This privacy policy describes how CloudSAS collects, uses, shares, and retains:

• Personally identifiable information of customers of CloudSAS for the legitimate purpose of carrying out trading activities.
• Personally identifiable information collected by CloudSAS via its website for the the purpose of understanding the browsing activity of website users.

The privacy policy is effective as of 18 December 2018. The privacy policy will be continuously assessed against new technologies, business practices, regulatory changes and the evolving needs of CloudSAS and the services provided CloudSAS.

By using the Products and Services, Websites or Portals, you consent to the data we collect and how we use and share it in accordance with this Privacy Policy.  If you do not agree with the data we collect and how we use and share it, you should not use the Products and Services, Websites or Portals.

1) Data controller and data processor

The data controller for all personal data collected via CloudSAS’s website is Cloud Storage and Security Limited. This means that we are responsible for deciding what data we collect and how we hold and use your personal data. When acting as a data processor, Carbonite will only process Personal Data in accordance with customer instructions and this Privacy Policy. We implement appropriate data security measures for protecting the data from unauthorised access and loss.

2) Personal Data Collection
2.1) What personal data are used, and where are they obtained from?

CloudSAS customers and users voluntarily provide us with data, including data that can be used to identify, either directly or indirectly, an individual (“Personal Data”) when they purchase or use our products and services (together, “Products and Services”) and access our websites or portals (“Websites” or “Portals”).

Data Provided by Users and Customers

• Name, address, email, telephone number, username and password (collectively “Account Information”)
• Credit card, debit card, banking or other payment information
• Information submitted as a result of completing forms on our Websites or Portals, entering a promotion or survey or subscribing to, commenting on or downloading information from our Websites or Portals
• Customer content stored, processed, maintained or transmitted using our Products and Services
• File system information such as stored file folder names, file extensions, file sizes, and the configuration of any device registered for use in connection with the Products and Services, including any hardware delivered as part of the Products and Services (each a “Device”)
• Technical information as a result of configuring the Products and Services, including IP addresses, browser-type, device-type, internet service provider, referring or exiting pages, operating system, date and time stamp or clickstream data
• Any other information shared with us directly or indirectly through a customer’s or user’s use of the Products and Services, Websites or Portals

2.2) What is CloudSAS’s legal basis?

Our legal basis for processing personal data for CloudSAS’s is to pursue its ‘legitimate interests’ to service its customers specific requirements for data storage and data security.

CloudSaS is a reseller for digital data storage and security products. Customer data stored by means of these products is encrypted and not accessible by us.

2.3) Are personal data shared with anyone to achieve this purpose?

The customers non-personal data are stored on a GDPR-compliant, encrypted and password-protected data centres. No personal data are shared with any third-party.

We limit the access to personal data to only those employees of CloudSAS who have a legitimate business need to have access to the data.

3) Data collected for events, newsletters, updates, and marketing
3.1) What personal data are used, and where are they obtained from?

CloudSAS collects personally identifiable information about individuals from the following sources:

• Information inputted by an individual via our website
• Information inputted by an individual via contractual agreements with CloudSAS
• Information voluntarily provided by an individual via email, telephone, or in face-to-face meetings

For each of the above categories, the information collected includes first names, email addresses, job titles, and telephone numbers.

3.2) What is CloudSAS’s legal basis?

Our legal basis for processing these data is to pursue the ‘legitimate interests’ of the individual. The personal data collected are used by CloudSAS to provide individuals information in relation to CloudSAS’s activities, CloudSAS’s website, other CloudSAS services, customer administration, press releases, to process and respond to queries received from the public or other relevant stakeholders and to send marketing communications.

CloudSAS does not collect personal data about individuals except when there is a legitimate business requirement (e.g. an event), or when such information is provided on a voluntary basis.

3.3) Are personal data shared with anyone to achieve this purpose?

The non-personal data are stored on a GDPR-compliant, encrypted, password-protected online data storage administration system accessed by:

• CloudSAS.
• Our partners who are the ultimate providers of data storage and security software products.

With respect to b) please also see our partners privacy policies:

Data Storage and backup.
https://www.carbonite.com/terms-of-use/privacy-policy/
https://privacy.microsoft.com/en-gb/privacystatement

Security
https://www.pandasecurity.com/uk/homeusers/media/legal-notice/

No personal data are shared with any third-party except if permission has first been obtained from the users.

We limit the access to personal data to only those employees of CloudSAS who have a legitimate business need to have access to the data.

3.4) How long does CloudSAS keep personal data for this purpose?

Personal data will be retained for 24 months after the last activity on your account.

4) Non-personal information collected via CloudSAS website

Users should also be aware that non-personal information and data may be automatically collected through the standard operation of CloudSAS’s web servers, and by the use of cookies technology and/or Internet Protocol (“IP”) address tracking. Non-personal identification information might include the browser used by you, the type of computer, the operating systems, the Internet service providers, and other similar information.

CloudSAS’s web server also automatically gathers information about the top viewed and visited pages and links on our website, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our website, your internet protocol (IP) address, information collected via cookies, the areas you visit on the website, the links you may select from within the website to other external websites and device event information such as system activity, crashes, hardware settings, browser type etc. Most browsers are set to accept cookies.

We use also use Google Analytics analyse non personal data. For more information please see https://support.google.com/analytics/answer/6004245

You can set your browser to refuse cookies, or to alert you when cookies are being sent; however, if you disable cookies, the full functionality of CloudSAS’s websites may not be available to you. The information thus collected enables us to develop and customise our services better to meet your needs and preferences.

Relevant areas of CloudSAS’s website will employ Secure Socket Layer (“SSL”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information collected and retained by CloudSAS

5) Working with other organisations

From time to time, CloudSAS collaborates with other relevant organisations and companies to promote other services that may be of interest to customers and the wider business community. In such cases, CloudSAS does not provide these organisations with any personally identifiable information.

6) Social media

We may use third party provided tools to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by on these platforms. Like other personal data, these direct messages will not be shared with any other organisations.

We also use Facebook to help us identify potential customers

7) Access, review and correction

The General Data Protection Regulations gives you the right to access your personal data held by us (“subject access request”). If you have an established business relationship with CloudSAS, you may request from us a list of the categories of personal information held about you. Subject access requests must be made in writing to the details below. We will endeavour to respond to the request within a reasonable period and in any event within one month as required by the relevant provisions in the GDPR.

When you make a request to access or review the personal data we hold about you, we will request you to verify your identity before the request can be fulfilled.

8) Privacy rights

In addition to the rights of access, review and correction, you have the right to object to your personal data being processed for any particular purpose, or to request that we stop using your information. If you wish to exercise these rights, please e-mail info@cloudsas.co.uk or send a letter marked “Data Protection” to CloudSAS’s offices at Jolly Winds, St Minver, Cornwall, PL27 6RD. If you have further concerns about how we use your personal data, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the data protection authority for the UK. Please visit https://ico.org.uk/ for more details on your data protection rights and how to contact them.

This privacy policy was last updated on 18 December, 2018.