General Data Protection Regulation

1. Identification of important clauses to be addressed:

We have identified important implementation points from the GDPR guidelines and have made an effort to address them systematically and lawfully. Following are the ones we will address:

Right of access by the data subject, Art. 15 GDPR
Right to rectification, Art. 16 GDPR
Right to erasure ('right to be forgotten'), Art. 17 GDPR
Right to restriction of processing, Art. 18 GDPR
Right to data portability, Art. 20 GDPR
Right to object, Art. 21 GDPR

2. Existing Data Privacy Policy:

We have an existing Data privacy policy in place for all our services. The link for the policy can be found at https://www.servermanagement.app/privacypolicy.html . The policy already addresses a few points that need to be covered for GDPR compliance. The policy level changes for inclusion of additional requirements under GDPR will now be added. The consent for sharing of information is already given by our clients as the privacy policy and terms of services are reviewed during signup.

3. Storage of Information:

We use WHMCS as our billing and client management system since the launch of our operations. The system provides fully encypted SSL based communication with high security EV SSL implemented on our domain https://www.servermanagement.app. The system is the place so far where mandatory client information is being stored. The system is complete secure with IP based access instructions and all security lockdowns and restrictions in place for utmost data security. The servers housing our system are located in an Europe based DC which is GDPR compliant and so flow of information within Europe should not be on issue.
The Name and Location of the Datacenter and our Servers is : OVH Hosting . The servers are located in Strasbourg and Roubaix with failover network Ips within Europe.

4. WHMCS Version:

We have upgraded to version 7.5 of WHMCS for our billing and client management. This version of WHMCS provides a lot of functions which help with GDPR compliance. We have enabled all needed options available in this version to provide easy compliance to customers.

5. Right to Access Information:

We provide client area login and access to all our clients using WHMCS giving them a full view of all the information that has been shared with us.

6. Right to Rectification:

The client area from WHMCS is a self service portal from where we have enabled and provided rights for customers to edit their own information stored with us.

7. Right to Erasure:

On requesting a cancellation from the client area or via a ticket for their services, clients have the rights to ask removal and erasure of all their manadatory information shared during the period of the service.

8. Right to Restriction of Processing:

The client area provides opt-in and opt-out access to all our communications other than service requests. Our system integrates a fully operational helpdesk and communication from and to the helpdesk is part of the service provided to the clients. This would thus be termed as mandatory communicaton. We would not however process or re-process, distribute, duplicate or share any mandatory information shared with us to any individual, third party or anyone else under any conditions. All employees of ours have a legal Non-Disclosure Agreement signed with us and so are legally barred from disclosing any information as well.

9. Right to Data Portability:

As we currently host our only billing system within Europe, we have already covered our customers right to keep their data in Europe.

10. Right to Object:

Customers have the right to object and request removal or modification of any data stored during the period of the service. You can file a written objection to us by sending an email to info@servermanagement.app if the client area options do not faciliate the change you want to do.

11. Mandatory Data:

Our services cover certain mandatory aspects of data sharing which cannot be completely blacked out. The storage of such data is purposeful and needed for proper rendering of the service the customer has paid for. Examples of Data and Purpose are seen below:

Email Address = Communication related to service and billing
Client Name = Needed for Invoicing and prevention of Anonymous Invoicing
Company Name = Needed for Invoicing
Country = Needed for Identification of EU and Non- EU client
Invoices = Needed for Taxation purposes

12. Disclosure of Data to Law Enforcement:

We may disclose any data stored with us to established Law Enforcement Agencies if needed.

13. Auto-Cleanup of Client data:

As per the new guidelines, we would clean up and remove all data related to cancelled client accounts as soon as taxation and accounts clearences and calculations are filed.

14. Other Required Changes:

We are working with a lawyer from Europe to get GDPR Certified. Any changes that are further needed apart from what have been done so far would be updated on our privacy policy page from now on.