This document discloses the data protection and privacy practices for Cloudsis Limited (we) including:
Who are we?
Why do we need your data?
What personal information do we collect about you, and when do we collect it?
Lawfulness of our Processing
What do we do with your data?
For how long does Cloudsis keep personal information?
What are your rights?
How can I find out what personal information Cloudsis holds about me?
Data breach notification
1. Who are we?
We are Cloudsis Limited. a provider of software, support, consultancy and cloud solutions, registered in England with number 09074486. We will be what’s known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location-based information.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), the company responsible for your personal data can be contacted at http://www.cloudsis.com/contact-us.
We have developed this policy because we want you to feel confident about the privacy and security of your personal information. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
3. Why do we need your data?
We need to know your basic personal data in order to provide you with on-going organisational and software updates as well as support services. We will not collect any personal data from you we do not need in order to provide and oversee our products/services to you.
4. What personal information do we collect about you, and when do we collect it?
Our primary goal in collecting personal information from you is to provide you with a smooth, efficient, and personalised experience while using our services. This allows us to provide services and features that most likely meet your needs, and to customise our service to make your experience easier and quicker.
What do we collect? We may ask you for information to enable us to provide a product or a service to you and we collect this information by telephone, written correspondence or via a website/email. We may collect and use some or all of the following types of personal information: names, email addresses, addresses, telephone numbers, preferences and usage of the services or products (including when used, who used by and how used). We may also ask you for other information that relates to the service you are using or ordering as for example, we may need your bank or credit card details to charge you for certain services.
Where do we collect it from? We may collect the personal information from:
A. Information you give us. This is information about you that you give us by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you complete the “Contact us” form on our website, participate in seminar/webinars or other social media functions on our website, enter a competition, promotion or survey and/or when you report an issue with software or cloud services. The information you give us may include your name, address, e-mail address and phone number and company name.
B. Information we collect about you from your use of our website. With regard to each of your visits to our website we will automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
D. If you enter into any of our competitions or promotions, we may ask for information about you, which will be made clear at the time you enter. We will also inform you of the purposes for which the information you provide may be used.
E. We may ask you from time to time about what use you make of the services we provide, what other services you would like us to provide in the future, and for other information.
F. Information contained in Annual Maintenance Contracts or Support Agreements, as well as any form filled in to request products/services.
G. Information about your Support Queries entered directly in our Support Portal or via our support email.
H. While providing support or consultancy services on behalf of the client, we may have temporarily access to data backups containing personal information.
5. Lawfulness of our Processing
- Contractual necessity: Rec.44; Art.6(1)(b)
It is lawful to process personal information about you if it is necessary for the entry into, or performance of, a contract with the data subject or in order to take steps at his or her request prior to the entry into a contract.
-Consent Rec.32, 42, 43; Art.6(1)(a)
It is lawful to process personal information if the data subject has consented to the processing.
-Compliance with legal obligations Rec.45; Art.6(1)(c), 6(3)
It is lawful to process personal information about you if necessary for compliance with a legal obligation under EU law or the laws of a Member State.
- Legitimate interests: Rec.47, 48; Art.6(1)(f)
It is lawful to process personal information if it is necessary for the purposes of legitimate interests pursued by the controller (or by a third party), except where the controller's interests are overridden by the interests, fundamental rights or freedoms of the affected data subjects which require protection, particularly where the data subject is a child.
6. What we do with your data
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information is located on cloud servers within the European Union or in the US always with verified providers which comply with the EU GDPR requirements.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
A. Sharing Information
Information can be shared with other associated companies of the group if required to fulfil a request. No third parties have access to your personal data unless the law allows them to do so.
We use both explicit consent (32, 42, 43; Art.6(1)(a)) and Legitimate Interest (Rec.47, 48; Art.6(1)(f)), as methods for contacting businesses and individuals who we feel would benefit from our products and services, as specified under GDPR. In a situation where explicit consent is not available, we will carry out a Legitimate Interest Assessment to ensure that we balance the interests of our organisation against the individual’s interest.
We may use any data we hold to contact people we believe will have an interest in our solutions via email, phone and direct mail.
However, we absolutely respect an individual’s desire to remove their consent from our marketing activities or their personal data from our records entirely. If you feel we have misunderstood your consent or your potential interest and would like to exercise your rights, then please do not hesitate to contact us via http://www.cloudsis.com/contact-us
C. Software Backups
Sometimes Software data backups are required in order to investigate a Support issue or as part of a Consultancy Project. This data will be always stored within a GDPR compliant system, used only for the specific purpose of the project and subsequently deleted as soon as it is no longer required for the purpose for which it was originally required.
7. For how long does Cloudsis keep your personal information?
The time period for which we keep information varies according to what the information is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed.
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.
8. What are your rights
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at http://www.cloudsis.com/contact-us
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office.
How can you access, amend or take back the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us at http://www.cloudsis.com/contact-us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
we may ask you to verify your identity, or ask for more information about your request; and
where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
Right to erasure: In certain situations, you have the right to request us to delete your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. If you would prefer us not to do this, you are free to say so.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority.
If your interests or requirements change, you can unsubscribe from our marketing content by clicking the unsubscribe link in the email.
9. How can I find out what personal information Cloudsis holds about me?
If you want specific information please tell us and give us any relevant information to enable us to locate the information about you because this will speed up our reply.
You can make a formal request if you want to know what personal information Cloudsis holds about you. In this case, please put your request in writing and send it to us via http://www.cloudsis.com/contact-us
10. Data breach notification
The data that we store is protected with the highest levels of security, however in the event of a data breach following the GDPR requirements you would be notified within 72 hours after Cloudsis have become aware of the breach.
A "cookie" is a text file which is allocated by our server to your personal computer (PC) when you visit our website.
In addition to Google Analytics, our website uses software for web analytics. That system uses “cookies” and those help us analyse how visitors use our website, allowing us to continually improve to best meet our visitor's needs. The information generated by the cookie about your use of the website (including your time and duration of visit, which pages you visited, browser used, IP address etc) will be stored within a GDPR compliant provider and won't be shared with third parties.
This website also uses Google Analytics remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future.