Revision 7: 27/05/2018

Last revision changes: Minor edits, inclusion of Clause 12

0. General Terms and Definitions

0.1 This agreement is between Cloud Unboxed Limited - registered in England and Wales at 1st Floor, 79b Front Street, Chester-le-Street, Durham, DH3 3BJ with company number 08808740 - (herein referred to as "We" or "Us" or "Our") and You as the Customer (herein referred to as "You" or "Your" or "Customer" or "Customers" or "Client" or "Clients") regarding Our hosting products and services. The use of "Staff" or "Agent" or "Agents" herein refers to any employee, director or representative of Cloud Unboxed Limited.

0.2 The use of "Account" or "Accounts" or "Package" or "Packages" or "Product" or "Products" or "Service" or "Services" herein signifies any product or service We make available, including but not limited to: web hosting, cloud hosting, business hosting, reseller hosting, domain name registration, domain name transfer, DNS hosting, content delivery network, VPS, virtual server, cloud server, storage server, cloud load balancer, cloud database, cloud firewall, private cloud, managed hosting, server backup, server management, G Suite by Google Cloud, and Microsoft Office 365.

0.3 Data Protection definitions are as follows:

0.3.1 The use of “Personal Data” herein signifies any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are: name, identification number, location data, online identifier, email address and so forth, as detailed on the Information Commissioner’s Office website;

0.3.2 The use of “Data Processing” herein signifies any operation carried out on Personal Data including collection, recording, organising, structuring, storing, using, etc. Data Processing also incorporates paper-based, non-digital systems;

0.3.3 The use of “Data Subject” herein signifies an individual whose Personal Data is subject to Data Processing;

0.3.4 The use of “Data Controller” herein signifies an entity that determines how Personal Data is subject to Data Processing;

0.3.5 The use of “Data Processor” herein signifies an entity that subjects personal data to Data Processing on behalf of a Data Controller. Typically, this includes the Data Controller, and may include additional internal and/or external third parties.

0.3.6 The use of “Data Sub-Processor” herein signifies an entity that is engaged by the Data Processor and/or Data Controller to carry out additional or further Data Processing on the Data Subject. Typically, this means a third party used by the Data Controller to process their data – for example, a marketing company, bank or financial institution, courier or delivery company, and so forth.

0.4 From time to time We may amend, add or remove points, paragraphs or clauses from Our Privacy Policy. We may not always inform You in advance of changes to Our Privacy Policy where such changes will not materially disadvantage You. However We will use Our best efforts to notify You in advance of changes to Our Privacy Policy that may impede Your Services.

0.5 We provide all customer, technical and billing support in English only. We cannot be held responsible in any way for problems, issues or faults due to translation and/or language breakdown.


1. Important Information

1.1 This Privacy Policy aims to give You information on how We collect and process Your Personal Data through Your use of this website, including any data You may provide through this website when You register an account or place an order with Us.

1.2 This website is not intended for children and We do not knowingly collect data relating to children.

1.3 This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. We do not control these third-party websites and are not responsible for their privacy policies or terms. When You leave Our website, We encourage You to read the privacy Policy of every website You visit.


2. Personal Data We Collect

2.1 We may collect, use, store and transfer different kinds of Personal Data about You, which We have grouped together as follows:

2.1.1 Identity Data; this includes Your First Name, Last Name, Title, Username and Gender;

2.1.2 Contact Data; this includes Your Address, Billing Address, Delivery Address, Email Address and Telephone Number;

2.1.3 Financial Data; this includes Your First Name, Last Name, Address, Billing Address, Email Address, Telephone Number, Credit/Debit Card Information, PayPal Information, Bank Account Information.

2.2 We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from Your Personal Data but is not considered Personal Data in law as this data does not directly nor indirectly reveal Your identity. For example, We may aggregate Your usage data to calculate the percentage of users accessing a specific website feature. However, if We combine or connect aggregated data with Your Personal Data so that it can directly or indirectly identify You, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

2.3 We do not collect any Special Categories of Personal Data about You (this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health and genetic and biometric data). Nor do We collect any information about criminal convictions and offences.

2.4 If for any reason You choose to withhold some or all of Your Personal Data during an order, upgrade, downgrade or alteration of any Products or Services or Accounts, We may not be able to provide such Products or Services or Accounts due to administrative and/or lawful reasons.

2.5 Should You choose to withdraw Your consent to Our use or sharing of Your Personal Data, it is likely that We will be required to cancel or terminate Your Products and Services and Accounts with Us due to administrative or lawful reasons. We will use Our best efforts to inform You of such cancelations or terminations in advance, however We accept no responsibility of any losses (be that of data, custom or otherwise) that a cancellation or termination may cause.


3. How We Collect Your Personal Data

3.1 We utilise many different methods to collect different types of Personal Data from and about You, including ‘direct’ and ‘indirect’ methods.

3.2 Directly. You may share with Us Your Identity Data, Contact Data and/or Financial Data (as declared in Clause 2.1) by filling in forms on Our Websites, or by corresponding with Us by post, phone, email, support ticket, live chat or otherwise. This includes Personal Data You provide when You:

3.2.1 Register an account on our Portal, or via any Websites operated directly by Us;

3.2.2 Send a message to Us using our online contact forms on Our Websites;

3.2.3 Enquire about, apply for, or order any of Our Products and Services;

3.2.4 Request support for any Products and Services You may have with Us;

3.2.5 Subscribe to any of Our digital service platforms, including: update platforms, publications, blogs, and including (where applicable) any comments You make on such digital service platforms;

3.2.6 Request marketing materials or publications be sent to You.

3.3 Indirectly. We may receive Your Identity Data, Contact Data and/or Financial Data (as declared in Clause 2.1) as shared by any of Our trusted partners, companies or affiliates. This includes scenarios such as when a trusted partner, company or affiliate shares Your Personal Data for:

3.3.1 Advice, information, help, support, or sales enquiries regarding any of Our Products or Services or Accounts;

3.3.2 Service handover, from a resold to direct Product or Service or Account;

3.3.3 Purpose of compliance toward any GDPR request or enquiry, data protection request or enquiry, or any legally binding act including criminal matters.


4. Lawful Basis for Data Processing

4.1 We will only use Your Personal Data when the law allows Us to. The following lawful basis for data processing are set out in Article 6 of the GDPR, and at least one of these lawful bases will apply when We process Your Personal Data.

4.2 Consent: where You have given Us Your consent to the processing of Your Personal Data for one or more specific purposes.

4.3 Performance of Contract: where it is necessary to process Your Personal Data for the performance of a contract to which You are a party, or to take steps at Your request before entering into such a contract.

4.4 Legal Obligation: where the processing of Your Personal Data is required in order to comply with the law or a regulatory body to which We are subject.

4.5 Vital Interests: where the processing of Your Personal Data is necessary to protect someone’s life.

4.6 Public Task: where the processing of Your Personal Data is required to perform a task in the public interest, or in exercise of an official authority by law.

4.7 Legitimate Interests: where the processing of Your Personal Data is necessary for Our legitimate interests or the legitimate interests of a third party. We make sure We consider and balance any potential impact on You (both positive and negative) and Your rights before We process Your Personal Data for Our legitimate interests. We do not use Your Personal Data for activities where Our interests are overridden by the impact on You (unless We have Your consent or are otherwise required or permitted to by law).


5. How We Use Your Personal Data

5.1 We have set out below a description of all the ways We may use Your Personal Data, with the legal bases We rely on to do so. Clause 5 makes references throughout to the types of Personal Data We collect as defined in Clause 2.1, and the lawful basis for Data Processing as defined in Clause 4.

5.2 The provision of Products, Services or Accounts;

5.2.1 We use Your Identity Data and Contact Data during the creation, execution and running of Your Products, Services or Accounts;

5.2.2 This use of Your Personal Data falls under the lawful basis of Performance of Contract.

5.3 Providing Support for Products, Services and Accounts;

5.3.1 While communicating with You via support ticket, email, live chat, telephone, and other similar means, We use and may ask You to provide or confirm Your Identity Data and Contact Data. This helps Us validate Your identity, locate your Products, Services or Accounts, and allows Us to tailor Our support answers to Your questions;

5.3.2 This use of Your Personal Data falls under the lawful basis of Performance of Contract.

5.4 Notification of Service Changes, Updates, Outages and Maintenance;

5.4.1 We use Your Contact Data to inform You of important events toward Your Products, Services or Accounts. For example, We may send notifications of updates, upgrades, changes, scheduled maintenance, outage reports and similar, regarding the Products, Services and Accounts You subscribe to;

5.4.2 This use of Your Personal Data falls under the lawful basis of Performance of Contract.

5.5 Billing, Accountancy and Tax Purposes;

5.5.1 We use Your Financial Data to perform billing, invoicing, and fulfil tax requirements for the Products, Services or Accounts of which You subscribe;

5.5.2 This use of Your Personal Data falls under the lawful bases of Performance of Contract, Legal Obligation and Legitimate Interests.

5.6 Security of Our Services, Hardware, Software, Networks and Sensitive Data;

5.6.1 We use Your Identity Data and Contact Data to identify Your involvement in or toward any security events, breaches, detections or attacks against Our Services, Hardware, Software, Networks and Sensitive Data;

5.6.2 This use of Your Personal Data falls under the lawful basis of Legitimate Interests.

5.7 Security of Our Staff and Core Business;

5.7.1 We use Your Identity Data and Contact Data to identify, protect against and prevent any threatening or anti-social comments or behaviour made towards Our business or staff members;

5.7.2 This use of Your Personal Data falls under the lawful basis of Legitimate Interests.

5.8 Evidencing Contracts and Limiting Legal Risks;

5.8.1 We use Your Identity Data, Contact Data and Financial Data to help demonstrate the existence or content of contracts, prevent and detect fraud, and for establishing and defending our legal rights;

5.8.2 This use of Your Personal Data falls under the lawful basis of Legitimate Interests.

5.9 Compliance with Law Enforcement, Court Orders, Regulating Bodies and Government Agencies;

5.9.1 We may use Your Identity Data, Contact Data and Financial Data when We are served with a binding order, such as that of a law enforcement officer, court order, regulating body, or government agency;

5.9.2 This use of Your Personal Data falls under the lawful basis of Legal Obligation.

5.10 Securing Our Premises and Physical Assets;

5.10.1 We secure and protect Our Premises and Physical Assets with CCTV, audio and video recordings, and other security services. We may use Your Identity Data and Contact Data to identify Your involvement in or toward any security events or attacks against Our Premises and Physical Assets;

5.10.2 This use of Your Personal Data falls under the lawful basis of Legitimate Interests.

5.11 Direct and Third-Party Marketing;

5.11.1 Where You have given Us Your consent, We use Your Contact Data for marketing purposes of sharing information on new products, services and features. You can opt out of Direct and Third-Party Marketing at any time by following the information as set out in Clause 15;

5.11.2 This use of Your Personal Data falls under the lawful basis of Consent.

5.12 Direct Consent;

5.12.1 We may use Your Identity Data and/or Contact Data and/or Financial Data for any other purpose not set out above following Your direct consent allowing Us to do so;

5.12.2 This use of Your Personal Data falls under the lawful basis of Consent.


6. Who We Share Your Personal Data With

6.1 We may have to share Your Personal Data with the third parties set out below for the purposes set out in Clause 5. Clause 6 makes references throughout to the types of Personal Data We collect as defined in Clause 2.1, and the lawful basis for Data Processing as defined in Clause 4.

6.2 Internal Third Parties acting as a Data Processor or Data Sub-Processor, including:

6.2.1 There are no internal third parties at this time.

6.3 External Third Parties acting as Our Data Processor or Data Sub-Processor, including:

6.3.1 The Co-operative Bank plc, Lloyds Bank plc, PayPal Holdings, Inc., Stripe, Inc., and Clear Books plc, who assist Us with Our billing, merchant payment processing and financial services. We may share Your Financial Data to aid the daily operations of Our billing department for the purposes of locating and fulfilling payments. You cannot opt out of this data sharing.

6.3.2 MaxMind, Inc. who assist Us with the detection of online fraud and the geo-location of online visitors. We share Your Identity Data and Contact Data with MaxMind to identify and reduce fraudulent activity and security risks against Our business. You cannot opt out of this data sharing.

6.3.3 Voxility LLP, iomart plc, VSNX, Inc., Hurricane Electric, Inc., who assist Us in the operation of Our hosting networks and services. We may share Your Contact Data and Identity Data for the purposes of assisting Our support staff with any problems, questions or issues You raise with Us. You may choose to opt out of this data sharing, however this may lead to a reduced level of support.

6.3.4 CentralNic Ltd. and Enom LLC, who assist Us with domain name registration services. This also includes the topmost registries doMEn LLC, Nominet UK, EURid VZW, NIXI .IN Registry, Public Interest Registry, Neustar, Inc., Afilias plc, and Internet Corporation for Assigned Names and Numbers. Should You purchase a domain name from Us, you cannot opt out of this data sharing.

6.3.5 Comodo Group, Inc., who provide Our SSL Certificate, Antispam Gateway, Hacker Guardian, Web Inspector, and Web Application Firewall services. We will share Your Identity Data and Contact Data with Comodo upon the purchase of any SSL Certificate, Antispam Gateway, Hacker Guardian or Web Inspector service and You cannot opt out of this data sharing. We may share Your Identity Data and Contact Data for assistance with support matters regarding any of Comodo Group products and services, which You may opt out of, however this may lead to a reduced level of support.

6.3.6 cPanel, Inc. and InterWorx, LLC., who are the vendors of our web hosting control panel softwares. We may share Your Contact Data for the purposes of support and assistance with any queries You raise through Us. You may choose to opt out of this data sharing, however this may lead to a reduced level of support.

6.3.7 Google LLC and Google Ireland Limited, who provide G Suite products as resold to Our customers under the G Suite Partner Programme. Should You purchase G Suite Products, Services or Accounts from Us, you cannot opt out of this data sharing.

6.3.8 Microsoft Corporation, who provide Microsoft Office 365 as resold to Our customers under the Microsoft Partner Network, and Microsoft software licenses as resold to Our customers under the Microsoft Services Provider License Agreement. Should You purchase Office 365 or Microsoft software licenses, Products, Services or Accounts from Us, you cannot opt out of this data sharing.

6.3.9 Internet Communications Limited, Syslint Technologies (India) Pvt. Ltd. And Rack911, who provide direct and white-labelled support services to You via email, support ticket, live chat and telephone. You cannot opt out of this data sharing.

6.3.10 Royal Mail plc, Hermes Group, Deutsche Post AG, United Parcel Service of America, Inc. and FedEx Corporation, who are Our selected couriers. One or more of these couriers may be used to ship any physical Products, Services or Accounts purchased from Us. Where You purchase a Product, Service or Account that requires shipment, You can select the courier(s) of which to share Your data and deliver Your goods.

6.3.11 SendGrid, Inc., who operate transactional and email marketing campaign services. Our marketing emails are sent using SendGrid’s services, and by opting out of marketing emails as defined in Clause 15, Your data will not be shared with SendGrid.

6.3.12 Gordon Brown Law Firm LLP, LHS Solicitors LLP, and other professional advisers acting as data sub-processors including lawyers, solicitors, bankers, auditors and insurers based in the European Union, who may provide consultancy, banking, legal, insurance and accounting services. You cannot opt out of this data sharing.

6.3.13 HM Revenue & Customs, government regulators and authorities acting as data sub-processors, based in the United Kingdom, who require reporting of processing activities in certain circumstances. You cannot opt out of this data sharing.

6.3.14 Third parties to whom We may choose to sell, transfer, or merge parts of Our business or our assets. Alternatively, We may seek to acquire other businesses or merge with them. If a change happens to Our business, then the new owners may use Your personal data in the same way as set out in this Privacy Policy. You cannot opt out of this data sharing.

6.4 We require Our Data Processor, Data Sub-Processor and third parties to respect the security of Your Personal Data and to treat it in accordance with the law. We do not allow Our Data Processor, Data Sub-Processor and other third parties to use Your Personal Data for their own purposes, and only permit Data Processing of Your Personal Data for specified purposes in accordance with Our instructions.

6.5 Please note, a Legal Obligation such as a binding order, as described in Clause 5.9, will supersede all opt out requests.


7. International Transfers

7.1 The Personal Data and/or business information that We collect from You is stored on Our secure servers in the United Kingdom, United States of America, France and Romania.

7.2 We may share Your Personal Data within the Cloud Unboxed group of companies for Data Processing, including Cloud Unboxed Limited which is a registered company in the United Kingdom, and Cloud Unboxed LLC which is a registered corporation in the United States. This involves moving Your Personal Data into, and out of, the European Economic Area (EEA).

7.3 Some of Our external third parties are based outside of the European Economic Area (EEA), and so their Data Processing of Your Personal Data will involve Data Processing into, and/or out of, the EEA.

7.4 Whenever We operate Data Processing of Your Personal Data into, and/or out of, the European Economic Area (EEA), We ensure a similar degree of protection is afforded to it by implementing safeguards.

7.4.1 We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from the EU and Switzerland. We have certified to the US Department of Commerce that We adhere to the Privacy Shield Principles in respect of all Personal Data on which We operate Data Processing into and/or out of, the EEA and Switzerland in reliance on the Privacy Shield.

7.5 Should You require further information on a specific mechanism used by Us when operating Data Processing of Your Personal Data into, and/or out of, the European Economic Area (EEA), or regarding the storage location and security of Your Personal Data, please contact Our Data Protection and Compliance Officer as set out in Clause 11.


8. Data Security

8.1 We take the protection of Your Personal Data and/or business information very seriously and enforce strict security procedures, in particular:

8.1.1 We restrict internal access to Your Personal Data and/or business information to select Staff and departments that require this information;

8.1.2 We limit access of Your Personal Data and/or business information to only explicit third parties who have a business need to know. They will only partake in Data Processing of Your Personal Data and/or business information as per Our instructions, and are subject to a duty of confidentiality.

8.2 When communicating with Us by telephone, We require You to confirm Your security password as well as randomly selected parts of Your Personal Data and/or business information. If this information cannot be confirmed, We will only provide generic responses to protect unauthorised access to Your Account, Products and Services.

8.3 The server(s) and backups of server(s) We use to store Your Personal Data and/or business information have their storage volumes encrypted and only select Staff have access to decrypt these volumes.

8.4 All Personal Data and/or business information transmitted to and from Our websites is encrypted using PCI-DSS verified Transport Layer Security (TLS) technology.

8.5 We utilise PayPal and Stripe merchant services for Credit and Debit Card payment processing. All Credit and Debit Card payments are executed and completed on the respective merchant’s PCI-DSS compliant platform. We only store the last 4 digits of Your Card number in Our Portal for administration purposes. However, We do maintain PCI-DSS compliance and perform multiple PCI security scans per quarter on Our Portal infrastructure.

8.6 We fully comply with the UK Data Protection Act 1998, General Data Protection Regulation (GDPR) (EU) 2016/679, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and We are registered with the Information Commissioner's Office (ICO) under registration number ZA071121.

8.7 We have put in place procedures to deal with any suspected Personal Data and/or business information breach, and will notify You and any applicable regulator of a breach where We are legally required to do so within 48 hours of becoming aware of such breach.

8.8 Despite Our extensive security measures and strict procedures, the transmission of data over the Internet is not completely secure. Therefore, We are unable to fully guarantee the security of Your Personal Data and/or business information; any data submitted to and/or from Us via the Internet is done so at Your own risk.


9. Data Retention

9.1 We will only retain Your Personal Data and/or business information for as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9.1.1 To determine the appropriate retention period for Personal Data and/or business information, We consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of this data, the purposes for which we process this data and whether We can achieve those purposes through other means, and the applicable legal requirements.

9.2 In some circumstances We are required to keep EU-based customers’ Financial Data (as defined in Clause 2.1) for six (6) years following the transaction date, to comply with tax and accountancy laws.

9.3 Under the General Data Protection Regulation You can ask Us to delete Your Personal Data. Please see Clause 10 for further information.


10. Your Legal Rights

10.1 Unless subject to an exemption under the data protection laws, You have the following rights with respect to Your Personal Data:

10.1.1 The right to request a copy of Your Personal Data, which We can deliver free of charge by email or support ticket. Alternatively, We can post a printed copy of Your information, although such request will incur a reasonable administration fee, plus any postal fees. However, if We believe that Your request is unfounded, repetitive or excessive, We may charge a reasonable administration fee and/or We may refuse to comply with Your request;

10.1.2 The right to request that We correct any Personal Data if it is found to be inaccurate or out of date;

10.1.3 The right to request Your Personal Data be erased where it is no longer necessary to retain such data;

10.1.4 The right to withdraw Your consent to Data Processing at any time, where consent was the lawful basis for processing Your Personal Data;

10.1.5 The right to request that We provide You with Your Personal Data and where possible, to transmit that data directly to another Data Controller, (known as the right to data portability), where applicable. For example, where Our Data Processing is based on consent or is necessary for the performance of Our contract with You, or where We operate Data Processing by automated means;

10.1.6 The right, where there is a dispute in relation to the accuracy or processing of Your Personal Data, to request a restriction is placed on further processing;

10.1.7 The right to object to Our Data Processing of Your Personal Data, where applicable. For example, where Data Processing is based on Our legitimate interests (or in performance of a task in the public interest/exercise of official authority), direct marketing or processing for the purposes of scientific/historical research and statistics.

10.2 Should You wish to exercise any of the rights set out above, please contact Our Data Protection and Compliance Officer, as set out in Clause 11.

10.3 We may need to request specific information from You to help us confirm Your identity and ensure Your right to access Your Personal Data (or to exercise any of your other rights). This is a security measure, to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to correctly fulfil Our response.

10.4 We try to respond to all legitimate requests within one month. Occasionally, it may take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep you updated.


11. Data Protection and Compliance Officer

11.1 To exercise all relevant rights, queries or complaints in relation to this Privacy Policy, or any other data protection matter between You and Us, please in the first instance contact Our Data Protection and Compliance Officer.

11.2 Our registered Data Protection and Compliance Officer is David Michaels, assisted by Marie Somerset and Olorin Henderson, who can be contacted by:

11.2.1 Composing an email to: ;

11.2.2 Opening a support ticket in Our Portal addressed to the Privacy and Legal Team;

11.2.3 Writing a letter addressed to:
Data Protection and Compliance Officer,
Cloud Unboxed Limited,
1st Floor, 79b Front Street,
Chester-le-Street,
Co. Durham,
DH3 3BJ,
England,
United Kingdom.

11.3 If this does not resolve Your complaint to a satisfactory level, You have the right to lodge a complaint with the Information Commissioner’s Office, who can be contacted by:

11.3.1 Telephone via 0303 123 1113;

11.3.2 Composing an email to: ;

11.3.3 Writing a letter addressed to:
Information Commissioner's Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF,
England,
United Kingdom.


12. Our Role as a Data Processor

12.1 When You, as a Data Controller, store a Data Subject’s Personal Data on Your Products and Services and Accounts purchased from Us, this hereby makes Us a Data Processor, with the role of storing Personal Data. Furthermore, to Your Data Subject, this makes Us a Data Sub-Processor.

12.2 You are the owner of any and all data that You submit, host, transfer, upload, download or otherwise store on Your Products, Services and Accounts at all times. We do not access the data You store/host on Your Products, Services and Accounts, unless:

12.2.1 Your consent is given, or;

12.2.2 We are investigating a technical or abuse issue, or;

12.2.3 We are required to do so under a binding order, as described in Clause 5.9.

12.3 Under terms of the law, We are a Data Processor of the data that You submit, host, transfer, upload, download or otherwise store on Your Products, Services and Accounts. Our role as Data Processor is specifically and solely the storage of Personal Data that you may be storing/hosting on Your Products, Services and Accounts. We take no other role as a Data Processor, and do not use any of Your stored/hosted data for any Data Processing of Our own.

12.4 You are the responsible party for the security of any data including Personal Data that You may be storing/hosting on Your Products, Services and Accounts. It is Your responsibility to ensure lawful security procedures, protocols and technologies are in place to protect such stored/hosted data.

12.5 We have put in place procedures to deal with any suspected breach or unauthorised server access, and will notify You of a breach within 48 hours of becoming aware of such breach.

12.6 We do not share any data stored/hosted on Your Products, Services and Accounts with third parties, including Our Data Processor and Data Sub-Processor third parties, unless:

12.6.1 Consent is provided by the Data Controller or Data Subject, or;

12.6.2 We are required to do so under a binding order, as described in Clause 5.9.

12.7 Any data You store/host on Your Products, Services and Accounts is physically located in the country/region as selected during the order process of such Products and Services and Accounts. This location may be visible on Your invoices or inside Our Portal, or if You are unsure, please contact Us for clarification.

12.8 Where Your Products and Services and Accounts include a backup service, We may backup Your stored/hosted data to an alternate data centre in a different region, country or continent. Please contact Us for the exact details of Your Products, Services and Accounts backup schedule, backup retention plan and backup storage location.


13. Cookies

13.1 Our websites may utilise “cookies” which are small text files stored on Your device, and can contain information on any customisations You have made on Our websites, contain login hashes, Session IDs, or tell Our servers that You have been to the same web page more than once. Cookies can only be read by the domain that has created them (i.e. www.cloudunboxed.net) and are not capable of executing programs or installing malware.

13.2 The cookies We set and read do not contain any Personal Data. However, cookies may be used to ensure security and access restrictions to sensitive parts of Our websites that contain Personal Data.

13.3 Most web browsers accept cookies by default, but if this is of concern to You then You can disable cookies in the options (or preferences) of Your browser. Please note, disabling cookies may render parts of Our websites inoperable to You. Further instructions on disabling cookies can be found at https://cookiesandyou.com.

13.4 We use information collected through cookies in the following ways:

13.4.1 To assist with product ordering, purchasing, upgrading, cancellation, support ticket, billing and shopping cart areas of Our websites.

13.4.2 To understand and save any user preferences, customisations and options for current and/or future visits to Our websites.

13.4.3 To build a database of non-personally-identifiable browsing habits, website performance per geographical area, count and tally of total visits or hits, and other similar analytic activities.

13.5 Our websites comply with the Do Not Track (DNT) setting of Your web browser, whereby We will not track Your browsing activity unless it is strictly necessary to do so for website functionality. Please note, some third party external websites may not respond to the Do Not Track (DNT) setting, however such websites are outside of Our direct control and We are not responsible for those.


14. Account Recovery

14.1 In the event that You lose access to Your account or Our Portal, there are automated options to reset and send a new password via email during the login process. If You do not have access to the email account associated with Your account or Our Portal, it may be possible for a contact on Your account to validate your identity and reset Your account login details.

14.2 In such cases where You do not have the ability to login to Your account or Our Portal, and no alternate contacts are registered under Your account, We ask that You provide proof of identification by:

14.2.1 Sending a scan or clear photo of a recent utility (electricity, gas, water, contracted telecoms) bill or bank statement, dated within the last 3 months and addressed to You, in addition to Your Passport or Driving License (Driver's License), via email to or post to Our registered office address, or;

14.2.2 Sending a scan or clear photo of a recent utility (electricity, gas, water, contracted telecoms) bill or bank statement, dated within the last 3 months and addressed to Your company, in addition to Your company registration or incorporation certificate, via email to or post to Our registered office address.

14.3 We will not use Your account recovery data for any other purpose than to validate Your identity and change/reset Your access details to Your account or Our Portal. Your account recovery data will be irreversibly destroyed when access to Your account or Our Portal has been regained, or, 30 days following the receipt of the account recovery data, whichever comes first.


15. Newsletters and Marketing

15.1 From time to time We may send You marketing and promotional newsletter emails regarding new Products and/or Services or special offers which We believe may interest You.

15.2 We will never automatically opt You in to any of Our newsletter or marketing lists. You may subscribe to such newsletters and marketing materials at any time by direct request or through the use of signup forms on Our websites.

15.3 Should You no longer wish to receive Our newsletters or marketing materials, You may opt out at any time by:

15.3.1 Following the 'Unubscribe' link at the bottom of any email newsletter You have received;

15.3.2 Removing Your details from Our marketing lists by following the instructions set out at https://www.cloudunboxed.net/unsubscribe/.


16. External Links and Malware Disclaimer

16.1 We believe that the Internet should be safe to use for everyone, and free of malware. Therefore, We have made every possible effort to ensure all of Our websites, apps and services are malware-free. However, due to the size of Our websites and ever-advancing malware, We are unable to fully guarantee this.

16.2 We cannot be held responsible for any content hosted on a website, app or service that is not under Our direct ownership, because We have no control of external websites or servers. As such, We are not responsible for any websites or content We link to.

16.3 You should ensure You have adequate security software installed on Your device, and also make sure it is kept up-to-date at all times.

Cloud Unboxed Logo

Cloud Unboxed Limited
Registered in England & Wales
Company No: 08808740
VAT No: GB 186 3462 83