Servercab Privacy Policy

PRIVACY POLICY

2. Data Controller Information

Legal Entity:

ServerCare Limited
Company Registration Number: 15515670
Registered Office:

​

Cambridge House,

32 Padwell Road,

Southampton,

Hampshire,

United Kingdom,

SO14 6QZ

Privacy Contact:

Data Protection Officer: dominic.guilbert@servercare.co.uk
Phone: 0845 520 0010

3. Information We Collect

3.1 Personal Information

Contact & Identity Information:

• Full name and job title

• Business and personal email addresses

• Phone numbers (office, mobile, direct)

• Company name and registration details

• Postal addresses (billing, delivery, registered office)

• Professional credentials and certifications

Technical & Service Information:

• IT infrastructure details and server specifications

• Network configurations and system requirements

• Software versions and hardware serial numbers

• Service history and maintenance records

• Support ticket details and communications

Financial Information:

• Billing addresses and payment preferences

• Purchase order numbers and approval processes

• Credit check information (where applicable)

• Payment card details (processed via secure third parties)

• Invoice and payment history

​

3.2 Automatically Collected Information

Website Analytics:

• IP addresses and geographic location data

• Browser type, version, and operating system

• Device information and screen resolution

• Pages visited and time spent on site

• Referral sources and search terms

• Click-through rates and conversion data

Cookies & Tracking Technologies:

• Essential cookies for website functionality

• Performance cookies for analytics

• Marketing cookies for targeted advertising

• Preference cookies for user settings

• Session tokens and authentication data

Communication Records:

• Email correspondence and attachments

• Phone call recordings (where legally permitted)

• Live chat transcripts and support interactions

• Video conference recordings (with consent)

• Social media interactions and mentions

​

4. How We Use Your Information

4.1 Service Delivery (Legal Basis: Contract Performance)

Primary Service Functions:

• Processing and fulfilling service orders

• Providing technical support and maintenance

• Managing warranty claims and replacements

• Coordinating field engineer visits

• Monitoring service level agreements (SLAs)

Customer Account Management:

• Creating and maintaining customer accounts

• Managing user access and permissions

• Processing service requests and changes

• Providing billing and invoicing services

• Handling contract renewals and updates

​

4.2 Business Operations (Legal Basis: Legitimate Interest)

Quality Assurance:

• Monitoring service quality and performance

• Training staff and improving processes

• Conducting customer satisfaction surveys

• Analyzing service delivery metrics

• Implementing quality improvement programs

Business Development:

• Understanding market trends and customer needs

• Developing new services and solutions

• Analyzing competitive positioning

• Planning capacity and resource allocation

• Strategic business planning and forecasting

​

4.3 Legal & Regulatory Compliance (Legal Basis: Legal Obligation)

Regulatory Requirements:

• Complying with accounting and tax obligations

• Meeting audit and inspection requirements

• Fulfilling data protection obligations

• Responding to legal requests and court orders

• Maintaining regulatory certifications

Security & Risk Management:

• Preventing fraud and unauthorized access

• Monitoring for security threats and vulnerabilities

• Conducting risk assessments and audits

• Implementing incident response procedures

• Maintaining business continuity plans

​

4.4 Marketing & Communications (Legal Basis: Consent/Legitimate Interest)

Marketing Activities:

• Sending promotional emails and newsletters

• Conducting market research and surveys

• Personalizing website content and offers

• Managing social media presence

• Organizing events and webinars

Customer Communications:

• Sending service notifications and updates

• Providing technical alerts and advisories

• Sharing industry news and insights

• Conducting customer satisfaction surveys

• Managing communication preferences

​

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

5.1 Contract Performance

• Delivering purchased services and support

• Managing customer accounts and billing

• Processing warranty claims and returns

• Coordinating technical support activities

5.2 Legitimate Interest

• Improving our services and customer experience

• Preventing fraud and ensuring security

• Conducting business development activities

• Managing supplier and partner relationships

5.3 Legal Obligation

• Complying with tax and accounting requirements

• Meeting regulatory and certification standards

• Responding to legal requests and investigations

• Maintaining required business records

5.4 Consent

• Marketing communications and newsletters

• Non-essential cookies and tracking

• Special category data processing (where applicable)

• International data transfers (where required)

​

6. Data Sharing & Third Parties

6.1 Service Providers & Partners

Technical Service Providers:

• Field Engineers: Certified technicians for on-site support

• Parts Suppliers: Hardware vendors and distributors

• Logistics Partners: Courier and delivery services

• Cloud Providers: Secure hosting and backup services

Data Shared: Contact details, technical specifications, service history Safeguards: Contractual data protection obligations, security assessments
Business Service Providers:

• Payment Processors: Secure payment and billing services

• CRM Systems: Customer relationship management platforms

• Analytics Providers: Website and marketing analytics

• Communication Tools: Email, phone, and messaging services

Data Shared: Contact information, transaction data, usage analytics Safeguards: Data processing agreements, security certifications

6.2 Legal & Regulatory Disclosure

Circumstances for Disclosure:

• Court orders and legal proceedings

• Regulatory investigations and audits

• Law enforcement requests (with appropriate warrants)

• National security requirements (where legally mandated)

• Protection of rights, property, or safety

Information Disclosed:

• Limited to legally required information

• Minimum necessary for the specific purpose

• Subject to appropriate legal protections

• Documented and logged for audit purposes

​

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the new entity, subject to:

• Continued privacy protection obligations

• Notification to affected individuals

• Opportunity to opt-out where legally possible

• Compliance with applicable data protection laws

​

7. International Data Transfers

7.1 Transfer Safeguards

When transferring personal data outside the UK/EU, we ensure adequate protection through:

EU Adequacy Decisions:

• Countries recognized as providing adequate protection

• Transfers to these countries require no additional safeguards

• Currently includes: UK, Switzerland, Japan, Canada (commercial), etc.

Standard Contractual Clauses (SCCs):

• EU Commission approved contract terms

• Binding data protection obligations on recipients

• Rights of redress for affected individuals

• Regular compliance monitoring and audits

Certification Programs:

• EU-US Data Privacy Framework participation

• APEC Cross-Border Privacy Rules (CBPR)

• ISO 27001 and SOC 2 certifications

• Industry-specific security standards

​

7.2 Specific Transfer Scenarios

Cloud Services:

• Providers: Microsoft Azure, Amazon AWS, Google Cloud

• Locations: EU/UK data centers with local data residency

• Safeguards: Data processing agreements, encryption, access controls

Support Systems:

• CRM Platforms: Salesforce (EU instance)

• Analytics: Google Analytics (EU/UK servers)

• Communication: Microsoft 365 (EU data residency)

​

8. Data Retention

8.1 Retention Periods

Customer Data:

• Active Customers: Throughout relationship + 7 years

• Former Customers: 7 years after contract termination

• Prospect Data: 3 years from last meaningful interaction

• Marketing Data: Until consent withdrawn + 1 year

Financial Records:

• Invoices & Payments: 7 years (UK tax law requirement)

• Contracts: 7 years after expiration

• Purchase Orders: 7 years from completion

• Audit Records: 7 years from audit completion

Technical Data:

• Service Records: 7 years from service completion

• System Logs: 13 months (security monitoring)

• Support Tickets: 7 years from resolution

• Performance Data: 3 years from collection

Communication Records:

• Email Correspondence: 7 years from last communication

• Call Recordings: 7 years (where legally recorded)

• Chat Transcripts: 3 years from interaction

• Meeting Records: 7 years from meeting date

​

8.2 Secure Deletion

When retention periods expire, data is:

• Securely deleted using industry-standard methods

• Physically destroyed for hardware storage devices

• Cryptographically erased for encrypted data

• Verified and documented through audit trails

​

9. Your Rights Under Data Protection Law

9.1 UK GDPR & Data Protection Act 2018 Rights

Right of Access (Article 15):

• Request copies of your personal data

• Information about how we process your data

• Details of data sharing and retention

• Response Time: 1 month (free of charge)

Right of Rectification (Article 16):

• Correct inaccurate personal data

• Complete incomplete personal data

• Update outdated information

• Response Time: 1 month

Right of Erasure (Article 17):

• Request deletion of personal data

• "Right to be forgotten" in certain circumstances

• Exceptions for legal obligations and legitimate interests

• Response Time: 1 month

Right to Restrict Processing (Article 18):

• Limit how we use your personal data

• Alternative to deletion in certain circumstances

• Maintain data accuracy while disputed

• Response Time: 1 month

Right to Data Portability (Article 20):

• Receive your data in a structured format

• Transfer data to another service provider

• Applies to automated processing with consent/contract

• Response Time: 1 month

Right to Object (Article 21):

• Object to processing based on legitimate interests

• Object to direct marketing (absolute right)

• Object to profiling and automated decision-making

• Response Time: 1 month

​

9.2 California Consumer Privacy Act (CCPA) Rights

For California residents, additional rights include:
Right to Know:

• Categories of personal information collected

• Sources of personal information

• Business purposes for collection

• Third parties with whom data is shared

Right to Delete:

• Request deletion of personal information

• Exceptions for legal and business obligations

• Verification required for security

Right to Opt-Out:

• Opt-out of sale of personal information

• Opt-out of targeted advertising

• Global Privacy Control (GPC) honored

Right to Non-Discrimination:

• Equal service regardless of privacy choices

• No price discrimination for exercising rights

• Incentive programs must be reasonable

​

9.3 Exercising Your Rights

How to Make a Request:

• Email: dominic.guilbert@servercare.co.uk

• Phone: 0845 520 0010 (ask for Data Protection Officer)

• Online: Submit request via customer portal

Identity Verification:

• Government-issued photo ID

• Utility bill or bank statement (address verification)

• Account information or service details

• Additional verification for sensitive requests

Response Timelines:

• Standard Requests: 1 month from verification

• Complex Requests: Up to 3 months (with explanation)

• Urgent Requests: Expedited where legally required

• Status Updates: Provided every 2 weeks for complex requests

​

10. Cookies & Tracking Technologies

10.1 Types of Cookies Used

Essential Cookies (Always Active):

• Session Management: Login authentication and security

• Shopping Cart: Service selections and quotes

• Security: CSRF protection and secure browsing

• Load Balancing: Website performance optimization

Performance Cookies (Opt-in Required):

• Google Analytics: Website usage and performance metrics

• Hotjar: User experience and heatmap analysis

• Microsoft Clarity: Session recordings and insights

• New Relic: Application performance monitoring

Marketing Cookies (Opt-in Required):

• Google Ads: Conversion tracking and remarketing

• LinkedIn Ads: B2B advertising and lead generation

• Facebook Pixel: Social media advertising

• Microsoft Advertising: Search and display advertising

Preference Cookies (Opt-in Required):

• Language Settings: Preferred language selection

• Currency Display: Regional currency preferences

• Accessibility: Font size and contrast settings

• Communication Preferences: Notification settings

​

10.2 Cookie Management

Consent Management:

• Granular consent options for cookie categories

• Easy withdrawal of consent at any time

• Clear information about each cookie's purpose

• Regular consent renewal requests

Cookie Control Options:

• Browser Settings: Configure cookie acceptance

• Our Cookie Preference Center: Manage consent

• Third-Party Opt-Outs: Direct advertiser controls

• Do Not Track: Honored where technically feasible

Retention Periods:

• Session Cookies: Deleted when browser closes

• Persistent Cookies: 13 months maximum

• Analytics Cookies: 26 months (Google Analytics)

• Marketing Cookies: 90 days average

​

11. Security Measures

11.1 Technical Safeguards

Encryption:

• Data in Transit: TLS 1.3 encryption for all communications

• Data at Rest: AES-256 encryption for stored data

• Database Encryption: Transparent data encryption (TDE)

• Backup Encryption: End-to-end encrypted backups

Access Controls:

• Multi-Factor Authentication: Required for all systems

• Role-Based Access: Principle of least privilege

• Regular Access Reviews: Quarterly access audits

• Privileged Account Management: Separate admin accounts

Network Security:

• Firewalls: Next-generation firewall protection

• Intrusion Detection: 24/7 monitoring and alerting

• VPN Access: Secure remote access only

• Network Segmentation: Isolated security zones

Application Security:

• Secure Development: OWASP guidelines followed

• Regular Testing: Penetration testing and code reviews

• Vulnerability Management: Automated scanning and patching

• Security Headers: HSTS, CSP, and other protective headers

​

11.2 Organizational Safeguards

Staff Training:

• Security Awareness: Monthly training sessions

• Data Protection: GDPR and privacy law education

• Incident Response: Regular drill exercises

• Social Engineering: Phishing simulation tests

Physical Security:

• Secure Facilities: Biometric access controls

• Clean Desk Policy: Mandatory information protection

• Visitor Management: Escort requirements and logging

• Equipment Security: Asset tracking and disposal

Business Continuity:

• Backup Systems: Automated offsite backups

• Disaster Recovery: Tested recovery procedures

• Incident Response: 24/7 response team

• Business Impact Analysis: Regular risk assessments

​

11.3 Cyber Essentials Certification

Our Cyber Essentials certification demonstrates our commitment to:

Core Security Controls:

• Firewalls and Gateways: Properly configured boundaries

• Secure Configuration: Hardened systems and applications

• User Access Control: Controlled user privileges

• Malware Protection: Comprehensive anti-malware solutions

• Patch Management: Regular security updates

Certification Benefits:

• Government Recognition: UK government cybersecurity standard

• Insurance Benefits: Reduced cyber insurance premiums

• Customer Confidence: Demonstrated security commitment

• Competitive Advantage: Differentiation in the marketplace

​

12. Data Breach Procedures

12.1 Incident Detection & Response

Detection Methods:

• Automated Monitoring: SIEM and security analytics

• Staff Reporting: Incident reporting procedures

• Customer Reports: External breach notifications

• Third-Party Alerts: Vendor security notifications

Response Timeline:

• Immediate (0-1 hours): Incident containment and assessment

• Short-term (1-24 hours): Investigation and impact analysis

• Medium-term (1-72 hours): Regulatory notification if required

• Long-term (ongoing): Remediation and lessons learned

​

12.2 Notification Procedures

Regulatory Notifications:

• ICO (UK): Within 72 hours of becoming aware

• EU Supervisory Authorities: Via lead authority mechanism

• Other Regulators: As required by specific jurisdictions

• Documentation: Detailed incident records maintained

Individual Notifications:

• High Risk Breaches: Direct notification within 72 hours

• Communication Methods: Email, phone, postal mail, website

• Information Provided: Nature of breach, likely consequences, mitigation steps

• Support Offered: Credit monitoring, identity protection services

​

12.3 Remediation & Prevention

Immediate Actions:

• Contain the Breach: Prevent further unauthorized access

• Preserve Evidence: Maintain logs and forensic data

• Assess Impact: Determine scope and affected individuals

• Implement Fixes: Address vulnerabilities and weaknesses

Long-term Improvements:

• Root Cause Analysis: Identify underlying causes

• Security Enhancements: Implement additional safeguards

• Process Updates: Revise policies and procedures

• Staff Training: Address any human factors

​

13. Children's Privacy

13.1 Age Restrictions

ServerCare's services are designed for business use and are not intended for children under 18 years of age. We do not knowingly:

• Collect personal information from children under 18

• Market our services to minors

• Process data from individuals we know to be under 18

• Create accounts for users under 18 years of age

​

13.2 Parental Rights

If we become aware that we have collected personal information from a child under 18:

• Immediate Action: We will delete the information promptly

• Parental Notification: We will notify parents/guardians where possible

• Account Closure: Any associated accounts will be terminated

• System Updates: We will review and improve age verification

​

13.3 Educational Institutions

When providing services to schools, colleges, or universities:

• Institutional Consent: We rely on the institution's authority

• Limited Processing: Only process data necessary for service delivery

• Enhanced Protection: Apply additional safeguards for student data

• Parental Rights: Honor parental requests regarding student data

​

14. Changes to This Privacy Policy

14.1 Update Procedures

Regular Reviews:

• Annual Review: Comprehensive policy assessment

• Regulatory Changes: Updates for new laws and regulations

• Business Changes: Modifications for new services or practices

• Technology Updates: Adjustments for new systems or processes

Notification Methods:

• Website Publication: Updated policy posted prominently

• Email Notification: Direct notification to registered users

• Account Alerts: In-app notifications for portal users

• Newsletter Updates: Information in regular communications

​

14.2 Material Changes

For significant changes that affect your rights or how we use your data:

• 30-Day Notice: Advance notification before implementation

• Opt-Out Options: Right to object or withdraw consent

• Impact Assessment: Clear explanation of changes

• Contact Support: Assistance with questions or concerns

​

14.3 Version Control

​

• Version History: Previous versions available on request

• Change Log: Summary of modifications made

• Effective Dates: Clear indication of when changes apply

• Legal Compliance: All changes meet regulatory requirements

​

15. Contact Information & Complaints

15.1 Privacy Team Contacts

Data Protection Officer:

• Email: dominic.guilbert@servercare.co.uk

• Phone: 0845 520 0010 (ext. 101)

• Response Time: 5 business days for initial response

Privacy Queries:

• General Questions: dominic.guilbert@servercare.co.uk

• Data Requests: dominic.guilbert@servercare.co.uk

• Security Concerns: dominic.guilbert@servercare.co.uk

• Compliance Issues: dominic.guilbert@servercare.co.uk

​

15.2 Complaint Procedures

Internal Complaints:

1. Contact Us First: Email privacy@servercare.co.uk

2. Provide Details: Description of concern and desired resolution

3. Investigation: We will investigate within 30 days

4. Resolution: Written response with outcome and actions taken

​

Regulatory Complaints:

UK - Information Commissioner's Office (ICO):

• Website: ico.org.uk

• Phone: 0303 123 1113

• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

​

EU - European Data Protection Board:

• Website: edpb.europa.eu

• Complaint Portal: Available through national supervisory authorities

• Contact: Via your local EU data protection authority

​

US - Federal Trade Commission (for CCPA):

• Website: ftc.gov

• Phone: 1-877-FTC-HELP

• Consumer Complaint Assistant: Available online

​

15.3 Legal Information

Governing Law:

This Privacy Policy is governed by the laws of England and Wales, with disputes subject to the exclusive jurisdiction of English courts.

Severability:

If any provision of this policy is found to be unenforceable, the remaining provisions will continue in full force and effect.

Language:

This policy is provided in English. Translations may be available, but the English version will prevail in case of conflicts.