Last revised: 31st July 2018
CLOUD 100 LIMITED (we/us/our) recognise that we process limited amounts of personal data when providing our services and that we (and our staff) have a duty to keep that data secure at all times.
- Who we are
- We are a UK registered company (number 09009259) and our registered office is at 8 Lincoln’s Inn Fields, London WC2A 3BP. We are an appointed provider of IT support services to our clients. As such, we are a data processor on behalf of our clients (who are the appointed data controllers in relation to your personal data). One such client is New Star Networks Limited (NSN), who reference us expressly in their privacy policy located on their website at http://nsn.co/privacy-policy/.
- We are not presently under a requirement to register with the ICO to process your personal data. Should this position change, we will update this. NSN are, however, registered with the ICO to process personal data that they pass to us and their registration number is Z2598251
- How this policy works.
- This policy sets out how we will process all personal data we receive when providing our services. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 2018 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
- Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or provide your personal data to us after the date of the relevant change.
- By visiting our website at www.cloud100.co (our Website), or by providing your personal data to us through use of our services, you understand, accept and consent to the practices described in this policy.
- For more information relating to your rights under this policy, please see section 7.
- If you have any queries relating to this policy, please contact us at operations@cloud100.co in the first instance
- What data we collect
- In order to provide our support services, we respond to support calls or requests raised with us through a centralised billing and CRM system hosted from UK based data centres by FIDELITY GROUP LIMITED (a UK company with number 06765669), known as “Anvil”. As such, any data we need access to, that is stored on that platform, will be passed to us. This will typically include names, addresses and contact details (typically, a mobile phone number).
- When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings. We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website.
- Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, a separate privacy notice applies and a copy is available on request
- How we collect your data
- As we provide outsourced support functions to our clients, most of your personal data is obtained indirectly either through our clients or our shared access to Anvil on the terms of a written agreement containing appropriate restrictions governing how we use your personal data. It is our client’s legal duty under the Regulation to notify you that we may process some of your personal data for the purposes of performing their contract with you. If you were not aware that we would gain access to your personal data, please notify us immediately in accordance with section 2.5.
- When you correspond with us by phone or e-mail as part of receiving customer support services from us, any of your personal data contained in that correspondence will be retained by us. All of our calls are recorded for training and monitoring purposes.
- What we use it for
- Your personal data is primarily required to enable us to supply you with the relevant services and support you have requested from us or your provider/our client, and to contact you in relation to any enquiries or requests you raise with us.
- During the course of providing our services, we also offer hardware and software monitoring and remote support services (where requested). This requires us to install remote monitoring and management tools on your PCs and servers, and we process the personal data relating to the usage and performance of the relevant hardware and software for these purposes only.
- We disclose your name and email address to The Rocket Science Group LLC d/b/a Mailchimp®, a company registered in the USA (Georgia) to distribute our marketing content to you (where we have your consent to do so). They store our marketing distribution lists on their secure servers located in the USA.
- Technical information we collect about your visit to our Website is used to enable us to:
- personalise and improve its functionality and security (to keep it safe and secure);
- administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
- ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary.
- For those customers who ask us to provide data backup services, any personal data will be backed up on Cloud-hosting solutions hosted by:
- Microsoft Azure (Azure), a solution provided by Microsoft, Inc. (Microsoft). Microsoft complies with international data protection laws regarding transfers of customer data across borders and is certified to EU-U.S. Privacy Shield Framework regarding the processing of information transferred outside of the EU to the US. More information can be found at https://www.microsoft.com/en-us/trustcenter/privacy/where-your-data-is-located; or
- Amazon web servers, a solution provided by Amazon Web Services, Inc. (Amazon). Amazon participates in the EU-US privacy shield and its privacy policy is available at https://aws.amazon.com/privacy/?nc1=f_pr.
As stated, the personal data we have access to is stored primarily on Anvil; a third party’s database and centralised, operational billing platform hosted from the UK. This is to allow us to administer our business relationships and provide our services to customers, more efficiently. As such, your personal data is subject to that database’s retention periods with regard to secure deletion.
- Access to the various parts of Anvil is made available to those staff and members of our team who need to know in order to provide our services to you. All passwords are held securely and any access to back-end servers requires this as well as user-based authentication.
- All staff receive appropriate training on the protection of personal data on induction, and at regular intervals during their time with us. This is to ensure they are aware of your rights, and their obligations, in relation to your personal data, how to keep it safe and secure at all times, and what to do where a breach is discovered.
- Any personal data that is held within Anvil is processed on secure, UK based servers, and all users with access to the data stored within it are bound by appropriate usage licence restrictions preventing the disclosure and unauthorised use of personal data.
- Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.
- In relation to all of your personal data, as we are a data processor you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
- not to process your personal data for marketing purposes (if we decide to do so at any time);
- to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
- to amend any inaccurate data we hold about you;
- to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
- to only process your personal data in limited circumstances, for limited purposes.
- In addition, you will have the right to contact your data controller to exercise the same rights, and we recommend that you do so in the first instance (as they initially obtained the data from you).
- We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
- If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
- Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.