Updated on 1 January 2019.
virtual Data Centre Services Ltd. is a private limited company that is registered in England, with company number 07838624, and we conduct our business at The Waterscape, Leeds, LS5 3EG. Our business is to provide you with secure online collaboration and file storage services.
Unless otherwise noted, we refer to you, the Customer, as an owner or administrator of an Organisation, whether you are a legal or natural person.
We store and process three types of Customer Information: Secure Customer Data, Account Data, and Support Data. We store and process this information in order to deliver our services to our customers. We treat each of these data equally, but there are some important technical and usage differences to note.
This data is the content that you upload to CloudCover365. We claim no rights to it beyond those necessary to deliver our services to you. You may add, modify, and delete Data at your discretion.
To provide you with our services, we must collect, store, and process limited Account Data. This data includes your full name, email address, telephone number, and billing details. This data is never used for any other purpose.
To ensure that you have a trouble-free experience whilst using CloudCover365, we collect, store, and process Support Data. This data includes server logs, client IP addresses, number of items stored in CloudCover365, company name, and Guest email addresses.
We retain the right to store and process Support Data to provide our services effectively, troubleshoot problems, analyse the performance and demands on our services.
We may, from time to time, ask you to submit other data that is not automatically collected, as part of a support ticket that you raise. You are never obliged to submit this other data, but it will severely hamper our ability to help you if you don’t. This data can include client logs, screenshots, information about your devices and operating environment, and personally-identifying information. We will never ask you for your password.
This data is the content that you upload to CloudCover365.
This data is stored with, and processed by our internal billing system, as well as our payment provider (GoCardless), and our financial management system (Xero). This data includes full names, email addresses, and payment details.
Our ticketing system is hosted in the United States of America, by Kayako. Any information you choose to send us through email and our customer support system may pass through and be stored on a variety of intermediate services, including Amazon Web Services. If you wish, you may encrypt email to us using our PGP public key.
We understand that we have a duty to protect the information that you trust us to store. We have produced a comprehensive guide to how we secure your information, here.
You have a right to know what data we hold about you, and to see how that data is collected, stored, and processed. You may ask to receive a screenshot of data that we hold on you in our back-office systems. You may also ask us to update information about you that is incorrect. However, these requests must come from an authenticated email address, as described in the ‘Your responsibilities’ section, below.
As virtualDCS is merely a custodian of your data, we never delete your information without your consent, or a contractual obligation [sub agreement], such as when you cancel your CloudCvoer365 Subscription.
Our disaster recovery and availability arrangements mean that we have a legitimate interest in maintaining immutable backups of certain Customer Information. Erasure requests will leave those backups intact. However, we will remove that data if legally compelled to and if the technical means exist.
Whilst we employ extensive security and process measures to protect your account, it can only ever be as strong as your Password and Backup Key (generated as part of the two-factor authentication setup). You have a responsibility to protect your Password and Backup Key from unauthorised access.
Due to the ‘privacy-by-design’ nature of our service, and the sensitivity of the data that you trust us to store, we cannot help you with certain support request, unless you are an account owner, and are contacting us from the email address on your CloudCover365 account. In the event that you change your email address, you must ensure it is updated on your account. We do not accept unauthenticated support requests made via telephone.
Some client applications, such as web browsers, may store information about your account (such as form autofill). We recommend that you do not allow your web browser to store this information.
We may use your contact information (email address, telephone number) to communicate with you about your use of the service, to provide support, and to send you other service-related information. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.
If we discover a breach of Customer Information, we shall inform our regulator (the Information Commissioner) within 72 hours of the discovery, and our Customers within 7 days. Notification to users may be sent via email, postal mail, or telephone.
We comply with legal requests that are in the letter and spirit of the law, in the jurisdictions where we must. We have written about this, here.
We may update this Privacy Statement from time-to-time, and publish those changes on this page, along with the date of last revision.
If you feel that your privacy or security has been compromised, let us know, and we’ll work with you to make it right.
If for any reason, you feel that we haven’t made it right, you may contact our supervisory authority, the Information Commissioner’s Office.