CLOUDRISK Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
“We”, “our” or “us” means CLOUDRISK Limited
Please contact us if you have any questions regarding this policy:
What personal data we collect from you
We collect the following information about you through this website:
- Your name and contact details:
- email address;
- postal address;
- mobile and fixed-line telephone numbers.
- The IP address of the computer or device you are using to access our website (this is a number which recognises the computer or other device used to access the Internet. A web server automatically collects IP addresses and uses them to administer a website).
How we use your personal data
We use your personal information for the following purposes:
- To respond to your enquiries or comments submitted through this website;
- To facilitate your online purchases and for all other administration that may be necessary;
- To inform you about our products and services;
- To manage and administer our business, and for client management and business development purposes;
- To comply with our legal and regulatory obligations;
- To manage our risk, and ensure compliance with our internal policies and procedures;
- To prevent, detect and investigate fraud and other financial crimes;
- To establish, exercise and/or defend legal claims, to protect our business against fraud, theft, other financial or business crimes and/or other criminal activity;
- To monitor and manage communications to and from us using our communications systems;
- To protect the integrity and security of our systems;
With your consent, we use your personal information for direct marketing purposes, including sending you marketing communications about products and related services of CLOUDRISK Limited. Direct marketing includes communications by post, email and telephone calls and such other electronic communication as may become relevant from time to time. You can update your direct marketing preferences at any time by following the instructions in the marketing communication itself, by accessing your online account or by contacting us
Sharing your personal data
We share your personal information with:
- Our legal, tax and other professional advisors, and auditors;
- Tax, government and/or regulatory authorities;
- Prosecuting authorities and courts, and/or other relevant third parties connected with legal proceedings or claims;
- Fraud prevention and/or law enforcement agencies; and
- Third parties where we are required to do so by law.
The recipients set out above may be based in the European Economic Area (EEA) or in countries outside the EEA. The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law. The other countries outside EEA may have different, and sometimes lower, standards of data protection than those in the EEA. However, we require third parties to keep your personal data confidential and secure. We will ensure that suitable protection is maintained at all times by ensuring that appropriate safeguards are in place. But where we are required by law to disclose, we may not always have control over the terms under which we are required to share your personal data. We will make sure that any disclosure is lawful.
CLOUDRISK Limited takes the following measures with respect to the storage of personal data:
- All electronic copies of personal data are stored securely using passwords and data encryption;
- All hardcopies of personal data, along with any electronic copies stored on physical, removable media are stored securely in a locked box, drawer, cabinet, or similar;
- All personal data stored electronically are backed up monthly with back-ups stored offsite. All backups are encrypted;
- No personal data is stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of the Company’s Data Protection Officer and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary;
- No personal data is transferred to any device personally belonging to an employee, agent, contractor, or other party working on behalf of the Company and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
Retaining your personal information
We will retain your personal information for as long as is necessary for the purposes described above.
Our general retention period is 7 years from the date that our relationship with you, or the client with which you are connected, ends. We keep personal data for as long as it is required by us to perform our contractual obligations, or where longer to meet our legal or regulatory obligations.
We may keep your data for longer where this is necessary for statistical and historical research purposes. However, where we do this we will ensure all personally identifiable information is removed where technically feasible. We will maintain the security and protection of any information we hold.
Your Data Subject Rights and how to exercise them
You also have certain rights relating to the personal information we hold about you which are outlined below, they may be subject to various exceptions and limitations. You can exercise these rights at any time by contacting us. We may need to validate your identity to fulfil your request.
You have rights to:
Request access to the information we hold about you (Data Access Request)
You may request access to a copy of the personal information we hold about you.
Object to processing (Right to Object)
You may object to us undertaking automated processes, or fully automating decision making, using your personal data except where used to detect, prevent and investigate fraud and other financial crimes.
Request a copy of your data (Data Portability)
Where you gave us the information directly or via the contract you have with us, and it was processed electronically, you can request the data we hold on you in a commonly used machine-readable format.
Request that your data is deleted (Right to be Forgotten)
You can ask us to delete the personal information we hold about you when it is no longer required for a legitimate business need, legal or regulatory obligations or for the purposes it was collected for.
Amend or correct your information (Right to Rectification)
If you believe that the personal information we hold about you is inaccurate, incorrect or incomplete, please contact us as soon as possible so we can update it.
Restrict the processing of your information (Right to Restrict)
You may ask us to restrict our processing of your data whilst we resolve any complaints you have about the way your data is used, require it for a legal claim or if you think our processing is unlawful but you do not want us to delete your data.
Rights in relation to consent (Right to Withdraw)
At any time, you may withdraw the consent you granted for your personal information to be used for direct marketing.
Making a Data Protection complaint
If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details above.
If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk
For alternate EU Data Protection Authority contacts please see further information on the following link National Data Protection Authorities.