Privacy Policy
Last updated: 15 June 2023
1. Introduction
Cloud Coach LLC, (“Cloud Coach”) is committed to protecting the privacy of individuals who visit our website, who use our project management and professional services automation services (the “Services”), who register to attend our events (in person or online), sign up for additional content, request demonstrations of the Services, or sign up to our newsletter. It is important to Cloud Coach that you understand what information we collect and also that you understand what we may do with that information, as well as individuals’ choices regarding use, access and correction of personal information. This Privacy Policy also applies to our other group companies, Cloud Coach Enterprises, LLC, Cloud Coach Inc, and our UK representative, Cloud Coach Europe Ltd., who are also controllers and processors of your personal data.
Please carefully read this Privacy Policy to be sure you understand how your information may be used. This Privacy Policy also covers the collection of data from applications on mobile devices.
Cloud Coach is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy policy)
Contact Details:
We and Cloud Coach Europe Ltd. are the data controllers with conduct of your personal information.
Our full details are:
Cloud Coach, LLC
Email Address: [email protected]
Postal address: 123 N. College Ave. Suite 250
Fort Collins, CO 80528
We have appointed our UK establishment, Cloud Coach UK Ltd., as our UK representative. If you would like to contact us via our UK representative then you can contact them at:
Email Address: [email protected]
Postal Address: First Floor, Templeback, 10 Temple Back, Bristol BS1 6FL
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at [email protected]
2. What Data Do We Collect About You
Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:
- Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
- Contact Data may include your billing address, delivery address, email address and telephone numbers.
- Financial Data may include your bank account and payment card details.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access the Site.
- Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
- Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
Sensitive Data
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences. Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order of the Services. If we do, we will notify you at that time.
3. How We Collect Your Personal Data
We collect personal data about you through a variety of different methods including:
- Direct Interactions: You may provide data when filling in forms on the Site (or otherwise) by communicating with us by post, phone, email, or otherwise, including when you:
- subscribe to our Service;
- create an account on the Site;
- request resources or marketing be sent to you;
- request a demonstration of the Service;
- watch a demo or install the Service from the Salesforce AppExchange;
- give us feedback.
- Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Please see the cookie section of this policy for further details.
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
- Analytics providers such as Google based outside the EU;
- Identity and Contact Data from publicly available sources such as LinkedIn.
- Interactions with Cloud Coach specific listings on the Salesforce AppExchange.
4. How We Use Your Data
We will only use your personal data when legally permitted.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at [email protected] or by clicking the unsubscribe link in our emails.
Set out below is a description of the ways we intend to use your personal data in our business and the legal grounds on which we will process such data. Different sections apply depending on your relationship with us. Please read each section carefully as more than one section may apply to how we use your information. We have also explained what our legitimate interests are where relevant.
Please email us at [email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Activity | Type of data | Purpose and Lawful basis for processing |
---|---|---|
To respond to your enquiry regarding our products/services | (a) Identity (b) Contact |
We have a legitimate interest in responding to your enquiry. We process your information to carry out pre-contractual steps relating to a potential contract between us. We have a legitimate interest in keeping a record of your request as well as our response. This helps us efficiently operate our business and prevent fraud. |
Where you or your organisation purchases goods or services from us. This includes registering you as a new customer, managing our relationship with you and to process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
If the contract is with you, the processing is necessary for us to perform our obligations under the contract. If the contract is with your organisation then we have a legitimate interest in processing your personal information for the purpose of managing the contractual relationship between your organisation and us. We have a legitimate interest in keeping a record of the contract between us (or your organisation and us) for the administration of our business and to address any disputes which may arise between us (or your organisation and us). |
Where you or your organisation supplies goods or services to us | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (e) Marketing and Communications (f) Profile |
If the contract is with you, the processing is necessary for us to perform our obligations under the contract. If the contract is with your organisation then we have a legitimate interest in processing your personal information for the purpose of managing the contractual relationship between your organisation and us. We have a legitimate interest in keeping a record of the contract between us (or your organisation and us) for the administration of our business and to address any disputes which may arise between us. |
To enable you to partake in a prize drawing, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
The processing in respect of prize draws and competitions is necessary to perform our obligations under the contract with you. We have a legitimate interest in keeping a record of the contract between us and, in respect of surveys, studying how customers use our products/services in order to develop them and grow our business. |
Monitoring how users interact with our website through the use of cookies. To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
We have a legitimate interest in monitoring how you interact with our website in order to improve it and to troubleshoot issues. In some circumstances it is also necessary to comply with a legal obligation, such as prevention of fraud. |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage |
Necessary for our legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy |
To make suggestions and recommendations to you about goods or services that may be of interest to you and to deliver relevant content and advertisements to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
We have a legitimate interest in sending you updates about similar goods/services to those which you have bought (or negotiated to buy) from us. We have a legitimate interest in studying how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy |
You will receive marketing communications from us if you have:
- purchased goods or services from us; or
- interacted with Cloud Coach listings on the Salesforce AppExchange; or
- provided us with your details for us to send you marketing communications; and
- in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
5. Disclosures of Your Personal Data
We share your personal information with third parties only where we are required to do so to comply with the law, to protect our rights, to perform our contractual obligations or to efficiently operate our business. In order to achieve these purposes, we share your data with the following people or group of people:
- If you are an employee or representative of a customer or supplier of ours then we may share your information with your employer and colleagues for the purpose of managing the business relationship between your organisation and us.
- Our outsourced service providers who provide IT and system administration services. These organisations have strict contractual obligations to handle your information in accordance with data protection law and to keep it confidential at all times.
- Our professional advisers including lawyers, accountants, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services. These people are subject to professional duties of confidentiality.
- Potential purchasers of our business may be given access to redacted information about our customers, users, suppliers and their staff/representatives. Before we share this information the potential purchaser would need to sign a non-disclosure agreement which protects your personal information.
- Salesforce.com, inc. and its subsidiaries (“Salesforce”) who hosts the Services as well as some of the systems we use to store and process personal data. Salesforce has strict contractual obligations to handle your information in accordance with data protection law and to keep it confidential at all times.
6. International Transfers
Different countries offer different levels of protection for personal data. Where you are a data subject based in the UK, English law prohibits transfers of personal data outside of the UK unless the transfer meets certain criteria. Similarly, where you are a data subject based in the European Economic Area (EEA), European law prohibits transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) and/or the UK so their processing of your personal data will involve a transfer of data outside the EEA and/or the UK.
Whenever we transfer your personal data out of the EEA and/or UK (as applicable), we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or UK (as applicable); or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission and/or the Information Commissioner’s Office (as applicable) which give personal data the same protection it has in Europe or the UK, respectively; or
- Where we use providers based in the United States, we may transfer data to them with appropriate safeguards in place and sufficient supplementary measures, including technical, organisational and contractual methods, to ensure that your personal data is transferred lawfully.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and/or the UK.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your information may be stored in whole or in part on equipment or in facilities leased or licensed from others (i.e., Salesforce.com Platform). Cloud Coach relies on the statements of those vendors regarding the safety and security of their storage equipment and services as part of its evaluation. All information collected and stored on the Salesforce Platform is subject to the Salesforce Data Protection addendum located here.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
If you are an individual residing in the EU, Switzerland or the UK, you may be able to request that we delete your personal data. Additional information is below.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your Legal Rights
If you are an individual residing in the EU, Switzerland or the UK, you have the following rights for personal information processed outside of our Services:
- The right to be informed about what we do with your information. This Policy provides you with this information.
- If we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by and notifying us using the details set out at the start of this policy. Consent to marketing communications can be withdrawn by following the steps outlined in that communication, such as clicking the ‘unsubscribe’ link in the marketing emails we send.
- The right to access a copy of your information which we hold. This is called a ‘data subject access request’.
- The right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
- The right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing.
- The right to object to us processing your personal information in certain other situations.
- The right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate.
- The right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
- The right, in certain circumstances, to request that we erase, rectify, cease processing and/or delete your information.
You have the general right to complain to us in the first instance if you are not happy with how we are processing your personal information. If you are not satisfied by our response then you can complain to the Information Commissioner’s Office via www.ico.org.uk (if you are a data subject in the UK) or your local designated data protection supervisory authority (if you are a data subject in the EU).
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please use our data access form. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We may also charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive.
We also reserve the right to refuse to comply with your request (wholly or partly) if it is clearly unfounded or excessive. We may need to request specific information from you to help us confirm your identity (or proof of authority if making the request on behalf of someone else) and ensure your right to access your personal data (or to exercise any of your other rights). We ask that requests are sent to us using the contact details set out at the start of this policy. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We intend to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated and shall respond no later than three calendar months from the day of receipt of your request.
Please note that personal data processed in our Services is considered Customer Data, and that we process it for our Customers. Our contracts with our customers restrict us from accessing Customer Data, including personal data, in our Services. If you believe Cloud Coach may be processing personal information relating to you in our Services, please contact the Cloud Coach Customer that you believe is the controller of this data.
10. Use of Cookies
We use browser cookies to collect non-personal information, remember you on future visits, better understand how users engage with the Site so we can enhance the user experience, and provide additional targeted advertising and marketing messages. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. You may also opt-out of using cookies by visiting the Network Advertising Initiative opt-out page.
11. Contact Us
If you have any questions regarding this Privacy Policy or information that you have submitted to us please contact us at [email protected].