This data privacy/handling policy explains what kind of data do we store and process. It has been documented and written in such a way so that it is compliant with the General Data Protection Regulation, which is in force in the European Union since May 25th 2018. Since Cloudaccess.net has clients in the European Union, we are also required to be GDPR compliant - but we believe that all of our international client base can benefit from the transparency and data protection laws it enables. For your convenience, as much information in this policy as needed will be provided in two forms - a full, formal text and a short, clear description.
About the company
|1.1 We are CloudAccess.net LLC (described as simply CloudAccess.net in the rest of the document), a hosting company with headquarters in Traverse City, Michigan in the United States and with remote employees all around the world, including Poland, India, Vietnam and Belarus. All of our staff has been made aware of these new rules and regulations and will abide by them, with possible exceptions regarding their local laws regarding data processing for tax purposes which the GDPR allows. We are owned by the Cloud Equity Group located in New York, New York in the United States.
|We’re CloudAccess.net, our headquarters are in the United States but we have employees all around the world - all of which are mandated to follow this data privacy and handling policy.
2. The scope of this policy
|2.1 This policy applies to www.cloudaccess.net, your CloudAccess.net user account and all the personal information that are collected upon registration and any further business relationship (or the end thereof) - “personal information” being defined as any piece of data that can be used to identify you as an natural person (meaning you as an individual, as opposed to you as a representative of a legal entity).
|As a rule of thumb, any data you enter into your CloudAccess.net account that can be used to identify you as an individual by cross-referencing a Google search and a Facebook search, it falls under the protection of this GDPR compliant policy.
|2.2 We respect your right to privacy and will only process personal information in accordance with applicable data protection legislation in the EU, the USA (including the Children's Online Privacy Protection Act) and elsewhere.
|2.3 CloudAccess.net works with trusted partners including but not limited to Open Source Matters, ENOM, Perfect Dashboard or Let’s Encrypt to provide you with additional services - as the GDPR is binding to all entities that conduct business in the European Union, these partners also protect any personal data we share with them under the same regulation, according to their respective privacy policies. At any given point you have the right to request of us the full disclosure of what data you provide exactly do we share and with whom.
|We share your data with other trusted entities in order to provide you with additional services like SSL certificates or domain names, and you can ask us about what kind of data do we share with whom at any point you wish.
|2.4 For personal information contained in this policy which is used by CloudAccess.net, CloudAccess.net is the data controller under European Union data protection legislation. For personal information contained in this policy which is used by our Partners in connection with CloudAccess.net services, then the relevant partner(s) will be the data controller under European Union data protection legislation.
3. Children protection
|3.1 We recognise we have a special obligation to protect personal information obtained from children. Legally, children below 16 cannot have a CloudAccess.net account (but their parents/guardians are welcome to sign up themselves) and we do not and will not knowingly collect personal information from any child under the age of 16 without consent from their parent or guardian.
4. What information do we collect
|4.1 Upon registration we will ask you for your first name, last name, e-mail address, a password (which will be encrypted so that we cannot see it) and a security question for security reasons.
|Basically, we will only require from you data that is necessary for us to provide you with a service you require - and you have the full right to demand the erasure of that data once it is no longer needed for us to provide said service.
|4.2 Under specific circumstances we will have to ask you for additional information - for example, we will need you to fill out your address information in order to accept Credit Card payments for security reasons, your phone number if you require callback support and so on. You have the right to request that this data be removed at any point in time if it is no longer necessary for us to provide you with said service.
|4.3 When you use CloudAccess.net services, we may also gather other information such as:
A) Technical details about the devices you use to access CloudAccess.net services, including your Internet and/or network connection (including your IP address); mobile device identifiers; your operating system, browser type or other software; your hardware details; or other technical details provided by your web browser. This is technical data about our users and their actions and patterns, which does not provide personal information. This is used to provide troubleshooting for our features and services which requires the knowledge of the environment in which the issue occured.
B) Details of your usage of CloudAccess.net services, including but not limited to your movements within your client account panel (further called the Cloud Control Panel or CCP), access logs for the CCP, statistical metrics about the features you use and so on.
C) Any data or information stored and sent by the contacts/subaccounts you have under your main client account - meaning the data described in points A and B of this subparagraph. You hereby acknowledge that you are responsible for gaining the consent of the contact/subaccount owner(s).
D) Credit Card details, which are in turn tokenized and encrypted for your protection
E) Any other information we may require to provide you with our services, including e-mail and phone communication, data that we ask you in support tickets.
|We gather information regarding your connection with the CCP and what actions do you take within it in order to provide you with ample troubleshooting in case of an issue - and the same goes for your account’s contacts/subaccounts. We may also ask you for other information on a case-to-case basis as it is needed in the troubleshooting process for our Support Team.
5. The means by which we collect the information
|5.1 All the data we collect from you is either gathered automatically by your account (in respect to data described in paragraph 4.3, points A and B) or by registration forms on our website and inside the CCP. We may also request additional information through support tickets (never on the phone so that the data collection is documented) to provide you with support and troubleshooting on an issue you might have with your website hosted with CloudAccess.net.
6. Legal grounds for data processing
|6.1 All and any information that we gather from you is gathered on a case-to-case basis, depending on the service you require - hosting, domains, SSL certificates, additional hosting resources, CDN and so on. We may also use the information we collect from your CCP activities for marketing and statistical purposes in order to improve our services and the CCP itself.
7. Data storage
|7.1 All and any information that we gather from you is stored and processed on our secure servers or those of our trusted partners and we implement strict technological and procedural measures to keep your data safe and secure.
|The data that we gather is stored on secured servers (either ours or one of our trusted partners) and you can request us to remove or anonymize it at any point. We do keep backups of our billing systems, which include your data, and delete them 3 months after they’re created.
|7.2 We only store your data for as long as we need it to provide you with the services that you require, after which they are either deleted or anonymized. We may keep anonymized data regarding your invoicing - like the amount you paid
|7.3 At any point in time you have the right to request that we delete or obfuscate any data that may be used to identify you as an individual. However, please bear in mind that by doing so, you may be required to cancel a part of the services that we provide you as we may not be able to provide you with that service without that data.
|7.4 For emergency data recovery reasons, we have backups of our billing systems - including the data that we collect from you. Those backups are stored on a separate, secure server and are deleted after 3 months.
8. Usage of your information
|8.1 We will use the information we collect from you in the following ways:
A) To provide you with our hosting service
B) To provide you with domain names as a reseller of ENOM, one of our trusted partners
C) To provide you with the CloudFlare CDN
D) To provide you with the CloudMail mail service
E) To inform you of the changes and updates we process for our services and the CCP
F) To communicate with you regarding past and present issues concerning your account, your website hosted at CloudAccess.net or any other services/products you have with us
G) To improve and modify our service according to popular demand and trends in feature usage
H) In connection with the services of our Partners, such as payment processors, located in and outside the European Union, but only to the extent necessary to provide those services.
I) For security reasons, such as avoiding Credit Card frauds.
|We use the information we collect from you in order to adequately provide you with the services that you require from us and to improve upon said services.
|8.2 We may provide some data that can’t be used to identify you to 3rd parties in order to develop our platform, the CCP and the services we provide in general.
9. Local laws
|9.1 Please be aware that we are subject to various laws and we may be required to release personal information to comply with law enforcement or other legal requirements.
10. Closing remarks
|CloudAccess.net is not responsible for the content or GDPR compliance of the websites hosted with our service.
This policy is subject to change for legal reasons or to reflect changes in our services. If and when this policy is changed, we will inform you via e-mail.