USER PRIVACY NOTICE
Last Updated: 22.01.2024
TABLE OF CONTENTS:
- ABOUT THIS PRIVACY NOTICE
- PERSONAL INFORMATION WE COLLECT
- PURPOSE AND LEGAL BASIS OF THE PROCESSING
- HOW LONG WE KEEP YOUR PERSONAL INFORMATION
- HOW WE SHARE YOUR DATA
- YOUR CHOICES AND RIGHTS
- HOW WE PROTECT YOUR DATA
- PERSONAL DATA PROTECTION AUTHORITY
- HOW TO CONTACT US
- CHANGES TO THIS PRIVACY NOTICE
ABOUT THIS PRIVACY NOTICE
This Policy explains how CLOUD TECH SOLUTIONS LTD, UIC 205932074 (referred to as “We”, “Us” or “Our”) processes your personal data. “Personal Information” or “Personal data” means any information that allows someone to identify, or reasonably link to, you directly or indirectly. When we describe “processing” of Personal Information, we mean how we collect, use, share, and retain Personal Information.
PERSONAL INFORMATION WE COLLECT
We process the personal data of the following data subject categories:
|
Customer |
Customers are all individuals who are using our paid or free services, including our free document generator |
|
Email Subscribers |
Email subscribers are all individuals subscribed to our email newsletter or other email communication |
|
Website visitor |
Website visitors are all individuals visiting our website |
We process the following categories of personal data:
|
Analytical data |
anonymized IP address, website sessions, duration of sessions, visited links, User Agent, etc.; We process analytical data about the user experience on our Website and while using our Service. We collect analytical information only after receiving your consent. You can opt-out at any time. Data collection: – Automatically collected data – Directly from the Data Subject We aren’t receiving personal data from 3rd parties. |
|
Email Subscriber’s data |
The data includes email, name and/or information about preferences; The personal data is collected with the purpose to send emails to subscribers.. Email subscribers can unsubscribe at anytime using the “unsubscribe” button Data collection: – Directly from the Data Subject We aren’t receiving personal data from third parties. |
|
Identification and communication data |
The data may include names, email, and address; Identification data is processed to identify the data subject, to enter into a contract and/or communicate in regard to the used services. Data collection: – Directly from the Data Subject We aren’t receiving personal data from third parties. |
|
Payment information |
The data includes the due or completed payment amount, date of payment and payer; The personal data is collected to track due and completed payments. Data collection: – Directly from the Data Subject – Data received from a 3rd party We receive personal data from: – Payment Service Providers
|
PURPOSE AND LEGAL BASIS OF THE PROCESSING
We process personal data only where there is one or more of the following legal bases:
|
Consent from the data subject |
the data subject has given consent to the processing of his or her personal data for one or more specific purposes; |
|
Performance of contract |
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; |
|
Legal Obligations |
processing is necessary for compliance with a legal obligation to which the controller is subject; |
|
Legitimate Interest |
processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. |
|
This Privacy Notice covers the following services:
|
|
|
Privacy Assistant |
Software as a Service compliance solution helping businesses get compliant with privacy regulations such as the GDPR, CPRA, etc. (referred to as “Privacy Assistant”). Website: http://conformally.com; The Service is available as Web application. More information about the service and the terms of use at http://conformally.com/terms |
|
Privacy Navigator |
Resource hub and free document generator available at https://conformally.com/privacy-navigator/ (referred to as “Privacy Navigator”. The Service is available as Web application. More information about the service and the terms of use at http://conformally.com/terms |
IMPORTANT! Customers may act as Data Controllers when using our services. In this case, we are Data Processor. For more information about the data processing and our obligations please see our Terms of Service.
We process your personal data for the following purposes:
|
Purpose |
Legal basis and notes |
|
Accounting |
– legal obligation Our legal obligations are under the Bulgarian taxes laws such as VAT Act, Corporate Income Tax Law, etc. Processed personal data categories: – Payment information
|
|
Customer Support |
– performance of a contract Personal data is processed for the provision of the following services: – Conformally GDPR Processed personal data categories: – Identification data – Payment information
|
|
Email Marketing |
– consent Processed personal data categories: – Email Subscriber’s data
|
|
Personalised Advertisement |
– consent Processed personal data categories: – Analytical data
|
|
Website Analytics |
– consent Processed personal data categories: – Analytical data
|
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We keep your personal data only as long as necessary to achieve the purpose it is processed for. A full list of the purposes for which we process personal data can be found above.
We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
Here are some of the categories of our retention periods:
After expiration of the applicable retention periods, we will either delete or anonymize your personal information
HOW WE SHARE YOUR DATA
We share personal data with the following 3rd parties:
|
Accounting Service Providers |
We may share personal data with Accounting Service Providers to fulfill our legal obligations to maintain diligent accounting and comply with legal and tax requirements Shared personal data categories: – Identification data – Payment information
|
|
Ad Service Providers |
We share information with Ad Service Providers so they can serve ads to the most relevant audience who is interested in our services Shared personal data categories: – Analytical data
|
|
Analytics Service Providers |
We share information with Analytics Service Providers to be able to analyse the data we have collected Shared personal data categories: – Analytical data
|
|
Communication Service Providers |
We share information with Communication Service Providers to be able to coordinate our team operations Shared personal data categories: – Identification data
|
|
Email Marketing Service Providers |
We share information with Email Marketing Service Providers to be able to send emails and newsletters Shared personal data categories: – Email Subscriber’s data
|
|
Government Institutions |
We may share personal data with government institutions to perform our legal obligations such as accounting. Shared personal data categories: – Payment information – Payroll data
|
|
Infrastructure and cloud service providers |
We share data with infrastructure and cloud service providers to be able to provide our services and maintain our operations Shared personal data categories: – Identification data – Job Candidates Application
|
|
Payment Service Providers |
We may use Payment Service Providers to be able to receive and make payments Shared personal data categories: – Payment information
|
We share personal data internationally with subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.
Whenever we transfer personal data internationally, we use tools to:
– make sure the data transfer complies with applicable law
– help to give your data the same level of protection as it has in the EU
To ensure each data transfer complies with applicable EU legislation, we use the following legal mechanisms:
– Standard Contractual Clauses (‘SCCs’). These clauses require the other party to protect your data and to provide you with EU-level rights and protections.
– Adequacy Decisions. This means that we transfer personal data to countries outside of the European Economic Area which have adequate laws to protect personal data, as determined by the European Commission. Such countries are United Kingdom, Canada, Japan, Republic of Korea and Switzerland.
We also identify and use additional protections as appropriate for each data transfer.
YOUR CHOICES AND RIGHTS
Here are your rights as a data subject:
|
Be informed |
Be informed of the personal data we process about you and how we process it.
We inform you: ● through this Policy ● through information provided to you as you use our Service ● by answering your specific questions and requests when you contact us |
|
Know/ Access |
Request to know and access the personal data we process about you.
To request a copy of your personal data you can contact us. |
|
Correction |
Request that we amend or update your personal data where it’s inaccurate or incomplete.
You can edit your User Data by contacting us or by using your user profile |
|
Deletion |
Request that we delete certain of your personal data. For example, you can ask us to delete your personal data: ● that we no longer need for the purpose it was collected for ● that we process based on the legal basis of consent, and you withdraw your consent ● when you object (see section ‘Object’ below) and ● you make a justified objection, or ● you object to direct marketing There are situations where We are unable to delete your data, for example when: ● it’s still necessary to process the data for the purpose we collected it for ● Our interest in using the data overrides your interest in having it deleted. For example, where we need the data to protect our services from fraud ● We have a legal obligation to keep the data, or ● We need the data to establish, exercise or defend legal claims. For example, if there’s an unresolved issue relating to your account
To delete your personal data you can contact us. You can also see more details in the section “HOW LONG WE KEEP YOUR PERSONAL INFORMATION“ |
|
Restriction |
Request that we stop processing all or some of your personal data. You can do this if: ● your personal data is inaccurate ● our processing is unlawful ● we do not need your information for a specific purpose, or ● you object to our processing and we are assessing your objection request. See section ‘Object’ below You can request that we stop this processing temporarily or permanently.
You can exercise your right to restriction by contacting us. |
|
Object |
Object to us processing your personal data. You can do this if: ● We are processing your personal data on the legal basis of legitimate interests, or ● We are processing your personal data for tailored advertising.
To exercise your right to object, you can contact us |
|
Data portability |
Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service. You can request us to transmit your data when we are processing your personal data on the legal bases of consent or performance of a contract. However, We will try to honor any request to the extent possible.
For information about how to exercise the right to portability, see ‘Access’ above. |
|
Not be subject to automated making |
Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
We don’t perform automated decision making including profiling. |
|
Withdrawal of consent |
Withdraw your consent to us collecting or using your personal data. You can do this if We are processing your personal data on the legal basis of consent.
To withdraw your consent, you can: ● adjust the relevant control ● contact us |
|
Lodge a complaint with a supervisory authority |
You have the right to lodge a complaint with a supervisory authority if you believe any of your rights have been violated
See the contact details of the data protection authorities below. |
Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Our response time
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.
HOW WE PROTECT YOUR DATA
We take the privacy and security of your Personal Information, including information considered sensitive, seriously. Our cybersecurity team actively works to maintain the integrity, confidentiality and availability of our Services and our policies and protocols are focused on protecting your Personal Information. We consistently strive to improve our defenses in the ongoing battle against threat actors. That said, no method of transmission over the Internet, or method of electronic storage, is fully secure, and We cannot guarantee the security of your Personal Information. Our security, safety, and privacy features are provided on an “as-is” basis. As such, their effectiveness and error-free operation cannot be guaranteed, and we cannot ensure absolute confidentiality, anonymity, or personal safety.
In the event that we are required by law to inform you of any unauthorized access to your Personal Information, we may notify you electronically or in writing in accordance with applicable law.
PERSONAL DATA PROTECTION AUTHORITY
- Authority: Commission for Personal Data Protection
- phone number: 00359 2 915 3580
- email: kzld@cpdp.bg
- address: 2, Prof. Tsvetan Lazarov blvd. Sofia 1592, Bulgaria
- Website: http://www.cpdp.bg/
You can find a full list of the Data Protection Authorities under GDPR here.
HOW TO CONTACT US
We welcome your comments, questions, or complaints regarding this Privacy Notice, our use of your Personal Information, or our response to your requests regarding your Personal Information. Please contact us using by one of the following ways:
- send us an email at privacy@conformally.com, or;
- fill this form, or;
- by post at 27 Lyuben Karavelov Str., Sofia, Bulgaria.
CHANGES TO THIS PRIVACY NOTICE
The latest version of the policy will govern our use of your Personal Information. We may revise this policy from time to time. If we determine, in our sole discretion, that the changes we make to this policy are material, we will notify you in advance.