Cloud Academy – Website Privacy Notice

Last updated: September 2023 We recommend that you read this Privacy Notice in full to ensure you are completely informed about your personal data. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link above to jump to that section. Cloud Academy respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect when you visit our website at cloudacademy.com (“Website”), when you visit our social media pages; visit our offices; receive communications from us; or register for, attend and/or otherwise take part in our events (collectively the "Services"). If you have any questions or concerns about our use of your personal information, then please contact us using the contact details under the “How to contact us” heading below.
  1. What does Cloud Academy do? Cloud Academy is a cloud based learning platform dedicated to providing training programs for individuals and organisations, headquartered in the US.
  2. Personal information we collect and process
    1. The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Services. We collect personal information about you from the following different sources:
      • Information that you provide directly We collect personal information directly from you when you choose to provide us with this information online and through your other interactions with us (such as data collected via social media, customer service communications). Certain parts of our Website ask you to provide personal information when you engage customer services.
      • Information that we collect indirectly We collect personal information about you indirectly, including through automated means from your device when you use our Services. Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained further in the Cookies and similar tracking technology section below.
      • Information from third parties We also collect information about you from third party sources, i.e public sources and our service providers that provide operational assistance, email, marketing and analytics services. Information received from third parties will be checked to ensure that the third party either has your consent or is otherwise legally permitted or required to disclose your personal information to us.
    2. The table below describes the categories of personal information we collect from and about you through our Services.
      Personal Data Description Source
      Identity and Contact Data such as your name, email address, phone number, telephone number, address, company name, profession, social media handle (where you interact with us via social media)
      • Directly from you (online or offline)
      • Third parties
      • Automatic Collection
      Communications Data such as your feedback on our products and services and other communications with us (including when you interact with our customer service agents offline), any queries you raise, chat, email or call history or with third party service providers. This will include information as to how you contact customer services and the channel of communication that you use or any information that you send to us.
      • Directly from you
      • Third parties
      • Automatic Collection
      Marketing and Advertising Data such as your interests based on your use of our Website and other websites and online services, your purchases, survey responses, promotions you enter, preferences in relation to receiving marketing materials from us, communication preferences, your preferences for particular products or services and your subscription details.
      • Directly from you
      • Third parties
      • Automatic Collection
      Device Data collected using tags and pixels, including your IP address, your ISP, and the browser you use to visit our Website, device type, unique device identification numbers or other identifiers and advertising identifiers.
      • Automatic Collection
      Website Usage Data such as activity and Website page  interaction, information that we capture using cookies and similar technologies (see section 4 below).  This will include URL address, time of request, method of request, page views and searches, log-in information, clicks, operating system, information about content viewed, watched or downloaded for offline access, length of visits to certain pages, purchase history and other functional information on Website performance (for example, application version information, diagnostics, and crash logs).
      • Automatic Collection
      We do not collect any sensitive personal information about you, such as health-related information or information about your race or ethnicity, or sexual orientation.
  3. Who we share your personal information with. We share your personal information with the following categories of recipients:
    • our group companies, including QA Limited, who provide data processing services necessary to provide you with our goods and services (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Services), or who otherwise process personal information for purposes described in this Privacy Notice.
    • third party service providers and partners who provide data processing services to us (to support the delivery of, provide functionality on, or help to enhance the security of our Services), or who otherwise process personal information for purposes that are described in this Privacy Notice. For further details on our third party service providers see the Cloud Academy Data Summary.
    • third party services when you use third party services linked through our Website your personal information will be collected by the provider of such services. Please note that when you use third party services, their own terms and privacy policies will govern your use of their services;
    • any competent law enforcement body, regulatory, government agency, court or other third party (our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
    • a buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; or
    • any other person with your consent to the disclosure (obtained separately from any contract between us).
  4. Sale of personal data. We do not “sell” or “share” Personal Information as those terms are defined under California and other applicable state privacy laws. To the extent Personal Information is shared with third parties, it is only provided to third party service providers/processors.
  5. Cookies and similar tracking technology. We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to serve interest based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please click on the “Manage your Cookies” Link in the footer of our website.
  6. How we keep your personal information secure. We use appropriate technical and organisational measures to protect the personal information that we collect and process about you including:
    IA Objectives - Confidentiality, Integrity, Availability Information Ownership and Custodianship - Internal Governance Information Risk Management Privacy Compliance Minimization and Limitation of Information Quantity Data and Information Retention Compliance with Privacy, Laws, Regulations, Customer Agreements Management Oversight Requests from Authorities, Governments or Third parties Supplier Assessment, Compliance Reporting Secure SDLC Policy Business Continuity Disaster Recovery Security Controls Destruction and removal of Information or data Human Resources Security Information Classification● Least Privilege and Need to Know System Classification Information Handling Location and Jurisdiction Contractual Controls toward Providers,
    The measures are designed to provide a level of security appropriate to the risk of processing your personal information.
  7. International data transfers. Cloud Academy is based in the US and a part of the QA Group. Therefore when you use the Platform, your personal information is transferred to us and stored in our data centres in the US. In addition, we use third parties in the US and other countries meaning your personal information is processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Transfers of your personal data are legally permitted, amongst other mechanisms, under the QA Group's intra group data sharing agreement and contractual agreements that include standard contractual clauses for controllers, and where relevant for processors. Our third party service providers and partners operate around the world. Please see Cloud Academy Data Summary for processing and transfer details.
  8. Data retention. We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after our contractual relationship has ended. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement.When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  9. EEA and UK visitor additional information (A) How we use your personal information (our purposes) and our legal basis for processing it. We use the personal information that we collect from and about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information. Depending on our purpose for collecting your information, we rely on one of the following legal bases:
    • Contract - we require certain personal information in order to provide and support the goods and services you purchase or request from us;
    • Consent – in certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal information, in which case you can voluntarily choose to give or deny your consent without any negative consequences to you;
    • Legitimate interests – we may use or disclose your personal information for the legitimate business interests of either Cloud Academy or a third party, but only when we are confident that your privacy rights will remain appropriately protected. If we rely on our (or a third party's) legitimate interests, these interests will normally be to: operate, provide and improve our business, including our Services; communicate with you and respond to your questions; improve our Services or use the insights to improve or develop marketing activities and promote our products and services; detect or prevent illegal activities (for example, fraud); and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors and visitors; or
    • Legal obligation – there may be instances where we must process and retain your personal information to comply with laws or to fulfil certain legal obligations.
    The following table provides more details on our purposes for processing your personal information and the related legal bases. The legal basis under which your personal information is processed will depend on the data concerned and the specific context in which we collect it. Where we require your data to pursue our legitimate interests or the legitimate interests of a third party, it will be in a way which is reasonable for you to expect as part of the running of our organisation and which does not materially affect your rights and freedoms. We have identified below what our lawful bases are.
    Purpose/Activity Type of data Lawful basis for processing
    Respond to your communications regarding our Services, send you service updates, confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages, responding to your enquiries, requests or complaints. Identity and Contact Data Account Data Transaction Data Communication Data Uploaded Content Device Data Website Usage Data
    • Performance of a contract with you.
    • Otherwise, as necessary for our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you.
    Reviewing communications with you for customer support and quality assurance and training purposes, and related recordkeeping. Identity and Contact Data Account Data Transaction Data Communications Data Uploaded Content Data Device Data Website Usage Data
    • Necessary for our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you.
    Keep our business, including our Services, our offices and our employees, customers, vendors, and visitors secure and address threats to your safety or the safety of others. For example, online we may use malware and spyware monitoring tools to detect suspicious activity and algorithms to detect unauthorised access. Identity and Contact Data Account Data Transaction Data Device Data Website Usage Data Communication Data Location Data
    • Necessary for our and our third parties' legitimate interests (to operate and provide our business, including our Services; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors).
    Manage compliance with our terms of service and related internal reporting. Identity and Contact Data Account Data Communication Data Transaction Data Uploaded Content Data Social media/External Account Data
    • Performance of a contract with you.
    • Otherwise, as necessary for our legitimate interests (to operate, provide and improve our business, including our Services; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors.
    • Legal obligations.
    To administer and maintain our Services and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data). Identity and Contact Data Account Data Device Data Website Usage Data
    • Legitimate interests (to operate, provide and improve our business, including our Services; to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).
    Manage our use of tracking technologies such as cookies (including enabling you to manage your cookie preferences) and analyse collected data to learn about our Services, to improve our Services, and to develop new products and services. This includes website analytics, identifying browsing / purchasing trends and patterns and evaluating this information on an aggregated, group(s) basis (Social media/External Account Data, Marketing Data) and individual basis (Account Data, Device Data, Location Data and Website Usage Data). Account Data Device Data Website Usage Data Social media/External Location Data Account Data Marketing and Communications Data
    • Consent (where required under applicable law – see cookie consent tool on our website).
    • Otherwise (for strictly necessary cookies) legitimate interests to operate, provide and improve our business, including our Services, to improve our Services or use the insights to improve or develop marketing activities and promote our products and services.
    Analyse data including metrics related to consumer transactions and behaviour, to assess trends and the effectiveness of our advertising and marketing campaigns, to help us understand your needs and provide you with better service and offers, to drive customer engagement, promote our brand, and inform other business decisions by understanding consumer behaviour. Account Data Transaction Data Device Data Website Usage Data Social media/External Account Data Communication Data Marketing Data
    • Consent (where required under applicable law).
    • Otherwise legitimate interests (to operate, provide and improve our business, including our Website or use the insights to improve or develop marketing activities and promote our products and services).
    Contact current and prospective customers (including Website visitors) about our products and services, promotions, competitions and events we think may be of interest, including our newsletter and other promotional mailers and electronic communications. Account Data Website Usage Data Marketing Data Communication Data Social media/External Account Data Uploaded Content Data
    • Consent (where required under applicable law).
    • Otherwise legitimate interests (to operate, provide and improve our business; to communicate with you).
    Personalise and customise your experience, including to provide local or otherwise targeted content and information for customers, and to tailor the content and advertising served on our Website Social media/External Account Data
    • Otherwise legitimate interests (to operate, provide and improve our business, including our Website, to use the insights to improve or develop marketing activities and promote our services).
    Personalise, target, and deliver advertising for our services on third party websites, apps, and other online services (including to identify audiences and individuals like you to better tailor our marketing campaigns and communications), and measure the effectiveness of our campaigns and adjust our methods. Account Data Marketing Data Website Usage Data Social media/External Account Data Contact Device Data
    • Consent (where consent is required under applicable law.
    • Otherwise legitimate interests (to improve our business, to promote our products and services and to use the insights to improve or develop our marketing activities).
    Analyse social media performance metrics to evaluate and execute social media campaigns, including to interact with our current and prospective customers on various social media channels to promote our products, run contests and promotions, answer questions and otherwise drive and monitor customer engagement and satisfaction. Account Data Marketing Data Social media/External Account Data Communication Data Uploaded Content Data Website Usage Data Device Data
    • Consent (where consent is required under applicable law).
    • Otherwise legitimate interests (to improve our business, to promote our products and services and to use the insights to improve or develop marketing activities).
    Administer sweepstakes, competitions or surveys Identity and Contact Data Account Data Communication Data Uploaded Content Data Social media/External Account Data
    • Legitimate interests (to drive customer engagement and to collect user perceptions and measure satisfaction).
    Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law. Identity and Contact Data Account Data Transaction Data Website Usage Data Location Data Communication Data Uploaded Content Data
    • Legal obligation.
    Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims against us and to conduct litigation to defend our interests. Identity and Contact Data Account Data Transaction Data Location Data Website Usage Data Communication Data
    • Legitimate interests to protect our business interests.
    To obtain further information about how we balance our legitimate interests against your rights and freedoms where applicable, please contact us using the contact details provided under the “How to contact us” heading below. (B) Transfers of personal data from the EEA and/or the UK. Where we transfer your personal information to countries and territories outside of the European Economic Area and the UK, which have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations" from the Secretary of State in the UK. Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice and applicable laws. The safeguards we use to transfer personal data in case of both our group companies and third party service providers and partners, the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2 including the UK Addendum for the transfer of data originating in the UK. Our Standard Contractual Clauses entered into by our group companies and with our third party service providers and partners can be provided on request. Please note that some sensitive commercial information may be redacted from the Standard Contractual Clauses. (C) Your data protection rights. Individuals located in the UK and EEA have the following data protection rights. To exercise any of them see specific instructions below or contact us using the contact details provided under the “How to contact us” heading below.
    • You may access, correct, update or request deletion of your personal information. In addition to contacting us.
    • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, (i.e. your data to be transferred in a readable and standardised format.
    • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us (using the contact details indicated below). If you choose to opt out of marketing communications, we may still send you non-promotional emails, such as emails about your account or our ongoing business relations.
    • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    • You have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local supervisory authority. (Contact details for supervisory authorities in Europe are available here and for the UK here.) Certain supervisory authorities may require that you exhaust our own internal complaints process before looking into your complaint.
    We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
  10. Updates to this Privacy Notice. We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if, and where, required by applicable data protection laws.You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
  11. How to contact us. If you have any questions or concerns about our use of your personal information, please contact us using the following details: support@cloudacademy.com You may also write to us at the following details: 5214F Diamond Heights Blvd., 157, San Francisco CA, United StatesThe data controller of your personal information is Cloud Academy Inc.