Privacy Policy
Last modified: 15 October 2020
Cludo values the privacy of its Customers and its Customers’ Users. Data protection and confidentiality is a high priority for Cludo. This Privacy Policy explains how information about you is collected, used and disclosed by Cludo when we process personal data as part of our Services or when you otherwise interact with us.
Below we provide the following information:
- Scope of the Privacy Policy
- Cludo as a data processor
- Personal data we collect and process
- How will we use your data?
- Transfer and disclosure of personal data to Third Parties (Sub-processor list)
- International Transfers
- Location of data storage
- Retention period
- Cookies
- Security of data
- Links to third-party websites
- Your rights
- California Privacy Rights (CCPA)
- Children Policy
- Changes to our Privacy Policy
- How to contact us
- How to contact the Data Protection Authority
1. Scope of this Privacy Policy
This Policy only applies to personal data and other information collected by us from (i) visitors to our website and (ii)Customers that use our Services. While providing our Services to Customers, we may receive information related to the Customers’ Users, and other third parties.
2. Cludo as data processor
When providing our Services to Customers, we may need to receive information related to the Customers’ Users, and other third parties. When a Customer chooses to use our services, we strictly follow the Customer’s instructions in collecting and processing the Customer’s website data in accordance with the specific services that the Customer has chosen.
Please note that in relation to the processing of these personal data, the Customer is considered as the data controller and Cludo is considered as a data processor.
Our use of personal data on behalf of our Customers is governed by our contract with that Customer, our general data processing terms and conditions and the Customer’s own privacy policy.
3. Personal data we collect and process
Cludo may collect and process the following categories of personal data from the end users of the service:
- Personal Contact details (such as name, address, phone number, email address);
- Payment information (such as the last four digits, the country of issuance, and the expiration date of the payment card), if you sign up for paid services;
- Metadata (such as details of your visits to the Website, traffic data, location data, IP address and other online identifiers, browser information, session data, preferences, settings, weblogs and other communication data), which we monitor during your interaction with the website;
- Information collected by cookies;
- Search statistics of Customers’ users to improve our search platform.
Cludo may collect and process the following categories of personal data from our customers or its employees
- Personal contact details (such as name, address, phone number, email address).
- Customer account or business information (such as first and last name, phone number, email address, password, country/location).
- Information relating to the Customer's orders and subscriptions (such as order history, information on subscriptions, incidents and complaints).
- Metadata (such as details of the visits to the website, traffic data, location data, IP address and other online identifiers, browser information, session data, preferences, settings, weblogs and other communication data).
- Information collected by cookies.
- Customer’s marketing opt-outs and opt-ins.
4. How will we use your data?
a) Purposes for processing
The purposes for which we use your personal data may differ based on the services we provide and the type of communication between us.
The main purposes include using personal data to:
- Carry out our obligation arising from any contracts entered between you and us, and to provide you with the information, products, services that you requested from us, and to notify you about changes to our services.
- Manage your Cludo Account.
- Process your payment transactions.
- Deliver security protection, prevent, detect and investigate crime.
- Manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those related to billing and collections; IT system operation; data and website hosting; data analytics; and auditing.
- Manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data.
- Comply with applicable laws and regulatory obligations, for example comply with legal process and court orders; and respond to requests from public and government authorities.
- Improve our products and services. We may anonymise, de-identify and/or aggregate the information that we collect, and use these data for statistical and analytical purposes to improve our products and services.
- Commercial, statistical and market research purposes. We may anonymise, de-identify and/or aggregate the information that we collect, and use these data for commercial, statistical and market research purposes, including but not limited to sharing anonymised data with our current and prospective Customers, business partners, affiliates, and other third parties.
b) Legal basis for processing
Our legal basis for processing personal data is that: i) the processing is necessary to perform a contract with you or in preparation of entering a contract with you, ii) we must comply with various legal obligations and requirements, and iii) it is in our legitimate interests and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
These legitimate interests include being able to communicate with you, manage our business operations and IT-infrastructure, manage complaints and queries, prevent and detect crime, process payments, ensure network and information security, improve our products and services. We collect search statistic of our Customers’ users to improve our search platform, and in this case the data processing will be performed until the termination of the agreement between the Customer and Cludo. This is not an exhaustive list.
5. Transfer and disclosure of personal data to Third Parties (Sub-processor list)
We transfer data to our service providers (such as IT-service provider and payment provider) as necessary to provide any service that you have requested or authorised and to complete transactions.
We disclose data when required by law or to respond to legal process; to prevent and detect crime and maintain the security of our Services; and to protect the rights or property of Cludo.
We may also disclose your personal data with other parties in connection with corporate transactions: in the event of a merger, reorganisation, acquisition, joint venture, assignment, spin-off, transfer or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings.
We may publish search-trends in the market (only anonymised aggregated data is used).
List of third parties (Sub-processors)
Cludo works with certain third parties to provide specific functionality within the Services. These providers are the Sub-processors set forth below. In order to provide the relevant functionality these Sub-processors access Service Data. Their use is limited to the indicated Services.
The following is an up-to-date list of the names and locations of the Sub-processors:
- Sub-processors processing personal data as part of the Services
| Company | Location of entity | Location of data | Purpose of the data processing | Type of data collected |
|---|---|---|---|---|
| Amazon Web Services AWS | EU and US | EU or US | Data hosting provider | End user's data and Customer's data |
6. International Transfers
If we transfer our personal data to a third country outside of the EEA, we will comply with all applicable laws in respect of such transfer, including making sure that your personal data is kept secure, and ensure that appropriate safeguards are in place to ensure that at least one of the following safeguards is implemented:
- Relevant consent has been provided by you
- Where applicable, as a result of a request by you as a data subject
- Whereby there is a legal basis for the disclosure of the data
- Where we are required to do so under applicable laws or as a result of a court order
7. Location of data storage
Cludo securely stores your data on Amazons AWS servers, the top provider of cloud services in the world. They are certified for, among others, ISO 9001, 27001, 27017, 27018, SOC I, SOC II and SOC III.
In principle, the host servers on which Cludo processes and stores its databases are located:
- Exclusively within the European Union, if the Customer is based in the European Union
- In the United States, if the Customer is based in the United States, Australia, or the rest of the world.
The Client can request Cludo to not use the default location by sending us a request on privacy@cludo.com.
8. Retention Period
Cludo will retain your personal data for the period necessary to fulfill purposes outlined in this Policy including mandatory registration and documentation requirements, unless longer retention period is required or permitted by law.
9. Cookies
We use cookies on our website to help optimise and enhance your experience. You can read more about the use of cookies in our Cookie Policy, which you can find at the following link: Cludo Cookie Policy.
You can set your browser not to accept cookies by activating the appropriate setting in the browser. However, in a few cases, some of our website features may not function as a result.
10. Security of data
Cludo Security Information
We have implemented technical and organizational security measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration and disclosure. This includes encryption of data and use of pseudonymisation whenever applicable.
Cludo takes reasonable measures to protect the website from computer virus, worms, Trojan horses or other threats. However, please note that no website, internet transmission, computer system or wireless connection is completely secure, and Cludo disclaims any responsibility for or liability related to loss due to harmful programs received from the website or by means of files downloaded from the website.
How is integrity of personal data stored or processed in the relevant system achieved?
- Cludo has implemented some measures to prevent that data is maliciously or accidently altered during processing, storage or transmission by applying back-up every 15 minutes for the MSSQL server.
How the confidentiality of personal data is ensured?
- Data uploaded by the Customer in its accounts are protected with a password hashed and encrypted.
- We store and process your personal data on IT with controlled and limited access. The systems are located on servers in secured premises.
- All data transferred between the Customer and the server(s) are encrypted with the SSL (TLS 1.2) Protocol.
- To ensure the security of customer data, we have an annual contract with Cobalt to perform a yearly penetration test.
- Cludo takes preventive measures against malware and hacking.
- All changes in MyCludo’s dashboard are tracked and are available in the case of an Audit log request by the Customer.
11. Links to third-party websites
Our web site may contain links to other websites not operated or controlled by Cludo (third party sites). We are not responsible for the content of third party sites or for the procedures such third parties have for the collection and processing of personal data. When you visit third party websites, you should therefore make sure to read the website owner's privacy policy and other relevant policies.
12. Your Rights
Cludo would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access: You have the right to request Cludo for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification: You have the right to request that Cludo correct any information you believe is inaccurate. You also have the right to request Cludo to complete the information you believe is incomplete.
- The right to erasure: You have the right to request that Cludo erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that Cludo restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to Cludo’s processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that Cludo transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you would like to exercise any of these rights, or if you have any questions regarding the content of this Privacy Policy, please contact us at privacy@cludo.com.
13. Supplemental Privacy Policy for California Residents
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Section 3 above “What data do we collect?”. We collect this information for the business and commercial purposes described in the Section 4 above “How we your data”. We share this information with the categories of third parties described in the Section 5 above “Transfer and disclosure of personal data to third parties (Sub-processors)”. Cludo does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in our Cookie Policy.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at privacy@cludo.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
14. Children Policy
To the extent prohibited by applicable law, Cludo does not allow use of our Services and Website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.
15. Changes to this Policy
This Policy may be updated from time to time to reflect changing legal, regulatory or operational requirements. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. Depending on the specific amendments, we may provide you with additional notice prior to the change becoming effective. Please review this Privacy Policy from time to time to stay updated on any changes. Your continued use of our services constitutes your agreement to the updated Privacy Policy on a prospective basis.
16. How to Contact Us
If you have questions or complaints regarding this Policy or about Cludo’s privacy practices, please contact us by email at privacy@cludo.com, or at:
Address:Cludo ApS
Frederikskaj 4
2450 København, Denmark
CVR: 36 72 68 49
Telephone number: +45 3137 9820
Email address: privacy@cludo.com
17. How to contact the Data Protection Authority
If you wish to make a complaint about our processing of your personal data, please contact us as indicated above, as it gives us an opportunity to fix the problem. You may also lodge a complaint with the Danish Data Protection Agency (“Datatilsynet”), Carl Jacobsens Vej 35, 2500 Valby, Denmark.