January 2026
Quick Content links
Data Protection Statement
Client Data
Use of Third-Party Platforms for Data Analytics
Policy Review
Data Privacy Notice and User Rights
Security
Data Protection Statement
Cloudbooking takes your privacy extremely seriously, and we would like to make our Data Protection position clear for all our clients.
As part of the Cloudbooking service, we require personal data from all users to initiate and complete the login process. In the context of Cloudbooking services, we are considered the Processor of the data. Consent to gather and store users’ personal data has been given/obtained by the Controller.
The Cloudbooking Data Protection statement has been reviewed and confirmed by our legal representatives to ensure we are adhering to our Data Protection obligations as a company.
We have reviewed our Data Protection responsibilities across the following key areas:
- Client Data
- Policy Review
- Data Privacy Notice and User Rights
- Security
In this statement “Processor” and “Controller” have the meanings given to them in relevant UK legislation.
Client Data
Cloudbooking is designated as a Processor rather than a Controller for customer data that we hold.
We undertook an information audit review of the types of information we process, identified as follows:
- Full name
- Email address for login and optional booking notifications
- Cloudbooking password for service access only (encrypted)
- Phone number (mobile, optional) for booking notifications
- Location information when a booking is placed and historically
- Car registration number (parking space management)
- Photo (Visitor Management System)
This information is stored in standard SQL databases, with one ring‑fenced database per client. In all cases, data is transmitted only over secure, encrypted connections using HTTPS.
Use of Third-Party Platforms for Data Analytics
In our commitment to providing enhanced services and functionalities, we utilise data analytics dashboards powered by ThoughtSpot, a third‑party platform. This collaboration enables us to offer a more refined, data‑driven experience. It is important to note that while leveraging ThoughtSpot for these purposes, no user‑identifiable information is stored on their platform. Data used primarily includes identifiers that allow us to improve our services without compromising your privacy.
We have chosen ThoughtSpot for their robust security measures and their commitment to data protection, ensuring compliance with Data Protection and other relevant data protection regulations. ThoughtSpot rigorously adheres to internationally recognised security standards, including ISO 27001, HIPAA, SOC 1, and CCPA. Cloudbooking’s use of ThoughtSpot, and any associated data‑processing activities, are carried out with the utmost consideration for your privacy and data security. For more details on how we manage and protect your data, please refer to our comprehensive Privacy Policy.
All data processed is stored securely in UK‑based data centres conforming to strict international standards.
Policy Review
Cloudbooking has undertaken a comprehensive review of all our company policies, with a particular focus on data collection and our Privacy Policy. Copies of relevant policies are available on request.
Data Privacy Notice and User Rights
Data Privacy Notice
A truncated Data Privacy Notice will be displayed on all Cloudbooking online services, with a link to the full version.
The complete Data Privacy Notice is as follows:
“Cloudbooking Limited processes your information on behalf of your parent company for the sole purpose of delivering our Cloudbooking services. This includes only your name, email address, and optionally your phone number and/or photo (if applicable). This information is tied to any bookings that have been made by yourself or on your behalf, which effectively logs your possible location at the time the booking is live and therefore historically. This information is not shared with any third party. The information is held until such time as it is no longer required for the provision of the service. Following removal of the service, all data is anonymised for statistical purposes only. Should you require access to the information held about you, or if you have any concerns about the data we hold, please contact your parent company in the first instance.”
User Requests for Information / Right to Delete
Whilst we do not expect a high volume of information requests, it is important for Cloudbooking to have the correct procedures in place.
Requests from individual users for data will be managed on a case‑by‑case basis and will initially be directed back to the Controller/client. Cloudbooking will then liaise with the controller/client to process the request to delete or provide any data held by Cloudbooking. This data can be provided in an encrypted file via email or through other suitably encrypted methods required by the Controller/client to provide to the user.
Cloudbooking has implemented internal operational procedures to ensure we can deliver requested data within the stipulated thirty‑day Data Protection timeframe.
An official request form will be sent to clients or users on request, from which we will log requirements, track progress, and ensure secure delivery within thirty days.
Security
All client data is ring‑fenced in separate databases with security controls in place to ensure that only data users or clients have permission to access can be viewed. All access is based on least‑privilege rights, whether this applies to individual users or Cloudbooking administrators and support personnel. All data is encrypted in transit and at rest.
All data is securely stored in UK‑based data centres conforming to strict international standards.
Data Breaches
Cloudbooking takes data security extremely seriously. We have systems and procedures in place to mitigate any possibility of a data breach occurring. We also have a Security Incident Management Policy (CB014), which would be implemented in such circumstances.
Security Incident Management Policy CB014 is available on request.
Privacy Impact Assessments
Given the basic nature of the personal information we hold (name, email, phone number, password), the privacy impact would be considered minimal. However, we can provide a formal Privacy Impact Assessment (PIA) if required, based on individual client requirements. Further information is available within our IT Security Policy and CB PIA documentation, both available on request.
Designated Data Protection Lead
This role and its responsibilities fall under our Head of Information Security and Operations, Melissa Simpson.
We trust that the above information provides reassurance that Cloudbooking is committed to fully complying with Data Protection law. If you have any queries regarding any of the above, please do not hesitate to contact us at dpo@cloudbooking.com and we will respond promptly.