Effective from: May 18th, 2018
1. PRELIMINARY MATTERS
1.1. About Us. Silver Lining Cloud Consulting Limited trading as CloudRanger is a private company limited by shares incorporated in Ireland with company number 549214 and having a registered office at CoLab, Port Road, Letterkenny, Co. Donegal (“we”/ “us”/ “our”/ “CloudRanger”).
1.3. Controller. Under this Policy, and unless the circumstances otherwise require, we will be what is known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.
1.4. Contact Us. If you have any queries relating to this Policy or our privacy practices, please contact us at firstname.lastname@example.org.
2. YOUR PERSONAL DATA AND YOUR RIGHTS
2.1. Access to your Information. We will provide you with a copy of your personal information (as relevant) for free if we receive a request from you for your information. This is regulated by and subject to the GDPR. Any such request should be made in writing and may be sent to by email email@example.com.
2.2. Right of Restriction. You have the right to restrict us from processing personal data where one of the following applies:
2.2.1. you have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
2.2.2. the processing of your personal data is unlawful and you request the restriction of use of the personal data instead of its erasure;
2.2.3. we no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or
2.2.4. where you have contested the processing pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate grounds override those of yours.
2.3. Corrections or Erasure (Right to Rectification and Right to Be Forgotten): If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process personal data, you can request the deletion of personal data. This right will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of such information is carried out for reasons of public interest in the area of public health. You can also request to have your personal information corrected if it is inaccurate. Any request should be made in writing to the e-mail address set out below.
2.4. Right to Object. Where we process personal data on the basis of a legitimate interest claimed by us, you may object to our processing. Should this occur, we will no longer process the personal data unless doing so is justified by a compelling legitimate ground. You may object to the processing personal data for direct marketing purposes and in the event that you do, we will no longer process your information for this purpose. Please see Section 9 (Marketing Communications) for further information. If you wish for us to stop processing your data for direct marketing purposes please email firstname.lastname@example.org.
2.5. Data Portability. Where we process personal data by automated means (i.e. not on paper) you have the right to receive your personal data (as applicable) in a structured, commonly used machine-readable format and have us transfer that personal data to another controller.
2.6. Profiling. You have the right not to be exposed to a decision based only on automated processing, including profiling, which produces legal effects.
2.7. More important information. Additional information about the type of information we collect from you, the reasons we collect it and what we do with it is set out in more detail below.
3. THE INFORMATION WE COLLECT
3.1. We will collect and process the following data about you:
3.1.1. Information you give us.
This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, register for, subscribe to or use the Services, search for a product, place an order on our Site, participate in discussion boards or other social media functions on our site and/or when you report a problem with our Site. The information you give us may include your name, address, e-mail address and phone number, job title, financial and credit card information, billing contact email address, VAT number, personal description and sign up survey answers.
When using the Site and/or the Services, you may input or otherwise provide us with the personal data of your customers, clients, suppliers or other existing or prospective sales or business contacts or partners, including for example, their names, email address, company name, job title, phone number and other contact details, appointments and other meeting arrangements (“Your End Customer Data”). You are responsible for the completeness and accuracy of Your End User Customer Data. You understand that Your End User Customer Data will be subject to and processed in accordance with this Policy.
3.1.2. Information we collect about you. With regard to each of your visits to our Site we will automatically collect the following information:
a) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you use the application and other performance data which may be subject to analytics software; and
b) information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us.
3.1.3. Information we receive from other sources.
In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this Site or on the Services. We will also have told you for what purpose we will share and combine your data.
3.1.4. No special categories of personal data.
We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR, unless you decide to provide such information to us. We may use this information to make user profiles and to personalise the Site to your particular interests.
4.1.1. Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site.
4.1.2. Our cookies will record the number of user sessions on this website and track the number of users who return to the Site.
4.1.3. While most browsers automatically accept cookies, you are free to accept or reject our cookies or to ask your browser to indicate when a cookie is being sent, provided your browser permits.
4.1.4. If you choose to refuse our cookies or ask for a notification each time a cookie is being sent, this may affect your ease of use of the Site.
4.1.5. The information created by using cookie technology does not, and cannot be used to, identify or contact you.
4.1.6. The Site may also include tracking pixels, which are small graphic images, in our email messages and newsletters to determine whether the messages were opened and the links were actually clicked.
5. WHAT WE DO WITH YOUR INFORMATION
5.1. We use information held about you in the following ways:
5.1.1. Information you give to us. We will use this information:
a) to provide you with the information, products and services that you request from us;
b) to set up and administer your account for the Services;
c) to perform our obligations arising from any contracts entered into between you and us;
d) to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
e) where you have given us your consent to do so, to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you;
f) to notify you about changes to the Services; and
g) to ensure that content from our Site is presented in the most effective manner for you and for your computer.
5.1.2. Information we collect about you. We will use this information:
a) to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
b) to improve our Site to ensure that content is presented in the most effective manner for you and for your computer or device;
c) to allow you to participate in interactive features of the Services, when you choose to do so;
d) as part of our efforts to keep our Site safe and secure;
e) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
f) where we have your consent to do so, to make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
5.1.3. Information we receive from other sources.
On occasion we may receive information form external source, as an example Google. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5.1.4. How long we keep your information.
6. DISCLOSURE OF YOUR INFORMATION
6.1. You agree that we have the right to share your personal information with:
6.1.1. Any member of our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014.
6.1.2. Selected third parties including:
a) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services;
b) where we have your consent to do so, advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
c) where we have your consent to do so, email marketing service providers, to send marketing communications to you from time to time by email about promotions, competitions, updates and new products or services that may be of interest to you;
d) analytics and search engine providers that assist us in the improvement and optimisation of our Site;
e) payment and delivery services; and
f) content management platforms.
6.1.3. We will disclose your personal information to third parties:
a) in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
b) if CloudRanger or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
c) if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or to apply our Terms of Service and other agreements.
d) to protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the Site and Services.
7. INTERNATIONAL TRANSFERS
Local Servers: Your personal data is stored on servers based in the USA.
Transfers outside the European Economic Area (“EEA”). Personal Data may be transferred to our partners and service providers who maintain their servers outside of the EEA where the privacy laws may not be as protective as those in your jurisdiction. Any transfer of personal data will be in accordance with Chapter V of the GDPR.
8. SECURITY OF YOUR INFORMATION
8.1. Acknowledgement and Disclaimer. We take our security responsibilities seriously, using the most appropriate physical and technical measures and require our hosting partner to use the same standard of care. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. These are described in more detail below.
All information you provide to us is stored on our secure servers. All transactions will be encrypted at rest and in transit. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
8.3. Data Storage. The data we collect in order to provide our services is stored on secure servers hosted on AWS US East1, a service provided by Amazon Web Services (AWS). You can read more about AWS’s security policy at https://aws.amazon.com/security/. Note your own customer’s data remains within your own AWS region and therefore is always within the bounds of your own security policy.
8.4. Data Backup. CloudRanger maintains data replicas of its database to ensure durability. CloudRanger’s live database is in the US East1 region. A live replica is kept in the same region in a second availability zone and another is kept in the US West2 region. Daily backups are taken in the event of catastrophic data loss. All environments are housed within a private Virtual Private Network (VPN).
8.5. Data Encryption. All data storage & transit initiated by CloudRanger, within the customer AWS account, will be encrypted at rest and in transit using Server Side Encryption (SSE) & SSL termination respectively.
8.7. Restricted Access. Our servers are run in an isolated private network. Access to the production environment where your personal data is stored is limited and is held by us. Only dedicated staff have access to our servers and this is a ‘need to access’ basis. If a customer is having issues with their account, and they require CloudRanger support to resolve the issue, special access requirements to the customer account will be requested by CloudRanger. This access will be provided by the customer by adding a CloudRanger employee to their CloudRanger organisation. That access should be removed by the customer on resolution of the issue. CloudRanger, by default, will not have access to customer data located on client AWS resources.
8.8. Development and Operations. New features and updates are developed and released on development servers prior to being pushed live to the main production environment. Extensive testing is undertaken by the CloudRanger team to ensure all new features are working correctly and the performance of the Site and Services is maintained.
8.9. Performance monitoring applications. The overall performance of the Site and Services is very important. In order to maintain an uninterrupted service, our servers are constantly monitored and a dedicated team are alerted immediately in case of any service disruptions.
8.10. Password and Authentication. Connection to the Services environment is via TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified verified using a unique token created at login. Email address is the unique identifier in the Services. If there are repetitive failed attempts at logging in, then the account is blocked temporarily for up to 1 day.
9. MARKETING COMMUNICATIONS
9.1. General. Where you have given us your consent to do so, we may also use your data to send marketing communications to you from time to time about promotions, competitions, updates and new products or services that may be of interest to you.
9.2. Your right to withdraw your Consent. If you change your mind at any time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at email@example.com or if received by email, by unsubscribing when you receive an email marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
9.3. Email marketing service providers. Some of our marketing communications may be sent by email. The servers and offices of these email marketing service providers may be located outside the EEA so if you choose to receive marketing communications from us by email, this means that your personal data may be transferred to, stored, or processed outside the EEA.
10. THIRD PARTY MATERIAL
11. CHANGES TO THIS POLICY
Any changes made to this Policy from time to time will be published at the Site and, where appropriate, notified to you by email. Should any change to this Policy result in personal data being used in a way which is different from that made known to you at the time it was collected, we will notify you to determine whether or not we may use your personal information in this new way.
12. QUESTIONS AND COMPLAINTS.
Contact Us. Should you have any questions or complaints relating to this Policy, please contact us at:
Supervisory Authority. We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.