By using our services, websites and platforms, you entrust us some personal information about you and your clients. This is a big responsibility for us, and we will do our best to protect your data and keep it under your control. We constantly review new data protection requirements, guidelines, and best practices to stay up to date.

This Data Protection Statement is addressed to our users and to our current and potential clients to discover our privacy rules and standards. For more detailed information on the purposes, terms and other conditions of data processing, please see our Privacy Policy and Cookie Policy.

1. Who we are?

We are the company Servercore (hereinafter referred to as "Servercore" or the “Company”), with registered offices in

• Kenya (P.O BOX 100778, JAMIA),
• Cyprus (Diagorou 4, Kermia Building, 6th floor, office 601, 1097, Nicosia, Cyprus),
• Kazakhstan (Z10K8H7, Republic of Kazakhstan, Astana, Saryarka district, Beibitshilik Street, building 14, Office 909),
• Uzbekistan (100015, Republic of Uzbekistan, Tashkent, Yakkasaray District, Damariq mahalassi, Abdulla Qahhor st., 47).

We own the Servercore electronic portal https://servercore.com/ as well as all the equipment, software, and hardware necessary for its operation.

Servercore is committed to Data Protection compliance, especially the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), and to strictly follow and to protect data subjects under other applicable privacy regulations, depending on the jurisdiction of our business.

According to the GDPR, Kenya's Data Protection Regulation and other applicable laws, Servercore may act in different roles, depending on our relationships with you.

Servercore acts as:

• data controller for your personal data if you are our user or visitor of our portal or website; subscriber to our news, mailings and social media accounts; current or potential client, vendor or business partner; shareholder or investor; director, manager or representative;
• data processor for personal data of our client’s users;
• data controller for your personal data if you are Servercore companies’ (including affiliates and target companies for acquisition) employee, contractor, applicant, intern, trainee, referral.

2. What are our privacy principles?

We are committed to the privacy principles and rules inherent in the GDPR and other privacy acts, and particularly we aim to ensure:

• your control under your information and transparency with regard to data processing;
• lawfulness, fairness, necessity of any processing for a specific purpose;
• accuracy, keeping up to date and erasure or anonymization when purpose of processing is achieved;
• safely and security of data processing, storage and transmission.

3. How do we register personal data?

We follow the accountability GDPR principle and conduct an audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed. The result of such audit is documented and maintained in records of processing activities.

4. Our Policies and Procedures

The following Policies and Procedures were implemented on corporate and staff levels to meet the requirements and principles of the GDPR and other relevant data protection laws:

• Privacy Policy – our rules and principles for protection of personal data of data subjects outside the company: users, clients, potential clients, visitors, etc.

• Cookie Policy – explaining the types of cookies we use on our website and how we use them to enhance user experience and improve the functionality of our website.

• Internal privacy and security policies – the set of requirements to staff and list of their obligations, procedures of data protection, of response to data subjects, of response to data breach, rules of data retention&erasure, etc.

• Data protection and security trainings – our obligatory awareness course to familiarize our staff with policies and procedures before granting them any access to personal data.

• Vendor management –ensuring that our third-party vendors and service providers protect personal data according to applicable regulations and standards.

• Data Protection Impact Assessment (DPIA) — reviewing processing activities to identify and minimize any potential risks to data subjects and ensure compliance with applicable privacy regulations. Based on the results, we have put in place appropriate controls on data processing and management.

• Regular audits and reviews of our privacy policies and proceduresto ensure they remain up-to-date and effective.

5. How do we protect personal data?

To protect personal data, we use state-of-the-art security measures, including:

• Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
• Measures for user identification and authorisation
• Measures for the protection of data during transmission
• Measures for ensuring physical security of locations at which personal data are processed
• Measures for ensuring events logging
• Measures for internal IT and IT security governance and management
• Measures for ensuring data minimisation
• Measures for ensuring limited data retention
• Measures for ensuring accountability

6. How do we delegate data processing to third parties?

When Servercore is a data controller or processor, we may engage some entrusted data processor or subprocessor who will process your personal data on our behalf and under our documented instructions.

7. How do we transfer personal data?

To the extent that Servercore has offices and organizational structures in third countries outside the EU/EEA, your data may be shared within our international business processes to perform our legal or contractual obligations to you or our business partners. We have a particular intra-group data transfer agreement in place and have conducted a Transfer Impact Assessment (TIA) where it is applicable. When such data transfers involve external data importers, we enter in respective standard contractual clauses with them.

As data processors, we have developed a Data Processing Agreement (DPA) for our clients. The DPA includes provisions for cross-border data transfers.

7. How to contact us?

If you have any questions, please do not hesitate to contact us at [email protected]