PERSONAL INFORMATION WE COLLECT
The information CloudPay collects includes the following types of information from individuals, job applicants, employees, corporate customers, website visitors and business contacts:
- Payroll data – all information necessary to process payroll for our customers.
- Contact data – name, address, mobile number and email address.
- Personal employment records –this may include all or some of the following information: your application form and CV, employment history, emergency contact information, date of birth, and may include special categories of information relevant to the employment application like medical conditions, background checks including criminal records, information necessary to make payments to you, and any other information you voluntarily provide to CloudPay.
- Web usage data – how you interact with our website.
- Marketing data – contact information.
HOW WE COLLECT YOUR PERSONAL DATA
The personal data we process is voluntarily obtained directly from you in the case of job seekers, through our customers who provide personal information regarding their employees so that we can provide our Payroll Solution, and via our website in the case of website visitors. More specifically, our sources and methods are:
- Our Payroll Solution where CloudPay customers and their users may enter personal information.
- When applying for employment via our jobs portal and during any employment with CloudPay.
- From recruitment agencies.
- When you request marketing information via our website.
- Through recording sales meetings using the Gong tool. We will ask for your permission before making these recordings.
- From publicly available databases.
- At CloudPay and other events.
- Any time you voluntarily provide CloudPay with your personal information.
- For web usage data, CloudPay uses web beacons, or transparent GIF files, provided by our service provider to report activity on our site. The beacons help us manage our online advertising and measure its effectiveness. These files enable our service provider to recognize a Cookie on your web browser, which in turn enables us to learn which communications are most effective. Either CloudPay or our services providers place the Cookie. The information that CloudPay collects by means of these technologies is anonymous and is not personally identifiable unless you have chosen to identify yourself through a form on the website.
HOW WE USE YOUR PERSONAL INFORMATION
CloudPay uses personal information provided to CloudPay only for the purpose it was provided. Those purposes include:
(i) to process payroll on behalf of our customers and carry out obligations arising from an agreement entered into between your employer and CloudPay
(ii) to notify you about changes to our Payroll Solution
(iii) for business development, customer relations and contract management
(iv) to allow you to participate in interactive features of our service when you choose to do so
(v) to provide you with marketing information, products or services that you have requested from us
(vi) to evaluate you for employment
(vii) to manage your employment with us
(viii) to carry out legal and regulatory obligations such as anti-money laundering checks
(ix) Using personal information during any period of employment with CloudPay to carry out its obligations as an employer.
(xi ) CloudPay may use and share information in a de-identified form that does not allow an individual or customer to be identified, primarily to enhance our Customer’s use of the Payroll Solution and for benchmarking purposes.
(xii) CloudPay does not sell personal information to any third parties.
Our marketing information is held by a third party called HubSpot. You can withdraw your consent to marketing by contacting CloudPay at firstname.lastname@example.org. If at any time after registering to receive information you change your mind, you can use the unsubscribe link in emails if you no longer wish to receive marketing information.
We collect information on job applicants when they submit information to CloudPay including their name, address, email and phone number together with information about their suitability for any position. We will process similar information if you made your application via a recruitment agency.
CloudPay may use and share information in a de-identified form that does not allow an individual or customer to be identified, primarily to enhance your use of the Payroll Solution and for benchmarking purposes.
CloudPay does not sell personal information to any third parties.
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Under the General Data Protection Regulation (GDPR) the lawful bases for processing your personal data are:
(i) to perform a contract we have entered into, or are about to enter into,
(ii) where the processing of your data is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests),
(iii)where we need to comply with a legal or regulatory obligation, and
(iv)where you have given your consent to the processing of your personal data including for direct marketing purposes.
Where we process data in accordance with the legitimate interests of CloudPay, or the interests of a third party, in managing the business we will take reasonable measures to prevent unwarranted harm to you. Our legitimate interests include:
- processing payrolls on behalf of our customers
- customer relations
- supplier management
- direct marketing
- product development
- record keeping, training and quality purposes
- operational management including HR
- legal obligations including compliance with anti-money laundering regulations
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
YOUR RIGHTS UNDER GDPR
You have the following rights regarding your information subject to certain exemptions. You can:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be communicated to you in writing, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy, (ii) where our use of the data is unlawful but you do not want us to erase it, (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right may only apply to automated information which you initially provided consent for CloudPay to use or where CloudPay used the information to perform a contract with you.
Withdraw consent at any time where CloudPay is relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. CloudPay will advise you if this is the case at the time you withdraw your consent.
To exercise any of these rights please email your request to us at email@example.com. CloudPay may need to verify your identity or to take other steps to respond to your request. CloudPay will respond to these requests within one calendar month.
Additionally, our marketing information is held by a third party called HubSpot. You can withdraw your consent to marketing by contacting CloudPay at firstname.lastname@example.org. If at any time after registering to receive information you change your mind, you can use the unsubscribe link in CloudPay’s emails if you no longer wish to receive marketing information.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to deal with your concerns through our own complaints procedure which is in line with best practices before you approach the ICO. This may also enable any issues to be dealt with and resolved more quickly.
Complaints should be sent to email@example.com.
CloudPay may share your personal data within the CloudPay group of companies and third parties located inside and outside the European Economic Area (EEA). When we do, we ensure there is a similar degree of protection in managing your information by ensuring one of the following safeguards is in place when applicable:
(i) A determination by the European Commission that the country where the data is being sent has been deemed to provide an adequate level of protection for personal data by the European Commission.
(ii) Standard contractual conditions approved by the European Commission which give personal data the same protection it has in the EEA are in place with third parties to whom we transfer data, or
(iii) A suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for personal data such as the Privacy Shield.
EU-US PRIVACY SHIELD FRAMEWORK AND SWISS-US PRIVACY SHIELD FRAMEWORK
Pursuant to the EU-US and Swiss-US Privacy Shield Frameworks, CloudPay Inc., and its US subsidiary CloudPay Solutions Inc. affirm the following for personal data that has been transferred into the United States:
- The Right To Access: EU, UK, and Swiss individuals have the right to access the data that is transferred into the United States and to correct and amend incorrect information or request erasure of data that has been handled in violation of the Privacy Shield Principles. Individuals wishing to exercise this right may do so by referring to the “Changes to Data” section at the end of this policy.
- We are subject to the jurisdiction and enforcement authority of the United States Federal Trade Commission.
- We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
- In cases of onward transfer to third-party agents of data of UK, EU, or Swiss individuals received pursuant to the Privacy Shield, CloudPay Inc., and its US subsidiary CloudPay Solutions Inc. remain responsible and liable, unless we can prove we were not a party to the actions giving rise to the damages..
We may be required to release personal data in response to lawful requests from public authorities including to meet law enforcement and national security requirements.
COMPLAINT HANDLING; DISPUTE RESOLUTION UNDER THE EU-US PRIVACY SHIELD FRAMEWORK AND SWISS-US PRIVACY SHIELD FRAMEWORK
CloudPay Inc., and its US subsidiary CloudPay Solutions Inc, have further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/file-a-complaint for more information and to file a complaint.
If your complaint involves human resources data transferred to the United States from the European Union, the United Kingdom, or Switzerland in the context of the employment relationship, and CloudPay does not address it satisfactorily, CloudPay commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel, ICO, or FDPIC, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
CloudPay maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to personal information.
CloudPay limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. CloudPay’s employees who have been granted physical access to personal information are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.
HOW LONG DATA IS HELD
CloudPay will only keep your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting, HR or other similar requirements. This includes statutory retention periods and the CloudPay records management policy. Payroll information is held on behalf of customers and in accordance with their instructions.
THIRD PARTY LINKS
Our site may, from time to time, contain links to and from the websites of our partner networks, suppliers, business associates, clients, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that CloudPay does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
CHANGES TO DATA
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes and needs to be updated by notifying us at email@example.com if you are a job seeker. If you are data subject and CloudPay possesses your personal information because it is providing its Payroll Solution to your employer, you may direct your request to your employer to ensure your personal data maintained by CloudPay is accurate and current as our customers generally have administrative rights to make these changes.
When you visit the CloudPay website CloudPay uses a technology that many other websites employ which are small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser downloads the small text file to your device.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. This information is collected on an aggregate basis.
You can find more information about cookies on the AllAboutCookies website here.
CloudPay also uses web beacons, or transparent GIF files, provided by our service provider to report activity on our site. The beacons help us manage our online advertising and measure its effectiveness. These files enable our service provider to recognise a Cookie on your web browser, which in turn enables us to learn which of our communications are most effective.
We use non-identifying information collected on our website in the aggregate form to better understand your use of the website and to enhance your experience. For example, we may use the information to improve the design and content of our website or to analyse the services that we offer. To help us do this we use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- OptanonAlertBoxClosed – One Trust
- OptanonConsent – One Trust
Performance cookies. They allow us to recognise and count the number of visitors and help us to know which pages are the most and least popular and see how visitors move around the site. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
- Google Analytics
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). If you do not allow these cookies then some or all of these services may not function properly.
- Hubspot utk
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.
Nothing in this document shall limit the requirement to comply with data protection laws or other legislation in accordance with applicable law in the country where the processing takes place. For the purposes of compliance with data protection legislation by CloudPay the relevant Supervisory Authority will be the Information Commissioner’s Office in the UK.