Data Protection Statement
Cloud Business and all its associated companies are compliant with the data protection regulations and Data Protection Act, continually monitor and update policies and processes to ensure continued compliance with Data Protection Legislation and Regulations including the General Data Protection Regulations (GDPR) and Data Protection Act 2018. As part of the various services and products we offer our customers, and this includes system maintenance, we may hold or have access to data that can identify individuals in order to be able to provide our customers with the services, products and support that is agreed through our contracts. In all instances, access to such data is controlled and limited to specific individuals.

Processing Information

Scope and purpose or processing

Personal data is held for the purposes of the provision of IT and telecom services and related products. The personal data held is obtained in support of contractual arrangements and is necessary under the ‘legitimate interests’ pursued by the controller (Cloud Business) as defined in article 6.1 of the GDPR. The facility to opt out of marketing communications remains, but excludes operational or pricing communications.

Nature of processing

Cloud Business does not undertake any automated decision making as defined by article 22 of the GDPR. Data will be processed internally by the marketing department for the purposes of objective and permission-based marketing.

Duration of processing and retention

Cloud Business will maintain personal data for the duration of contracts during the provision of IT and telecommunication services and products. Thereafter, the data will be held for a ‘reasonable’ period, depending on the nature of the relationship with the customer. The data will be deleted when the retention of that data can no longer be justified under the provisions of the Data Protection Act and is not overruled by competing legislation or regulations. The terms against which data are held vary and are dependent on the business cycle, regulations and legislation.

Requests for information

Persons whose data are held by Cloud Business and its associated companies may request their own data. These are called subject access requests.  These should be submitted in writing to our postal address or via email to hello@cloudbusiness.com  We will need to verify the identity of the requestor and in the unlikely event there is substantial cost to Cloud Business in terms of retrieving the data, we may charge a maximum of £10.  The regulations require us to respond within 28 days of the request.

Deletion of information

Persons whose data are held by Cloud Business and its associated companies may request that their data be permanently deleted as stated in Data Protection Regulations and Data Protection Legislation, and such requests will be complied with as soon as practicable where a customer no longer has a relationship with Cloud Business or its associated companies.  Where a requestor continues to have a business relationship with Cloud Business or its associated companies, we may need to ensure that the requestor’s details are replaced with those of an alternative contact to enable the continued effective management of our relationship with our customers and partners.  Any such requests should be submitted in writing to our postal address or via email to hello@cloudbusiness.com. We will need to verify the identity of the requestor in all circumstances.

Types of Personal Data

The personal data held will include: Name, Position, Telephone Number(s), email address.

No ‘sensitive data’ (as defined by the Data Protection Act) or ‘special categories of personal data’ (as defined by the GDPR) are held against any current, former or prospective (wholesale only) customers.

Categories of Data Subject

The data subjects whose data may be held by Cloud Business is restricted to that of existing, former or prospective customers and associated contacts. These data fall under the category of ‘personal data’ and do not include any ‘sensitive data’ (as defined by the Data Protection Act) or ‘special categories of personal data’ (as defined by the GDPR).