CloudFran GDPR Policy

Effective Date: January 1, 2023 

Last Reviewed: October 10, 2024 

1. Introduction

At CloudFran, we are committed to protecting the personal data of our customers, employees, and partners in compliance with the General Data Protection Regulation (GDPR). This policy outlines our approach to data protection, the rights of individuals, and our responsibilities in managing personal data.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of CloudFran who handle personal data as part of their job responsibilities.

3. Definition of Personal Data

Personal Data refers to any information that relates to an identified or identifiable natural person. This includes, but is not limited to:

– Name

– Email address

– Phone number

– Home address

– Payment information

– IP address

– Any other information that can identify an individual.

4. Principles of Data Processing

CloudFran adheres to the following principles of data processing as outlined in the GDPR:

– Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully and transparently.

– Purpose Limitation: Data must be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.

– Data Minimization: Only the data necessary for the intended purpose should be collected.

– Accuracy: Personal data must be accurate and kept up to date.

– Storage Limitation: Data must not be kept in a form that allows identification of individuals for longer than necessary.

– Integrity and Confidentiality: Personal data must be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

5. Legal Basis for Processing Personal Data

CloudFran processes personal data based on one or more of the following legal bases:

– Consent: The individual has given clear consent for us to process their personal data for a specific purpose.

– Contractual Necessity: Processing is necessary for the performance of a contract with the individual.

– Legal Obligation: Processing is necessary for compliance with a legal obligation to which CloudFran is subject.

– Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by CloudFran or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual.

6. Data Subject Rights

Individuals have the following rights regarding their personal data:

– Right to Access: Individuals can request access to their personal data held by CloudFran.

– Right to Rectification: Individuals can request correction of inaccurate or incomplete personal data.

– Right to Erasure: Individuals can request deletion of their personal data when it is no longer necessary for the purposes for which it was collected.

– Right to Restrict Processing: Individuals can request the restriction of processing their personal data.

– Right to Data Portability: Individuals can request the transfer of their personal data to another service provider.

– Right to Object: Individuals can object to the processing of their personal data for direct marketing purposes.

7. Data Protection Officer (DPO)

CloudFran has appointed a Data Protection Officer (DPO) to oversee compliance with this policy and GDPR. The DPO’s responsibilities include:

– Monitoring data protection compliance.

– Acting as a point of contact for data subjects and the supervisory authority.

– Providing training and support to employees on data protection matters.

Contact Information for the DPO: 

Email: support@cloudfran.com 

Phone: 404-400-1299

8. Data Breaches

In the event of a data breach, CloudFran will:

– Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, if feasible.

– Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.

– Investigate the breach and take appropriate steps to mitigate any potential harm.

9. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. CloudFran will establish and maintain data retention schedules to ensure compliance with this policy.

10. Data Security

CloudFran implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

– Encryption of personal data.

– Access controls to limit who can access personal data.

– Regular security assessments and audits.

– Employee training on data protection and security.

11. Training and Awareness

CloudFran will provide regular training to employees on data protection and GDPR compliance. Employees are expected to understand their responsibilities under this policy and to adhere to all data protection practices.

12. Policy Review

This Data Protection Policy will be reviewed annually or as necessary to ensure compliance with applicable laws and regulations.

13. Contact Information

For questions or concerns regarding this policy or data protection practices at CloudFran, please contact: 

Email: support@cloudfran.com 

Phone: 404-400-1299

—

This policy outlines CloudFran’s commitment to data protection and GDPR compliance, ensuring that personal data is handled responsibly and securely.