Privacy Policy

Last updated on March 8, 2022

The data controller in respect of personal data to which this policy applies is CloudFactory International Limited of The White Building, 33 Kings Road, Reading RG1 3AR, United Kingdom (“we/us/our”). This privacy policy, which sets out how we process personal data in accordance with applicable law and regulation, applies: (i) to personal data received by us online via our website at https://www.cloudfactory.com; or https://info.cloudfactory.com; or https://blog.cloudfactory.com; or https://go.cloudfactory.com; or https://app.cloudfactory.com; and (ii) as part of any applicable agreement to which we are a party, into which it is incorporated by reference. We may change this policy from time to time by updating this page and will notify you when we do so.

1. What personal data we collect

We do not knowingly collect or otherwise process special categories of data or data about persons under the age of 13. Subject to that, we may collect the following personal data:

  • Identity data: first name; last name; username or similar identifier; title and job title
  • Contact information: including telephone number and email address and for other communication channels, such as messaging systems and social media (for example, Instagram or Twitter)
  • Professional information: company name and work address information provided when you correspond with us
  • Any updates to information provided to us
  • Information about the services we provide to you, such as customer services information and customer relationship management information
  • Marketing and communications data: including your preferences in receiving marketing from us and our third parties in your communication preferences
  • Technical information: including time zone; operating system; browser type; device type; visits to our website; website preferences and interaction with the website, such as pages visited.

2. How we collect personal data

The ways we collect personal data may change from time to time and will be notified by updates to this policy. We may collect the personal data described above in a number of ways:

  • When you subscribe to any of our marketing channels
  • When you use our web based chat tool or messenger tools
  • When you visit our website and its subdomains as referenced above, and the landing pages of marketing campaigns that we may create and run from time to time
  • When you download a white paper available or other digital content from our website
  • When we receive business cards, emails and other documents from individuals containing such data
  • When you communicate with us so that we can make you a proposal or enter into a contract for our products/services either with us or one of our partners
  • When you respond to marketing campaigns
  • Sometimes we collect or purchase it from third parties, such as credit reference agencies, marketing agencies, market research companies, our suppliers, contractors, partners or consultants, group companies, public websites and public agencies. Such personal data falls into the same categories as those set out above in the section “What personal data we collect”

3. How we process the personal data that we collect

We use the personal data that we collect to:

  • Keep internal records about our business, customers, suppliers, contractors, partners and prospects
  • Provide and improve our products and services including customer support and service delivery
  • Publish to you thought leadership, market intelligence, new products developments, offers and similar marketing information
  • Offer relevant information about our products/services and selected partners, which may be of interest
  • Work with our channel partners to bring our products and services to other markets or to develop, market and sell alternative products and services that make use of ours
  • Enable our subcontractors to support us in the delivery of our products and services
  • Perform other necessary functions related to the performance of contracts we enter into such as managing subscriptions, running a support desk or running credit checks
  • Enable our professional advisors to support us in the conduct of our business
  • Conduct market research by contacting you by email, chats, text, phone, or mail
  • Customize the content of our websites according to your role and page views
  • Obtain products and services from our suppliers

4. Lawful basis for Personal Data processing

We consider that the legal bases for using your personal data as set out in this privacy policy are as follows:

  1. our use of your personal data is necessary to perform our obligations under any contract with you (for example, to comply with our contract to provide services to or receive services from you; or to comply with the terms of use of our website which you accept by browsing our website); or
  2. our use of your personal data is necessary for complying with our legal obligations (for tax or accounting regulations, or for health and safety purposes); or
  3. where neither (a) nor (b) apply, use of your personal data is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:
    1. run, grow and develop our business (as well as the business of our group companies CloudFactory USA LLC, CloudFactory Holdings Limited, CloudFactory Kenya Limited and Sprout Technology Service Private Limited);
    2. operate our website and its subdomains as referenced above;
    3. select appropriately skilled and qualified suppliers;
    4. carry out marketing, market research and business development;
    5. place, track and ensure fulfilment of orders with our suppliers; and
    6. for internal group administrative purposes.
  4. If we rely on our (or another person's) legitimate interests for using your personal data, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal data. You can ask us for information on this balancing test by using the contact details in the section "Controlling your personal data".
  5. We may process your personal data in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).
  6. If we rely on your consent for us to use your personal data in a particular way, but you later change your mind, you may withdraw your consent by referring to the CloudFactory confirmation email as sent on subscribing to a service to unsubscribe or update your preferences. Alternatively, you can contact us using the contact details in the section "Controlling your personal data". However, if you withdraw your consent, this would prevent us from providing marketing information to you regarding our products and services.

5. Transfer of personal data to third parties

We will never sell personal data to third parties. However, we may need to provide personal data we have collected to our group companies, partners, subcontractors, agents and suppliers to enable them to support us in the fulfilment of our contractual obligations or in the ordinary conduct of our business as described in the following paragraphs.

We may share your personal data with other companies within the CloudFactory Group for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance). These companies are CloudFactory USA LLC, CloudFactory Holdings Limited, CloudFactory Kenya Limited and Sprout Technology Service Private Limited, which are based in the United Kingdom, the United States, Kenya and Nepal respectively. As our group grows, we may need to transfer your personal data to new members of our group of companies.

We may share your personal data with the following third parties or categories of third parties:

  • cloud computing and back-up services providers who are based in the United States, France, India, Kenya and Nepal; and
  • service providers who are based in the United States who provide us with cookie data analysis services.

Any third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data. We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

We will also disclose your personal data to third parties:

  1. where it is in our legitimate interests to do so to run, grow and develop our business:
    1. we may disclose your personal data to any prospective buyer of our business or assets (and their advisers);
    2. if all or relevant parts of our business assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;
    3. in some circumstances, to actual or prospective investors in our business (and to their professional advisers);
  2. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
  3. in order to enforce or apply our terms of use, our terms and conditions for customers or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  4. to protect the rights, property, or safety of us, our staff, our customers or other persons. This may include exchanging personal data with other organisations for the purposes of fraud protection.

We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

6. Where we may transfer your personal data

Your personal data may be used, stored and/or accessed by staff operating outside the UK who are working for us, other members of our group, or our suppliers. Further details on to whom your personal data may be disclosed are set out in the section "Transfer of personal data to third parties".

If we provide any personal data about you to any such persons outside of the UK, we will take appropriate measures to ensure that the recipient protects your personal data adequately in accordance with this privacy policy. These measures may include the following:

  1. ensuring that there is an adequacy decision by the UK Government in the case of transfers out of the UK, which means that the recipient country is deemed to provide adequate protection for such personal data; or
  2. where we have in place standard model contractual arrangements with the recipient which have been approved by the UK Government. These model contractual clauses include certain safeguards to protect the personal data.

Further details on the steps we take to protect your personal data in these cases are available from us on request by contacting us by email at privacy@cloudfactory.com at any time.

7. How long we keep personal data

As a general rule we keep personal data only for so long as is reasonably necessary bearing in mind our legitimate interests in processing it. In nearly all cases this will be a minimum of six years to enable us to comply with statutory record keeping purposes.

8. Controlling your personal data

Even though you may have consented to the use of your personal data, you have rights to;

  • Access any personal data we hold about you. You can ask us for a copy of your personal data; confirmation as to whether your personal data is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom.
  • Request erasure of your data (Right to be forgotten). You have a right to ask us to delete any personal data which we are holding about you in certain specific circumstances.
  • Request the correction of your data. You have the right to request an update to any of your personal data which is out of date or incorrect.
  • Request the transfer of data (Data Portability). You can ask us to provide your personal data to a third party provider of services, in certain specific circumstances.
  • Restrict use of your personal data: You have a right to ask us to restrict the way that we process your personal data in certain specific circumstances.
  • Right to stop marketing: You have a right to ask us to stop using your personal data for direct marketing purposes. If you exercise this right, we will stop using your personal data for this purpose.
  • Object to processing of data: You have a right to ask us to consider any valid objections which you have to our use of your personal data where we process your personal data on the basis of our or another person's legitimate interest.

To exercise or find out more about one or more of these rights please contact privacy@cloudfactory.com or write to: Privacy, The White Building, 33 Kings Road, Reading RG1 3AR, United Kingdom. You also have the right to complain to the UK’s Information Commissioner at https://ico.org.uk.

9. Cookies

Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are only permitted to use the information collected on our behalf to help us conduct and improve our business.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can control and/or delete cookies as you wish - for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Below is a detailed list of the cookies we use on our website. Our website is scanned with the cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

  • Strictly Necessary Cookies
  • Performance Cookies
  • Functional Cookies
  • Targeting Cookies

You can opt-out of each cookie category (except essential cookies) by clicking on the “cookie settings” button below: