Privacy Policy | Servers.com by Nexcess (original) (raw)

This privacy policy (the “Policy”) informs you of how Servers.com, operating under Servers.com B.V. or Servers.com Inc, as the case may be (hereinafter referred to as ‘we’,’us’,’our’, ‘Servers’ or the ‘Company’) collects, uses and discloses your personal data while accessing and using our website and portal, subscribing to marketing material, as well as when purchasing or using our services whether on a trial basis or by way of a paid service.

We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with applicable data protection laws and regulations.

In this privacy policy, your data is sometimes referred to as “personal data” or “personal information” and the terms may be used interchangeably but shall refer to the same thing. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.

For the purposes of this policy, personal data shall mean any information relating to you which identifies or may identify you (the “Data Subject”) and which includes, for example, your name, address, identification number.

For the avoidance of doubt when we are providing our services we are acting as Data Controllers.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Unless otherwise stated, terms used in this privacy policy, including but not limited to “processing”, “controller”, “processor”, and “personal data” shall have the meanings assigned to them under the GDPR.

What information do we collect and how do we use it?

There are various ways and purposes for which we may collect your personal data. Please see below for more information.

• When you place an order through Servers.com you first need to be registered and logged into your account. In order to create an account and register with us we will need to collect certain personal data about you as a customer which may include your full name, email address, phone number, address, identification data, birth date (as we need to be sure that the person/s placing an order with us are 16 years old and above) and when you are placing an order on behalf of a company we will need to collect company information . When providing personal data during this process, you represent that you own or have consent to provide the disclosed personal data if the personal data relates to a third party.
• When you use your account in the Servers.com Customer Portal or the Servers.com Public API, we collect and process log data and device information, including your IP address, country and city codes, login and authorization events, and records of actions performed within the account (e.g. adding or removing account members, changing member details or roles, modifying orders). We also process the personal data you provided at registration or when updating your user profile.
• When you contact us via any form of communication for any reason on our website or through email or otherwise we will collect and process your full name and email address including any Personal Data you willingly provide to us when contacting us for the purpose of addressing your query.
• When placing your order online and selecting the card payment method you will need to input your card details in order to process your order. The information you submit is collected and processed by our payment service providers, we do not collect, process and store this data other than certain limited financial and billing information shared with us via such payment service providers to verify the transaction such as the type of card used, the first 6 and last 4 digits of the card number, expiry date, card holder data.
• We may ask for your name, email address, physical address, and phone number to enable you to participate in events, surveys, contests, or to subscribe to marketing materials, data which will only be collected and processed with your consent.
• We may collect information about how you use our website, products and services (please refer to our Cookie policy for more information).
• We may collect and process your personal data and payment/transaction data for the purposes of conducting KYC (know your customer ID verification) and/or KYT (know your transaction payment verification) as part of our commitment in maintaining a secure and compliant platform. Such personal data may include full name, passport, drivers’ licence or other identification data as well as photo for face matching and banking, payment or transaction data. ID verification data may be used for further checks against the data in multiple databases, including inter alia, internationally politically exposed persons and sanctions, country specific sanctions lists as well as criminal and financial lists. The provision of such data may also be necessary where you have changed your payment method or you have requested to obtain a free trial of our service etc. It should be noted that such collection and processing shall be done through our supplier Sum & Substance Ltd (UK) and more information on such processing can be found at https://sumsub.com/privacy-notice-service/.
• we may collect personal data of prospective or existing customers in order to identify potential business opportunities and communicate with individuals who may be interested in our services. This information may be obtained directly from you, when you visit and browse our website, from publicly available sources or third party providers with whom we have appropriate agreements in place to ensure the data is collected and shared lawfully. The type of information we may collect may include name, job title, company name, business email address, telephone number, professional background, and information relating to your interactions with us. We use customer relationship management tools to support our interactions with prospects, customers, and account users. We use reputable third-party providers to support these activities, who may in certain instances act as our data processors and process personal data only in accordance with our instructions pursuant to a written agreement and applicable data-protection laws.
• If you apply for a role through our website, we will collect and process the personal data you provide as part of your application, which may include your full name and email address, phone number, CV and employment history.

Why we collect and process your Personal Data

• To address your query/ies when you have contacted us via any form of communication for any reason;
• In order to register your account on the customer portal and/or register you as a new account user of our services,process amendments to user profiles on the Servers.com customer portal,manage your actions and requests using the Servers.com Public API and record and provide information logs associated with the accounts. We use this information for our legitimate interests to ensure the security and integrity of our services including to detect, prevent, and investigate fraud, misuse, or other suspicious activity; to enable traceability of actions by specific users; and to alert relevant parties if user records may have been compromised. This information is also available to the customer administrators of the specific account on the Servers.com portal for the same purposes;
• Performance of a contract. To manage and fulfil your orders and perform the contract entered into between us following the completion of your;
• To the extent that you have consented to your data being processed, for example where you have consented to being contacted for marketing purposes as well as for the purposes of providing you with targeted advertising. You have the right to revoke consent at any time by contacting us at privacy@servers.com or by clicking unsubscribe on the email you will receive from us.
• As indicated above, where you have been selected for the purposes of conducting identification diligence compliance and further checks against the data in multiple databases and sanctions lists which is necessary in order to protect our legitimate interests against fraud, misuses of our terms and conditions and for ensuring that the person paying for the service is the rightful owner of the Servers account and bank card used for the purposes of payment.
• Where you have applied for a role through our website we use this information to assess your suitability for the role, manage the recruitment process, and, where applicable, to keep records related to our hiring activities.We use a third-party service provider to operate elements of our recruitment platform and to process these data on our behalf. Such service providers act strictly under our instructions and are bound by contractual obligations to keep your information secure and to use it only for the purposes described above.
• In order to comply with legal obligations to which we are subject (including tax, VAT accounting, AML laws, compliance with court or other regulatory orders etc.) and
• For the purposes of our legitimate interests or those of a third party in line with applicable data protection legislation. Examples of such processing activities include but are not limited to:
  1. Initiating legal claims and preparing our defense in litigation procedures,
  2. Ensure the proper functioning of our website, improve our products and services, optimize your user experience, provide you with advertising and content adapted to your interests through the setting of cookies on our website, measure the effectiveness of our advertising campaigns and diagnose and troubleshoot problems;
  3. to help our team and customer administrators verify and protect accounts and activity and prevent fraud, investigate suspicious activity or violations of Servers.com terms or policies, monitor the proper function of systems and diagnostics;
  4. to ensure efficient and secure operation of our internal administrative and communication systems;
  5. Maintain the safety and security of our website and prevent fraudulent use of our websites or services;
  6. deploy and maintain lead-generation, customer-engagement and customer relationship management tools to enable us to better understand and interact with customers and potential customers. These tools enable us to manage and maintain our commercial relationships, track communications and engagement, manage sales pipeline, enhance our understanding of our customers’ needs, monitor and improve the quality of our services and customer service processes etc.
     Where we conduct calls or video conferences with customers or prospective customers, we may, subject to your consent, record and/or transcribe calls, video meetings, or other voice communications using third-party service providers that support these functionalities. Access to any such recordings or transcripts is strictly limited to authorised personnel who require it for the purposes described above. Recordings and transcripts are retained only for as long as necessary to fulfil those purposes.
     All third-party providers engaged for these activities act as our data processors. They process personal data solely in accordance with our documented instructions and are bound by contractual obligations to protect the confidentiality and security of the data. Any AI-enabled features offered by such providers are used exclusively to support the services described above, are not used to make automated decisions about individuals, and any insights or outputs generated are subject to human review. Machine-learning functions are disabled where possible.
  7. We use Google Workspace – including Gmail, Meet, Drive, Docs and related tools – to support our business operations, internal and external communications, collaboration and document storage. These services are provided by Google LLC, acting as our data processor for this purpose. Your personal data processed in these tools is used only for legitimate business operations (such as communications, file sharing, collaboration, scheduling), and handled in accordance with this Privacy Policy and applicable data protection laws.

It should be noted that depending on the reason why the Personal Data is collected and processed more than one legal basis of processing may apply in each situation.

To whom do we disclose your personal data and why?

• Within our organisation and group of companies for the purposes identified in this policy.
• Third party providers that provide services on our behalf. These companies include providers that assist with marketing support, processing credit card payments, providing sales leads and lead generation tools, customer relationship management tools, evaluating job applications, data analytics, fraud verification and customer support etc. Third party providers may only process personal information pursuant to our written instructions and in compliance with this Privacy Policy and other applicable regulations and pursuant to contractual agreements entered into between the parties which observe confidentiality and data protection according to applicable data protection laws.
• Advertising: We may share the personal information collected via cookies and other tracking technologies to the extent you have consented, with advertising companies to display ads that may be of interest to you.
• As required by law or similar Investigations: where required to do so by law, where it is subject to a subpoena or other legal proceeding including to meet national security or law enforcement requirements or if you have given your consent.

Transfer of your personal data to a third country or to an international organisation

For the purposes for which your personal data was collected as otherwise set out in this policy we may be required to transfer, store and process your personal data outside of the European Economic Area (“EEA”) and some of our affiliates, contractors or service providers who provide services on our behalf may be located outside of the EEA. Pursuant to the applicable requirements of the GDPR, we will ensure that transfers of personal information to a country outside of the EEA shall be subject to at least the same level of privacy protection and security and be subject to appropriate safeguards as described in Article 46 of the GDPR using the appropriate transfer mechanism, as is applicable in each instance.

In the instance where there is no adequacy decision in the country where data shall be transferred to for further processing the use of Standard Contractual Clauses for international transfers shall be used (as these may be amended and/or replaced from time to time) including any additional contractual and technical safeguards as may be necessary depending on the location of the data importer, in line with the GDPR. Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it and that all third parties respect the security of your personal data and treat it in accordance with the law and in accordance with our written instructions and solely for the purposes for which the data was originally collected. For the avoidance of doubt, this privacy policy and any collection of processing of personal data referred to hereunder does not relate to the collection and processing of personal data as part of us acting as a data processor when providing our services- this matter is addressed in detail https://www.servers.com/legal/personal-data-processing.

Data Privacy Framework

Servers.com Inc complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Servers.com Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Servers.com Inc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Servers.com Inc’s participation in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S may be subject to investigation and enforcement by the US Federal Trade Commission. Moreover, we note that Servers may be required in some instances to disclose Personal Data in response to lawful requested by public authorities, including to meet national security or law enforcement requirements but shall always do so within the remits of the law.

Servers.com Inc has responsibility for the processing of personal information it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S and subsequently transfers to a third party acting as an agent on its behalf as otherwise set out in this Policy. Servers.com Inc remains liable under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S if a third-party agent processes personal information covered by this Policy in a manner inconsistent with the applicable Principles, except where Servers.com Inc is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Servers.com Inc commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. In the event that Servers or such authorities determine that Servers did not comply with this Policy, Servers will take appropriate steps to address any adverse effects and to promote future compliance.

if you have any inquiries or complaints about our handling of your personal information for any reason please contact us at privacy@servers.com. We will respond to your inquiry promptly at no cost to you. Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right, as a last resort and under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel. For more information on how to submit a complaint to the EU data protection authorities or how to invoke the binding arbitration process please refer to https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf

We commit to ensuring that we at all times comply with the Principles and commit to employing effective mechanisms for ensuring continued compliance with such Principles.

How We Protect and Store Personal Information

We endeavor to protect the security of your Personal Information, prevent unauthorized access to and misuse of your Personal Information. We use a variety of business systems, security, technical and physical restrictions,technologies and procedures to protect your Personal Information from unauthorized access, use, or disclosure in accordance with applicable data privacy laws and regulations.

Automated Decision-Making

Servers may engage in automated decision-making of a potential customer prior to entering into, or to performing, a contract with the customer to, inter alia, determine the suitability of the customer, for detecting fraud and misuses of its terms and conditions or where the customer changes their payment method or as part of Servers’ randomly selected fraud and identification diligence checks on its customers or where a customer has requested a free test of Servers’ services using the automated service provided by its supplier Sum& Substance Ltd (UK). To clarify, Servers shall not be using such automated means of processing solely to make any decisions regarding the customer’s account.

How Long We Keep Your Personal Information For

Servers will retain personal data it processes for as long as needed in accordance with applicable laws and regulations.

YOUR RIGHTS

You have the following rights in terms of your personal data we hold about you. Should you wish to contact us pertaining to the collection and use of your personal data or to exercise any of your rights identified herein below please contact us at privacy@servers.com

1. The right to access: This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
2. The right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Please always keep us informed if any of your Personal Data changes.
3. The right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions to the right of erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of our legal claims.
4. The right to object to processing: Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much is related to direct marketing.
   If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
5. The right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data.
6. The right to data portability: You have the right to request to receive a copy of your personal data in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by Servers to other organisations you will name.
7. The right to complain to a supervisory authority: If you have exercised any or all of your data protection rights and still feel that its concerns about how the Company uses your personal data have not been adequately addressed by the Company, you have the right to complain.
8. The right to withdraw consent. You have right to withdraw the consent that you have given to the Company with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

EU Representative pursuant to Article 27 of the GDPR.

gdpr-officer@servers.com

53-55 Agios Athanasios, Michael Angelo House, 4102 Limassol, Cyprus

Last modified: January 21st, 2026