Menu
Login
Free Demo

Cloudmore Data Processing Terms

Cloudmore Data Processing Terms

Updated March 20, 2020

These Data Processing terms supplement the Cloudmore Master Agreement and sets out in which manner Cloudmore shall process Personal Data on behalf of You.

1. Introduction

These Data Processing Terms reflect the parties’ agreement on the terms governing the processing and security of Your Personal Data in connection with the Data Protection Legislation.

2. Definitions

Capitalized terms used in these Data Processing terms, but not defined below, will have the meaning assigned to them in the Cloudmore Master Agreement.

Your Personal Data” means Personal Data that is processed by Cloudmore on behalf of You in Cloudmore’s provision of the Services.

Data Incident” means a breach of Cloudmore’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Your Personal Data on systems managed by or otherwise controlled by Cloudmore. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Your Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).

Data Subject Tool” means a tool (if any) made available by a Cloudmore Entity to Data Subjects that enables Cloudmore to respond directly and in a standardized manner to certain requests from Data Subjects in relation to Your Personal Data (for example, online advertising settings or an opt-out browser plugin).

EEA” means the European Economic Area.

GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Cloudmore Entity” means Cloudmore AB or any other Affiliate of Cloudmore AB.

“Security Documentation” means any documentation that Cloudmore may make available in respect of the Services.

“Security Measures” has the meaning given in Section 7.1.1 (Cloudmore’s Security Measures).

“Subprocessors” means third parties authorized under these Data Processing terms to have logical access to and process Your Personal Data in order to provide parts of the Services and any related technical support.

“Third-party Subprocessors” has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).

The terms “Controller”, “Data Subject”, “Personal data”, “Processing”, “Processor” and “Supervisory Authority” as used in these Data Processing Terms have the meanings given in the GDPR.

Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.

3. Duration of these Data Processing Terms

These Data Processing Terms will take effect on the Agreement Effective Date and, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Your Personal Data by Cloudmore as described in these Data Processing Terms.

4. Application of Data Protection Legislation

These Data Processing terms will only apply to the extent that the Data Protection Legislation applies to the processing of Your Personal Data.

5. Processing of Data

5.1 Nature and Purpose of the Processing

Cloudmore will be processing (including, as applicable to the Services and the instructions described in Your Instructions), collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing, and destroying) Your Personal Data for the purpose of providing the Services and any related technical support to You in accordance with these Data Processing Terms.

5.2. Roles and Regulatory Compliance; Authorization

The parties acknowledge and agree that:

  1. Cloudmore is a processor of Your Personal Data under the Data Protection Legislation;
  2. You are a controller or processor, as applicable, of Your Personal Data under the Data Protection Legislation; and
  3. each party will comply with the obligations applicable to it under the Data Protection Legislation with respect to the processing of Your Personal Data.

Your Personal Data may include the types of personal data described at http://web.cloudmore.com/privacy/Services.

If You are a processor, You warrant to Cloudmore that Your instructions and actions with respect to Your Personal Data, including its appointment of Cloudmore as a processor, have been authorized by the relevant controller.

5.3. Categories of Data Subjects

Your Personal Data will concern the following categories of Data Subjects:

  1. Data Subjects about whom Cloudmore collects personal data in its provision of the Services; and/or
  2. Data Subjects about whom personal data is transferred to Cloudmore in connection with the Services by, at the direction of, or on behalf of You.

Depending on the nature of the Services, these Data Subjects may include individuals: (a) who have visited specific websites or applications in respect of which Cloudmore provides the Services; and/or (b) who are customers or users of Your products or Services.

5.4   You Instructions

By entering into these Data Processing Terms, You instruct Cloudmore to process Your Personal Data only in accordance with applicable law:

  1. to provide the Services and any related technical support;
  2. as further specified via Your use of the Services (including in the settings and other functionality of the Services) and any related technical support;
  3. as documented in the form of the Agreement, including these Data Processing terms; and
  4. as further documented in any other written instructions given by You and acknowledged by Cloudmore as constituting instructions for purposes of these Data Processing Terms.
5.4.1  Cloudmore’s Compliance with Instructions

Cloudmore will comply with the instructions described in Section 5.4 (Your Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Cloudmore is subject requires other processing of Your Personal Data by Cloudmore, in which case Cloudmore will inform You (unless that law prohibits Cloudmore from doing so on important grounds of public interest).

5.4.2. Third-party Product

If You use any Third-party Product, the Services may allow that Third-party Product to access Your Personal Data as required for the interoperation of the Third-party Product with the Services. For clarity, these Data Processing Terms do not apply to the processing of Personal Data in connection with the provision of any Third-party Product used by You, including personal data transmitted to or from that Third-party Product.

6. Data Deletion

6.1. Deletion During Term

During the Term Cloudmore will comply with any reasonable request from You to delete or anonymize Your Personal Data, insofar as this is possible taking into account the nature and functionality of the Services and unless EU or EU Member State law requires storage and will carry out this instruction as soon as reasonably practicable and within a maximum period of 180 days.

Cloudmore may charge a fee (based on Cloudmore’s reasonable costs) for any data deletion under Section 6.1. Cloudmore will provide You with further details of any applicable fee, and the basis of its calculation, in advance of any such data deletion.

6.2. Deletion on Term Expiry

On expiry of the Term, You instruct Cloudmore to delete or anonymize all Your Personal Data (including existing copies) from Cloudmore’s systems in accordance with applicable law. Cloudmore will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.

7. Data Security

7.1. Cloudmore’s Security Measures and Assistance
7.1.1 Cloudmore’s Security Measures

Cloudmore will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described at https://web.cloudmore.com/privacy (the “Security Measures”). Cloudmore may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.

7.1.2 Security Compliance by Cloudmore Staff

Cloudmore will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Your Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

7.1.3.  Cloudmore’s Security Assistance

You agree that Cloudmore will (taking into account the nature of the processing of Your Personal Data and the information available to Cloudmore) assist You in ensuring compliance with any obligations of You in respect of security of personal data and personal data breaches, including (if applicable) Your obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:

  1. implementing and maintaining the Security Measures in accordance with Section 1.1 (Cloudmore’s Security Measures);
  2. complying with the terms of Section 2 (Data Incidents); and
  3. providing You with the Security Documentation in accordance with Section 4.1 (Reviews of Security Documentation) and the information contained in these Data Processing Terms.

7.2. Data Incidents

7.2.1 Incident Notification

If Cloudmore becomes aware of a Data Incident, We will

  1. notify You of the Data Incident without undue delay, and no later than within seventy-two (72) hours, unless ordered otherwise by law enforcement or government agency; and
  2. promptly take reasonable steps to minimize harm and secure Your Personal Data.
7.2.2 Details of Data Incident

Notifications made under Section 7.2.1 (Incident Notification) will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Cloudmore recommends You take to address the Data Incident.

7.2.3 Delivery of Notification

Cloudmore will deliver notification of any Data Incident to Your notification email address or, at Cloudmore’s discretion (including if You have not provided a notification email address), by other direct communication (for example, by phone call or an in-person meeting). You are solely responsible for providing the notification email address and ensuring that the notification email address is current and valid.

7.2.4 Third-party Notifications

You are solely responsible for complying with incident notification laws applicable to You and fulfilling any third-party notification obligations related to any Data Incident.

7.2.5 No Acknowledgement of Fault by Cloudmore.

Cloudmore’s notification of or response to a Data Incident under this Section 7.2 (Data Incidents) will not be construed as an acknowledgement by Us of any fault or liability with respect to the Data Incident.

7.3. You Security Responsibilities and Assessment

7.3.1 Your Security Responsibilities.

You agree that without prejudice to Cloudmore’s obligations under Sections 7.1 (Cloudmore’s Security Measures and Assistance) and 7.2 (Data Incidents):

  1. You are solely responsible for Your use of the Services, including:
    1. making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Your Personal Data; and
    2. securing the account authentication credentials, systems and devices You use to access the Services.
  2. Cloudmore has no obligation to protect Personal Data that You elect to store or transfer outside of Cloudmore’s and our Subprocessors’ systems.
7.3.2 Your Security Assessment

You acknowledge and agree that (taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of the processing of Your Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Cloudmore as set out in Section 7.1.1 (Cloudmore’s Security Measures) provide a level of security appropriate to the risk in respect of Your Personal Data.

7.4        Reviews and Audits of Compliance

7.4.1 Reviews of Security Documentation

To demonstrate compliance by Cloudmore with its obligations under these Data Processing Terms, Cloudmore will make the Security Documentation available for review by You.

7.4.2 Your Audit Rights

Cloudmore will allow You or a third-party auditor appointed by You to conduct audits (including inspections) to verify Cloudmore’s compliance with its obligations under these Data Processing Terms in accordance with Section 7.4.3 (Additional Business Terms for Audits). Cloudmore will contribute to such audits as described in this Section 7.4 (Reviews and Audits of Compliance).

7.4.3 Additional Business Terms for Audits
  1. You will send any request for an audit to Cloudmore as described in Section 1 (Contacting Cloudmore).
  2. Following receipt by Cloudmore of an audit request under this Section, Cloudmore and You will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to such audit.
  3. Cloudmore may charge a fee (based on Cloudmore’s reasonable costs) for any audit under Section 4.2. Cloudmore will provide You with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. You will be responsible for any fees charged by any third-party auditor appointed by You to execute any such audit.
  4. Cloudmore may object to any third-party auditor appointed by You to conduct any audit under Section 4.2 if the auditor is, in Cloudmore’s reasonable opinion, not suitably qualified or independent, a competitor of Cloudmore or otherwise manifestly unsuitable. Any such objection by Cloudmore will require You to appoint another auditor or conduct the audit yourself.
  5. Nothing in these Data Processing Terms will require Cloudmore either to disclose to You or Your third-party auditor, or to allow You or Your third-party auditor to access:
    1. any data of any other customer of a Cloudmore Entity;
    2. any Cloudmore Entity’s internal accounting or financial information;
  • any trade secret of a Cloudmore Entity;
  1. any information that, in Cloudmore's reasonable opinion, could: (i) compromise the security of any Cloudmore Entity’s systems or premises; or (ii) cause any Cloudmore Entity to breach its obligations under the Data Protection Legislation or its security and/or privacy obligations to You or any third-party; or
  2. any information that You or Your third-party auditor seeks to access for any reason other than the good faith fulfilment of Your obligations under the Data Protection Legislation.

8. Impact Assessments and Consultations

You agree that Cloudmore will (taking into account the nature of the processing and the information available to Cloudmore) assist You in ensuring compliance with any obligations in respect of data protection impact assessments and prior consultation, including (if applicable) Your obligations pursuant to Articles 35 and 36 of the GDPR, by:

  1. providing the Security Documentation in accordance with Section 4.1 (Reviews of Security Documentation);
  2. providing the information contained in these Data Processing Terms; and
  3. providing or otherwise making available, in accordance with Cloudmore’s standard practices, other materials concerning the nature of the Services and the processing of Your Personal Data.

9.  Subject Rights

9.1. Responses to Data Subject Requests

If Cloudmore receives a request from a data subject in relation to Your Personal Data, Cloudmore will:

  1. if the request is made via a Data Subject Tool, respond directly to the data subject’s request in accordance with the standard functionality of that Data Subject Tool; or
  2. if the request is not made via a Data Subject Tool, advise the data subject to submit the request to You, and You will be responsible for responding to such request.

9.2.  Cloudmore’s Data Subject Request Assistance

You agree that Cloudmore will (taking into account the nature of the processing of Your Personal Data and, if applicable, Article 11 of the GDPR) assist You in fulfilling any obligation to respond to requests by Data Subjects, including (if applicable) Your obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, by:

  1. providing the functionality of the Services;
  2. complying with the commitments set out in Section 1 (Responses to Data Subject Requests); and
  3. if applicable to the Services, making available Data Subject Tools.

Cloudmore is entitled to remuneration for any potential costs and expenses if You request that Cloudmore shall assist You with responding to a Data Subject's request to exercise his or her rights according to Applicable Data Protection Laws.

10. Transfer to and processing of personal data in a third country

Cloudmore is entitled to transfer Personal Data belonging to You, to a Third Country, provided that:

  1. the Third Country according to a decision issued by the EU Commission provides an adequate level of protection for Personal Data which comprises the Processing of Personal Data;
  2. Cloudmore ensures that there are appropriate safeguards in place in accordance with Applicable Data Protection Laws, e.g. standard data protection clauses adopted by the EU Commission under Applicable Data Protection Laws, that comprises the transfer and the Processing of Personal Data; or
  3. if there are any other exemptions under Applicable Data Protection Laws that comprise the Processing of Personal Data.

For the avoidance of doubt, Personal Data may not be transferred to, or Processed in, a Third Country if none of the conditions outlined in Section 10 above exists.

11. Subprocessors

11.1.  Consent to Subprocessor Engagement

You specifically authorize the engagement of Cloudmore’s Affiliates as Subprocessors. In addition, You generally authorize the engagement of any other third parties as Subprocessors (“Third-party Subprocessor”).

11.2  Information about Subprocessors.

Information about Subprocessors is available per Service at https://web.cloudmore.com/privacy/sub-processsors.

11.3 Requirements for Subprocessor Engagement

When engaging any Subprocessor, Cloudmore will:

  1. ensure via a written contract that:
    1. the Subprocessor only accesses and uses Your Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Data Processing Terms); and
    2. if the GDPR applies to the processing of Your Personal Data, the data protection obligations set out in Article 28(3) of the GDPR are imposed on the Subprocessor; and
  2. remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
11.4 Opportunity to Object to Subprocessor Changes

When any new Third-party Subprocessor is engaged during the Term, Cloudmore will, at least 30 days before the new Third-party Subprocessor processes any of Your Personal Data, inform You of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the Subprocessor list at https://web.cloudmore.com/privacy/sub-processsors and by providing a notification to Your notification email address.

You may object to Cloudmore's assignment of a Subprocessor that shall Process Personal Data on behalf of You within 30 days of being informed of the engagement of the new Third-party Subprocessor, whereby the Parties shall seek to agree on a solution which is acceptable to both Parties. If a mutual acceptable solution cannot be reached, You may terminate the corresponding Service Subscription Agreement immediately upon written notice to Cloudmore. This termination right is Your sole and exclusive remedy if You objects to any new Third-party Subprocessor.

12. Contacting Cloudmore; Processing Records

12.1 Contacting Cloudmore

You may contact Cloudmore in relation to the exercise of Your rights under these Data Processing Terms via the methods described at http://web.cloudmore.com/privacy/contact/ or via such other means as may be provided by Us from time to time.

12.2 Cloudmore’s Processing Records

You acknowledge that Cloudmore is required under the GDPR to:

  1. collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Cloudmore is acting and (if applicable) of such processor’s or controller's local representative and data protection officer; and
  2. make such information available to the supervisory authorities.

Accordingly, You will, where requested and as applicable to You, provide such information to Cloudmore via the user interface of the Services or via such other means as may be provided by Cloudmore, and will use such user interface or other means to ensure that all information provided is kept accurate and up-to-date.

13. Liability

The provisions regarding liability under the Cloudmore Master Agreement shall apply correspondingly to these Data Processing terms.

14. Effect of these Data Processing Terms

If there is any conflict or inconsistency between the terms of these Data Processing terms and the Agreement, the Data Processing terms will govern unless specifically agreed otherwise in the respective Service Subscription Agreement. Subject to the amendment of these Data Processing Terms, the Service Agreement remains in full force and effect.

15. Changes to these Data Processing Terms

15.1 Changes to URLs

From time to time, Cloudmore may change any URL referenced in these Data Processing Terms and the content at any such URL. Cloudmore may only change the list of potential Services at https://web.cloudmore.com/privacy/services:

  1. to reflect a change to the name of a Service;
  2. to add a new Service; or
  3. to remove a Service where either: (i) all contracts for the provision of that Service are terminated; or (ii) Cloudmore has Your consent.
15.2 Changes to Data Processing Terms

Cloudmore may change these Data Processing Terms if the change:

  1. is expressly permitted by these Data Processing Terms, including as described in Section 1 (Changes to URLs);
  2. reflects a change in the name or form of a legal entity;
  3. is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency; or
  4. does not: (i) result in a degradation of the overall security of the Services; (ii) expand the scope of, or remove any restrictions on, Cloudmore’s processing of Your Personal Data, as described in Section 4.1 (Cloudmore’s Compliance with Instructions); and (iii) otherwise have a material adverse impact on Your rights under these Data Processing Terms, as reasonably determined by Cloudmore.
15.2.1 Notification of Changes

If Cloudmore intends to change these Data Processing Terms under Section 15.2(c) or (d), Cloudmore will notify You at least 30 days (or such shorter period as may be required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency) before the change will take effect by sending an email to Your notification email address.

15.2.2 Objection to Change

You may object to a change made in accordance with Section 15.2(d) within 30 days of receiving notice of such change, whereby the Parties shall seek to agree on a solution which is acceptable to both Parties. If a mutual acceptable solution cannot be reached, You may terminate the corresponding Service Subscription Agreement immediately upon written notice to Cloudmore. This termination right is Your sole and exclusive remedy if You object to such change.

END

Inbound Marketing
Learn More
Content Creation
Learn More
Get In Touch
With an Expert