Last updated: 2024-11-06
This privacy notice sets out how we, Alchemy Box Ltd through our product CloudFO use, protect and share your personal information when you:
- Visit our website at https://cloudfo.co or any website of ours that links to this privacy notice;
- Use and register to access our services;
- Purchase a subscription to our services;
- Sign up to receive updates and stay informed about our services via email or social media channels; and
- Engage and/or communicate with us in any other ways, including communicating with us about your feedback, sales, marketing, or events or mentioning us on social media.
It also sets out how we use, disclose, transfer and otherwise process your personal information.
- WHO WE ARE
Alchemy Box Ltd is a Data Controller in relation to some of the information which is collected from you, which means that we are responsible under Data Protection laws for ensuring that your personal information is protected.
Legal entity name: Alchemy Box Ltd
Email address: info@cloudfo.co
Postal address: 85 Great Portland Street, First Floor, London, England, W1W 7LT
Where the CloudFO services are provided to a business, and you use the services as an employee (or you act in the same capacity as an employee) in the course of your duties, we act as a Data Processor. This means that we process the personal data provided to us when you use the services, on behalf of (and on the instructions of) your employer. Your employer is the Data Controller ultimately responsible for this processing and should be contacted directly if you have any queries relating to their use of your information.
- WHAT INFORMATION DO WE COLLECT?
We may collect, use, store and transfer different kinds of personal information about you such as:
-
Identity and Contact Information which includes your first name, last name username or similar identifier, title, your business address, business email addresses and your professional social media handles.
-
Financial and Transaction Information including bank account and payment card details, details about payments to and from you.
-
Technical and Usage Information including IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, browser type and settings, information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’), and hardware settings), time zone setting, browser plug-in types and versions, operating system and platform, device ID, information about how and when you use our services, and other technical information.
-
Profile Information including your username and password, preferences, feedback and survey responses.
-
Marketing and Communications Information including your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also anonymise and aggregate information (so that it does not directly (or indirectly reveal your identity) which we may then use to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve and develop the website and the products and services that we offer.
- HOW DO WE PROCESS YOUR INFORMATION?
How your information is collected:
-
When you interact with us: you may share your personal information with us when you provide information using an online form or when you correspond with us by email, post, telephone or any other means or when you use our services.
-
Automated Technologies and Cookies: as you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. Please see our cookie policy /cookies for further details.
- WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
The law requires us to have a legal basis for everything that we, as a data controller, do with your personal information falling under one of the following categories:
-
Performance of a contract with you: Where we need to perform a contract or we are about to enter into or have entered into with you, for example where you have purchased our goods and/or services.
-
Legitimate interests: We may use your personal information where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and/or enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
-
Legal obligation: We may use your personal information where it is necessary for compliance with a legal obligation that we are subject to.
-
Consent: We rely on consent only where we are required by law to obtain your active agreement to use your personal information for a specified purpose.
-
Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
We use your personal information in a number of different ways and for different reasons – the tables below set out what we do and why, relating to the groups of personal information defined in the ‘WHAT INFORMATION DO WE COLLECT’ section:
Identity and Contact Information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| Identify you when you visit our website or you contact us for any reason and administer any accounts you set up. | So that we know who we are talking to, and to enable us to set up your account and to provide our core services to you or your employer. | Legitimate interests to review and respond to any correspondence or queries you send to us, and to send information regarding the services that you have bought or requested. Performance of a contract with you. |
| Process any payment related to the services we provide to you. | So we can provide you with our services. | Performance of a contract with you. Legitimate interests to process and administer your access to and the delivery of our services. |
| Send you service updates, confirmations and updates to this Privacy Notice and/or our terms and conditions. | So we can keep you informed of any changes to our services and to let you know about any issues with your purchase. | Performance of a contract with you. Legitimate interests to send service information regarding our services that you have bought or requested. Legal obligation. |
| Send you information about our products and services. | So we can let you know about services that we offer that you might be interested in. | Legitimate interests to promote our services and to develop our business. |
| Send you surveys and to ask for feedback. | To offer you the opportunity to let us know how we are doing, or to let us know your views on another subject. | Legitimate interests to better understand your experience and provide us with the opportunity to improve our services. |
Financial and Transaction Information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| Take payments for our services. | To facilitate payment for our services and to issue any refunds where necessary. | Performance of a contract with you. Legitimate interests to manage and administer your payments for our services. |
| Keep a record of our transactions with you. | For accounting purposes. | Legal obligation. |
| Provide our core services to you or the business who has contracted with us. Please note that your payment card details are not processed as part of our provision of the services. | Our service involves the use of your business financial information, such as your business bank account. This may include financial information relating to you as an individual. We use this information so that we can provide our services to you. | Performance of a contract. |
Technical and Usage Information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| Identify you when you visit our website. | To provide you with the best possible user experience and to keep the website available. | Legitimate interests to provide and maintain our website through utilising cookies that are strictly necessary and to measure the use website to inform and improve it. |
| Monitor visitors to our websites and analyse their use of the website and perform tests on our IT systems. | To protect our website and our IT systems from fraud or cyberattacks and to improve our websites and our services and our IT security. | Legitimate interests to provide and maintain our website through utilising cookies that are strictly necessary and to measure the use website to inform and improve it. Legal obligation. |
Profile Information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| Send you relevant marketing material based on your profile information. | To make sure that the marketing that we send to you is relevant and is something that you are interested in receiving. | Legitimate interests to promote our services and to develop our business. |
Marketing and Communications Information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| We keep a record of your communication preferences | So we can make sure that you only receive the communications from us that you would like to receive and so we can update our records if you change your mind. | Legitimate interests to promote our services and to develop our business. Legal obligation. |
All of your personal information
| What do we do? | Why do we do it? | What is the Legal Basis? |
|---|---|---|
| We may transfer your personal data in part or whole in connection with any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event or corporate transaction. | So we can ensure the continued service and function and to ensure we can protect and grow our business. | Legitimate interests to ensure we can protect and grow our business. |
In limited circumstances we may process any of your personal information we hold to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations.
Where we need to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products/services). We will notify you of this at the time.
- WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
We may share your personal information with third parties who provide services to us, for example, our IT, communications, CRM, email and marketing automation and hosting providers. We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
The categories of data recipients we may disclose your personal information to are as follows:
- Service Providers and Processors. We engage third party service providers, from time to time, including:
- IT & website service providers
- Payment service providers
- Professional advisors such as tax or legal advisors (for example, as necessary for the establishment, exercise or defence of legal claims or to protect the rights or safety of the website or us
- Consultants, insurance companies/claim managers and accountants
- Agents, suppliers or sub-contractors and other associated organisations where they are engaged by us to help deliver a service that we have instructed them on.
The third party Service Providers we currently use are:
-
Google Analytics
-
Mixpanel
-
AWS SES
-
Google Adsense
-
Stripe
-
Brevo
-
Third parties in case of a legal requirement. We also disclose your personal information if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the police/tax authorities, such as HMRC in the UK).
-
Third parties in case of a corporate transaction. In addition, information about our customers, including personal information, may be disclosed as part of any merger, sale, transfer of our assets, investment, acquisition, bankruptcy, or similar event, including while engaging with our actual or potential investors.
We may provide anonymous information to analytics and search engine providers to help us improve and optimise our services. We will only share this information in a form that does not directly identify you.
- DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
- WHAT HAPPENS IF WE SHARE YOUR INFORMATION WITH ORGANISATIONS OUTSIDE OF THE UK?
Whenever we transfer your personal information out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring that the necessary safeguards are in place, for example:
-
We will only transfer your personal information to countries that have been deemed by regulators in the UK or the EU to provide an adequate level of protection for personal information; or
-
We may use specific standard contractual terms approved for use in the UK and EU which give the transferred personal information the same protection as it has in the UK and EU.
For more information about these safeguards, please contact us at info@cloudfo.co
- HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
- HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
Your account is protected by a password for your privacy and security. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
- DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly solicit data from or market to children under 18 years of age. Neither our website or our services are aimed at children under 18 years of age.
- WHAT ARE YOUR PRIVACY RIGHTS?
You have a number of rights under data protection laws in relation to your personal information.
You have the right to:
-
Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
-
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
-
Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
-
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object any time to the processing of your personal information for direct marketing purposes.
-
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
-
Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
-
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in one of the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of these rights please contact us by email at info@cloudfo.co.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- HOW DO I MANAGE MY MARKETING PREFERENCES?
If you decide that you do not wish to receive marketing communications from us, you can opt-out at any time by using the “unsubscribe” link at the bottom of any marketing communication that we send to you. You can also contact us at info@cloudfo.co}.
We will always get your express consent before we share your personal information with any third party for their own direct marketing purposes.
Please note that if you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to order confirmations, updates to our Terms and Conditions, checking that your contact details are correct.
- DO WE MAKE UPDATES TO THIS NOTICE?
We may update this privacy notice from time to time. The updated version will be indicated by an updated ‘Revised’ date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
- HOW CAN YOU CONTACT US ABOUT THIS NOTICE OR MAKE A COMPLAINT?
If you have questions or comments about this notice, please contact us by email at info@cloudfo.co
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- ADDITIONAL INFORMATION FOR RESIDENTS IN CERTAIN JURISDICTIONS
This section includes additional information as required under privacy laws of certain jurisdictions.
AUSTRALIA
Additional Disclosures for Australian Privacy Act Compliance (AU)International Transfers of Personal Information
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
UNITED STATES
Additional Disclosures for California Compliance (US)
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organisations for their marketing purposes.
To make such a request, please contact us using the details provided in this privacy policy with “Request for California privacy information” in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time we do not respond to browser “Do Not Track” signals.
We adhere to the standards outlined in this privacy policy ensuring we collect and process personal information lawfully, fairly, transparently and with legitimate, legal reasons for doing so.
CCPA-permitted financial incentives
In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.
Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
Right to Know and Delete
If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
- To exercise any of these rights, please contact us using the details provided in this privacy policy.
Shine the Light
If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.
To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.