Privacy Policy

Your privacy is critically important to us. At CloudCannon we have a few fundamental principles:

  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, develop our products, provide our services to you, or protect our rights.
  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

Below is our privacy policy which incorporates these principles. If you have questions about deleting or correcting your personal information please contact our support team.

Any word or phrase that is used in this privacy policy and defined in our Cloud Cannon Terms of Use (available at https://cloudcannon.com/terms/) has the meaning given in those terms of use.


INTRODUCTION

Cloud Cannon Limited (weusour) complies with the New Zealand Privacy Act 2020 and where applicable, the Europe Union General Data Protection Regulation 2016/679 (GDPR) and the equivalent laws of the United Kingdom (UK GDPR) when dealing with personal information.

Personal information is information about an identifiable individual (a natural person), and includes personal data, personally identifiable information and equivalent information under applicable data protection laws.

This policy does not limit or exclude any of your rights under the New Zealand Privacy Act 2020, the GDPR or the UK GDPR. For further information on the New Zealand Privacy Act 2020, see www.privacy.org.nz. For further information on the GDPR, see https://ec.europa.eu/info/law/law-topic/data-protection_en. For further information on the UK GDPR, see https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/.

You must not provide to us, or use our website or related services to process, any personal information that is regulated by:

  • the Payment Card Industry Data Security Standard;
  • the Health and Insurance Portability and Accountability Act 1996 (HIPAA) unless and until you have entered into a separate business associate agreement with us; and/or 
  • the California Consumer Privacy Act 2018 (CCPA) unless and until you have entered into a separate CCPA data processing agreement with us.

Where you have agreed to a separate agreement with us, the additional terms set out in that agreement will apply to the processing of personal information under HIPAA or CCPA (as the case may be).

This policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. We are happy to provide any additional information or explanation needed. Any request for further information should be sent to privacy@cloudcannon.com.

CHANGES TO THIS POLICY

We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.

This policy was last updated on July 7th 2023.

WHEN DOES THIS PRIVACY POLICY APPLY

This privacy policy applies to personal information we collect from visitors to our website, our customers and other persons with whom we deal directly. In addition, users of our cloud content management system may collect personal information from individuals (e.g. their employees and customers) and upload, store or process that information to or in that service (User Data).

We require our customers to obtain the necessary consents from individuals to provide User Data to us and permit us to use it as set out in this privacy policy. If you have any concern about our collection and use of personal information about you contained in User Data, please contact us at privacy@cloudcannon.com.

For the purposes of the GDPR and the UK GDPR, our customers are the data controller when storing or otherwise processing User Data that we hold solely for the purpose of providing our cloud content management system and we are the data processor. We are the data controller when storing or otherwise processing User Data that we use for our own purposes.

We only process User Data as authorized by our customers in our Cloud Cannon Terms of Use (available at https://cloudcannon.com/terms/). Unless required otherwise under applicable law, if we receive any request or enquiry relating to User Data that we hold solely for the purpose of providing our services, we will forward this request to our relevant customer. If we receive any requests or enquiries relating to User Data that we use for our own purposes, we will deal with these requests or enquiries as set out in this privacy policy.

CHILDREN

We do not intend to collect personal information from or about children aged under 16. If you have reason to believe that we have collected personal information from or about a child under the age of 16, please contact us at privacy@cloudcannon.com.

WHAT PERSONAL INFORMATION DO WE COLLECT

Directly from you

We collect the following information directly from you.

When you sign up for, or login to, an account on our website or related services, we collect your first name, surname, email address, password, address, location, country, city, IP address, and any other information we require or ask for to set you up with an account. We may collect some of this information using third party authentication services (as described further in the from third party sources section below).

When you set up a profile, we collect your name, email address, address, location, profile photo, IP address and any other information we require or ask for to set you up a profile. You acknowledge and agree that parts of your profile may be publicly available with your consent.

When you fill in a contact or enquiry form on our website, call us, meet us in person or otherwise contact us, we collect your name/email address and any other information you choose to provide to us.

When you sign up to our newsletter and other electronic alerts, we collect your name, email address and any other information you provide to us when you ask to receive our newsletter or other alerts.

When you respond to our feedback surveys, we collect your name, email address, and any other information you choose to include in your response.

When you purchase products or services from us, we collect your name, email address, credit card information and any other information you submit to us for billing and order fulfilment purposes.

When you post information for publication on our website (e.g. on message boards or chat rooms), we collect the information you include in those posts.

Some of the personal information that we collect directly from you may be mandatory and some may be optional. We will let you know which of these applies at the time we collect the relevant personal information. While you do not have to provide us with some of the information that we may request, this might mean that our products and services may not perform as well as they should, or that we may not be able to provide some parts of the website or all of our products or services to you. If you require further information about the consequences of not providing us with any information, please contact us at support@cloudcannon.com.

We use Stripe, a third party service provider, to process credit card transactions. We do not have access to your credit card information. You can see further information about how they process your credit card information in their privacy policy: https://stripe.com/privacy/.

Automatically when you use our website

When you access and use our website or related services we may automatically collect information about your device and usage of our website, products and services, including your IP address, operating system, browser type, time spent on certain pages of the website, pages visited, links clicked, language preferences.

Some of this data is collected through third party tools and/or the use of cookies, web beacons and similar storage technologies. Please refer to our cookie policy below for further information, including information on how you can disable these technologies.

From third party sources

Where possible, we collect personal information from you directly. However, sometimes we may collect:

  • personal information from third parties where you have authorized this. This may include accessing certain personal information from third party social media or other authentication services (e.g. GitHub, Bitbucket, GitLab) if you login to your account with us using these services or otherwise provide us access to information from these sources. The third party provider that we use will be displayed and you can visit its privacy policy for further details on how it deals with personal information
  • personal information included in User Data.

We may combine the personal information about you that we receive from third parties with the personal information we collect from you directly or with device and usage data we collect automatically when you visit our website.

HOW WE USE YOUR PERSONAL INFORMATION

We may use your personal information to:

  • verify your identity
  • provide our website, products and services to you
  • market our products and services to you, including contacting you electronically
  • improve our website, products and services
  • publish things on our website (e.g. comments on message boards or chat rooms)
  • run promotions (e.g. referral and loyalty programs, surveys and contests)
  • bill you and collect money that you owe us, including authorizing and processing credit card transactions
  • respond to communications from you, including enquiries and complaints
  • conduct research and statistical analysis (on an anonymized basis)
  • tailor content or advertisements on our website to you
  • protect and/or enforce our legal rights and interests, including defending any claim
  • respond to lawful requests by public authorities, including to comply with law enforcement requirements, or
  • for any other purpose authorized by you or applicable law.

We may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization or acquisition.

You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails.

DISCLOSING YOUR PERSONAL INFORMATION

We may disclose your personal information to:

  • another company within our group
  • any business that supports our website, products and services, including any person that hosts or maintains any underlying IT system or data center that we use to provide our website, products or services or that we use to process payments
  • professional advisers e.g. accountants, lawyers or auditors
  • a person who can require us to supply your personal information (e.g. a law enforcement agency or regulatory authority)
  • any other person with your consent
  • any other company in the case of a sale, merger, consolidation, liquidation, reorganization or acquisition
  • any other person authorized by applicable law.

Also, we may share information about your use of our website with our trusted advertising and analytics partners through the use of cookies, web beacons, and similar storage technologies. Please refer to our cookie policy below for further information.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

A business that supports our website, products and services may be located outside of New Zealand (the country where we are incorporated) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.

If you are located in the European Economic Area (EEA), your personal information may be transferred outside of the EEA. Under the GDPR, the transfer of personal information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information if other appropriate safeguards are in place.

If you are located in the United Kingdom (UK) your personal information may be transferred outside of the UK. Under the UK GDPR, the transfer of personal information to a country outside the UK may take place where the relevant authority has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information if other appropriate safeguards are in place.

Where we transfer personal information outside the EEA or UK, it will only be transferred to countries that have been identified as providing adequate protection for EEA/UK data, or to a third party where approved transfer mechanisms are in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses with the appropriate addendum for the UK GDPR (where applicable). For further information, please contact us at privacy@cloudcannon.com.

Some of the personal information we collect is processed in New Zealand. New Zealand is recognized by the European Commission and the UK government as a country that has an adequate level of data protection and we rely on this decision in transferring personal information to New Zealand.

PROTECTING YOUR PERSONAL INFORMATION

As required by applicable law, we will take steps to keep your personal information safe from loss, unauthorized activity, or other misuse. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks inherent in processing personal information.

You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our products and services. You should not disclose your password to third parties. Please notify us immediately if there is any unauthorized use of your account or any other breach of security.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.

If you want to exercise either of the above rights, email us at support@cloudcannon.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).

Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

OTHER RIGHTS

In addition to the rights to access and correct your personal information, if you are based in the European Union or the UK, you have the additional rights set out in the GDPR Additional Terms section of this privacy policy below.

INTERNET USE

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you post your personal information on your website, you acknowledge and agree that the information you post is publicly available.

If you follow a link on our website to another website, the owner of that website will have its own privacy policy relating to your personal information. We suggest you review that website’s privacy policy before you provide personal information to that owner or website.

DATA RETENTION POLICY

The personal information that we collect and use will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.

CONTACTING US

If you have any question about this privacy policy, or our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us at privacy@cloudcannon.com.

The name and contact details of our Data Protection Officer for the purposes of the GDPR and the UK GDPR are:

| Name | Andrew Long | | Email address | privacy@cloudcannon.com |

GDPR ADDITIONAL TERMS

LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

Our lawful basis for processing (as that term is defined in the GDPR and the UK GDPR) personal information that we collect, use and disclose depends on the personal information collected and the context in which we collect it.

Generally, we collect personal information from you where we have your consent, where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).

Where we process personal information based on your consent, you may withdraw your consent at any time.

Despite the above, we may process your personal information where such processing is necessary for compliance with applicable laws.

If you have any question about the legal basis on which we process personal information or need further information, please contact us at privacy@cloudcannon.com.

YOUR RIGHTS UNDER THE GDPR AND THE UK GDPR

If you are located in the European Union or the United Kingdom, your rights in relation to your personal information include:

  • right of access - if you ask us, we will confirm whether we are processing your personal information and provide you with a copy of that personal information
  • right to rectification - if the personal information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal information is rectified. If we have shared your personal information with any third party, we will tell them about the rectification where possible
  • right to erasure – when your personal information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your personal information and we will do so if deletion does not contravene any applicable law. If we have shared your personal information with any third party, we will take reasonable steps to inform those third parties that they must delete your personal information
  • right to withdraw consent - if the basis of our processing of your personal information is consent, you can withdraw that consent at any time
  • right to restrict processing - you may request that we restrict or block the processing of your personal information in certain circumstances. If we have shared your personal information with any third party, we will tell them about this request where possible
  • right to object to processing - you may request that we stop processing your personal information at any time and we will do so to the extent required by the GDPR and/or the UK GDPR
  • rights related to automated decision-making, including profiling - you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorized by applicable laws or is based on your explicit consent. 
  • right to data portability - you may obtain your personal information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal information directly to another data controller
  • the right to complain to a supervisory authority - you can report any concern you have about our privacy practices to your local data protection authority.

Where personal information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.

If you would like to exercise any of your above rights, please contact us at support@cloudcannon.com. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.

Cookie policy

INTRODUCTION

We use cookies on our website and as part of our related services, and receive information collected through cookies. This cookie policy explains how we use cookies and how you can opt out of cookies.

By continuing to use our website and related services, you indicate your agreement for us to use the cookies described below.

We use the term cookies in this cookie policy to mean cookies or similar technologies such as web beacons, clear GIFs, and pixel tags.

WHAT ARE COOKIES

Cookies are text files containing small amounts of information which are downloaded to your browsing device, e.g. a computer or smartphone, when you visit a website. Cookies can be recognized by the website that downloaded them, or by other websites that use the same cookies. This helps a website know if the browsing device has visited that or other websites before.

Cookies can be used to collect information relating to your use of a website or your device, let you navigate between pages effectively, help to remember your preferences and generally improve your browsing experience. Cookies can also help ensure advertising you see online is more relevant to you and your interests.

Cookies can be session or persistent cookies. Session cookies are temporary and only stay on your browser until you stop browsing. Persistent cookies stay on your device until they expire or are deleted.

The cookies used on our website may be first party cookies (i.e. set by us) or third party cookies (i.e. cookies set on our website by a person other than us). The third party companies that place cookies on our website will have their own privacy policies.

WHAT TYPES OF COOKIES DO WE USE

The types of cookies used by us, and most websites, can generally be categorized as follows.

Strictly necessary cookies

These cookies are essential for the full functionality of our website and related services. They enable you to navigate around our website and services and use their features e.g. accessing secure areas and enabling services that you have asked to receive. If you opt out of these cookies, you may not be able to access all the functions of our website and some services that you have asked to receive.

These cookies do not track where else you have been on the internet and do not remember your preferences beyond your current visit. These cookies are generally first party session cookies which will expire when you close your browsing session. These cookies do not collect information that could be used for marketing purposes.

Functionality cookies

These cookies allow a website to remember choices you make and provide enhanced, more personal features. e.g. these cookies allow us to remember the settings you have applied to the website (such as font size, preferences or colors), identify whether you are a returning website visitor and present you with a personalized version of the website, or eliminate the need for you to re-enter your login details. The information these cookies collect is generally anonymous and they do not track your browsing activity on other websites. These cookies may be first or third party, session or persistent cookies.

Performance cookies

These cookies collect information about how you use a website, e.g. which pages are the most visited and if you receive any error message from any page. This information helps us improve the way our website and related services work and helps us manage the performance and design of the website and services. These cookies do not gather information that identifies you. All of the information these cookies collect is aggregated and anonymous. These cookies may be first or third party, session or persistent cookies.

Targeting cookies

Targeting cookies are used to present advertising that is relevant to you and your interests. These cookies collect information about your browsing habits e.g. the pages you have visited and the links you have followed across the internet. They may also be used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. These cookies will usually be persistent but time-limited and may be placed on our website by third party service providers or advertising partners with our permission.

We use targeting cookies to present interest-based advertising on our website and for retargeting. This is a form of interest-based advertising that enables our advertising partners to build a profile of your interests and show you advertising based on your browsing activity across the internet, including to allow us to advertise to people who previously visited our website.

GOOGLE COOKIES

We use Google Analytics to collect information about visitors to our website. Google Analytics collects information related to your device, browser, IP address, network location, and website activities to measure and report statistics about your interactions on our website. We use this information to help us manage the performance and design of our website and to improve our website.

We use Google Analytics Advertising Features, including Remarketing with Analytics, Demographic and Interests reporting in Analytics, Campaign Manager integration (formerly known as DoubleClick), Display & Video 360 integration, Google Display Network (GDN) Impression Reporting and Segments. We also use Google Ads.

For further information on how Google uses your personal information when you use our website and how to opt out of Google’s use of cookies, see here. In addition to the process described in this link, you can opt out using the process described below.

HOW TO CONTROL OR OPT OUT OF COOKIES AND TARGETED ADVERTISING

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit our website and attempt to use our services, you may not be able to access certain parts of our website or services, and some functionalities may not work.

You can find out more information about how to change your browser cookie settings at www.aboutcookies.org.uk.

To learn more about how to control cookie settings through your browser:

  • click here to learn more about the Private Browsing setting and managing cookie settings in Firefox
  • click hereto learn more about Incognito and managing cookie settings in Chrome
  • click here to learn more about InPrivate and managing cookie settings in Internet Explorer
  • click here to learn more about Private Browsing and managing cookie settings in Safari.

You may opt out of targeted advertising athttp://www.youronlinechoices.eu/. You can learn more about interest-based advertising and opt out of interest-based advertising from participating online advertising companies at the following links.

Please note that opting out of interest-based advertising does not mean you will no longer be served advertising. You will continue to receive generic ads.

THIRD PARTY WEBSITE COOKIES

If you follow a link on our website to another website, the owner of that website will have its own cookies. We suggest you review that website’s cookie policy before you visit that website.

  • July 7, 2023: Updated to reflect GDPR and UK GDPR requirements and make some minor changes to wording.
  • May 5, 2021: Complete revamp of Privacy Policy
  • Apr 30, 2018: Improved information about what data we collect and why
  • Oct 10, 2014: Changed Cloud Cannon to CloudCannon
  • Jun 30, 2014: Updated Whiteleaf Software Limited. to Cloud Cannon Limited.
  • Jun 13, 2013: Initial Privacy Policy