Data Privacy Policy
Data Privacy Policy
CloudRemote.io ApS is a consulting company, offering cloud computing consulting services to our customers.
CloudRemote.io ApS owns and operates the website CloudRemote.io
At CloudRemote.io users can register as consultants and upload files like a Curriculum Vitae (CV) and add non-sensitive information. It is possible to register a company user, and, in this case, only non-sensitive information can be uploaded.
CloudRemote.io ApS do not intentionally process sensitive personal data, however, we do process CV´s and they may contain sensitive information.
CloudRemote.io ApS use a range of external cloud-based service partners, whom we have entered into a Data Processing Agreement (DPA) with, to assure that our partners comply with the General Data Protection Regulation (GDPR).
We take the GDPR seriously, with specific focus on the damage that we can potentially cause a candidate by exposing personal data. We have written this page to help you understand our privacy policies, why we collect data, how we use it and how we protect it.
Our goal is to explain how to update, manage, export and delete your data. As required by the GDPR, when you use our services you can exercise your rights at any time and in total transparency.
Data Controller and Data Processor
As data controllers and processors, we guarantee compliance with the rules concerning the protection of personal data. We provide all useful information about the processing of data, both information communicated directly and voluntarily, and any information collected by the system while navigating on the sites and using our services.
Appointed DPO
Appointed Data Protection Officer for CloudRemote.io ApS is CISO Allan A. B. Thomsen – email: dpo@CloudRemote.io
Data provided voluntarily for the use of the services
When you use our services or browse on our website, our system log files may collect information about you, such as:
Your IP addresses
Your operating system
Your ID and your browser type
Your location
Even your browsing activity on our site can be traced, through:
Tracking technologies (such as Google Analytics) or similar on our website that are used to analyse trends, administer the website, track how users use the website and propose targeted advertising
Cookies, to optimise your browsing preferences.
For your peace of mind, we specify that these data are not accompanied by any additional personal information and are only used to:
Derive anonymous statistical information
Control usage needs
Determine responsibility in the event of hypothetical computer crimes
Track requests for assistance to ensure the rapid delivery of comprehensive solutions
Learn how and when you use our services, applications and software to improve them, both for you and for all our users.
Personal data provided voluntarily for the use of the services
In many cases we collect information that you voluntarily provide to fulfil a request, specifically when:
You sign up to use our services and software
Request support from our support team
Write to us by email
Complete a contact form (or other form)
Integrate services with another website or web service
Communicate with us in any way (including by telephone)
This information may include your name and surname, your client name, physical address, email address, telephone number, details of gender, occupation, location, purchase history and other demographic information.
By providing this information, you consent to the fact that it is collected, used, can be transferred to the United States and stored by our partners, as described in our DPA and this Privacy Policy.
Consent to the processing of data
In expressing or denying consent you must consider:
The need to comply with the legal obligation to which CloudRemote.io is subject as the data controller
The need to execute a contract to provide a service in which you have expressed an interest
Possible pre-contractual measures to execute requests for quotes
You will always be able to give your consent by a positive and unequivocal act in which you express your free, specific and informed intent to accept the processing of personal data about you.
Depending on the situation, “positive and unequivocal act” means:
A written paper declaration
A communication through electronic means (for example, forms completed online) or paper
An oral communication with a registered procedure
If the communication takes place by completing a contact form (or any other form) on the website, you must actively select a specific box that clearly indicates that you have intentionally accepted the proposed treatment. In other cases, you will have to check a box printed on a paper form, or you must expressly state the word “YES” during an oral communication in response to a request by the person in charge of the processing of your data. The action will be recorded and will be proof of your consent
You may at any time decide to avoid processing data according to the rules of the GDPR and the conditions of opportunity.
Data retention – Times and methods of treatment
We will keep your information for as long as your account is active or for the time necessary to provide our services.
We may also retain and use your information to comply with our legal obligations, resolve disputes, prevent abuse and enforce our agreements.
The data we collect to meet our contractual obligations, and the information about how and when you use our services are stored in active databases, log files or other types of duly protected and encrypted data storage systems.
In particular:
All data that you submit will be stored in cloud services, provided by our partners with whom we have entered into DPA (Data Processing Agreement) with.
CloudRemote.io is not required to store all your data forever and have the right to delete your profile and your personal information in case we terminate the service or the company.
Purpose and goal of data processing
We process your information to pursue our mutual goals, applying appropriate safeguards to protect your privacy.
The main purpose of collecting personal data is to offer a safe, optimal, efficient and personalised service. To achieve this goal, we inform you that we pursue legitimate interests, as foreseen by article 6 of the GDPR on the lawfulness of data processing: “It is also a legitimate interest of the data controller concerned to process personal data strictly necessary for fraud prevention purposes. It may be considered legitimate interest to process personal data for direct marketing purposes.”
We assure you that your data will be used only for the following purposes:
To promote the use of our services. When you request information or register for free services, leaving us your data, we may contact you by phone or send you an email:
To ask for your feedback;
To propose that you register for one of our services or software.
If you already use one of our services (free or paid) and we believe you could benefit from using another service or software, we could send you an email about that opportunity or contact you to send you information and promotional content in compliance with your marketing preferences.
To invoice or send payment notices. We may use your information to send you emails with invoices, receipts, or insolvency notices. We use third parties to process credit card transactions securely and send invoicing data to those third parties to process your orders and payments.
To send you system notification messages. You may receive communications regarding services or CloudRemote.io software you use. The purpose is to notice you in case of:
Temporary or permanent changes to our services or software
Change of conditions of use
Scheduled breaks
New features
Notices of abuse or data breach (also called “data breach”)
Updates and changes to our Privacy Policy
To aid. We may communicate with you to aid and support regarding the services and software used.
For legal reasons. You may receive communications from a legal nature, such as compliance with court orders.
To provide information to representatives and consultants, including lawyers and accountants. We may need to use your information to comply with the legal, accounting or security requirements as described by law.
To respond to legitimate requests from public authorities. If a public authority were to make a legitimate request, motivated by compliance with national security requirements or by law enforcement, your data could be used.
To transfer your information in the event of sale, merger, consolidation, liquidation, reorganisation or acquisition. In this case, any purchaser will be subject to our obligations under this Data Protection and Privacy Policy, including access and selection rights. We will notify you of the change by sending you an email or posting a notice on our website.
Recipients of the data
The personal data that we collect are meant to provide CloudRemote.io´s commercial, accounting and technical assistance services.
Personal data cannot be transferred to third parties for marketing purposes without your explicit consent. The disclosure to third parties of personal data, which you have provided us, can only take place in the following cases:
With permission from you;
At the request of competent legal authorities for judicial inquiries or in the context of a judicial dispute.
Right of access, rectification, and opposition
We have established mechanisms and procedures that, at any time and for legitimate reasons, guarantee you the ability to:
Oppose the processing of data
Request cancellation, modification or updating of all your personal information in our possession.
CloudRemote.io also lets you change your data whenever you want by accessing your profile through our portals or by contacting us at the email address indicated contact page of the website to which the specific service refers.
You can unsubscribe from our newsletter or choose not to receive commercial communications via email. Just use the unsubscribe link included in every email.
You can forward requests for the cancellation, modification or updating of all personal information electronically using the appropriate forms or by informing us by email.
These requests will be processed within a maximum period of 30 days, unless there is a justified delay.
Right to be forgotten
We have generated all the necessary procedures to guarantee your right to be forgotten, which allows you to correct your personal data.
In response to your legitimate request we will delete your data which will no longer be subjected to any type of processing. Nor will we use your data for any purpose other than those necessary for which the data were previously collected or processed.
You have the right to withdraw your consent or oppose the processing of data if you believe that the latter does not comply with this regulation.
To take advantage of this right you will have to prove that you are eligible to make the request by sending us documents proving your identity. Please remember to explain your decision.
Once we have received your communication, we will respond as soon as possible to confirm and demonstrate the cancellation of your data.
Right to data portability
To further strengthen the control of any data processed automatically, you will have the right to receive a copy of the data you have provided to us.
The data will be available in a structured format, commonly used and readable by an electronic device (such as computers, smartphones, tablets, etc.)
The files with your personal data can be transmitted to another similar data controller, ensuring your right to data portability.
Right of withdrawal of consent to data processing
If you no longer wish to receive our promotional emails, you can follow the instructions for removal from our contact list included in each email.
How to exercise your rights as a data subject
You may wish to exercise your rights as a data subject. These rights are not absolute and therefore a request to exercise certain rights will not always result in the requested action.
A request for records or other request related to personal data being processed by CloudRemote.io, must be made in writing by email to gdpr@cloudremote.io.
If you have questions concerning this privacy policy, please email CloudRemote.io's Data Protection Officer at dpo@cloudremote.io. We would appreciate if you informed us if there is anything that you are not satisfied with when it comes to processing of personal data. If you have complaints about our processing of personal data, for example, if you do not think we fulfil your rights as a data subject, you are entitled to contact the supervisory authorities.
You may contact the supervisory authority using the following contact data:
Denmark
Datatilsynet
Borgergade 28, 5.
1300 København K
www.datatilsynet.dk
dt@datatilsynet.dk
You may also contact the supervisory authority in another EU country where you have your habitual residence or your place of work or at the place of an alleged infringement, on the conditions stipulated by law.
Technical measures
CloudRemote.io assigns the utmost importance to the security and integrity of your personal data. In accordance with the GDPR, we commit ourselves daily to take all the necessary precautions to preserve the security of your data and, in particular, to protect them from:
Accidental or illicit destruction
Accidental or illicit loss
Accidental or illicit corruption
Circulation or disclosure to unauthorised persons
Unauthorised access
Unlawful processing
To this end, we have adopted industry-standard technical security measures, including:
A firewall
Proven antivirus and intrusion detection software;
Encrypted transmission of data through SSL / HTTPS / VPN technology.
We guarantee the accuracy and correct use of data:
With appropriate electronic, physical and management procedures to safeguard and preserve the data collected through our services
With the appropriate training of any staff members who have obtained specific authorisation to access the data in compliance with the provisions of the GPDR.
However, there is no absolute defence against piracy attacks or hackers. In the event of a breach of security, we are committed to informing you without undue delay and will work to the best of our ability to neutralise the intrusion and minimise the impact. If you suffer a loss due to a security breach, we are committed to providing you with all the assistance you need to be able to assert your rights.
If a user or a hacker discovers and takes advantage of a security breach, such a person is responsible for prosecution. CloudRemote.io will take all measures, including the filing of a complaint and/or legal action, to preserve the data and rights of its users and ourselves, and to limit any effects.
The measures are those that we adopt for the protection of your data. As the user of our services and software, you must perform the following actions:
Check the authentication of people accessing the data
Use a unique and sufficiently secure password, remembering to change it regularly and to never leave it unattended
Make sure that you take security measures for data that are processed by CloudRemote.io and that you share on non-secure communication channels.
The purpose of these technical measures is to make your data incomprehensible or inaccessible to unauthorised persons.
For any questions related to the security of our services, applications and software, please contact our technical support staff available on our official channels: email, online chat and phone.
Organisational safety systems
All computers used by employees are only accessible using a password that will be updated with regular intervals
Employees is instructed in basic computer safety including phishing and other common hacking techniques
Mails containing sensitive personal information must be deleted after 6 months unless legal reasons are in place, to justify keeping the information for a longer time
Employees are not allowed to forward work-related e-mails to private e-mail accounts
Employees are instructed in CloudRemote.io´s internet policy
Employees are bound by confidentiality, under the employment and when employment is terminated
Employees are instructed that CloudRemote.io can log all activities on company IT systems, browsers and apps
Employees are informed that CloudRemote.io owns all e-mails send and received on CloudRemote.io IT systems or services, unless clearly marked with “Personal” or “Private”.
Data breach management
We will notify the control authority of any violation of personal data, within seventy-two hours of the moment it becomes known.
We distinguish between three types of violations:
Breach of confidentiality— unauthorised or accidental disclosure or access to personal data
Integrity violation— an unauthorised or accidental alteration of personal data
Availability violation— the loss, inaccessibility or destruction, whether accidental or unauthorised, of personal data
If the violation is also related to your data, CloudRemote.io, will notify you in the following ways:
Personally, and directly by e-mail, direct mail or phone
By means of public communication or a similar and effective measure when direct and personal communication involves disproportionate efforts or is impossible due to the incidents nature.
Access to authorised data for customer care and technical assistance
The collected data will be used if it is necessary or instrumental for:
Delivering technical assistance to users for the services provided by CloudRemote.io that affect data controllers or their contact lists
Concluding commercial negotiations by telephone or email;
Direct or indirect commercial advice
Your data may be processed by CloudRemote.io employees or third parties who will be appointed as external processors as appropriate.
Minimisation of data processing and archiving
We have prepared technical and organisational measures to guarantee the principle of minimisation of data processing. Any data processing will always be adequate, relevant and limited to achieving the stated purposes.
The processing of data for statistical purposes, archiving in the public interest, scientific or historical research is subject to guarantees appropriate to the rights and freedoms of the interested party in accordance with the provisions of the GDPR.
Data transfer
Regardless of where your data is processed, we apply the same protections described in these policies, and we also comply with certain provisions relating to data transfer, including those provided for by the EU-US Privacy Shield Framework.
Training
We have created a training plan based on the services we provide, the roles and internal tasks, and instructed staff on data processing and the risks involved.
For training we have considered:
the job, by role and sector
the type of data processing being conducted
In compliance with the GDPR, the certification of training will have a schedule and be updated periodically, based on the effective implementation of corporate procedures.
Supplier Instructions
We will systematically verify that suppliers issue guarantees on compliance with safety standards, and that those guarantees are maintained and updated over time. All service providers enter into a contract with us that protects personal data and limits their use of any personal information consistent with this Privacy Policy.
Complaints
We will respond to any formal written complaints that we receive, first by contacting the people who submitted the complaints. We work with the relevant regulatory authorities, including local data protection authorities, to resolve any complaints related to the transfer of personal data which cannot be resolved directly.
Application of the rules
This Privacy Policy applies to all services offered by CloudRemote.io and to the websites developed by CloudRemote.io. Each service and software collect and processes only the data necessary for correct operation, as described above.
Changes to this Privacy Policy
The Policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from February 1, 2021.