Privacy Policy | Servermillion

Privacy Policy

Section 1: Introduction and Scope

  • This Privacy Policy ("Policy") constitutes a legally binding framework governing the collection, processing, storage, and disclosure of personal data by Servermillion B.V., a private limited liability company (besloten vennootschap met beperkte aansprakelijkheid) duly incorporated and validly existing under the laws of the Netherlands, with its registered office and principal place of business at Saffierborch 18, 5241 LN Rosmalen, Noord-Brabant, Netherlands, registered with the Dutch Chamber of Commerce (Kamer van Koophandel, "KvK") under number 88526461 ("Servermillion," "we," "us," or "our"), in connection with the provision of hosting-related services ("Services").
  • This Policy applies to all personal data collected from:
    • Clients and entities utilizing Servermillion Services, including but not limited to Domain Names, Web Environments, Email Environments, Compute Instances, Elastic Containers, Bare Metal Cloud, IPv4 Addresses, IPv6 Addresses, BYOIP, IPv4 Marketplace, SSL Certificates, Proxy Services, Cloud Backup Service, and Reseller Environments.
    • Visitors to our website.
    • Users accessing the Servermillion Portal or other Service interfaces.
    • Subscribers to marketing communications or updates issued by Servermillion.
    • Individuals engaging with Servermillion for inquiries, support, or other interactions.
  • By accessing or utilizing the Services, you irrevocably and unconditionally acknowledge and consent to the collection, processing, and storage of your personal data as set forth in this Policy, subject to the maximum extent permitted by Dutch law and the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). Servermillion reserves the unilateral right to enforce this Policy in a manner that prioritizes its operational and commercial interests, consistent with mandatory legal obligations.
  • This Policy does not govern the data practices of third-party websites, services, or entities linked from our platform, and Servermillion disclaims any responsibility therefor. You are advised to review their respective privacy policies independently.

Section 2: Categories of Personal Data Collected

2.1 Data Provided by You

  • Servermillion may collect personal data directly provided by you in connection with the Services, including but not limited to:
    • Contact Information: Full name, email address, telephone number, and postal address.
    • Business Information: Company name, Dutch Chamber of Commerce (KvK) number, VAT identification number, and professional title or role.
    • Account Information: Username, encrypted password, and authentication credentials for accessing the Servermillion Portal.
    • Payment Information: Billing details (e.g., bank account or credit card information), payment method, and transaction records.
    • Communications: Correspondence, inquiries, or support requests submitted via email, the Servermillion Portal, or other channels.
    • Compliance and Verification Information: Identity documents (e.g., government-issued IDs, business registration certificates) required for regulatory compliance or significant transactions, as determined by Servermillion at its sole discretion.
    • Reseller Data: Contact or operational details of Reseller Customers provided by Customers utilizing Reseller Environments, solely to the extent necessary for service provisioning.

2.2 Data Collected Automatically

  • Servermillion automatically collects certain data when you interact with our website or Services, including:
    • Log Data: Internet Protocol (IP) address, browser type, operating system, access timestamps, and device identifiers.
    • Usage Data: Pages accessed, session duration, actions performed (e.g., service configurations), and resource utilization metrics.
    • Cookies and Tracking Technologies: Data collected via cookies as outlined in Section 7 (Cookie Policy).

2.3 Data from Third-Party Sources

  • Servermillion may acquire personal data from third-party sources, such as:
    • Publicly accessible registries (e.g., KvK) for business verification purposes.
    • Third-party service providers assisting with payment processing, fraud prevention, or compliance verification, subject to contractual data protection obligations.

Section 3: Purposes and Legal Bases for Processing Personal Data

  • Servermillion processes your personal data for the following purposes, each grounded in a legal basis under GDPR, as determined at Servermillion’s discretion:
    Purpose Description Legal Basis
    Service Provision Administering and delivering the Services, including hosting, account management, billing, and support via the Servermillion Portal. Performance of a contract (Article 6(1)(b) GDPR)
    Security and Fraud Prevention Ensuring the security of our infrastructure and Services by detecting and preventing fraud, unauthorized access, or abuse. Legitimate interest (Article 6(1)(f) GDPR)
    Compliance and Verification Verifying identities and ensuring compliance with Dutch and EU laws (e.g., AML, tax regulations) for significant transactions or reseller activities. Legal obligation (Article 6(1)(c) GDPR)
    Marketing and Communications Sending updates, newsletters, or promotional content related to the Services, solely with your explicit prior consent. Consent (Article 6(1)(a) GDPR)
    Legal and Tax Compliance Fulfilling obligations under Dutch law (e.g., tax record retention) and responding to lawful requests from authorities. Legal obligation (Article 6(1)(c) GDPR)
    Service Improvement Analyzing usage data to enhance the functionality, performance, and user experience of the Services. Legitimate interest (Article 6(1)(f) GDPR)
  • Failure to provide personal data necessary for the purposes outlined above may result in Servermillion’s inability to deliver the Services or fulfill contractual obligations, and Servermillion reserves the right to suspend or terminate access accordingly, without liability.

Section 4: Disclosure of Personal Data

  • Servermillion may disclose your personal data to the following recipients, at its sole discretion:
    • Affiliated Entities: Entities within Servermillion B.V.’s corporate structure for operational, support, or compliance purposes.
    • Service Providers: Third parties providing payment processing, cloud hosting, fraud prevention, or other ancillary services, bound by data processing agreements compliant with GDPR.
    • Regulatory Authorities: Competent Dutch or EU authorities to comply with legal obligations, such as tax audits or law enforcement requests, as determined by Servermillion.
    • Business Transfers: Successor entities in the event of a merger, acquisition, or asset sale, subject to equivalent data protection standards.
  • Servermillion shall not sell, rent, or otherwise commercially exploit your personal data to third parties for purposes unrelated to the Services, except as expressly permitted by law or with your explicit consent.

Section 5: Data Retention and Security

  • Servermillion shall retain your personal data only for the duration necessary to achieve the purposes set forth in Section 3, comply with Dutch legal obligations (e.g., tax retention periods of seven (7) years under Article 52 of the Dutch State Taxes Act), or resolve disputes, as determined at Servermillion’s sole discretion.
  • Personal data shall be stored and transmitted using encryption and other industry-standard security measures, with access restricted to authorized personnel under stringent controls, as implemented by Servermillion at its discretion.
  • Upon expiration of the retention period, Servermillion shall securely delete or anonymize your personal data in accordance with GDPR requirements, unless retention is mandated by Dutch law, with Servermillion reserving the right to determine the method and timing of such actions.

Section 6: Your Data Protection Rights

  • As an individual within the European Economic Area (EEA), you are entitled to the following rights under GDPR, subject to Servermillion’s interpretation and application within the bounds of Dutch law:
    • Right to Access: Request confirmation of whether your personal data is processed and obtain a copy thereof (Article 15 GDPR).
    • Right to Rectification: Demand correction of inaccurate or incomplete personal data (Article 16 GDPR).
    • Right to Erasure: Request deletion of your personal data where it is no longer necessary or processing is unlawful, subject to legal retention obligations (Article 17 GDPR).
    • Right to Restrict Processing: Limit processing under specific conditions (e.g., contested accuracy) (Article 18 GDPR).
    • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes (Article 21 GDPR).
    • Right to Data Portability: Receive your personal data in a structured, machine-readable format for transfer to another controller (Article 20 GDPR).
    • Right to Withdraw Consent: Revoke consent for processing (e.g., marketing communications) at any time, without affecting prior lawful processing (Article 7(3) GDPR).
  • To exercise these rights, you must submit a written request to legal{{ session('APP_NAME') }}.nl. Servermillion shall respond within one (1) month, extendable by two (2) additional months for complex requests, as permitted by Article 12(3) GDPR, and reserves the right to refuse requests deemed unfounded, excessive, or contrary to legal obligations, without liability.

Section 7: Cookie Policy

7.1 Definition and Purpose

  • Cookies are small text files stored on your device by Servermillion to facilitate the operation, security, and performance of our website and Services, as determined at Servermillion’s sole discretion.

7.2 Cookies Utilized

  • Servermillion employs the following essential cookies, necessary for the functionality and security of the Services:
    Cookie Name Purpose Duration
    XSRF-TOKEN Ensures security by preventing cross-site request forgery (CSRF) attacks. Session only
    laravel_session Identifies a session instance for a user. Session only
    _session Stores session data to maintain user login state and preferences. Session only
    remember_web_{identifier} Allows "Remember Me" function to keep users logged in. 5 years
    _token Used to validate form submissions for security purposes. Session only
    _GRECAPTCHA Used by Google reCAPTCHA to provide risk analysis and prevent bot access. 6 months
    rc::a Persistent cookie for distinguishing between humans and bots. Permanent
    rc::b Session cookie for distinguishing between humans and bots. Session only
    _cw_session Maintains chat sessions across pages. Session only
    auth_data Stores authentication data for login sessions. 1 year
    __cf_bm Cloudflare bot management cookie. 30 minutes
    cf_clearance CAPTCHA completion verification by Cloudflare. 30 minutes
  • Servermillion may employ the following analytics cookies to monitor performance and usage data, subject to your explicit prior consent:
    Cookie Name Purpose Duration
    _ga Google Analytics - Unique user tracking. 2 years
    _gid Google Analytics - Session tracking. 24 hours
    _gat Google Analytics - Request rate limiting. 1 minute
    _hjSessionUser_{site_id} Hotjar User ID tracking. 1 year
    _hjIncludedInPageviewSample Determines inclusion in analytics sample. 30 minutes

7.3 Managing Cookies

  • You may manage or reset your cookie preferences at any time via the Servermillion Portal or your browser settings. To reset cookies immediately, use the following option:
  • Essential cookies are mandatory for the operation of the Services and cannot be disabled. Analytics cookies shall only be activated with your explicit consent, revocable at Servermillion’s discretion via the aforementioned methods.

Section 8: International Data Transfers

  • Servermillion may transfer your personal data to countries outside the European Economic Area (EEA) where necessary for service provision (e.g., cloud hosting or payment processing), subject to Servermillion’s sole discretion and compliance with GDPR safeguards, including:
    • Implementation of EU Standard Contractual Clauses (SCCs) to ensure equivalent data protection standards.
    • Obtaining your explicit consent for specific transfers, where required by law.

Section 9: Amendments to this Policy

  • Servermillion reserves the unilateral right to amend, modify, or supplement this Policy at its sole discretion, effective upon thirty (30) calendar days’ prior written notice via email, the Servermillion Portal, or any other method deemed sufficient by Servermillion. Continued use of the Services post-amendment constitutes your irrevocable acceptance of the revised Policy.

Section 10: Contact Information

  • For inquiries, complaints, or to exercise your data protection rights, contact Servermillion at:
    • Servermillion
    • Saffierborch 18, 5241 LN Rosmalen, Noord-Brabant, Netherlands
    • Email: [email protected]

Section 11: Acceptance and Enforcement

  • By accessing or utilizing the Services, you irrevocably acknowledge and agree to be bound by this Policy in its entirety. Should you dissent from any provision herein, you must immediately cease use of the Services, with Servermillion reserving all rights to enforce this Policy to the fullest extent permitted by Dutch law.