Privacy Policy of CloudStorm.io

This Website collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Google Analytics with anonymized IP

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Contact form

        Personal Data: email address, first name, last name and various types of Data

      • Mailing list or newsletter

        Personal Data: email address, first name and last name

    • Content commenting

      • Comment system managed directly

        Personal Data: Cookies, email address and website

    • Heat mapping and session recording

      • Hotjar Heat Maps & Recordings

        Personal Data: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service

    • Managing contacts and sending messages

      • MailChimp

        Personal Data: email address, first name, last name and various types of Data

    • Remarketing and behavioral targeting

      • Facebook Custom Audience and Twitter Tailored Audiences

        Personal Data: Cookies and email address

      • Facebook Remarketing, Google Ad Manager Audience Extension, Google Ads Remarketing, LinkedIn Website Retargeting, Remarketing through Google Analytics for Display Advertising and Twitter Remarketing

        Personal Data: Cookies and Usage Data

    • Tag Management

      • Google Tag Manager

        Personal Data: Cookies and Usage Data

    • User database management

      • Intercom

        Personal Data: Cookies, email address, Usage Data and various types of Data as specified in the privacy policy of the service

Further information about Personal Data

    • Measures for data security

      In order to ensure data, IT and information security, we accepted and use System Development Life Cycle (SDLC) Policy, SDLC Standard, System Development and Operation (SDO) Policy and Information Security Policy. Our employees, subcontractors and suppliers are obliged to act and work according to those aforementioned policies.

      Data security measures in software development
      - All software developed according to the SDLC standards.
      - Software development is based on preliminary analysis or feasibility studies, risk identification and mitigation, system analysis.
      - All software develpoment process include quality assurance and acceptance testing.
      - All software developed by us are adequately documented and tested before it is used.
      - All development work exhibit a separation between production, development and test environments. Develmopment, QA and test staff is not entitled to have access to production systems unless absolutely required by their respective job duties.
      - Documentation is kept and updated during all phases of development, security considerations are noted and addressed through all phases of development.
      We use the industry best practices during the software development.

      Information security measures concerning staff:
      - We train our employees and our external developers on a regular basis concerning data protection and data/information and IT security. Each new employee/external developer is obliged to take part in the security training.
      - End user authentication use unique user identifiers, strong passwords or two factor authentication.
      - Passwords shall be changed on a regular basis, according to the Information Security Policy.

      Information security in the maintenance of the software:
      - Only the designated employees have access to the software or the personal data processed by the software or stored in the SaaS services by the Customers.
      - Any planned changes to the system are scheduled, communicated and documented.
      - Continuous security penetration testing is concluded on the system and the software throughout its life cicle at regularly scheduled intervals.
      - Mandatory security testing is conducted when any major configuration or architecture change is made.
      - We keep all deployed systems up-to-date with the latest security-related patches issued by the system vendors.

      Security measures during the daily work:
      - Remote access to personal workstations is allowed only with unique usernames and passwords and in encrypted channels to transfer traffic.
      - All access to production system are limited according to our SDLC Policy.
      - We use cloud-based systems for storing the system, software and personal data. Access to those cloud systems are restricted according to the SDLC and IT Security Policies.
      - We protect our systems with appropriate firewalls.
      - We use clean desk and clean whiteboard policy according to our Information Security Policy.

      Security measures concerning Customer’s data
      - All customer’s data are stored by us are adequately isolated from other Customer’s data.
      - Data storage containing Customer’s data always is protected with automatic encrypted backups. Backup frequency is daily.
      - We do not use offline media for storing data backups, instead the data are stored on durable cloud based storage services that provide comprehensive security and compliance capabilities and meet ISO 27001 certificate.
      - We use multiple, geographically separated backups

      Security measures in communication
      - All data transfer are happen through secure channels using HTTPS or SSL or equivalent protocols.
      - All administrative traffic, traffic going to or coming from external services go through secure channels using HTTPS or SSL or equivalent protocols.

    • Information concerning data transfers to third countries

      The data controller uses the following services of the following service providers whose seat and data storing activity is in third country (USA) and which processors are on the EU-US Privacy Shield List:

      The US based Facebook, Inc. (1601 Willow Road, Menlo Park, California 94025; lperry@fb.com, USA), Google, LLC. (1600 Amphitheatre Pkwy Mountain View, California 94043; USA), Amazon.com, Inc. (Amazon Web Services, Inc. - Seat: 2021 Seventh Ave Seattle, Washington 98121, USA), Facebook, Inc. (1601 Willow Road Menlo Park, California 94025, USA), Intercom, Inc. (Intercom R&D Unlimited Company, Seat: 55 2nd Street, 4th Floor, San Francisco, California 94105, USA), Atlassian, Inc. (Trello, Inc. - Seat: 1098 Harrison Street, San Francisco, California 94103, USA), Microsoft Corporation (Seat: One Microsoft Way, Redmond, Washington 98052, USA), Slack Technologies, Inc.(Seat: 500 Howard Street, San Francisco, California 94105, USA) and Zapier, Inc.** (Seat: 548 Market St #62411 San Francisco, California 94104, USA) are on the US-EU Privacy Shield list set up ont he basis of the regulation of conformity of the European Commission issued according to the article 45 of the GDPR and the decision of 2016/1260; which means that the data transfer to those US based companies cannot be deemed as data transfer to third countries outside of the European Union and separate consent of the affected persons is not necessary; so the data transfer to those companies is allowed. Those companies undertook the conformity with the GDPR.

    • Data processing of Facebook Page

      Owner operates a Facebook Page under the URL address https://www.facebook.com/cloudstorm.rpa/ on which page the Owner displays news, advertisements, videos, organises games and promotions, discloses events, photos, posts. Owner collects, analyzes and displayes in aggregated way personal data with the function of Facebook Insight on the Owner’s Facebook Page concerning the type of the activities of the Users on the Facebook Page, how much time they spend with viewing contents.

      Owner hereby informs the visitors of the Owner’s Facebook Page that the Owner and Facebook Ireland Limited are joint data controllers under the Article 26 of GDPR concerning the personal data collected in Facebook Insight function of the Facebook Page; The Owner and Facebook Ireland Limited jointly determines the purposes and tools of data processing. The agreement of joint data processing concluded between the Owner and Facebook Ireland Limited is available here: https://www.facebook.com/legal/terms/page_controller_addendum.

      Furthermore, the Owner informs the visitors of its Facebook Page about the split of the main responsibilities and obligations between the Owner and Facebook Ireland Limited and also about the relevant provisions of the agreement on joint data processing:

      Responsibilities and obligations of Facebook Ireland Limited:

      - Facebook Ireland Limited undertakes the primary liability of the data processing of the data in Facebook Insight function; data processing is carried out by Facebook Ireland Limited in trhe name of the Owner.
      - Facebook Ireland Limited is liable for appropriately informing the Users on the data processing.
      - Facebook Ireland Limited is liable for keeping in touch with the Users. answeing the Users' requests when the Users exercise their rights concerning data protection; the Owner is not entitled to contact the Users in this matter on the basis of the joint precessing agreement. If the User submits his/her request/claim of data protection to the Owner, the Owner is obliged to forward it to Facebook Ireland Limited within 7 days; the User shall receive the answer of his/her request from Facebook Ireland Limited.
      - Facebook Ireland Limited is liable for keeping the data safety provisions on the personal data collected and processed in the function of Facebook Insight; for announcement of data breaches and for informing the Users about the data breaches.

      Responsibilities and obligations of the Owner:

      - The Owner is obliged to ensure that the Owner has appropriate legal basis of the data processing concerning Facebook Insight.
      - The Owner is obliged to indicate itself as data controller on the Facebook Page.
      - The Owner is not entitled to claim the concrete personal data processed in Facebook Insight function from Facebook Ireland Limited; the Owner is able to reach only the statistics and reports created by Facebook Ireland Limited, the - - Owner does not have access to the personal data forming the basis of the reports.

      The Owner hereby informes the visitors of the Facebook page that Simple processes their following data on the following legal basis:

      - Regarding the likes on the Owner’s Facebook Page: number of likes; place of likes, number of new likes
      - Regarding posts on the Owner’s Facebook Page: how much people are reached by the post, number of likes, comments and shares of the post, number of unlikes, hides, reporting as spam, when the persons reaching the Facebook Page view Facebook content;
      - Regarding visits of the the Owner’s Facebook Page: how much times was the Page visited, how much times did the users come from external sites;
      - Regarding videos on the Owner’s Facebook Page: number of watching video more than 3 seconds, more than 30 seconds, top videos of the Page;
      - Regarding visitors of the the Owner’s Facebook Page: gender, age, location (country, city), language of the persons who liked the Page, number of visitors viewed the post in the last 28 days, who liked, commented or shared something on the Facebook Page in the last 28 days.

      The legal basis of the Owner’s aforementioned data processing is Consent according to Article 6 (1) a) of the GDPR. The Users can withdraw his/her cosent in any time. Granting or withdrawing consent is possible in the Users' Facebook profile.

      Facebook Ireland Limited is obliged to disclose the deatiled privacy notice on the Facebook Pages on the basis of the aforementioned joint data processing agreement.

      The Owner excludes its liability for any data processing carried out by Facebook Ireland Limited, only Facebook Ireland Limited is liable for that.

Contact information

    • Owner and Data Controller

      Virtual Solutions Kft. Bajcsy-Zsilinszky út 12. Budapest Hungary 1051

      Managing director: David Salamon, info@cloudstorm.io

      Owner contact email: compliance@cloudstorm.io