Bubbly Clouds Privacy Policy
By using our Services, you agree that Bubbly Clouds can use your personal data in accordance with our Privacy Policy.
You can contact our Data Protection Officer, James Acres, at any time via support@bubblyclouds.com about the details in this privacy policy.
Privacy Policy
Last Updated: 2024-05-25
'We' or 'Bubbly Clouds' refers to James Acres and the collection of services personally offered to you by James Acres from bubblyclouds.co.uk or bubblyclouds.com
'You' refers to any user(s) and customer(s) of our services
URLs in the privacy policy are correct at the time of writing.
Who does the Privacy Policy apply to?
This Privacy Policy is designed to help all Bubbly Clouds customers and visitors to our websites understand how we treat your personal data and protect your privacy when you use our Services.
It is also designed to help you understand your own role as a data controller when you decide to run your own services using our services.
If you are a visitor and not a customer of ours, providing your personal data to us is not a contractual requirement. You can choose not to provide this information; however, you might not be able to gain access to our information, services or products.
Roles and Responsibilities
Bubbly Clouds Responsibilities
When signing in or making a payment for one of our services you enter a contract with us to become an account holder or customer of ours. In this scenario Bubbly Clouds has the legal basis to become a controller of the necessary personal data we are required to collect from you in order to provide you with the service you accessed, collect payment and keep you notified of renewals etc.
We are only data controllers of our own customers' data. Bubbly Clouds has the role of data processor when our customers use the products we provide to them for their own purposes. Our customers are data controllers when using our services to provide their own services to their own users.
Bubbly Clouds will always provide info on, and enforce our Terms of Service and Privacy Policy so our own services process data securely.
All our systems collect data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur.
Within 72 hours of becoming aware of a personal data breach we will notify the UK's ICO and if this is of high risk of adversely affecting individuals’ rights and freedoms we will notify those individuals.
If one of our sub-processors notify us about a breach that impacts our customer's data we will notify them.
Customer Responsibilities
When using our services via a customer of ours. The Bubbly Clouds customer is the data controller and Bubbly Clouds is the data processor in this scenario.
Our products can be used by our customers to store personal information about their own customers and users. As a customer or user of ours it is your responsibility to decide what data you expose to us. It is your responsibility to provide your users with the necessary means to retrieve, review, correct, or remove their personal data in a similar way to how we do this for you as a Bubbly Clouds customer.
You are in control of who you share your data with while using our services. You may choose to have a session with other users and choose to share your name and other profile information with them for example.
As a customer of Bubbly Clouds it is your responsibility to comply with all applicable laws and your internal policies relating to such personal data collection, and providing notices and obtaining any necessary consents from your users.
Bubbly Clouds does not control how our customers process data, configure their applications, and so on. It is up to the customer to maintain high security standards for the applications they configure and we require this in our Terms of Service.
You bear sole responsibility for maintaining the security of any environments maintained under your account(s). You are solely responsible for ensuring compliance with any and all applicable privacy guidelines and regulations for all jurisdictions in which you may operate with respect to appropriate practices for the collection, storage, and dissemination of personal information using your Bubbly Clouds service. In no event shall Bubbly Clouds be held liable for your failure to adopt and/or practice appropriate measures for safeguarding personal information stored within or transmitted through your Bubbly Clouds service.
What Type of Personal Data Do We Collect about You?
| Type of Personal Data | Purpose(s) for Processing | Legal Basis for Processing |
|---|---|---|
Identity Data includes first name, last name, company name, email and username, and passwords (hashed). Contact Data - includes billing/delivery address, email address and telephone numbers. Financial Data - Card details, bank account and other payment details are collected and used by our third party payment providers on their own servers only, our servers do not come into contact with these details. Financial information provided by you to access our services will be collected, stored and processed by Stripe, PayPal and any other third party payment service providers as designated by Bubbly Clouds. Each of these providers provides their own privacy policy to you and Bubbly Clouds has legal agreements with each sub-processor it uses. | This is for purposes of creating your account or completing your purchase with us so we can provide you with the service you requested from us. As part of our Terms of Use we also agree to provide support, when contacting us you may also provide some of these details to us and we only use it for the purpose to fulfil the contract. We will keep records of all our contact with you via email. | Processing is necessary for the performance of a contract or to enter into such a contract with you. |
Marketing and Communications Data - includes your preferences in receiving marketing from us via email and your communication preferences. | Sending you news, information and special offers by email. We record a detailed log of all consent changes. You can opt in and out at any time via your client area. | Your consent – which you can withdraw at any time from your self-service client area. |
Data you choose to host with us using our products Usage Data includes information about how you use our website, products and services. | We do not use the data you host with us for any other purpose than to fulfil the contract you have with us and for us to meet our own legal requirements. The data is yours, you are responsible for it and you are the controller of all your own data. For support purposes, when you request support you give permission for us to view your data. We scan your data for security and legal issues. | As part of your contract we agree to provide the support described in our Terms of Use. |
Transaction Data - includes details about payments to and from you and other details of products and services you have purchased from us. | We sometimes require to collect payment from you in order to provide you with the product you ordered. We require to store transaction logs for us to legally complete tax returns and financial record keeping. | Processing is necessary for the performance of a contract or to enter into such a contract with you. The processing is necessary to comply with legal and regulatory obligations. |
Technical Data - includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website, Requested pages, Referring Page, and other information which identifies your machine. Logging includes service access, intrusion prevention and web application firewall, access logs, error logs. | We are legally obliged for all our systems collect logging and diagnostic data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur. When someone visits our websites we sometimes use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Our use of Google Analytics makes use of IP Anonymization and we do not transfer any personally identifiable information, we do not use advertising integration. | The processing is necessary to comply with legal and regulatory obligations. The processing is necessary to support our legitimate business interests. |
When will we contact you?
As part of your contract with us we will contact you regarding updates to the services you have with us. This includes renewal and billing reminders, notification of maintenance and security issues, updates about changes to the services we offer you.
If you email us we will contact you regarding this and notify you when the issue you opened is closed.
All our billing is paperless, so you will receive any invoices and receipts via email.
You will not receive updates and marketing about products you have not purchased unless you have opted in to join our mailing list.
Data Retention Policy
Customer Data - on termination of contract, when you become an inactive customer with no active services, products or invoices, we retain customer data in our web based systems until the following tax year's tax return is completed by us unless it is requested for us to delete this sooner.
Backups of data - We keep backups to help us to restore any of your services in the event of a disaster caused by you or by us. We can erase individual accounts from our historical backups on request if they need to be erased sooner.
Analytics and logs of activity - We keep logs to help us comply with our legal obligations to prevent data breaches and to monitor usage. We cannot erase logs on request and by using our services you agree your usage will be logged.
Financial Records - We must legally keep financial records for 6 years from the end of the last company financial year they relate to. On termination of a contract we do not erase personal data from our financial records until after this time, but we do erase it from our web based systems.
Managing Your Data
Access and Rectify - You can access and rectify the majority of your personal information by using our services. Anything you cannot see there you can contact us and we will be able to update records on your behalf and provide you with an export.
Export and Data Portability - We can generate a report to provide your account data in JSON format on request. Our services may allow you to export your own data without needing to ask us. We can provide tools to help you export all data to switch providers on request.
Erasure - We will respond to all requests to erase data within one month, this will come with no fees unless it is unfounded or excessive. If you contact us and no longer want your details on record, we can erase these records on request. If you wish to terminate your contract with us we will erase data according to our data retention policy, but can do this quicker on request. Some data, such as financial records, we are legally obliged to keep for longer.
Security and Integrity of your Personal Data
You will keep your data up to date by using our services or contacting us. If we learn of any changes we will update your account accordingly to keep your details up to date.
We will never request your password, you should never pass on your password to anybody, only you are permitted to sign into your Bubbly Clouds services with your password or third party identity provider.
We provide Single Sign On so you can sign into all our services with a single account without entering another password. This allows you to maintain one single set of secure credentials to access all your services with us, which may or may not be provided by a third party identity provider.
Your personal information will be transmitted over an secure encrypted connection when you use our services.
We have a strong understanding of Information Security. We use web application firewalls to block known attack request signatures, we use spam blacklists and virus checking to try to fight spammers delivering malicious material, we use 2 factor on all services which support it and rely on cryptographic keys instead of passwords where possible.
We have procedures to respond to security incidents caused by somebody either internal or external breaching a security invariant or negatively affecting system performance and integrity.
We take backups and test our disaster recovery process.
All our databases are located in the UK.
Third Parties
We only partner with third parties to reliably deliver the services you purchased, we do not use third parties if it is not necessary for the product you have purchased.
We only use third parties who sub-process personal data who meet our data protection and compliance requirements for us to be compliant ourselves.
Some third parties help us to take payments and provide you with services, in some cases you will provide your data directly to their servers instead of to us, in these cases they will be the controller of your data for that purpose instead of Bubbly Clouds and you will need to read their own privacy policy to decide if it adequately protects your data.
If you breach our terms of use, or if Bubbly Clouds is under a duty to disclose or share your personal data in order to comply with any legal obligation, we may disclose your information to a relevant authority. Disclosure may include, but is not limited to, exchanging information with other companies and organizations for the purposes of fraud protection. In particular, Bubbly Clouds may release the information it collects to third parties when we believe that it is appropriate to comply with the law, to enforce its' legal rights, to protect the rights and safety of others, or to assist with industry efforts to control fraud, spam or other undesirable conduct.
Cookies
Our web applications may use cookies, this is to track your login sessions and to help with analytics.
Essential; i.e. required to make the website work
Login session cookies for our services. These cookies identify you as being logged in to the secure parts of our website for the duration of your visit. Our secure areas will not work unless cookies are enabled.
Non-essential; i.e. that aren’t needed to make the website work
Google Analytics uses cookies to help us analyse how our visitors use the site. Find out more about how these cookies are used on the Google privacy site.
Sensitive Information
Bubbly Clouds will not intentionally collect or maintain, and requests that you do not provide, any information regarding your medical or health condition, sexual orientation, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.
If you upload any material or information that is sensitive, such information and compliance with applicable privacy laws remains solely your responsibility.
Bubbly Clouds is not responsible for any sensitive information stored by you on its systems.
Children's Online Privacy Protection
If you are under thirteen (13) years of age you must not sign up for any Bubbly Clouds products.
If you are a customer of Bubbly Clouds, you must not intentionally collect or maintain the data of anyone under thirteen (13) years of age.
Bubbly Clouds services are not designed for or directed to children under thirteen (13) years of age and Bubbly Clouds will not intentionally collect or maintain information about anyone under thirteen (13) years of age.