INTRODUCTION

The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age. The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Cloudeberry Ltd is committed to ensuring the security and protection of the personal data that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complied with existing law and abided by the Data Protection Act and GDPR principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.

Our preparation and objectives for GDPR compliance include the development and implementation of new data protection roles, policies, procedures, training, controls and measures to ensure ongoing compliance.

We have seen the GDPR as an opportunity to further streamline our processes and identify ways in which we can improve the quality and security of the systems we use.

We adhere to the principles of the GDPR and are working on ways to increase the transparency with which we process your personal data as well as giving you easily accessible ways to exercise your rights in relation to the GDPR.

Our abbreviated data protection policy is available on the website of the company (www.cloudeberry.com) in the privacy policy section. If you have any questions about our approach to data protection or the personal data we hold about you please contact us by email, phone or post.

Privacy Policy

1. Overview
Cloudeberry Ltd (“Cloudeberry Ltd ”) is committed to respecting and protecting your privacy.

This policy explains the basis on which Cloudeberry Ltd processes any personal data we collect from individuals, or that is provided to us by other sources. This includes the reasons we may collect personal data, when we collect it, the conditions under which we share it with others, how we protect it as well as your rights and choices in relation to your personal data.

This policy sets out the rules on data protection and legal conditions that must be satisfied when we collect, process, or transfer personal data. For more details on data protection law and regulation we recommend you consult the guidance published by the UK’s Information Commissioner’s

Office, https://ico.org.uk/
This policy does not currently form part of any employee’s contract of employment and may be amended at any time.

Any questions regarding this policy and our privacy practices should be sent by email to info@cloudeberry.com or by writing to Cloudeberry Ltd , Kemp House, 152-160 City Road, England.

2. Who we are
Cloudeberry Ltd is an independently owned Managed IT and Cloud service provider. In this policy ‘Cloudeberry Ltd ’, ‘we’, ‘us’ or ‘our’ means:

• Cloudeberry Ltd Limited Solutions, a company registered in England and Wales with company number 12056702 whose registered office is at Kemp House, 152-160 City Road, England
As part of the Cloudeberry Ltd business we may collect personal data about:
• current, past and prospective employees;
• freelancers, contractors, suppliers and other third parties who work on our, or our client’s, behalf;
• current, past and prospective clients; and
• the general public who browse our website or otherwise communicate with us.
3. How we collect personal data from you?
The main ways that Cloudeberry Ltd collects personal data are:
a) Personal data you give us directly
For example, by requesting a quote from us via email or social media or by interacting with us on our website, or by applying for a job at Cloudeberry Ltd .

b) Personal data you give us indirectly
Your personal data may be shared with us by third parties, which might include:
• marketing agencies;
• email marketing platforms; and
• subcontractors acting on our behalf who provide us with payment or delivery services, our business partners, advertising networks analytics providers and search information providers.
You should check any privacy policy provided to you where you give your data to a third party.

c) When you visit our website
Like many organisations, we automatically collect the following information from our website:

• technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the information we provide on our website.

• information about your visit to this website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).

We collect and use your personal data by using cookies on our website. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. For example, we use cookies to store your country preference. This helps us to deliver a better, more personalised service when you browse our website and improve our services.

It is possible to switch off cookies by setting your browser preferences.

d) Social Media

When you interact with us on social media platforms such as Facebook and Twitter we may obtain personal data about you (for example, when you send us a message or tag us in a public post). The personal data we receive will depend on the privacy preferences you have set on those types of platforms.

4. What type of personal data is collected from you?
Depending on your relationship with Cloudeberry Ltd the personal data we collect, store and use might include:

• your name and contact details (including postal address, email address and telephone number);
• your company and job title;
• your social media handles;
• your sizing details and preferences;
• information about your activities on our website and about the device used to access it, for instance your IP address and geographical location; and
• any other personal data shared with us.
Data protection laws recognise certain categories of personal data as “sensitive” and therefore requiring greater protection, for example information about your health, ethnicity and religion.

We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow it. Where appropriate, we will make it clear why we are collecting this type of personal data and what it will be used.

5. How and why is your personal data used?
We may use your personal data for several different purposes, which may include:

• providing you with the services or information you asked for;
• business development and marketing purposes;
• carrying out our obligations under any contracts entered into between you and us
• keeping a record of your relationship with us;
• conducting analysis and market research so we can understand how we can improve our services, products or information;
• checking for updated contact details against third party sources so we can stay in touch if you move;
• seeking your views or comments on the services we provide;
• notifying you of changes to our services;
• processing grant or job applications.
If You Fail To Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

6. How long is your personal data kept for?

We keep your personal data for no longer than is necessary for the purposes it was collected for, the length of time we retain your personal data for is determined by operational and legal considerations. For example, we are legally required to hold some types of personal data to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
7. Who has access to your personal data?

a) We WILL share your personal data within our company where it is in our legitimate interests to do so for internal administrative and business development purposes (for example to ensure consistent delivery of our services).

b) We DO NOT sell or rent your personal data to third parties.

c) We DO NOT share your personal data with third parties for marketing purposes, subject to (d) below. However, we may disclose your personal data to third parties to achieve the other purposes set out in this policy for the purposes of delivering agreed services or information to you.

d) We MAY pass your personal data to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings, or organisers of events to which we have invited you). However, when we use these third parties, we disclose only the personal data that is necessary to deliver the services and we have a contract in place that requires them to keep your personal data secure and prevents them from using it for their own direct marketing

purposes. Please be reassured that we will not release your personal data to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so.

e) We MAY disclose your personal information if and to the extent that we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. 8. Lawful Processing

Data protection law requires us to rely on one or more lawful grounds to process your personal data.

We consider the following grounds to be relevant:

a) Specific Consent

Where you have provided specific consent to us using your personal data in a certain way, such as to send you newsletters or email, text and/or telephone marketing.

b) Performance of a contract

Where we are entering into a contract with you or performing our obligations under that contract.

c) Legal obligation

Where necessary to comply with a legal or regulatory obligation to which we are subject.

d) Legitimate interests

Where it is reasonably necessary to achieve our or others’ legitimate interests, as long as what the personal data is used for is fair and does not unduly impact your rights.

We consider our legitimate interests to be running Cloudeberry Ltd as a profitable organisation in pursuit of our aims and ideals, and those of our clients. For example, to:

• send email communications which we think will be of interest to you;
• monitor who we deal with to protect Cloudeberry Ltd against fraud, money laundering and other risks;
• enhance, modify, personalise or otherwise improve our services /communications for the benefit of our clients, employees and suppliers; and
• understand better how people interact with our website.

When we legitimately process your personal data in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

When we use sensitive personal data, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).

9. Your choices
You have a choice about whether you wish to receive information from us.

We’re committed to putting you in control of your data so you’re free to ask us to remove you from our mailing lists at any time by contacting us by email at info@cloudeberry.com or by writing to, Cloudeberry Ltd, Kemp House, 152-160 City Road, England

We can, when asked, retain your details on a suppression list to help ensure that we do not continue to contact you.

11. Your Rights
Under UK data protection law, you have certain rights over the personal data that we hold about you.

These include:
a) Right of access
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the personal data we hold about you, and we will provide you with this unless legal exceptions apply.

If you want to access your personal data, please send a description of the information you want with proof of your identity by post to the address provided below.

b) Right to have your inaccurate personal data corrected

You have the right to have inaccurate or incomplete personal data we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us by email at info@cloudeberry.com or by writing to Kemp House, 152-160 City Road, England.

c) Right to restrict use

You have a right to ask us to restrict the processing of some or all of your personal data if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.

d) Right of erasure

You may ask us to delete some or all of your personal data and in certain cases, and subject to certain exceptions, we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.

e) Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.

f) Right to object

You have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.

If you want to exercise any of the above rights, please email us at email, phone or postal address. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/

12. Keeping your information safe

We consider carefully the confidentiality, integrity and availability of any personal data we process and take steps to ensure that appropriate technical and organisational controls are in place to protect it. These include measures to reduce the risk of theft or loss of the devices on which personal data is held, internal policies, staff training, firewalls, backups, the use of passwords and ensuring that our systems are patched against vulnerabilities and malware.

All traffic to our website is encrypted and protected. We provide secure transfer methods on request for ensuring the encrypted transmission of sensitive personal data.

Personal data transmitted normally over the Internet can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

13. Links to and from other websites

Our website may contain links to other websites run by other organisations. This policy applies only to Cloudeberry Ltd and no other website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy policy of that third party site.

14. Changes to this policy

Any changes we may make to this policy in the future will be posted on this website. If we make any significant changes we’ll make this clear on our website and may notify you by other means, for example by posting on social media.

15. Review of this Policy

We keep this policy under regular review. This policy was last updated in June 2020.