, 4102 Limassol, Cyprus


Last modified: February 23rd, 2024