Compliance

Privacy Shield

ServerCentral has adopted a Privacy Shield Policy to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that ServerCentral obtains from Customers located in the European Union and Switzerland.

ServerCentral complies with the US-EU Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Individual Customers in the European Union member countries and Switzerland. ServerCentral has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there are any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

The Federal Trade Commission (FTC) has jurisdiction over ServerCentral’s compliance with the Privacy Shield.

All ServerCentral employees who handle Personal Data from Europe and Switzerland are required to comply with the Principles stated in this Policy.

By using this Website, placing an order with ServerCentral on this Website or through other means, clicking the “buy” button, or checking the terms and conditions box, you agree to the ServerCentral Terms and Conditions set forth in the Privacy Shield Policy, including, without limitation, the Privacy Policy itself.

GDPR

ServerCentral complies with GDPR through both our participation with Privacy Shield (outlined in our Privacy Shield Policy), as well as the information-collection disclosures included in this Policy.

We utilize servers located in the United States as well as the European Economic Area (EEA) and Asia to collect, store, and process the data we collect, all of which are based within areas where the EU has determined adequate data protection laws are in place to protect your data.

We reserve the right to keep network logging data for a period of time adequate to ensure network security and safety for the systems we use and host customer data on in any country. Pursuant to regulatory, legal, and security requirements in Chapter 2 of the General Data Protection Regulation, this timeline is determined based on the type of data, the security implications of storing the data, the legal requirements ServerCentral must meet with the data, and the privacy of the individual referenced in the data.

We take the security of our data very seriously and have a responsibility to the individuals we hold data on behalf of on our systems and servers. Please refer to our Privacy Shield Policy for more specifics on the security measures we put in place to protect your data on our systems or the following headings below to review what kind of data we keep and the process to request, review, change, or remove data we hold.

Type II AT-101 SOC 2 Audit

ServerCentral’s annual Type II AT-101 SOC 2 audit serves as the foundation for helping customers meet their own compliance requirements, including PCI and HIPAA.

A Type 2 Report and Auditor’s Opinion is issued annually and contains:

  • Management’s description of controls and the auditor’s opinion that the description of controls defined in the Trust Service Principles-100 fairly present the system and their operation, for a specific time period.
  • Management’s description of the controls defined in the Trust Service Principles-100 as they relate to the controls objectives in the system were suitably designed during the specified time period to achieve the system’s objectives.
  • Management’s description of the controls defined in the Trust Service Principles-100 as they relate to the controls objectives in the system operate according to that design during the specified time period to achieve the system’s objectives.

To request a copy of ServerCentral’s audit report, email compliance@servercentral.com.

PCI DSS

ServerCentral’s annual Type II AT-101 SOC 2 audit serves as the foundation for helping our customers meet PCI DSS compliance requirements.

HIPAA

ServerCentral’s annual Type II AT-101 SOC 2 audit serves as the foundation for helping our healthcare customers meet their HIPAA compliance requirements.

We also regularly enter into Business Associate Agreements (BAAs) to support our customers.

Still need help? Send us a note!

Questions, comments or complaints regarding ServerCentral’s compliance can be mailed or emailed to:

ServerCentral Legal Department
111 W. Jackson Blvd. Ste. 1600
Chicago, IL 60604 USA
compliance@servercentral.com

ServerCentral

© 2018 ServerCentral