This page explains who we are, how the CloudMilling service uses your personal data, and how you can exercise your rights.
This page was last updated on 5 July 2021.
Who are you and how do I contact you?
We are CloudMilling Limited. We are an English company and our company number is 11251871. You can contact us by email at [email protected] or by writing to us at Stone House, North Road, Kingsland, Herefordshire, United Kingdom, HR6 9QJ.
When you create an account on the CloudMilling service
When you create an account on the service we will collect the information which you give to us in the account creation form, such as your name and email address.
We will use that information to authenticate logins to the service, to administer your account with us, and to communicate with you about your account (for example, for password resets or to send you payment confirmations). We do that on the legal basis that it is necessary in order to perform our agreement with you to provide our service (art 6(1)(b) UK GDPR).
With your permission, we will also use your email address to send you occasional newsletters and promotional information about our services. We do that on the legal basis of your consent, which we ask you for when you sign up for an account with us (art 6(1)(a) UK GDPR). You can withdraw that consent at any time. The easiest way to do so is to click the "unsubscribe" link in our emails to you, but you can also do so by contacting us directly at the address above.
We keep this information active in our systems for as long as your account with us is active, and we will retain it in our archives for up to 7 years afterwards.
When you use the CloudMilling service
When you use the service our servers will automatically log certain information about how you use the service, most notably your IP address, the device identity information which your computer submits to our server (for example, that it is a Windows 10 machine running the Chrome browser), the pages you visit, the functions you use, and any error conditions or other unusual events which result.
We will use that information to monitor and fix problems with our service, and to help us to understand how our users use the service to inform how we develop it in future. We do that on the legal basis that it is in our legitimate interests to do so (art 6(1)(f) UK GDPR).
We keep this information in our servers' log files for up to 30 days, after which it is archived until it is ultimately deleted after 12 months.
Hosting, payment processing and other third parties
We use Microsoft Azure to host some of our services, and so they will hold the above data on our behalf. They act as our "processor" when they do that, meaning in essence that they do only what we ask them to do with your data.
Payments are processed for us by Stripe, and so they will process your payment card information in order to do that. We do not ourselves hold your payment card information. You can read their privacy notice at https://stripe.com/gb/privacy.
Your personal data may also be incidentally available to our accountants and other professional advisers in the course of performing their duties. They will of course have professional obligations of confidentiality.
If we sell our business, then some of your personal data may also be incidentally accessible to advisers and potential buyers as necessary to help them evaluate our business, subject to strict confidentiality obligations.
Otherwise, we do not share your personal data with any third parties.
Cookies and similar technologies
Our service only uses the cookies which are necessary to provide the service, such as session cookies and login cookies. Our service does not use any third party cookies.
Locations in which your personal data is processed
Our service is hosted in the United Kingdom, our staff are located in the United Kingdom, and your data will be processed in the context of our establishment in the United Kingdom. If you are a resident of a member state of the European Union, then your personal data is transferred to the United Kingdom on the basis of the decision of the European Commission as to the adequacy of the laws of the United Kingdom for the protection of personal data.
We have instructed our hosting provider, Microsoft, to host our service using its systems in the United Kingdom. It may be necessary from time to time for technical reasons for them to host our service temporarily in other jurisdictions, for example in a disaster recovery scenario. You can learn about how they legitimise those transfers here: https://www.microsoft.com/en-gb/trust-center/product-overview.
Our payment processor, Stripe, may transfer your payment card information to other territories in the course of providing their service. You can find more information about that here: https://stripe.com/gb/privacy#international-data-transfers.
Your rights and how to exercise them
European and UK privacy laws grant people certain rights in relation to their personal data. Below is a short overview of those rights.
If those laws apply to you, you can exercise your rights by contacting us at [email protected] or by writing to us at the address above. It is a good idea to be as specific as possible about what you want, because it enables us to respond more quickly.
You have the right to require us to stop using your personal data for marketing purposes.
A copy of your data
You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people.
Correction of wrong information
If we hold information about you that is factually inaccurate then you have the right to have it corrected. This right does not extend to matters of opinion.
In some circumstances you have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don't have a legal basis to continue using it.
Where we process your personal data on the basis of our legitimate interests, you have the right to object to that processing, and we must consider your objection and whether the law means that we must stop.
If you dispute the accuracy of information we hold about you, or we do something unlawful with your information but you don't want us to delete it, or if we don’t need the information any more but you want us to preserve it in connection with a legal claim, or for the period in which we are considering a valid objection you have raised under your right to object discussed above, then you have the right to require us to restrict use of that information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest.
How to complain
If you are unhappy with how we have handled your personal data, you have the right to complain to your local data protection authority, which in the UK is the Information Commissioner's Office. You can reach them through their website at http://ico.org.uk. If you are based in the EU, then you can find the contact details for your local supervisory authority on the website of the European Data Protection Board at https://edpb.europa.eu/about-edpb/board/members_en.