This privacy notice sets out how we, Alchemy Box Ltd through our product CloudFO use, protect and share your personal information when you:
- Visit our website at https://cloudfo.co or any website of ours that links to this privacy notice
- Use and register to access our services
- Purchase a subscription to our services
- Sign up to receive updates and stay informed about our services via email or social media channels
- Engage and/or communicate with us in any other ways, including communicating with us about your feedback, sales, marketing, or events or mentioning us on social media
It also sets out how we use, disclose, transfer and otherwise process your personal information.
1. Who We Are
Alchemy Box Ltd is a Data Controller in relation to some of the information collected from you, which means that we are responsible under data protection laws for ensuring that your personal information is protected.
Legal entity name: Alchemy Box Ltd
Email address: info@cloudfo.co
Postal address: 85 Great Portland Street, First Floor, London, England, W1W 7LT
Where the CloudFO services are provided to a business and you use the services as an employee, or in a substantially similar capacity, we act as a Data Processor on behalf of your employer. Your employer remains the Data Controller for that processing.
2. What Information Do We Collect?
We may collect, use, store and transfer different kinds of personal information about you, including:
- Identity and Contact Information such as your first name, last name, username or similar identifier, title, business address, business email address and professional social media handles
- Financial and Transaction Information including bank account and payment card details and details about payments to and from you
- Technical and Usage Information including IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, browser type and settings, usage activity, logs, time zone settings and other technical information
- Profile Information including your username and password, preferences, feedback and survey responses
- Marketing and Communications Information including your preferences for receiving marketing from us and your communication preferences
We may also anonymise and aggregate information so that it no longer directly or indirectly reveals your identity.
3. How Do We Process Your Information?
How your information is collected
- When you interact with us: you may provide personal information through online forms, emails, calls, post or when using our services
- Automated technologies and cookies: as you interact with our website, we automatically collect technical and usage data using cookies and similar technologies. Please see our Cookie Notice for further details
4. What Legal Bases Do We Rely On To Process Your Information?
We rely on one or more of the following legal bases when processing personal information:
- Performance of a contract
- Legitimate interests
- Legal obligation
- Consent
- Vital interests
Identity and Contact Information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Identify you, respond to queries, and administer accounts | To provide our core services and manage our relationship with you | Legitimate interests; performance of a contract |
Process payment administration | To provide the services you purchased | Performance of a contract; legitimate interests |
Send service updates and policy updates | To keep you informed about the services and required notices | Performance of a contract; legitimate interests; legal obligation |
Send information about products and services | To let you know about services that may interest you | Legitimate interests |
Send surveys and request feedback | To understand your experience and improve our services | Legitimate interests |
Financial and Transaction Information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Take payments for our services | To facilitate billing and refunds where necessary | Performance of a contract; legitimate interests |
Keep records of transactions | For accounting and compliance purposes | Legal obligation |
Provide our core services | To deliver forecasting and financial functionality | Performance of a contract |
Technical and Usage Information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Identify visitors and keep the website available | To provide a reliable user experience | Legitimate interests |
Monitor use of the website and test IT systems | To improve the website and protect against fraud or cyberattacks | Legitimate interests; legal obligation |
Profile Information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Tailor relevant marketing based on profile information | To make communications more relevant | Legitimate interests |
Marketing and Communications Information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Keep a record of your communication preferences | To respect your choices and maintain accurate records | Legitimate interests; legal obligation |
All personal information
What do we do? | Why do we do it? | What is the legal basis? |
|---|---|---|
Transfer personal data in connection with a merger, sale, investment, acquisition, bankruptcy, or similar corporate event | To ensure continuity of service and protect or grow the business | Legitimate interests |
In limited circumstances we may also process personal information to establish, exercise or defend legal claims or to comply with legal or regulatory obligations.
5. When And With Whom Do We Share Your Personal Information?
We may share personal information with third parties who provide services to us, such as IT, communications, CRM, email, marketing automation and hosting providers. We require all third parties to respect the security of your information and to treat it in accordance with the law.
The categories of recipients may include:
- Service providers and processors, including IT and website providers, payment providers, professional advisers, consultants, insurers, accountants, agents, suppliers, sub-contractors and associated organisations
- Third parties where required by law, including regulators, courts, law enforcement and tax authorities
- Third parties involved in corporate transactions, including actual or potential investors or counterparties
The third party service providers we currently use include:
- Google Analytics
- Mixpanel
- AWS SES
- Google Adsense
- Stripe
- Brevo
We may also provide anonymous information to analytics and search providers to help us improve and optimise our services.
6. Do We Use Cookies And Other Tracking Technologies?
We may use cookies and similar tracking technologies such as web beacons and pixels to access or store information. More detail is set out in our Cookie Notice.
7. What Happens If We Share Your Information With Organisations Outside Of The UK?
Whenever we transfer your personal information outside the UK or EEA, we aim to ensure a similar degree of protection by using recognised safeguards such as:
- transfers to countries deemed to provide an adequate level of protection
- standard contractual clauses or other approved transfer mechanisms
For more information about these safeguards, please contact info@cloudfo.co.
8. How Long Do We Keep Your Information?
We keep personal information only for as long as necessary for the purposes described in this privacy notice, unless a longer retention period is required or permitted by law.
When we no longer have an ongoing legitimate business need to process your personal information, we will delete or anonymise it or securely isolate it until deletion becomes possible.
9. How Do We Keep Your Information Safe?
We have implemented appropriate technical and organisational security measures designed to protect the personal information we process. However, no electronic transmission or storage system can be guaranteed to be completely secure.
Your account is protected by a password. You are responsible for selecting a strong password and keeping it confidential.
10. Do We Collect Information From Minors?
We do not knowingly solicit data from or market to children under 18 years of age. Our website and services are not aimed at children under 18.
11. What Are Your Privacy Rights?
You may have rights under applicable data protection laws, including the right to:
- request access to your personal information
- request correction of inaccurate or incomplete personal information
- request erasure in certain circumstances
- object to processing based on legitimate interests, including profiling
- object at any time to direct marketing
- request transfer of personal information where applicable
- withdraw consent where processing relies on consent
- request restriction of processing in certain circumstances
To exercise these rights, contact us at info@cloudfo.co.
You will not usually have to pay a fee to exercise your rights, although we may charge a reasonable fee or refuse a request if it is clearly unfounded, repetitive or excessive. We may also request information from you to confirm your identity, and we aim to respond to legitimate requests within one month unless a request is particularly complex.
12. How Do I Manage My Marketing Preferences?
You can opt out of marketing communications at any time by using the unsubscribe link in a marketing email or by contacting info@cloudfo.co.
If you opt out of marketing, you may still receive essential service-related communications.
13. Do We Make Updates To This Notice?
We may update this privacy notice from time to time. The updated version becomes effective as soon as it is accessible. If we make material changes, we may notify you directly or post a prominent notice.
14. How Can You Contact Us About This Notice Or Make A Complaint?
If you have questions or comments about this notice, contact info@cloudfo.co.
You have the right to complain to the Information Commissioner's Office in the UK at www.ico.org.uk. We would, however, appreciate the opportunity to address your concerns first.
15. Additional Information For Residents In Certain Jurisdictions
Australia
Where disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles, and you may not be able to seek redress under that legislation if they contravene those principles.
United States
Under California Civil Code Section 1798.83, California residents may request information about disclosures of personal information to other organisations for their direct marketing purposes by contacting info@cloudfo.co with the subject line "Request for California privacy information".
We do not currently respond to browser "Do Not Track" signals.
California residents may also have rights to know about and request deletion of personal information collected in the previous 12 months, including categories of information collected, sources, recipients, purposes and specific pieces of information collected about them. California residents may also request information under California's "Shine the Light" law about how certain personal information is shared for direct marketing purposes.