Data Protection Statement

Servant Cities website is owned by Servant Cities, which is a data controller of your personal data.

We have written this data protection statement, which determines how we are processing the information collected by Servant Cities and its subtractors when you use our website or communicate with us by phone and email.

Personal data we process:

If you contacted us, we process all the data shared to us in your message (email, name, profession, employer, other personal data you might share in the content of your message) for the purpose mentioned in your message.
If no purpose is mentioned, we take it you want to initiate a business relation with us and will store your information in Switzerland on servers managed by Infomaniak Network SA.
Please see our list of providers below to properly understand who process your data, this only depends on the medium you first used to contact us, the provider common to every processes is Infomaniak.

If we contacted you, we process personally identifiable data if it was provided to us by someone who referred you or if we found this information publicly available on the website of your organization or one of it's partners.

Our prospection process is organized as follow:

We have a list of websites of organizations to prospect, upon starting prospection, we will look to identify the person to speak to using publicly available information.

• For private companies: We will send a follow up email up to 3 times if you do not respond.

• For public entities: We will send a follow up to 7 times if you do not respond.

• We do not use email finders or other invasive prospection tools, this is a manual process left to moral appreciation of the person and any use of such tools is forbidden to our collaborators or subtractors.

• If we notice the use of such tools, we will take disciplinary measures.

You can object to this process:
-It is your right to ask us to remove your data from our systems and stop prospection right away.
-Please let us know if want us to keep a part of your data (like an email) on a blacklist to make sure we do not contact you anymore, or to ask complete deletion with the risk we might find your information elsewhere and contact you again.

If you have a contract with us, this statement do not apply to you, you are onboarded on a system designed in compliance with the terms of the contract, we will provide you with a data protection agreement.

How long do we process your data:

We might delete your information if it is not relevant for us to keep, please ask us to flag the information if you want us to send you a copy of it before deletion, by default, we will keep any information for a period of 3 years and might extend this period for legitimate interest (eg: in case the data is subject to litigation).

NB: extending legitimate to business interest is common but illegal, we will not do it, they are less ethical companies for that.

Personal data processed by our subtractors:

Hostinger.com

When you visit our website at servantcities.eu, Hostinger automatically collects certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, they collect information about the individual web pages you view, what websites or search terms referred you to the Site, and how you interact with the Site. They refer to this automatically-collected information as “Device Information.” Moreover, they process the personal data you provide to us when you submit the contact form. Alternatively, you can avoid this processing by sending us a direct email to contact@servantcities.eu and request a copy of the information you would normally find on the website.

Hostinger processes information according to the following agreement: https://www.hostinger.com/legal/dpa (the addendum also implements the data processing agreement)

Information processed:

• Browsing information

• Behavior information (navigation and clicks)

• Contact form

• Cookies (only one - See the "Cookies" section)

Infomaniak.com

We use Infomaniak's Kmail service to manage all mailboxes under servantcities.eu, servantcities.org and servantcities.network and any of their subdomains. Infomaniak transports, store and serve the emails you send to us using standard and secure email protocols. The type of data they process might differ depending the content of the email (sender, cc, ccc, subject, body, your mail provider and the reputation of you mail address - for spam protection).

Infomaniak also processes a resume of your calls made to certain phone numbers and automatically sent to our emails by the service withallo.com. Please read the section dedicated to "The Mobile First Company" for more information.

All infomaniak services securely process data in Switzerland according to the following policy: https://www.infomaniak.com/en/legal/general-data-protection-regulation

Information processed

• Emails data

• Withallo call resumes

The Mobile First Company

If you call us on one of these numbers, your call we be processed by the service withhallo.com, managed by The Mobile First Company:

• +3233769907

(Last updated 22th of April 2025)

This is a process implemented for the purpose of supporting coworkers with hearing impairment and a part of our accountability measures for transparence and fair competition in public procurement procedures. Alternatively, you can contact us by email to avoid this processing.

The data is stored up to one month and deleted as soon as processed by an employee of Servant Cities, except if it is our legitimate interest to keep it (as an example but not only: as a proof of work or spoken agreement made in the context of the execution of a contract or to protect us and our employees should they face moral or legal obligation to whistleblow) However, we do not extend this right to a commercial purpose or any kind of intelligence process.

The Mobile First Company is based in France but rely on some processors abroad, including in the US, you can find more information about their data protection practices on their trust center at the following URL:

https://trust.themobilefirstcompany.com/

Information processed

• Calls

• Withallo call resumes

Your rights:

Wether you are an European resident or not, GDPR grants you the following rights related to your personal data, you should also be aware that these rights extend to each of our providers.

• The right to be informed.

• The right of access.

• The right to rectification.

• The right to erasure.

• The right to restrict processing.

• The right to data portability.

• The right to object.

• Rights in relation to automated decision-making and profiling.

If you would like to exercise this right, please contact us to contact@servantcities.eu, it's our pleasure to make things right and redress any wrong we might have participated in doing.

Information security notice:

NB: This information security notice covers the practices in place to secure your browsing data and any data we use during our prospection with you or if you contact us on publicly available channels.

Please tell us about the specific needs of your organization upon negotiating contract or requesting quotation to us. For security reasons, we only disclose measures taken for the execution of our contracts with the impacted customers upon request.

Browsing data

The browsing data is available to Hostinger.com, you can find the security measures they implement here:

https://www.hostinger.com/legal/dpa (the addendum also implements the data processing agreement)

Calls

Calls are processed by public network providers, our employees might work from remote locations and calls are therefore subject to processing anywhere in the world (we might adopt restraining measures for non democratic countries which is left to our appreciation of the risks depending the country, it's current government, and it's relations with non-democratic countries).

More specifically, calls made to the numbers mentioned in the section dedicated to our provider, the Mobile First Company, are processed by them . You an find the security measures they implement here: https://trust.themobilefirstcompany.com/

We do offer secured encrypted communication channels to our customers only.

CRM data

Phone calls resumes, emails, contact informations or other data - including personal data - shared with us during prospection, discovery calls, or technical requirements are stored in Switzerland on our CRM.

Here are some of the security measures we implement:

• HTTP requests SSL encryption (https)

• Double factor authentication (2FA)

• Virtual private network (VPN ) - manual activation when accessing from unknown networks

• Supply chain security alerts subscription

• DNSSEC & renewal warranty

• Automatic backups

• Limited use of cookies (bot prevention only)

• Data protection training

• Our data inventory is automatically updated to reflect operational reality

• We use an open source CRM, the code is audited by 100+ independent contributors from different countries and installed on our ethical cloud provider in Switzerland: Infomaniak

• Prospection process is a less invasive as possible and publicly disclosed in this statement (See the section. "Personal data we process"

• All our subtractors who process personal data have their headquarters in the European Economic Area

Transfers of personal data to third countries or international organizations

All data is processed by us in Switzerland or by the providers mentioned in this document, none of the data we process for our customers as service providers is transferred outside of the European Union Economic Area.

While we store our own systems in Switzerland, data might transit by our collaborators devices in third countries. The people we currently employ live in EU countries or countries that benefits of a GDPR adequacy decision under article 45 (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)

Here is the list of these countries so far:

• Portugal

• Belgium

• South Korea (Republic Of Korea)

(Last updated: 22th of April 2025)

They are requested to use a VPN when working out of their known locations of residence.

Cookies:

• __cf_bm cookie - This is the only cookie installed by our website, it is a security measure provided by default by Hostinger and managed by Cloudflare, subtractor for Hostinger. The cookie is used to secure the service from bot attacks. It is not a tracker https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/#__cf_bm-cookie-for-cloudflare-bot-products

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a request by competent authorities in the EU.

Servant Cities is an activity registered by Simon Mulquin as an independent worker in Portugal under the simple regime (Recibo verdes)

Informations here will bind the company during and after its transition towards becoming a moral person and start to employ people as needed.

Contact information:

If you would like to contact us to understand more about this statement or wish to contact us concerning any matter related to individual rights and your Personal Information, you may send an email to contact@servantcities.eu.

This notice has been last updated on the 22th of April 2025 by Simon Mulquin, Founder of Servant Cities