servus.
Back to home

GDPR Commitment

Servus is built EU-first and GDPR-first. This page summarizes our commitment to the General Data Protection Regulation and how it shapes the product.

Last updated 15 June 2026

This is a baseline document we provide for transparency — it is not legal advice. Please have it reviewed by qualified counsel before you rely on it.

Servus and the GDPR

The GDPR sets the standard for protecting the personal data of people in the European Union. As an Austrian company handling business communications, Servus Messaging GmbH designs the platform to support GDPR compliance — for ourselves and for the customers who build on us.

This page is an overview; the operative detail lives in our Privacy Policy, our Data Processing Agreement, and our Security page.

Controller and processor roles

Roles matter under the GDPR. For our account holders and website visitors, Servus is the controller. For the contact and message data customers send through the platform, the customer is the controller and Servus is the processor, acting only on documented instructions. This split is set out in our Data Processing Agreement.

Lawful bases for processing

We process personal data only where we have a lawful basis under Article 6 — typically performance of a contract, our legitimate interests (balanced against your rights), your consent, or a legal obligation. Customers are responsible for having a lawful basis and any required consent for the recipients they message through Servus.

Data-subject rights and how to exercise them

The GDPR gives individuals strong rights over their data. We support these rights and help our customers honor them too.

  • Access and portability — obtain a copy of your data in a usable format.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where applicable.
  • Restriction and objection — limit or object to certain processing.
  • Withdraw consent — at any time, where processing relies on consent.

DPO and contact

We have appointed a Data Protection Officer who oversees our privacy program and serves as a point of contact for data-protection matters. To exercise a right, ask a question, or raise a concern, email [email protected]. If you are a recipient of messages from one of our customers, that customer is the controller, and we will direct your request to them.

Subprocessors and international transfers

We use a limited set of vetted subprocessors to run the platform, each bound by appropriate data-protection terms, and we maintain a current list with advance notice of changes. Where personal data must be transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs) together with supplementary safeguards.

EU data residency and breach response

Servus runs on EU-based infrastructure and keeps customer data within the European Union wherever possible, supporting data residency for European businesses.

We maintain a breach-response process: we monitor for incidents, contain and investigate them, and — where a personal-data breach affects customer data — notify affected customers without undue delay so they can meet their own obligations. We also support our own notification duties as a controller where they apply.

DPA availability and your right to complain

Our Data Processing Agreement is available to customers and forms part of our terms; it sets out the Article 28 obligations, security measures, subprocessor handling, and transfer mechanisms in detail.

You also have the right to lodge a complaint with a supervisory authority. In Austria this is the Austrian Data Protection Authority (Datenschutzbehörde, DSB); you may also contact the authority in your own EU country. We would, of course, welcome the chance to address your concern first at [email protected].