July 2022
Quick Content links
Introduction
Client Data
Policy Review
Data Privacy Notice and User Rights
Security
Introduction
Cloud Booking takes your privacy extremely seriously and we would like to make our
GDPR position clear for all our clients.
As part of the Cloudbooking service, we require personal data from all our users to
initiate and complete the login process. In the instance of Cloudbooking services, we are
considered the ‘Processors’ of data. Consent to gather and store users’ personal data has
been given / obtained by the ‘Controller’.
The Cloudbooking GDPR statement has been reviewed and confirmed by our legal
representatives to ensure we are adhering to our GDPR obligations as a company.
We have reviewed our GDPR responsibilities across the following key areas:
– Client Data
– Policy Review
– Data Privacy Notice and User rights
– Security
Client Data
Cloudbooking is designated as a data processor rather than a data controller for
customer data that we hold. It should be noted that at no point does Cloudbooking share
any of the information we process with any 3rd parties. If, in the future, we further
develop the Cloudbooking service to integrate with 3rd party API’s our GDPR policy will
be updated accordingly.
We undertook an information audit review of the type of information we process and
this is identified as follows:
– Full name
– Email address for login and optional booking notification
– Cloudbooking password for service access only (encrypted)
– Phone Number (mobile, optional) for booking notifications
– Location information when a booking is placed and historically
– Car registration number (Parking space management)
– Photo (Visitor Management system)
This information is stored in standard SQL databases, with one ring fenced database per
client. In all cases this data is only transmitted over secure encrypted connections using
https.
All data processed is stored securely in UK based data centres conforming to strict
international standards.
Policy Review
Cloudbooking has undertaken a comprehensive review of all our company policies with a
particular focus on Data Collection and Privacy Policy. Copies of key relevant policies are
available on request.
Data Privacy Notice and User Rights
Data Privacy Notice
A truncated Data Privacy Notice will be displayed on all Cloudbooking online services
with a link to the full version.
The complete Data Privacy Notice is as follows:
“Cloudbooking Limited processes your information on behalf of your parent company for
the sole purpose of delivering our Cloudbooking services. This includes only your name,
email address and optionally your phone number and/or photo (if applicable). This
information is tied to any bookings that have been made by yourself or on your behalf,
which effectively logs your possible location at the time the booking is live and therefore
historically. This information is not shared with any third party. The information is held
until such time as it is no longer required for the provision of the service. Following
removal of the service all data is anonymised for statistical purposes only. Should you
require access to the information held about you, or if you have any concerns about the
data we hold then please contact your parent company in the first instance. Cloudbooking
Limited fully complies with UK data protection laws including, but not limited to, the Data
Protection Act 2018.”
User Requests for information / Right to delete
Whilst we do not expect a high volume of information requests, it is important for
Cloudbooking to have the correct procedures in place.
Requests from individual users for data will be serviced on a case by case basis and will be
initially directed back to the data controller / client. Cloudbooking will then liaise with the
controller / client to process the request to delete/provide any data held by
Cloudbooking. This data can be provided in an encrypted file over email or other suitably
encrypted methods required by the controller / client to provide to the user.
Cloudbooking have put in place internal operational procedures to ensure we are able to
deliver requested data within the stipulated thirty day GDPR timeframe.
An official request form will be sent to clients or users on request, from which we will log
requirements, track progress and ensure secure delivery is within thirty days from the
request. Our Data Protection Officer is responsible for ensuring timely secure delivery of
all processed data requests, monitoring and managing the Cloudbooking GDPR process
and informing all parties of the completed task.
Security
All client data is ringfenced in separate databases with security controls in place to ensure
that only data that users/clients have security access to can be viewed. All access is based
on least privilege rights, whether this be individual users or Cloudbooking administrators
and support personnel. All data is encrypted in transit and at rest.
All data is securely stored in UK based data centres which conform to strict international
standards.
Data Breaches
Cloudbooking takes data security extremely seriously. We have systems and procedures
in place to mitigate any possibility of any data breach occurring. We also have in place a
Security Incident Management policy CB014, which would be implemented under these
circumstances.
Security Incident Management policy CB014 is available on request.
Privacy Impact Assessments
Given the basic nature of the personal information (name, email, phone number,
password) we hold, the privacy impact would be considered minimal. However, we can
provide a formal Privacy Impact assessment, PIA, if required on the individual
requirements of clients. Further information is available within our IT security policy and
CB PIA documentation and is available on request.
Designated Data Protection Officer
This role and responsibility has been included in the remit of our Head of Information
Security, Adrian Pratt.
We trust that all of the above gives reassurance that Cloudbooking is focused on ensuring
we fully comply with the General Data Protection Regulations which came into force on
May 25th 2018. If you have any queries on any of the above then please do not hesitate to
contact us at dpo@cloudbooking.com in the first instance and we will get right back to
you.