Privacy Policy —
Plain Language, No Surprises

1. Who this policy applies to

This policy applies to information VSERV Infosystems collects through our website (vservinfosystems.com), our managed-service platforms, our customer support channels, our marketing communications, and our recruitment process. It does not cover information our customers process inside their own environments — that's governed by the Data Processing Agreement (DPA) we sign with each customer.

2. Information we collect

2.1 Information you give us

• Contact details (name, work email, phone, company) submitted through our website forms or sales conversations.
• Account credentials and role information when you're set up as an authorised contact on a customer engagement.
• Support ticket content, including any data you choose to attach when raising an incident.
• Application data when you apply for a job or a partner programme with us.

2.2 Information collected automatically

• Standard web-server logs (IP address, browser, referrer, pages viewed, timestamps).
• First-party analytics on aggregated, pseudonymised page traffic.
• Session telemetry from our managed-service tooling — only on systems we are explicitly contracted to manage.

2.3 Information from third parties

• Publicly available company information enriched by B2B data providers, used to qualify inbound inquiries.
• References supplied during recruitment, with the applicant's permission.

3. How we use information

We use the information we collect to:

• Respond to your inquiries and provide the services you've engaged us for.
• Authenticate and authorise access to systems and platforms we operate.
• Monitor and improve the security, performance, and reliability of our services.
• Comply with legal, regulatory, and contractual obligations.
• Send relevant operational notifications and, where you've consented, marketing communications you can unsubscribe from at any time.
• Improve the website experience — which posts are read, which pages convert.

We do not sell personal information. We do not share personal information with advertising networks. We do not use customer data to train AI models.

4. Legal basis (for processing under GDPR / UK GDPR)

Where the GDPR applies, we rely on the following legal bases:

• Contract: processing necessary to provide the services you've engaged us for.
• Legitimate interests: running our business, securing our systems, qualifying inbound sales conversations, and recruiting talent.
• Consent: for marketing emails and any optional analytics that goes beyond first-party measurement.
• Legal obligation: where we must retain or disclose information under applicable law.

5. Who we share information with

We share information only with:

• Sub-processors who help us deliver our services — cloud infrastructure, observability, communications, payroll. A current list is available on request and in our DPA.
• Customers whose data we process, in the manner specified by our agreement with them.
• Professional advisors (legal, audit, insurance) under contractual confidentiality.
• Authorities when legally compelled — and only the minimum necessary, with the customer notified unless prohibited by law.

6. How long we keep information

We keep personal information only as long as we need it for the purposes described in this policy, then we delete or anonymise it. Specifically:

• Sales-inquiry data: retained for up to 24 months from the last interaction, or until you ask us to delete it.
• Customer engagement records: retained for the duration of the contract plus 7 years for audit and tax purposes.
• Support ticket content: retained for 36 months from ticket closure.
• Job application data: retained for 12 months after the recruitment decision, unless you ask us to keep it longer for future roles.
• Marketing-subscription data: retained until you unsubscribe.

7. Your rights

Depending on where you live, you have the following rights:

• Access — get a copy of the personal information we hold about you.
• Rectification — correct anything that's wrong.
• Erasure — ask us to delete information we no longer need.
• Restriction — limit how we use your information.
• Portability — receive your information in a structured, machine-readable format.
• Objection — tell us not to process your information on legitimate-interest grounds.
• Withdraw consent — at any time, for processing based on consent.

To exercise any of these, email privacy@vservinfosystems.com. We respond within 30 days.

8. How we protect information

VSERV is independently audited against SOC 2 Type II and ISO/IEC 27001. We use encryption in transit and at rest, multi-factor authentication on every privileged account, least-privilege access controls, and quarterly tabletop incident-response exercises. Our full security posture is described in our Trust Center.

9. International transfers

VSERV operates globally. When personal information crosses borders, we use the European Commission's Standard Contractual Clauses (SCCs) and UK addendum where appropriate, plus supplementary technical and organisational measures aligned with EDPB guidance.

10. Cookies & analytics

This site uses only the cookies strictly necessary for the page to function (navigation, mega-menu state) and first-party analytics measured in aggregate (page views, scroll depth, time on page). We do not use third-party advertising cookies. You can disable cookies in your browser without losing access to the site.

11. Children's privacy

VSERV's services are intended for businesses, not individuals under 16. We do not knowingly collect personal information from children. If we discover that we have, we delete it immediately.

12. Contact us

For any privacy-related question, contact our Data Protection Officer at privacy@vservinfosystems.com. You can also reach us by post at VSERV Infosystems Inc., 818 Library Street, Suite 500, Reston, VA 20190, USA.

If you are in the European Economic Area and believe we have not handled your data correctly, you have the right to lodge a complaint with your local supervisory authority.