The purpose of this privacy policy is to give you a clear explanation about how we use the personal information we collect from you whe you use our website www.cloud-automate.co.uk. It is important that you read it full to understand the information we need to collect from you, how we will use it and how you can access, update and delete your personal information. It should be read together with our Terms and Conditions.
We are the data controller of your personal data i.e. CLOUD AUTOMATE LTD with its registered office in London, address: 220c Blythe Road, London, England, W14 0HH, entered in the register of entrepreneurs under company number 16458855, whose registration files are likely to be kept by Companies House in London, operating through the GHL Platform.
The Controller takes care to ensure a high standard of protection of the visitors, interested parties and subscribers to www.cloud-automate.co.uk. This Privacy Policy, hereinafter the ‘Policy’, sets forth the rules for the collection, processing and use of the personal data of the website’s visitors, interested parties and subscribers.
In our activities, CLOUD AUTOMATE commits to complying with this Policy and with the requirements of the provisions of the law in force, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter ‘GDPR’) and the Polish Act on Personal Data Protection of 10 May 2018.
I. Definitions
Whenever this Policy mentions:
processing – this means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
personal data – this means any information relating to an identified or identifiable natural person (‘data subject’). This includes the data of visitors, interested parties and subscibers;
processor – this means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
profiling – this means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
pseudonymization – this means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
visitor – this means a person browsing the website www.cloud-automate.co.uk
interested party – this means a person who has submitted an inquiry by clicking ‘get started with 30 min free consultation’ via www.cloud-automate.co.uk;
subscriber – this means a person who has opted to receive marketing emails (newsletter).
II. Categories of data processed
The Controller collects and processes the following categories of personal data (without limitation):
Personal Data: We collect personally identifiable information, such as your name, email address, phone number, and payment details, when you register on our site, place an order, or subscribe to our newsletter.
Usage Data: We automatically collect information about your visit to our website, including your IP address, browser type, access times, and pages viewed.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to track the activity on our website and hold certain information.
Visitor – the computer’s IP address, pages opened, duration of the visit, number of the various page views, number of visits, referral source; however, these are only used for statistical purposes and to improve the website’s contents – use of Google Analytics, Microsoft Clarity and, if the user uses portable devices, then the identification data of that device, data of the ISP and the subscriber’s data; however, these shall only be used for statistical purposes or to ensure the correct operation of the website;
SMS Disclaimer:
SMS messages are sent by Cloud Automate. Cloud Automate is a marketing services provider. We provide account notifications (alerts that you can configure) and customer support messages (information on your order/service and help if you ever need guidance during the process). When you consent to receive messaging from Cloud Automate, you are providing it only to Cloud Automate, not any third parties. Your SMS opt-in data will never be shared/sold to third parties. By opting into messaging from Cloud Automate regarding customer support and marketing messages, you understand that our message frequency may vary, you may reach out to m.galan@cloud-automate.co with any questions, message and data rates may apply, and can reply “STOP” to opt out from messaging from Cloud Automate.
SMS Program Details
By providing your phone number through our website forms or other communication channels and explicitly opting in, you consent to receive recurring informational and promotional text messages from Cloud Automate LTD. These messages may include service updates, appointment reminders, marketing offers, and other relevant business communications.
Message frequency may vary depending on your interaction with our services, but you can generally expect to receive messages on a periodic basis. Message and data rates may apply depending on your mobile carrier and plan.
Your consent to receive SMS messages is not a condition of purchase. You may opt out of receiving messages at any time by replying “STOP” to any message. For assistance, reply “HELP” or contact us at m.galan@cloud-automate.co.
Your SMS opt-in information will not be shared, sold, or disclosed to third parties for their marketing purposes.
Non-sharing Clause:
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
III. Legal basis and purpose of data processing
The legal basis for data processing is:
consent – your freely given consent for data processing (Article 6(1)(a) GDPR) concerning a request submitted the contact via clicking ‘book a call’;
requirements of the contract – Article 6(1)(b) GDPR – data processing is necessary for conclusion and perfomance of marketing services contract and in order to provide electronic services in the field of sharing visitors/ interested parties of content collected on our website (Article 6(1)(b) GDPR);
compliance with a legal obligation – Article 6(1)(c) GDPR – the data processing is necessary in order to comply with the Controller’s legal obligation, such as tax obligations, storing documentation for the limitation period, obligations under Polish Civil Code and other legally binding regulations;
the Controller’s legitimate interest – Article 6(1)(f) GDPR – including, without limitation, improving the quality of services and adapting them to the needs of the interested parties, subscibers and visitors, responding to your requests, making the website and the services more effective, safeguarding the security of the Controller’s website, sending out the newsletter and marketing the Controller’s own products.
The provision of personal data is voluntary but is required in order to be able to use the Controller’s services provided via www.cloud-automate.co.uk. In the majority of cases, we obtain the data directly from you via our website, which you visit, and by tracing your activity on it, as well as your provision of the data necessary in order to register an account and authenticate your identity on our website.
The personal data of persons visiting the Controller’s website shall be processed starting from your visit to the website. If you do not accept this Policy, please cease any further activity and leave the site.
You are not subject to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
In order to provide our marketing automation and CRM implementation services, we may use third-party platforms and tools, including marketing automation and customer relationship management software. These platforms may process certain user data on our behalf in order to deliver services such as lead management, communication automation, appointment scheduling, and marketing analytics.
We only work with reputable service providers that implement appropriate security and data protection measures. Personal data is processed only to the extent necessary to provide our services and in accordance with applicable data protection laws.
IV. Your rights
In the context of the processing of your personal data, you have the following rights:
✓ right to access the data – the data subject has the right to receive from us confirmation that the subject’s data are indeed processed by us, or not, and if so, then to demand access to their own personal data. Information about access includes, without limitation, the purpose of data processing, the categories of data processed and the recipients or categories of recipients to whom your data have been or shall be disclosed. This is not an absolute right, however, and your right of access may find some limitations due to the interests of other people. You have the right to receive a copy of your data being processed.
✓ right to have the data rectified – the data subject has the right to require the Controller to rectify the data subject’s personal data without delay when such data are inaccurate;
✓ right to be forgotten – the data subject has the right to require the Controller to erasure the subject’s data without delay, and the Controller has the obligation to delete such data without unnecessary delay if one of the legal grounds for this is met;
✓ right to restrict the processing – the data subject has the right to require the Controller to restrict the processing in the following cases:
- the data subject disputes the accuracy of the data – for a period allowing the Controller to verify the accuracy of such data;
- the processing is unlawful and the data subject opposes the deletion of the data, instead requiring that the processing be restricted;
- the Controller no longer needs the data for the purposes of the processing, but the data subject needs the data for the purpose of determining, pursuing or defending themselves against claims;
- the data subject has lodged an objection against the processing – until it can be determined whether the Controller’s legitimate reasons override the data subject’s objection;
✓ right to object – the data subject may at any time object to the processing in the light of the subject’s individual situation. This is not an absolute right, and in some situations it shall not apply; for example when the processing is necessary in order to protect a right in judicial proceedings;
✓ right to data portability – the data subject has the right to receive the personal data in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance from the Controller, after meeting certain requirements specified by the provisions of the law;
✓ right to lodge an objection with the supervisory body – the data subject has the right to lodge an objection with the supervisory body, which in this case is the Polish President of the Personal Data Protection Office. You can exercise this right when you believe that we are processing your data without justification or not in compliance with the provisions of the law in force.
If you want to exercise any of the above-described rights or you have any questions concerning the processing of your data, please contact us at (e-mail): m.galan@cloud-automate.co or (by registered mail): London, address: 220c Blythe Road, London, England, W14 0HH
For security reasons, we may require your requests to be made in written form. We have the right to decline your requests if we have reasonable grounds to believe that they are unfair, impossible to comply with or could threaten the privacy of others.
If you believe that we are processing your personal data in violation of the provisions in force, you always have the right to lodge an objection with the supervisory body – President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, Polska.
V. Data transfer
If necessary, the Controller may transfer your data to the following third parties for processing:
business partners, banks, payment operators – if necessary in connection with our business activity, especially for the purpose of performing our contracts with such third parties, providing services and ensuring the appropriate standards of performance and compliance with the provisions of the law and safety requirements, communicating with you and with third parties, meeting financial obligations and responding to your requests and legal demands;
data processors (processing entities)
The Controller may enter into written data processing contracts with another entity (processor). The right to enter into such contracts arises from the provisions of the law.
Processors may include, without limitation: IT service providers, marketing service providers, auditors, accounting firms, outsourced workforce providers, companies offering analytical toolscustomer service software providers, CRM providers, e-mail operators (Microsoft Corporation), server hosting providers.
Processors shall be contractually required to implement appropriate technical and organisational measures in order to protect the data of interested persons and users and to process such data only in accordance with the Controller’s instructions.
Please be informed that our business partners – certain processors – may have their registered seat outside the European Union or European Economic Area (EEA), especially in the United States of America, Switzerland.
We always verify such partners to make sure they provide a high standard of personal data protection. Such guarantees arise in particular from membership of EU/US Data Privacy Framework of 10 July 2023, Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland or Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries.
Moreover, your personal data may be disclosed to competent public authorities if required by the current provisions of the law.
Data Security
The Controller implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include, without limitation, data encryption, secure servers, access control mechanisms, and regular monitoring of systems for potential vulnerabilities and attacks.
Access to personal data is restricted only to authorised personnel and service providers who require such access to perform their duties. All such parties are obligated to maintain the confidentiality and security of personal data.
While we take all reasonable steps to protect your personal data, please note that no method of transmission over the Internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your data.
VI. Storage period
Having regard to the overriding principles of the GDPR and especially the principles of restricting the purpose, storage and scope of data, we process your data only for a period no longer than necessary to achieve the purposes of processing and no longer than permitted by the provisions of the law. After achieving the purpose of processing, your data shall be erasure, as long as the provisions of the law allow this to be done. Depending on the legal basis for processing, different storage periods may be applied.
Your data shall be stored until the statute of limitation runs out on any claims or until the legal obligation to store your data expires (especially obligations arising from the Polish Civil Code, The Tax Ordination Act).
The personal data of interested parties shall be stored until they withdraw their consent or until the Controller’s response (as long as this is possible in the light of the provisions of the law). Users’ personal data shall be stored for the duration of the contract, until the claims expire and for 3 or 6 years after the end of the business relationship/collaboration.
VII. Age policy
Our services are not intended for persons younger than eighteen (18) years of age. We have no intention of processing their personal data. If you are younger than 18, do not use our Services and do not send us any information about yourself. If we become aware that we have
been processing the personal data of a person younger than 18, we shall erasure such data as soon as possible.
We reserve the right to change or update this statement from time to time. Please check our online and mobile resources periodically for such changes since all information collected is subject to the statement in place at that time.
The Privacy Policy was last updated on 17.02.2024