Privacy Policy
CloudScape respects your privacy and is committed to protecting your personal data. Our privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Important information and who we are
The purpose of this privacy notice aims to give you information on how CloudScape
collects and processes your personal data through your use of this website,
including any data you may provide through this website when you sign in to
your client area or purchase a product/service. This website is not intended
for children and we do not knowingly collect data relating to children. It is
important that you read this privacy notice together with any other notice or
fair processing notice we may provide on specific occasions when we are
collecting or processing personal data about you so that you are fully aware of
how and why we are using your data. This privacy notice supplements any other
notices and is not intended to override them. Controller & Data Processor CloudScape
is the controller and data processor and we are responsible for your personal
data (collectively referred to CloudScape, “we”, “us” or “our” in this privacy
notice). If you have any questions about this privacy notice, including any
requests to exercise your legal rights, please contact the data privacy manager
using the details set out below. CloudScape contact details: Name: CloudScape
(Data privacy manager) Email: support@CloudScape.tr You have the right to make
a complaint at any time to the Information Commissioner’s Office (ICO), the UK
supervisory authority for data protection issues (www.ico.org.uk). We would,
however, appreciate the chance to deal with your concerns before you approach
the ICO so please contact us in the first instance. Changes to the privacy
notice and your duty to inform us of changes This version was last updated on
1st May 2018 The data protection law in the UK will change on 25 May 2018.
Although this privacy notice sets out most of your rights under the new laws,
we may not yet be able to respond to some of your requests (for example, a
request for the transfer of your personal data) until May 2018 as we are still
working towards getting our systems ready for some of these changes. It is
important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship
with us. Third-party links This website may include links to third-party
websites, plug-ins and applications. Clicking on those links or enabling those
connections may allow third parties to collect or share data about you. We do
not control these third-party websites and are not responsible for their
privacy statements. When you leave our website, we encourage you to read the
privacy notice of every website you visit.
YOUR LEGAL RIGHTS – You have the right to:
Request access to your personal data (commonly known as a “data subject access
request”). This enables you to receive a copy of the personal data we hold
about you and to check that we are lawfully processing it. Request correction
of the personal data that we hold about you. This enables you to have any
incomplete or inaccurate data we hold about you corrected, though we may need
to verify the accuracy of the new data you provide to us. Request erasure of
your personal data. This enables you to ask us to delete or remove personal
data where there is no good reason for us continuing to process it. You also
have the right to ask us to delete or remove your personal data where you have
successfully exercised your right to object to processing (see below), where we
may have processed your information unlawfully or where we are required to
erase your personal data to comply with local law. Note, however, that we may
not always be able to comply with your request of erasure for specific legal
reasons which will be notified to you, if applicable, at the time of your
request. Object to processing of your personal data where we are relying on a
legitimate interest (or those of a third party) and there is something about
your particular situation which makes you want to object to processing on this
ground as you feel it impacts on your fundamental rights and freedoms. You also
have the right to object where we are processing your personal data for direct
marketing purposes. In some cases, we may demonstrate that we have compelling
legitimate grounds to process your information which override your rights and
freedoms. Request restriction of processing of your personal data. This enables
you to ask us to suspend the processing of your personal data in the following
scenarios: (a) if you want us to establish the data’s accuracy; (b) where our
use of the data is unlawful but you do not want us to erase it; (c) where you
need us to hold the data even if we no longer require it as you need it to
establish, exercise or defend legal claims; or (d) you have objected to our use
of your data but we need to verify whether we have overriding legitimate
grounds to use it. Request the transfer of your personal data to you or to a
third party. We will provide to you, or a third party you have chosen, your
personal data in a structured, commonly used, machine-readable format. Note
that this right only applies to automated information which you initially
provided consent for us to use or where we used the information to perform a
contract with you. Withdraw consent at any time where we are relying on consent
to process your personal data. However, this will not affect the lawfulness of
any processing carried out before you withdraw your consent. If you withdraw
your consent, we may not be able to provide certain products or services to
you. We will advise you if this is the case at the time you withdraw your
consent.
Data Processing Agreement
These terms set out the requirements and conditions of the additional terms on
which we will process personal data when providing services to you. This
Agreement contains the mandatory clauses required by Article 28(3) of the
General Data Protection Regulation ((EU) 2016/679) for Agreements between data
controllers. We are CloudScape – By purchasing our website hosting services you
confirm that you accept these terms of data processing and you agree to comply
with them. If you do not agree with these terms, you must not purchase website
hosting services from us. We recommend that you print a copy of these terms for
your future reference. AGREED TERMS
Definitions and interpretation
The following definitions and rules of interpretation apply in this Agreement.
1.1 Definitions: Data Subject: an individual who is the subject of Personal
Data. Personal Data: means any information relating to an identified or
identifiable natural person that is processed by the Data Processor as a result
of, or in connection with, the provision of the services; an identifiable
natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, identification number,
location data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or social identity
of that natural person. Processing, processes, and process: either any activity
that involves the use of Personal Data or as the Data Protection Legislation
may otherwise define processing, processes, or process. It includes any
operation or set of operations which are performed on Personal Data or on sets
of Personal Data, whether or not by automated means, such as collection,
recording. the organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or
destruction. Processing also includes transferring Personal Data to third
parties. Data Protection Legislation: all applicable privacy and data
protection laws including the General Data Protection Regulation ((EU)
2016/679) and any applicable national implementing laws, regulations and
secondary legislation in England and Wales relating to the processing of
Personal Data and the privacy of electronic communications, as amended,
replaced or updated from time to time, including the Privacy and Electronic
Communications Directive (2002/58/EC) and the Privacy and Electronic
Communications (EC Directive) Regulations 2003 (SI 2003/2426). Personal Data
Breach: a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorized disclosure of, or access to, Personal Data
transmitted, stored or otherwise processed. Standard Agreements Clauses (SCC):
the European Commission’s Standard Agreementual Clauses for the transfer of
Personal Data from the European Union to processors established in third
countries as set out in Commission Decision 2010/87/EU.
1.2 This Agreement is subject to the terms of any separate
agreement made between the parties for the supply of website hosting services
(“Services Agreement”) and is incorporated into any such Agreement.
Interpretations and defined terms set forth in the Services Agreement apply to
the interpretation of this Agreement.
1.3 The Annexes form part of this Agreement and will have effect as if set out
in full in the body of this Agreement. Any reference to this Agreement includes
the Annexes.
1.4 A reference to writing or written excludes faxes and email.
1.5 In the case of conflict or ambiguity between (a) any provision contained in
the body of this Agreement and any provision contained in the Annexes, the
provision in the body of this Agreement will prevail; (b) the terms of any
accompanying invoice or other documents annexed to this Agreement and any
provision contained in the Annexes, the provision contained in the Annexes will
prevail; and (c) any of the provisions of this Agreement and the provisions of
the Services Agreement, the provisions of the Services Agreement will prevail.
1.6 This agreement is in addition to and does not remove or replace a party’s
obligations under the Data Protection Legislation.
1.7 In this agreement we are the Data Processor and you are the Data Controller
Personal data types and processing purposes
2.1 The Data Controller retains control of the Personal Data and remains
responsible for its compliance obligations under the applicable Data Protection
Legislation, including providing any required notices and obtaining any
required consents, and for the processing instructions it gives to the Data
Processor.
2.2 ANNEX A describes the subject matter, duration, nature, and purpose of
processing and the Personal Data categories and Data Subject types in respect
of which the Data Processor may process to provide services to the Data
Controller under the terms of the Services Agreement or otherwise.
Data Processor’s obligations
3.1 The Data Controller acknowledges that for the purposes of fulfilling
its obligations under the Agreement the Data Processor may have access to and
may be required to process Personal Data (as defined in the Data Protection
Legislation) on behalf of the Data Controller and in accepting the Agreement
the Data Controller authorises the Data Processor to process its Personal Data
in accordance with the terms of this Clause 3. 3.2 Both parties will comply
with all applicable requirements of the Data Protection Legislation. This
clause 3 is in addition to, and does not relieve, remove or replace, a party’s
obligations under the Data Protection Legislation. 3.3 The parties acknowledge
that for the purposes of the Data Protection Legislation, the Data Controller
is the data controller and the Data Processor is the data processor (where Data
Controller and Data Processor have the meanings as defined in the Data
Protection Legislation). 3.4 Without prejudice to the generality of clause 3.2,
the Data Controller will ensure that it has all necessary appropriate consents
and notices in place to enable lawful transfer of the Personal Data to the Data
Processor for the duration and purposes of this agreement. 3.5 Without
prejudice to the generality of clause 3.2, the Data Processor shall, in
relation to any Personal Data processed in connection with the performance by
the Data Processor of its obligations under this agreement: (a) Process that
Personal Data only on the written instructions of the Data Controller unless the
Data Processor is required by the laws of any member of the European Union or
by the laws of the European Union applicable to the Data Processor to process
Personal Data (Applicable Laws). Where the Data Processor is relying on laws of
a member of the European Union or European Union law as the basis for
processing Personal Data, the Data Processor shall promptly notify the Data
Controller of this before performing the processing required by the Applicable
Laws unless those Applicable Laws prohibit the Data Processor from so notifying
the Data Controller. (b) Ensure that it has in place appropriate technical and
organisational measures, to protect against unauthorised or unlawful processing
of Personal Data and against accidental loss or destruction of, or damage to,
Personal Data, appropriate to the harm that might result from the unauthorised
or unlawful processing or accidental loss, destruction or damage and the nature
of the data to be protected, having regard to the state of technological
development and the cost of implementing any measures (those measures may
include, where appropriate, pseudonymising and encrypting Personal Data,
ensuring confidentiality, integrity, availability and resilience of its systems
and services, ensuring that availability of and access to Personal Data can be
restored in a timely manner after an incident, and regularly assessing and
evaluating the effectiveness of the technical and organisational measures
adopted by it). (c) Ensure that all personnel who have access to and/or process
Personal Data are obliged to keep the Personal Data confidential. (d) Subject
to clause [3.10] to not transfer any Personal Data outside of the European
Economic Area (“EEA”) unless the prior written consent of the Data Controller
has been obtained and the following conditions are fulfilled: (i) the Data
Controller or the Data Processor has provided appropriate safeguards in
relation to the transfer; (ii) the data subject has enforceable rights and
effective legal remedies; (iii) the Data Processor complies with its
obligations under the Data Protection Legislation by providing an adequate
level of protection to any Personal Data that is transferred; and (iv) the Data
Processor complies with reasonable instructions notified to it in advance by the
Data Controller with respect to the processing of the Personal Data. (e) If so
reasonably required, assist the Data Controller, at the Data Controller’s cost,
in responding to any request from a Data Subject and in ensuring compliance
with its obligations under the Data Protection Legislation with respect to
security, breach notifications, impact assessments and consultations with
supervisory authorities or regulators. (f) Notify the Data Controller without
undue delay on becoming aware of a Personal Data breach. (g) If so reasonably
required, at the written direction of the Data Controller, delete or return
Personal Data and copies thereof to the Data Controller on termination of the
agreement unless required by Applicable Law to store the Personal Data. (h) If
so reasonably required, maintain complete and accurate records and information
to demonstrate its compliance with this clause 3. 3.6 In accepting these Terms
and Conditions the Data Controller consents to the Data Processor appointing
third-party processors of Personal Data (“the Sub Processors”) under this
agreement. 3.7 The Data Processor shall enter with the Sub Processors into a
written agreement incorporating terms which are substantially similar to those
set out in this clause 3 prior to any Sub Processor being appointed. 3.8 The
Data Controller accepts that for the purposes of this Agreement part or all of
its Personal Data may need to be processed outside of the EEA and the Data
Controller further consents to the Data Processor processing its Personal Data
in appointing these third party processors listed at Annex A who are located
outside of the EEA. 3.9 The Data Controller shall have the ability to withdraw
its consent to the Data Processor’s use of Sub Processor for the purposes of
fulfilling this Agreement by notifying the Data Processor in writing at its
registered office. However the Data Controller acknowledges that the Data
Processor may not be able to perform the Services or any part of the Services
unless it is able to appoint an alternative Sub Processor and where an
alternative Sub Processor cannot be appointed, the Data Processor shall not be
obliged to provide any part of the Services which are so affected. 3.10 The
Data Processor may, at any time on not less than 30 days’ notice, revise this
clause 3 by replacing it with any applicable controller to processor standard
clauses or similar terms forming party of an applicable certification scheme
(which shall apply when replaced by attachment to this agreement).
Term and termination
4.1 This Agreement will remain in full force and effect so long as: (a) the
Services Agreement remains in effect or the Data Processor provides the
relevant services to the Data Controller, or (b) the Data Processor retains any
Personal Data related to the Services Agreement and/or the services in its
possession or control. 4.2 Any provision of this Agreement that expressly or by
implication should come into or continue in force on or after termination of
the Services Agreement or the provision of services by the Data Processor to
the Data Controller (as may be applicable) in order to protect Personal Data
will remain in full force and effect. 4.3 If a change in any Data Protection
Legislation prevents either party from fulfilling all or part of its obligations
to the other party, the parties will suspend the processing of Personal Data
until that processing complies with the new requirements. If the parties are
unable to bring the Personal Data processing into compliance with the Data
Protection Legislation within 28 days, they may terminate the Services
Agreement and/or the provision of services on written notice to the other party
without prejudice to any right or remedy the parties may have under the
Services Agreement or otherwise
Notice
5.1 Any notice or other communication given to a party under or in connection
with this Agreement must be in writing and delivered by email: For the Data
Controller & Processor: CloudScape, support@CloudScape.tr. 5.1 does not
apply to the service of any proceedings or other documents in any legal action
or, where applicable, any arbitration or other method of dispute resolution.
5.3 A notice given under this agreement is not valid if sent by email, It has
to be written on a paper with the valid date and signature.
General
If any provision or part-provision of this Agreement is or becomes invalid,
illegal or unenforceable, it shall be deemed modified to the minimum extent
necessary to make it valid, legal and enforceable. If such modification is not
possible, the relevant provision or part-provision shall be deemed deleted. Any
modification to or deletion of a provision or part-provision under this clause
shall not affect the validity and enforceability of the rest of this Agreement.
If any provision or part-provision of this Agreement is invalid, illegal or
unenforceable, the parties shall negotiate in good faith to amend such
provision so that, as amended, it is legal, valid and enforceable, and, to the
greatest extent possible, achieves the intended commercial result of the
original provision. Waiver. A waiver of any right under this Agreement or law
is only effective if it is in writing and shall not be deemed to be a waiver of
any subsequent breach or default. No failure or delay by a party in exercising
any right or remedy provided under this Agreement or by law shall constitute a
waiver of that or any other right or remedy, nor shall it prevent or restrict
its further exercise of that or any other right or remedy. No single or partial
exercise of such right or remedy shall prevent or restrict the further exercise
of that or any other right or remedy. No partnership or agency. Nothing in this
Agreement is intended to, or shall be deemed to, establish any partnership or
joint venture between the parties, nor constitute either party the agent of the
other for any purpose. Neither party shall have authority to act as agent for,
or to bind, the other party in any way. Third parties. A person who is not a
party to this Agreement shall not have any rights to enforce its terms. Variation.
Except as set out in these Conditions, no variation of this Agreement,
including the introduction of any additional terms and conditions, shall be
effective unless it is agreed in writing and signed by the Data Processor.
Governing law. This Agreement, and any dispute or claim arising out of or in
connection with it or its subject matter or formation (including
non-contractual disputes or claims), shall be governed by, and construed in
accordance with the law of England and Wales. Jurisdiction. Each party
irrevocably agrees that the courts of England and Wales shall have exclusive
jurisdiction to settle any dispute or claim arising out of or in connection
with this Agreement or its subject matter or formation (including
non-contractual disputes or claims). ANNEX A Personal Data Processing Purposes
and Details Subject matter of processing: [Website Hosting Services] Duration
of Processing: The Term as set out at Clause 4.1 Nature of Processing:
[Storage] Business Purposes: Performance of our Services Agreement Personal
Data Categories: [Identity, Data, Financial Data, Transaction Data, Technical
Data, Profile Data, Usage Data, Marketing & Communications Data and any
other such date as collected by the Data Controller on its website] Data Subject
Types: [any user of the Data Controller’s website]
Located in a country with a current determination of
adequacy.
Binding Corporate Rules.
Standard Processing Clauses between Customer as “data exporter” and Provider as
“data importer”.
Standard Processing Clauses between Provider as “data exporter” on behalf of
Customer and Provider affiliate or Sub Processor as “data importer”.
EU-US Privacy Shield Certified.
From professional business to enterprise, we’ve got you covered!
