Privacy and Cookie Policies

CloudPay respects the privacy of individuals and is committed to protecting the personal data we hold. This Privacy Policy explains how personal information collected, stored, disclosed, transferred and managed by CloudPay Inc. and its US subsidiary CloudPay Solutions Inc: at www.cloudpay.net/about, and CloudPay’s other subsidiaries around the world (“CloudPay”) for: our Global Payroll Managed Services solution (the “Payroll Solution”), CloudPay’s recruitment efforts, and visitors to our website.

CloudPay is a global payroll provider with offices around the world. Further information on CloudPay is available throughout CloudPay’s website. The CloudPay group is made up of different legal entities and this privacy policy is applicable to all CloudPay companies. here. The CloudPay Group is made up of different legal entities and this privacy notice is issued on behalf of the whole Group.

The information CloudPay collects includes the following types of information from individuals, job applicants, employees, corporate customers, website visitors and business contacts: 

• Payroll data – all information necessary to process payroll for our customers.
• Contact data – name, address, mobile number and email address.
• Marketing data – contact information.
• Web usage data – how you interact with our website

The personal data we process is voluntarily obtained directly from you in the case of job seekers, through our customers who provide personal information regarding their employees so that we can provide our Payroll Solution, and via our website in the case of website visitors. More specifically, our sources and methods are:

• Our Payroll Solution where CloudPay customers and their users may enter personal information.
• When applying for employment via our jobs portal and during any employment with CloudPay.
• From recruitment agencies.
• When you request marketing information via our website.
• Through recording sales meetings. We will ask for your permission before making these recordings.
• From publicly available databases.
• At CloudPay and other events.
• Any time you voluntarily provide CloudPay with your personal information.
• For information collected via Cookies, CloudPay is using technology that many other websites employ, small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser adds the text in a small file.

CloudPay uses personal information provided to CloudPay only for the purpose it was provided. Those purposes include:

(i) to process payroll on behalf of our customers and carry out obligations arising from an agreement entered into between your employer and CloudPay

(ii) to notify you about changes to our Payroll Solution

(iii) for business development, customer relations and contract management

(iv) to allow you to participate in interactive features of our service when you choose to do so

(v) to provide you with marketing information, products or services that you have requested from us

(vi) to evaluate you for employment

(vii) to manage your employment with us

(viii) to carry out legal and regulatory obligations such as anti-money laundering checks

(ix) Using personal information during any period of employment with CloudPay to carry out its obligations as an employer.

(x) For information collected via Cookies, CloudPay uses that information to authenticate your access to various areas of our websites, and tailor its content to your preferences. Cookies also help us analyse web traffic in general. You can set your browser to refuse cookies, or to warn you before a cookie is placed.

Under the General Data Protection Regulation (GDPR) (EU and UK) the lawful bases for processing your personal data are:

(i) to perform a contract we have entered into, or are about to enter into,

(ii) where the processing of your data is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests),

(iii)where we need to comply with a legal or regulatory obligation, and

(iv)where you have given your consent to the processing of your personal data including for direct marketing purposes.

Where we process data in accordance with the legitimate interests of CloudPay, or the interests of a third party, in managing the business we will take reasonable measures to prevent unwarranted harm to you. Our legitimate interests include: 

• processing payrolls on behalf of our customers
• customer relations
• supplier management
• direct marketing
• product development
• record keeping, training and quality purposes
• operational management including HR
• legal obligations including compliance with anti-money laundering regulations

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

We will not share any of your personal information other than for the purposes described in this Privacy Policy. It will be kept strictly confidential and will only be used for the reasons that we have described.

Where we share your personal information with certain partners, where we will have entered contractual arrangements to ensure your personal information is safe and to protect your privacy.

You have the following rights regarding your information subject to certain exemptions. You can:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you. 

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. 

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be communicated to you in writing, if applicable, at the time of your request. 

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) if you are in the UK, or the supervisory authority for the country in the EU from which you come. We would appreciate the chance to deal with your concerns through our own complaints procedure which is in line with best practices before you approach the relevant supervisory authority.

DATA TRANSFERS POST BREXIT
The UK was granted Adequacy on 28 June 2021, meaning that data can continue to flow between the UK and EU as it did before for all transfers that CloudPay undertakes.

DATA SHARING INSIDE AND OUTSIDE THE EU

CloudPay may share your personal data within the CloudPay group of companies and third parties located inside and outside the European Economic Area (EEA).

Please note that the judgment of the CJEU on the 20th July 2020 invalidated the EU-US Privacy Shield. The Swiss Data Protection Authority followed the judgment and invalidated the Swiss-US Privacy Shield on 8th September 2020.

CloudPay complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  CloudPay has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

• The Right To Access:  EU, UK, and Swiss individuals have the right to access the data that is transferred into the United States and to correct and amend incorrect information or request erasure of data that has been handled in violation of the Privacy Shield Principles. Individuals wishing to exercise this right may do so by referring to the “Changes to Data” section at the end of this policy.
• We are subject to the jurisdiction and enforcement authority of the United States Federal Trade Commission.
• We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to legal@cloudpay.net.
• In cases of onward transfer to third-party agents of data of UK, EU, or Swiss individuals received pursuant to the Privacy Shield, CloudPay Inc., and its US subsidiary CloudPay Solutions Inc. remain responsible and liable, unless we can prove we were not a party to the actions giving rise to the damages..
• We may be required to release personal data in response to lawful requests from public authorities including to meet law enforcement and national security requirements.

For all transfers of data to countries, where the EU has no Adequacy decision, including the US, CloudPay is contracting under Standard Contractual Clauses and implementing additional Technological and Organizational Measures to ensure the safety and integrity of the data.

CloudPay maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to personal information.

CloudPay limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. CloudPay’s employees who have been granted physical access to personal information are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.

CloudPay will only keep your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting, HR or other similar requirements. This includes statutory retention periods and the CloudPay records management policy. Payroll information is held on behalf of customers and in accordance with their instructions.

Our site may, from time to time, contain links to and from the websites of our partner networks, suppliers, business associates, clients, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that CloudPay does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

CloudPay reserves the right to change, update, modify, add or remove any part of this privacy policy from time to time and at our sole discretion to reflect changes to technology, our legal obligations, and information handling practices. CloudPay will alert you to any changes by indicating on this policy the date it was last updated.

When you visit the site, you are accepting the current version of this Policy as posted on the site at that time. If you do not accept this privacy policy you should not use this website. CloudPay recommends that users revisit this policy on occasion to learn of any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes and needs to be updated by notifying us at dpo@cloudpay.net if you are a job seeker. If you are data subject and CloudPay possesses your personal information because it is providing its Payroll Solution to your employer, you may direct your request to your employer to ensure your personal data maintained by CloudPay is accurate and current as our customers generally have administrative rights to make these changes.

CloudPay’s legal department and CloudPay’s Data Protection Officer is responsible for overseeing questions in relation to this privacy policy and any requests to exercise your legal rights.

If you have any queries about this privacy policy, CloudPay’s legal department can be contacted at dpo@cloudpay.net or at: CloudPay UK, Kingsgate House, Newbury Road, Andover, Hampshire, SP10 4DU, United Kingdom.

Last modification to this privacy policy: 24 May, 2022.

When you visit the CloudPay website CloudPay uses a technology that many other websites employ which are small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser downloads the small text file to your device. 

CloudPay does not use cookies to read any other information on your computer’s hard drive. It uses the technology to enhance your experience on our website, to authenticate your access to various areas of the site, and to tailor the content to your preferences. Cookies also help us analyse web traffic in general. 

Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. This information is collected on an aggregate basis.

You may refuse to accept Cookies by activating the relevant setting on your browser, however if you select this you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you log on to our website

You can find more information about cookies on the AllAboutCookies website here.

CloudPay also uses web beacons, or transparent GIF files, provided by our service provider to report activity on our site. The beacons help us manage our online advertising and measure its effectiveness. These files enable our service provider to recognise a Cookie on your web browser, which in turn enables us to learn which of our communications are most effective.

We use non-identifying information collected on our website in the aggregate form to better understand your use of the website and to enhance your experience. For example, we may use the information to improve the design and content of our website or to analyse the services that we offer. To help us do this we use the following cookies:

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."

Nothing in this document shall limit the requirement to comply with data protection laws or other legislation in accordance with applicable law in the country where the processing takes place.