Privacy and Cookie Policies

CloudPay respects the privacy of individuals and is committed to protecting the personal data we hold. This Privacy Policy explains how personal information collected, stored, disclosed, transferred and managed by CloudPay Inc. and its US subsidiary CloudPay Solutions Inc: at www.cloudpay.net/about, and CloudPay’s other subsidiaries around the world (“CloudPay”) for: our Global Payroll Managed Services solution (the “Payroll Solution”), CloudPay’s recruitment efforts, and visitors to our website.

CloudPay is a global payroll provider with offices around the world. Further information on CloudPay is available throughout CloudPay’s website. The CloudPay group is made up of different legal entities and this privacy policy is applicable to all CloudPay companies. here. The CloudPay Group is made up of different legal entities and this privacy notice is issued on behalf of the whole Group.

The information CloudPay collects includes the following types of information from individuals, job applicants, employees, corporate customers, website visitors and business contacts: 

• Payroll data – all information necessary to process payroll for our customers.
• Contact data – name, address, mobile number and email address.
• Marketing data – contact information.
• Web usage data – how you interact with our website

The personal data we process is voluntarily obtained directly from you in the case of job seekers, through our customers who provide personal information regarding their employees so that we can provide our Payroll Solution, and via our website in the case of website visitors. More specifically, our sources and methods are:

• Our Payroll Solution where CloudPay customers and their users may enter personal information.
• When applying for employment via our jobs portal and during any employment with CloudPay.
• From recruitment agencies.
• When you request marketing information via our website.
• Through recording sales meetings. We will ask for your permission before making these recordings.
• From publicly available databases.
• At CloudPay and other events.
• Any time you voluntarily provide CloudPay with your personal information.
• For information collected via Cookies, CloudPay is using technology that many other websites employ, small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser adds the text in a small file.

CloudPay uses personal information provided to CloudPay only for the purpose it was provided. Those purposes include:

(i) to process payroll on behalf of our customers and carry out obligations arising from an agreement entered into between your employer and CloudPay

(ii) to notify you about changes to our Payroll Solution

(iii) for business development, customer relations and contract management

(iv) to allow you to participate in interactive features of our service when you choose to do so

(v) to provide you with marketing information, products or services that you have requested from us

(vi) to evaluate you for employment

(vii) to manage your employment with us

(viii) to carry out legal and regulatory obligations such as anti-money laundering checks

(ix) Using personal information during any period of employment with CloudPay to carry out its obligations as an employer.

(x) For information collected via Cookies, CloudPay uses that information to authenticate your access to various areas of our websites, and tailor its content to your preferences. Cookies also help us analyse web traffic in general. You can set your browser to refuse cookies, or to warn you before a cookie is placed.

Under the General Data Protection Regulation (GDPR) (EU and UK) the lawful bases for processing your personal data are:

(i) to perform a contract we have entered into, or are about to enter into,

(ii) where the processing of your data is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests),

(iii)where we need to comply with a legal or regulatory obligation, and

(iv)where you have given your consent to the processing of your personal data including for direct marketing purposes.

Where we process data in accordance with the legitimate interests of CloudPay, or the interests of a third party, in managing the business we will take reasonable measures to prevent unwarranted harm to you. Our legitimate interests include: 

• processing payrolls on behalf of our customers
• customer relations
• supplier management
• direct marketing
• product development
• record keeping, training and quality purposes
• operational management including HR
• legal obligations including compliance with anti-money laundering regulations

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

We will not share any of your personal information other than for the purposes described in this Privacy Policy. It will be kept strictly confidential and will only be used for the reasons that we have described.

Where we share your personal information with certain partners, where we will have entered contractual arrangements to ensure your personal information is safe and to protect your privacy.

You have the following rights regarding your information subject to certain exemptions. You can:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you. 

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. 

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be communicated to you in writing, if applicable, at the time of your request. 

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) if you are in the UK, or the supervisory authority for the country in the EU from which you come. We would appreciate the chance to deal with your concerns through our own complaints procedure which is in line with best practices before you approach the relevant supervisory authority.

DATA TRANSFERS POST BREXIT
The UK was granted Adequacy on 28 June 2021, meaning that data can continue to flow between the UK and EU as it did before for all transfers that CloudPay undertakes.

DATA SHARING INSIDE AND OUTSIDE THE EU

CloudPay may share your personal data within the CloudPay group of companies, and third parties located inside and outside the European Economic Area (EEA).

THE EU-U.S. DPF AND THE UK EXTENSION TO THE EU-U.S. DPF

CloudPay Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. CloudPay Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, CloudPay Inc. commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF. EU and UK individuals with inquiries or complaints should first contact dpo@cloudpay.net 

CloudPay Inc. has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

For all transfers of data to countries, where the EU has no Adequacy decision, CloudPay is contracting under Standard Contractual Clauses and implementing additional Technological and Organizational Measures to ensure the safety and integrity of the data.

CloudPay maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to personal information.

CloudPay limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. CloudPay’s employees who have been granted physical access to personal information are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.

CloudPay will only keep your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting, HR or other similar requirements. This includes statutory retention periods and the CloudPay records management policy. Payroll information is held on behalf of customers and in accordance with their instructions.

Our site may, from time to time, contain links to and from the websites of our partner networks, suppliers, business associates, clients, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that CloudPay does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

CloudPay reserves the right to change, update, modify, add or remove any part of this privacy policy from time to time and at our sole discretion to reflect changes to technology, our legal obligations, and information handling practices. CloudPay will alert you to any changes by indicating on this policy the date it was last updated.

When you visit the site, you are accepting the current version of this Policy as posted on the site at that time. If you do not accept this privacy policy you should not use this website. CloudPay recommends that users revisit this policy on occasion to learn of any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes and needs to be updated by notifying us at dpo@cloudpay.net if you are a job seeker. If you are data subject and CloudPay possesses your personal information because it is providing its Payroll Solution to your employer, you may direct your request to your employer to ensure your personal data maintained by CloudPay is accurate and current as our customers generally have administrative rights to make these changes.

CloudPay’s legal department and CloudPay’s Data Protection Officer is responsible for overseeing questions in relation to this privacy policy and any requests to exercise your legal rights.

If you have any queries about this privacy policy, CloudPay’s legal department can be contacted at dpo@cloudpay.net or at: CloudPay UK, Kingsgate House, Newbury Road, Andover, Hampshire, SP10 4DU, United Kingdom.

Last modification to this privacy policy: 25 September, 2023.

When you visit the CloudPay website CloudPay uses a technology that many other websites employ which are small data files stored on your computer’s hard drive, to collect information (“Cookies”). If your browser is set to accept Cookies, then your browser downloads the small text file to your device. 

CloudPay does not use cookies to read any other information on your computer’s hard drive. It uses the technology to enhance your experience on our website, to authenticate your access to various areas of the site, and to tailor the content to your preferences. Cookies also help us analyse web traffic in general. 

Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. This information is collected on an aggregate basis.

You may refuse to accept Cookies by activating the relevant setting on your browser, however if you select this you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you log on to our website

You can find more information about cookies on the AllAboutCookies website here.

CloudPay also uses web beacons, or transparent GIF files, provided by our service provider to report activity on our site. The beacons help us manage our online advertising and measure its effectiveness. These files enable our service provider to recognise a Cookie on your web browser, which in turn enables us to learn which of our communications are most effective.

We use non-identifying information collected on our website in the aggregate form to better understand your use of the website and to enhance your experience. For example, we may use the information to improve the design and content of our website or to analyse the services that we offer. To help us do this we use the following cookies:

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."

Nothing in this document shall limit the requirement to comply with data protection laws or other legislation in accordance with applicable law in the country where the processing takes place.