Privacy Policy

CLOUDFRAMEWORK, S.L. (hereinafter "CLOUDFRAMEWORK") complies with current legislation on personal data protection as the Data Controller. The technical and organisational measures we adopt are appropriate and comply with Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws.

Your personal data will only be processed by CLOUDFRAMEWORK when it is adequate, relevant and not excessive in relation to the scope and explicit, legitimate purposes for which it was collected. You must provide us with correct, complete, accurate and up-to-date data so that we can communicate with you and provide our services.

We will comply with the duty of secrecy and confidentiality regarding the personal data collected and will not disclose it to third parties without your consent.

Personal data of clients who contract our services will be hosted on secure servers. CLOUDFRAMEWORK will not have access to such information beyond what is necessary to ensure the proper functioning of the service and the integrity, confidentiality and availability of the data.

We recommend that you read this Privacy Policy carefully and visit it regularly to stay informed of the latest published version.

Basic information on data protection

Data Controller

CLOUDFRAMEWORK, S.L. Tax ID: B-88225719, registered in the Madrid Commercial Register, Volume 38,278, Sheet 30, Section 8, Page M-681099, 1st Registration. Address: Calle Serrano 8, 5th floor, 28001 Madrid.

Data Protection Officer

The company has appointed a Data Protection Officer who can be contacted at gdprsec@cloudframework.io

Purposes of processing

Your personal data will be processed for the following purposes:

• To manage the contracting of the licence to use our 'Cloud 360º Platform' or our 'Virtual CTO' service, and to administer the provision of the service contracted by our clients.
• To respond to enquiries you submit through our contact channels.
• To send you commercial, advertising and marketing information.
• To manage our business appropriately.
• To manage our official social media profiles.
• To comply with applicable legal obligations.

Legal basis

The legal basis for processing your personal data will depend on the purposes mentioned above and may be (i) your consent; (ii) the performance and maintenance of the commercial relationship; (iii) compliance with our legal obligations; or (iv) in some cases, our legitimate interest.

Recipients

Other technology providers with whom we have contracted services may have access to your personal data, but they will process it on our behalf and under our instructions. Your data may be disclosed to public authorities, law enforcement, courts and tribunals where required by law.

Rights

You may exercise your rights of access, rectification, erasure, restriction of processing, objection, data portability and withdrawal of consent free of charge by sending a written request to our postal address or by contacting our DPO. You may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

1. Data Controller

The entity responsible for the processing of your personal data is CLOUDFRAMEWORK, S.L., Tax ID B-88225719 (hereinafter "CLOUDFRAMEWORK"), with registered office at Calle Serrano 8, 5th floor, 28001 Madrid.

When a client contracts our services, CLOUDFRAMEWORK acts as Data Controller for the client's data. With regard to personal data processed on the platform during the provision of services, CLOUDFRAMEWORK acts as Data Processor; the Controller is always the client.

2. Origin of the data we obtain

We may collect your personal data because you have provided it to us directly (through our contact channels), to request information, make an enquiry, request the contracting of our services, or participate in our official social networks. We may also collect technical or behavioural data through your use of this website via cookies or other technologies, as detailed in our Cookie Policy.

If you contract our services, we may have access (as Data Processors) to data voluntarily provided by clients for the performance of the contractual relationship.

3. Types of data we process

We may process (i) identification data, such as your name or ID number; (ii) contact data, such as email or phone; (iii) or professional data related to the company in which you work.

When you act on behalf of a company, we may legitimately process your contact data and your role or position when the processing relates only to the data necessary for your professional contact and for maintaining relations with your company.

4. Purpose and legal basis of processing

Your personal data will only be obtained by CLOUDFRAMEWORK for processing when it is adequate, relevant and not excessive in relation to the determined and legitimate purposes for which it was collected.

We process your data to: manage registration and performance of the contract; respond to your enquiries through our contact channels (legitimate interest); send you commercial information if you have given your consent; manage our business (legitimate interest); manage our social media profiles; and comply with applicable legal obligations.

You may object at any time to marketing processing or profiling. To exercise your rights you may write to CLOUDFRAMEWORK, Calle Serrano 8, 5th floor, 28001 Madrid, or email rgpd@cloudframework.io

5. Recipients

CLOUDFRAMEWORK will not disclose your data to third parties without your consent, except for compliance with legal obligations (public authorities, law enforcement, courts) or to provide platform services, in which case we disclose data to technology providers who act on our behalf under appropriate contractual guarantees.

6. International data transfers

Your personal data may be processed and stored by Data Processors outside your country or the European Economic Area. In such cases, transfers will be governed by EU Standard Contractual Clauses or by providers offering adequate guarantees.

7. Data retention

We will retain your personal data for as long as strictly necessary to provide the contracted services, and until you request erasure or withdraw your consent, as well as the time necessary to comply with legal obligations and any resulting liability.

We may retain your data even after you have ceased to be a client or have requested erasure, for the purpose of addressing any liability during the limitation period, keeping it duly blocked and with restricted access.

8. Exercise of rights

You have the right to exercise your rights of access, rectification, erasure, restriction of processing, objection, portability and to withdraw your consent. To exercise them you may write to CLOUDFRAMEWORK, Calle Serrano 8, 5th floor, 28001 Madrid, or email rgpd@cloudframework.io. You may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

9. Complaints to the Supervisory Authority

You may lodge complaints regarding the processing of your personal data with the Spanish Data Protection Agency (www.aepd.es).

10. How we process data on behalf of the client who contracts our services

CLOUDFRAMEWORK processes the data of clients who use its services as a Data Processor, in accordance with Article 28 of the GDPR, on behalf of and under the instructions of the client (Data Controller). We always sign a Data Processing Agreement with these Controllers.

CLOUDFRAMEWORK will not subcontract any main provision to third parties without the Controller's authorisation. We will cooperate with the Controller in the event of a security breach that may affect the data. Users who wish to exercise their rights must contact the client who has contracted our services.

Upon termination of the service, we will delete or return to the Controller the personal data of users. Such data may be retained in blocked form to address any liability during the limitation period.