Cloud Technology Solutions Ltd
Lowry House
17
Marble Street
Manchester
M2 3AW
Last modified September 2019
We have created this privacy statement in order to demonstrate our firm and continuing commitment to the privacy of personal information provided by our customers when installing and using CloudM Manage a Solution of Cloud Technology Solutions Ltd. We hold the privacy of your personal information in the highest regard. The following discloses our information gathering and dissemination practices for CloudM Manage.
We recognize the importance of protecting your privacy and our policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us and to assist you in making informed decisions when using CloudM Manage. This policy will be continuously assessed against new technologies, business practices and our Customers’ needs.
CloudM Manage are committed to protect Customer Subjects’ privacy and the confidentiality of Customer Subject data to the maximum extent permitted by law and/or accepted by industry standards.
Our Privacy Policy explains:
The Customer is the Data Controller.
Cloud Technology Solutions Ltd. is the Data Processor.
CloudM Manage will only store information about Customer Subjects where the Customer has chosen to install, activate and configure CloudM Manage within their Google G Suite Domain.
It is the Customer’s responsibility to (a) ensure that Personal Information is dealt with in a way that is compliant with Article 1(1) of the GDPR; and (b) to justify the processing of the 2 Personal Information is in accordance with Article 6(1) of the GDPR, and communicate that justification to each Customer Subject in accordance with relevant laws. It is also the Customer’s responsibility to have appropriate privacy policies in place with Customer Subjects, and to otherwise comply with applicable law as a Data Controller.
During installation of CloudM Manage the Customer is notified of the access to Personal Information required by CloudM Manage and must accept that access before completing the installation.
Installation does not automatically synchronise or store user data, and subsequent configuration actions must be completed by the Customer to achieve this.
The Customer can opt-out at any time and remove CloudM Manage from their G Suite Domain.
There are three types of information collected and processed to provide the CloudM Manage Services:
This information is not used by Cloud Technology Solutions Ltd. for any purpose other than to facilitate and support the Customer’s use of CloudM Manage, and shall only be kept for as long as it is relevant to that purpose for which it was collected or for as long as required by law.
As the data owner a Customer has control over which data it collects about Customer Subjects. Therefore, additional Personal Information may be held and processed by us if CloudM Manage is configured to do so by the Customer.
The data is collected from Customer Subjects by the Customer.
The data is collected or added by the Customer using one or more of the following methods:
The data is collected in order to provide the functionality of CloudM Manage required by the Customer.
The data is used by the Customer to manage their G Suite Domain or access/use additional functionality provided by CloudM Manage. Data collected by Cloud Technology Solutions Ltd. is used to provide the CloudM Manage Service and better develop the product.
CloudM Manage will not access, view or review any accessible Customer Subject data unless:
Under no other circumstances will CloudM Manage access Customer Subject data or share Customer Subject data with any third parties without Customer prior permission, except to the extent required by law or governmental or regulatory body or necessary to render our services to the Customer.
CloudM Manage is hosted within the Google App Engine platform and therefore benefits from the security measures provided by Google. In addition, to protect the data we process CloudM Manage has been designed with the following Security features:
CloudM Manage is built within the Google App Engine environment and as such takes advantage of the extensive controls and practices Google has to protect the security of Customer information. Google applications run in a multi-tenant, distributed environment. Rather than segregating each Customer’s data onto a single machine or set of machines, Google data from all Google customers (consumers, business, and even Google’s own data) is distributed amongst a shared infrastructure composed of Google’s many homogeneous machines and located across Google’s many data centers.
Access by CloudM Manage administrative engineers to production environments is similarly controlled. A centralized group and role management system is used to define and control engineers’ access to production services, using an extension of the above-mentioned security protocol that authenticates engineers through the use of a personal x509 certificate that is issued to them.
Datacentre locations are available on public Google maps.
All datacentres restricted and covered by Statement on Standards for Attestation Engagements (SSAE) No. 16 Type II / International Standards for Assurance Engagements (ISAE) No. 3402 report (or a comparable report) and ISO/IEC 27001
After a termination of the contract CloudM Manage data is held for 28 days within Google's systems. After 28 days this data is deleted permanently from the systems.
CloudM Manage Terms & Conditions
https://cloudm.co/terms-conditions/
Google Cloud & the General Data Protection Regulation (GDPR)
https://www.google.com/cloud/security/gdpr/
Contact details
cloudmanager@cloudsolutions.co.uk
Google CloudPlatform Model Contract Clauses
https://cloud.google.com/terms/eu-model-contract-clause
Google Cloud Platform ISO27001 Certificate and Scope
https://services.google.com/fh/files/blogs/btd-sec-op-2014-grey.pdf
Google US Privacy Shield Framework Active Participant Entry
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
From time to time we may make changes to this policy to reflect any changes to our privacy practices in accordance with changes in legislation, best practice enhancements. We will notify you about material changes to this policy by sending a notice to the email address you provided to us or by placing a prominent notice on our website.
APIs
A set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.
Customer
In this policy, references to “you” or the “Company” refers to the organisation who submits data to us.
Customer Subject
An individual in respect of whom the Customer provides to us the Personal Information, and who will usually be an employee of the Customer.
Device
A device is a computer that can be used to access Google services. For example, a device could be a desktop, tablet or smartphone.
GDPR
The General Data Protection Regulation (EU 2016/679)
Google App Engine
Google App Engine (often referred to as GAE or simply App Engine) is a web framework and cloud computing platform for developing and hosting web applications in Google-managed data centers.
G Suite Domain
Your domain host is the Internet hosting service that stores the records you need to update when you set up G Suite. These DNS records control where you receive your email, your web addresses, and settings for your domain.
HTTPS
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to.
IP Address
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
Multi-tenant
Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers
Personal Information
This is information that you provide to us which personally identifies you, such as your name, email address or IP Address.
Role Based Access
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users.
Server Log
CloudM Manage stores information for the operation and troubleshooting of the Service. This includes IP Address, user ID, errors, and access times.
SSL
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
User ID
A unique sequence of characters used to identify a user and allow access to CloudM Manage.
X509 Certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.