Privacy Policy

Last Update: August 20, 2024

Serverfarm is committed to ensuring that your privacy is protected. This privacy policy sets out how we use and protect any Personal Data that you provide when you use inCommand.

Personal data is defined as any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, from the information in question or when combined with other information.

We manage your data in compliance with all relevant Data Protection legislation.

• We will obtain and process the information fairly.
• We will only keep it for one or more specified and lawful purposes.
• We will only process it in ways compatible with the purposes for which you gave it to us initially.
• We will keep it safe and secure.
• We will keep it accurate and up to date.
• We will ensure that it is adequate, relevant, and not excessive.
• We will keep it no longer than is necessary for the specified purpose or purposes.
• We will give a copy of their personal data to any individual, on authorized request.
• Where required, we perform data protection impact assessments.
• We do not sell Sensitive Personal Data or Biometric Data.
• You will be notified of any Privacy Policy changes via our Privacy Policy Page.
• We have designated persons in Serverfarm who are responsible for compliance with Data Protection Legislation. These can be contacted via the details given in this policy.

How Do We Use Your Information?

We will only ever use your personal data for the purposes set out in this Privacy Statement. We only collect the information that we need to allow us to conduct business in accordance with our legal and regulatory requirements, and to ensure the security of our data centre.

The purposes are as follows:

• To perform the contract we have entered into with you.
• To provide the service and products you have requested.
• To comply with a legal obligation.
• Where it is necessary for our legitimate interests.
• Where we have obtained your specific written consent to do so.

The personal data that we hold is used to securely allow access to the Data centre. It is also used to allow us to understand who is on site at the data centre and in what role. The information that we use to do this is contained below.

What Personal Information We Collect from the People That Use InCommand?

We collect information from you when you register on our software for access to the data centers.

When using or registering on our software, we collect the following information:

• First and Last Name
• Contact information including email address and phone number
• IP (for MFA)
• Browser details

Sensitive information is recorded for access to our data centers. This includes biometric data, which is limited to use for access control and will not be used for any other purpose.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and organizational procedures to safeguard and secure the information we collect online. These include the following:

• Vulnerability Scanning.
• Your personal information is contained behind secured networks.
• We limit access to your data to approved employees, contractors, and third parties who are subject to confidentiality agreements and have been trained in data protection.
• All sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We have procedures in place to deal with any suspected security breaches and will keep you informed as legally required.

How Long Will We Keep Your Data?

We will hold your personal information in InCommand for as long as is necessary for the relevant activity and in accordance with legal requirements. We rely on you to let us know if your contact details change.

• Customers: We will keep your data for as long as you are a customer. Thereafter, we may keep your data for up to 18 months to enable us to respond to questions and complaints and to maintain legally required records. We may keep your data for longer than 18 months if we cannot delete it for legal, regulatory, or technical reasons.
• Contractors / Employees: We will determine an appropriate retention period based on the type of data we hold, which will only be for as long as we have a legal reason or legitimate interest. We will not keep your personal data for any longer than is necessary for the reasons for which it was first collected.

Your Rights in Connection with This Data

• You have the right to request access to personal data and the disclosure of the following information:
• Categories of personal information we have collected.
• Categories of sources from which the personal information has been collected.
• The purpose for collecting, selling, or sharing personal information.
• The categories of third parties to whom we disclose personal information.
• The specific personal information that has been collected.
• We will comply with the relevant legal time limit for responding to these requests. If we have to decline a request, we will provide the individual with notice of that decision, including a justification for the declination and instructions on how to appeal the decision.
• You have the right to request correction of personal data where the information we hold on you is inaccurate, delete your account, and change your preferences for certain communication.
• You have the right to request we stop using your personal data if you no longer wish us to process data for its original purpose unless we have a legal reason or legitimate interest in continuing to do so.
• You have the right to request erasure of personal data unless we have a legal reason or legitimate interest in continuing to hold your personal data.
• You have the right to withdraw consent to our processing of your personal data where you have previously given explicit consent, and we have no legal reason or legitimate interest in doing so.
• The right to non-discrimination - We will not discriminate against a consumer for exercising rights under the Act, including by charging different prices, denying goods or services, or providing a different level of quality of goods or services.

Third-Party Disclosure

The only categories of third parties to whom we disclose personal information are third parties employed to implement security at some of our data centers. These third parties are always required to comply with the relevant data protection legislation, and the details of the companies used will be made available on request.

To access the data centre as a visitor, we disclose your full name, company name, and if parking is required, your vehicle registration. If you require longer-term access and apply for an access badge, you give us consent to also disclose your email and phone number to set up the badge.

Automated Decision-Making

Data is currently not used for automated decision-making. If this changes, it will be stated in the Privacy Policy, and you will be allowed to opt out of the type of automated decision-making as specified in the Data Protection Legislation.

Data Protection Legislation Followed by Serverfarm Includes:

• EU General Data Protection Regulation 2016
• UK Data Protection Act 2018
• California Consumer Privacy Rights Act (CPRA)
• California Online Privacy Protection Act (CalOPPA)
• Canada - Personal Information Protection and Electronic Documents Act (PIPEDA)
• Israel - Protection of Privacy Law 5741-1981
• Texas Data Privacy and Security Act (TDPSA)

CONTACTING US

If there are any questions regarding this privacy policy or wish to exercise any of the rights set out above, you may contact us using the information below.
https://www.serverfarmllc.com/contact-server-farm/

PO Box 2156
El Segundo,
California 90245
United States

10 York Road
London
SE1 7ND
United Kingdom

Email: info@sfrdc.com

If you are unhappy with how we are processing your Personal Data or our response to your requests, you have the right to complain to your National Data Protection authority

Our privacy notice may be updated at any time, so please check it regularly as we may have to change the way we process your information, or there may be a change in law.