The information CloudPay collects includes the following types of information from individuals, job applicants, employees, corporate customers, website visitors and business contacts:
The personal data we process is voluntarily obtained directly from you in the case of job seekers, through our customers who provide personal information regarding their employees so that we can provide our Payroll Solution, and via our website in the case of website visitors. More specifically, our sources and methods are:
CloudPay uses personal information provided to CloudPay only for the purpose it was provided. Those purposes include:
(i) to process payroll on behalf of our customers and carry out obligations arising from an agreement entered into between your employer and CloudPay
(ii) to notify you about changes to our Payroll Solution
(iii) for business development, customer relations and contract management
(iv) to allow you to participate in interactive features of our service when you choose to do so
(v) to provide you with marketing information, products or services that you have requested from us
(vi) to evaluate you for employment
(vii) to manage your employment with us
(viii) to carry out legal and regulatory obligations such as anti-money laundering checks
(ix) Using personal information during any period of employment with CloudPay to carry out its obligations as an employer.
Under the General Data Protection Regulation (GDPR) (EU and UK) the lawful bases for processing your personal data are:
(i) to perform a contract we have entered into, or are about to enter into,
(ii) where the processing of your data is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests),
(iii)where we need to comply with a legal or regulatory obligation, and
(iv)where you have given your consent to the processing of your personal data including for direct marketing purposes.
Where we process data in accordance with the legitimate interests of CloudPay, or the interests of a third party, in managing the business we will take reasonable measures to prevent unwarranted harm to you. Our legitimate interests include:
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Where we share your personal information with certain partners, where we will have entered contractual arrangements to ensure your personal information is safe and to protect your privacy.
You have the following rights regarding your information subject to certain exemptions. You can:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be communicated to you in writing, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) if you are in the UK, or the supervisory authority for the country in the EU from which you come. We would appreciate the chance to deal with your concerns through our own complaints procedure which is in line with best practices before you approach the relevant supervisory authority.
DATA TRANSFERS POST BREXIT
The UK was granted Adequacy on 28 June 2021, meaning that data can continue to flow between the UK and EU as it did before for all transfers that CloudPay undertakes.
DATA SHARING INSIDE AND OUTSIDE THE EU
CloudPay may share your personal data within the CloudPay group of companies and third parties located inside and outside the European Economic Area (EEA).
Please note that the judgment of the CJEU on the 20th July 2020 invalidated the EU-US Privacy Shield. The Swiss Data Protection Authority followed the judgment and invalidated the Swiss-US Privacy Shield on 8th September 2020.
For all transfers of data to countries, where the EU has no Adequacy decision, including the US, CloudPay is contracting under Standard Contractual Clauses and implementing additional Technological and Organizational Measures to ensure the safety and integrity of the data.
CloudPay maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to personal information.
CloudPay limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. CloudPay’s employees who have been granted physical access to personal information are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.
CloudPay will only keep your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting, HR or other similar requirements. This includes statutory retention periods and the CloudPay records management policy. Payroll information is held on behalf of customers and in accordance with their instructions.
Our site may, from time to time, contain links to and from the websites of our partner networks, suppliers, business associates, clients, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that CloudPay does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes and needs to be updated by notifying us at email@example.com if you are a job seeker. If you are data subject and CloudPay possesses your personal information because it is providing its Payroll Solution to your employer, you may direct your request to your employer to ensure your personal data maintained by CloudPay is accurate and current as our customers generally have administrative rights to make these changes.
When you visit the CloudPay website CloudPay uses a technology that many other websites employ which are small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser downloads the small text file to your device.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. This information is collected on an aggregate basis.
You can find more information about cookies on the AllAboutCookies website here.
CloudPay also uses web beacons, or transparent GIF files, provided by our service provider to report activity on our site. The beacons help us manage our online advertising and measure its effectiveness. These files enable our service provider to recognise a Cookie on your web browser, which in turn enables us to learn which of our communications are most effective.
We use non-identifying information collected on our website in the aggregate form to better understand your use of the website and to enhance your experience. For example, we may use the information to improve the design and content of our website or to analyse the services that we offer. To help us do this we use the following cookies:
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."
Nothing in this document shall limit the requirement to comply with data protection laws or other legislation in accordance with applicable law in the country where the processing takes place.