The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.

Bristol

+44 (0) 1275 772490

Cape Town

+27 (0) 11 781 2323

Johannesburg

+ 27 (0) 10 591 2323

hello@cloudessentials.com

Privacy Notice

CloudEssentials (Proprietary) Limited (Cloud Essentials) will maintain the confidentiality of your personal information and comply with the provisions of the Protection of Personal Information Act, 4 of 2013 (POPIA) when processing your personal information.

This notice applies to all Cloud Essentials customers as well as all suppliers and service providers that are contracted by Cloud Essentials to provide a product or service.

The purpose of this notice:

The purpose of this Privacy Notice is to inform all customers, suppliers and service providers of Cloud Essentials about the types of personal information collected and processed, why this information is processed, how it is processed, with whom and how it is shared, and what security controls have been implemented to protect it.

The types of personal information collected and processed

Personal information collected by Cloud Essentials may include the following:

  • Contact information for individuals within your organisation and/or your subcontractors, agents and/or representatives. Such contact information may include names, email addresses, designations or titles and telephone numbers;
  • Personal information relating to your organisation such as its name, as company registration information (including its registration number and registered address), BBBEE1 status, directors’ personal information (such as their names, identity numbers, photographs and contact information as described above);
  • Your organisation’s contact details (contact number, business address, email address);
  • Information relating to the goods and services offered by your organisation which may include a description of the products and services provided, quantities and quality of products or services offered including reviews by other customers of your products and services, methodologies other commercial terms on which you have engaged with Cloud Essentials such as pricing and discounts. We may also process information relating to your partners, distributors and resellers;
  • Information may include the products and/or services provided by Cloud Essentials to you, as a customer and the project terms and conditions including but not limited to project milestones. As a service provider, we may also process personal and other information relating to your clients and users;
  • Financial, accounting and payment information for invoicing and tax purposes such as banking details, VAT registration number, terms of payment, accounting correspondence; and
  • Device information, including the unique device identifier, hardware model, operating system and version, network information such as network architecture diagrams and configuration settings, software (including software-as-a-service) used by your organisation, IT security information;
  • Electronic and other communications sent to Cloud Essentials;
  • Written contracts concluded with you including Non-Disclosure Agreements, Services Agreements and Data Privacy Agreements.
  • Technical Information, such as your internet protocol (IP) address, administrator or user credentials to access your environment, network architecture and other technical information;
  • Potentially all types of personal information and special personal information contained in data sets processed for purposes including migrations, eDiscovery services and data archiving; and
  • Special Personal Information refers to information about religious or philosophical beliefs, ethnic origin, race, trade union membership, political beliefs, information about an individual’s health or sex life, biometric information and/ or information about criminal offences or convictions. In certain circumstances, Cloud Essentials may process Special Personal Information e.g. when migrating or archiving customer data and that data set contains Special Personal Information. In addition, Special Personal information such as race may also be processed for BBBEE reporting purposes.

Where the provision of personal information is voluntary, you will be notified accordingly. In most cases the provision of personal information is mandatory to enable us to perform in terms of a contract with you as outlined below.

How does Cloud essentials collect your personal information?

We collect personal information directly from you, the customer, supplier or service providers. However, in certain instances, Cloud Essentials may appoint third parties to collect and process personal information on its behalf. In this event the source from which personal information was obtained, will, where possible, be disclosed. Special personal information in the form of video footage of you may also be collected from you by means of CCTV cameras installed at our offices. Information collected by our CCTV system is collected to protect the people and equipment at our offices

Why are we authorised to process your personal information?

POPIA provides for certain legal grounds that authorise us to process your personal information.

If you are a supplier or service provider, the main reason we process your personal information is to approve, manage, administer and perform in terms of an agreement between ourselves, as the customer, and you as the supplier. Your personal information will be used to source the required goods or services, issue statements of work, execute proofs of execution, effect payments, perform accounting activities, manage performance in terms of the contract or review the services or products provided by you and to do anything else required for performance in terms of the contract.

Over and above the aforementioned, Cloud Essentials may retain your personal information to meet our legal record- keeping obligations in terms of laws like the Companies Act, 71 or 2008, or otherwise or as proof should we be party to any legal action relating to the goods and/or services provided. The personal information collected and held by Cloud Essentials may be used, stored, transferred, or disclosed or shared for the following purposes and such processing is based on the following legal grounds:

Processing of customer information

                                                                                      
Type of personal informationLegal BasisPurpose: Customers
Contact informationConsent
  • To invite you to events, webinars or discussions that we may host.
  • To keep you updated about new product and service offerings. Please note that you will only be contacted for marketing purposes if you have consented to receive such communications and, in this case, you are free to opt out of all marketing at any time.
    • Contact information, operational data; communications with customers, supplier and service providers; written contracts with customers, suppliers and service providers.For the purpose of conclusion of our performance in terms of a contract
  • To deliver a product and/or service to you and to communicate with you regarding any changes to those products and/or services.
  • To confirm and verify your identity or credentials.
  • To communicate with you, e.g., by responding to your queries or comments and to keep a record of those communications.
  • Unless legally required or permitted to be retained for longer periods, this information will be retained for a period of 3 years following termination of the relationship with you in order that it may be available in the event of litigation in respect of the goods or services provided.
    • Records of financial or transactional activitiesObligation imposed by law
  • To comply with regulatory requirements such as retention requirements in terms of the Companies Act, 71 of 2008 and other reporting obligations.
  • To comply with statutory obligations screening clients and visitors' health when accessing our offices in compliance with the Covid-19 regulations and protocols.
  • To detect, prevent or manage alleged or actual fraud, bribery, corruption, security breaches or unauthorised use of systems or information. In this instance Cloud Essentials may employ an agent or service provider that will need to process your personal information for the purpose of investigating and or preventing any act of fraud, bribery, corruption or unauthorised access of systems or files and information security breaches.
    • Communications with customers, supplier and service providers; Customer satisfaction surveys / Supplier and service provider surveysTo protect the legitimate interest of Cloud Essentials
  • To manage customer relationships.
  • To improve our goods and services and the experience of our customers. This may include requesting feedback from our customers with regards to product and service offerings in order to ensure customer requirements are addressed.
    		•

    Processing of Vendor and Service Provider information

                                                                                          
    Type of personal informationLegal BasisPurpose: Customers
    Contact informationConsent
  • To source products and/or services for our customers
  • To obtain information regarding the vendor or supplier’s products and/or services for our own benefit and/or that of our customers
    • Contact information, operational data; communications with customers, supplier and service providers; written contracts with customers, suppliers and service providers.For the purpose of conclusion of our performance in terms of a contract
  • To transact with you for the delivery of a product and/or service to a customer and to communicate with you regarding any changes to those products and/or services that may be required.
  • To confirm and verify your identity and/or credentials including but not limited to BBBEE certification.
  • To communicate with you, e.g. by requesting quotations, service and/or product requests and to keep a record of those communications.
  • Unless legally required or permitted to be retained for longer periods, this information will be retained for a period of 3 years following termination of the relationship with you in order that it may be available in the event of litigation in respect of the goods orservices requested and/or provided.
  • For payment of invoices and completing of transactions.
  • For contract administration and management.
  • Assessment of supplier performance and product or service delivery.
    • Records of financial or transactional activitiesObligation imposed by law
  • To comply with regulatory requirements such as retention requirements in terms of the Companies Act, 71 of 2008 and other reporting obligations.
  • To comply with statutory obligations screening clients and visitors' health when accessing our offices in compliance with the Covid-19 regulations and protocols.
  • To detect, prevent or manage alleged or actual fraud, bribery, corruption, security breaches or unauthorised use of systems or information. In this instance Cloud Essentials may employ an agent or service provider that will need to process your personal information for the purpose of investigating and or preventing any act of fraud, bribery, corruption or unauthorised access of systems or files and information security breaches.
  • Spending analysis.
    		•
    Communications with customers, supplier and service providers; Customer satisfaction surveys / Supplier and service provider surveysTo protect the legitimate interest of Cloud Essentials
  • To improve our goods and services and the experience of our customers. This may include requesting feedback from our customers with regards to product and service offerings in order to ensure customer requirements are addressed. The feedback will then be discussed with you the supplier.
    		•

    Failing to provide Cloud Essentials with the required personal information we result in us not being able to provide the required goods and/or services or otherwise to perform in terms of our agreement.

    Sharing of your personal information

    Cloud Essentials will only share your personal information with third parties where: 

    • You have consented;
    • It is required by law;
    • Sharing of the information is necessary for us to deliver a product or service which requires the involvement of one of our partners; or
    • It is necessary to protect your legitimate interest or that of Cloud Essentials or a third party.

    Sharing of Customer information

    Why specific business units at Cloud Essentials would share your personal information:

    • Migrations, Archiving and Technical Services: the data we migrate may be transferred to a third-party managed platform or location. As part of the migration, your personal information may be shared with Cloud Essentials’ third-party platform providers. In addition, these third-party platform providers will conclude the required agreements directly with you.
    • Accounts: your personal information is shared with our auditors for the purpose of compiling our financial statements. 
    • Legal: your personal information may be shared with our legal representatives for the purposes of drafting and/ or reviewing contractual agreements and/ or for legal advice and/or litigation purposes.
    • Project Management: your personal information may be shared with a third-party provider of project management services for purposes of managing the provision of goods and/or services to you.
    • Sales: Where you purchase products or services from our third-party suppliers, your personal information is shared with them as part of that sales process in order to facilitate the transaction and deal registration.
    • Marketing: Your personal information is not shared with any third parties as part of our marketing efforts. However, third-party customer relationship management (CRM) platforms are utilised to retain your data outside of the Cloud Essentials environment.

    Sharing of Supplier and Service Provider information

    Why specific business units at Cloud Essentials would share your personal information:

    • Migrations, Archiving and Technical Services: we may share your personal information with Cloud Essentials’ customers when providing them with a product or service that you provide to us.
    • Compliance Advisory: we may share your personal information with Cloud Essentials customers when providing them with a product or service that you provide to us.
    • Accounts: Cloud Essentials may also disclose your personal information to our auditors for purposes of compiling our financial statements.
    • Legal: Cloud Essentials may also disclose your personal information to our legal representatives for the purposes of drafting and/ or reviewing contractual agreements and/ or for legal advice and/or litigation purposes.

    Cloud Essentials will conclude agreements with all third-party subcontractors to ensure that they only act on our express written instructions regarding the processing of your personal information and that they implement the necessary safeguards to keep your personal information confidential and secure.  

    Cloud Essentials and third-party contractors may process personal information outside South Africa. However, we have implemented appropriate organisational and technical safeguards to ensure that your personal information will remain protected in accordance with this notice. Cloud Essentials has implemented the required binding data privacy agreements with our third-party suppliers, consultants and contractors outside South Africa and to whom we transfer your personal information in order to ensure that they uphold the principles for reasonable processing of information, substantially similar to that of the eight (8) conditions of lawful processing as provided for in the POPIA. Where information is transferred within a group of undertakings2 , the transfer is subject to our Binding Corporate Rules3 .  

    Where Cloud Essentials needs to transfer the personal information across the South African borders, including to data centres located outside South Africa, we will, before it is transferred, ensure that the recipient agrees to be bound by POPIA by means of a set of binding corporate rules or binding contractual agreements that provide an adequate level of protection and uphold the principles for lawful processing as contained in POPIA.

    Securing your personal information

    Cloud Essentials will take all reasonable measures, both technical and through its people and processes, to protect your personal information in our possession or control from loss, misuse and unauthorised access, disclosure, alteration, and destruction.  

    Some of the technical measures implemented to protect your information include the following:

    1. Personal information is mostly stored in Microsoft Office 365 – for further information on how Microsoft
      protects data within Office 365 see Microsoft’s independent audit reports in the Microsoft Service Trust Portal
      (https://servicetrust.microsoft.com/).   
    2. Access to customer data is granted on a least privilege basis – this means that access will only be given to personnel that require such access to perform their duties.
    3. All personnel are required to authenticate using Microsoft’s Multi-factor Authentication which means that they must log in with their usernames and passwords as well as another authentication factor such as a one-time-pin.
    4. Cloud Essentials uses Microsoft Defender which incorporates Advanced Threat Protection for protection against malware, phishing and other malicious activity.
    5. Employee behaviour is governed by a variety of policies such as the Cloud Essentials Information Security Policy, Bring Your own Device Policy, and Acceptable Usage Policy and all employees are required to sign Confidentiality and Non-Disclosure Agreements as a condition of their employment.
    6. Any employee mobile devices that are used to access Cloud Essentials’ Office 365 are required to register their devices with Microsoft Intune which the organisation uses to manage those devices.
    7. Although the company policy stipulates that no data may be stored on users’ endpoint devices, all devices are protected using Microsoft BitLocker.
    8. Cloud Essentials has adopted a classification taxonomy and leverages Microsoft Azure Information Protection to encrypt and protect high risk and sensitive information.

    Please note that the transmission of personal information to Cloud Essentials via transmission media over which Cloud Essentials has no control including (but not limited to) public networks may not be completely secure and is done at your own risk.   

    If we no longer have a legal basis for processing your personal information or you have not consented to processing, you may request that we delete information held by us. On receipt of such a request we will either delete the personal information or remove any information linking it to you (de-identification). 

    Cloud Essentials takes all reasonable technical, physical, and administrative steps to help protect your personal data in our custody or control from loss, misuse and unauthorised access, disclosure, alteration and destruction.

    Some of the organisational technical measures implemented to protect your information include:

    Your rights and requests 

    POPIA has granted individuals and organisations certain rights regarding their personal information: 

    Right of access

    Cloud Essentials aims to be transparent to data subjects about the personal information we have and how we use it. You
    have the right, subject to certain exceptions, to be notified that your information is being collected, and how it will be
    processed. You can submit a request via email at privacy@cloudessentials.com if you’d like to access your personal
    information. You may, after providing Cloud Essentials with adequate proof of identity, request that Cloud Essentials
    confirm, free of charge, whether your personal information is being processed by us. Should you require us to share a
    copy of the information with you, Cloud Essentials will provide you with a written quote detailing the access fee and
    reproduction costs associated with the information access request. Note that we may require a deposit prior to providing
    this information but this will be outlined in the quote provided.  

    Right to Notification

    You have the right to be notified that your personal information is being collected. You also have the right to be notified of any actual security breaches involving your information. We will report any such breach to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. You will be notified of a security compromise or data breach, unless we cannot establish your identity.

    Right to object 

    At any time during the collection and processing of your personal information, you have the right to object, on reasonable grounds, to the processing of your personal information, should we be processing it on the grounds of our own or your legitimate interest or with your consent. You also have the right to object to the processing of your personal information for direct electronic marketing, including unsolicited electronic correspondence. This request must be made in writing by emailing us at  privacy@cloudessentials.com.

    Right to rectification and/or deletion

    Whilst Cloud Essentials will make all efforts to ensure the integrity and accuracy of your personal information, this may not be possible at all times. Accordingly, kindly inform Cloud Essentials of any changes to your personal information. You have the right to request that any of your personal information that is inaccurate, incomplete or outdated be amended at any time. Alternatively, where this information is processed on the basis of your consent, you can request that we delete this or any of your personal information. You may also request that we delete your personal information where the purpose for which it was processed no longer exists. However, Cloud Essentials reserves the right to decline such a request for deletion where there is a legal or regulatory requirement to retain it.   Any and all requests made in terms of these sections must be submitted in writing by emailing us at  privacy@cloudessentials.com.

    Right to complain to the Regulator

    Should you feel that our use of your personal information is in contravention of your right to privacy or that the processing of your personal information is not consistent with the purpose(s) for which it was collected or subsequently processed, you have the right to lodge a complaint with the Information Regulator (South Africa), the Supervisory Authority (Europe) or the Information Commissioners Office (UK).   

    The Information Regulator, Supervisory Authority or Information Commissioners Office can be contacted at:

    In South Africa

    Should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint with the Information Regulator: POPIAComplaints@inforegulator.org.za

    Should your PAIA request be denied or there is no response from us for access to records you may use this email address to lodge a complaint with the Information Regulator: PAIAComplaints@inforegulator.org.za

    Website: https://www.justice.gov.za/inforeg/index.html

    In Europe:

    Contact Number: +32 2 283 19 00

    Email: edps@edps.europa.eu

    Website: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

    In the UK:

    Contact Number: +0303 123 1113

    Email: Complete the steps to lodge a complaint here

    Website: https://ico.org.uk/make-a-complaint/

    Right to institute civil proceedings

    In addition to the right to complain to the Information Regulator or Supervisory Authority, you have the right to institute civil proceedings for loss or damages sustained as a result of our non-compliance with POPIA.

    Right not to be subject to automated decision-making

    You have the right not to be subject to a decision based solely on the automated processing of your personal information to create a profile of you where that decision produces legal effects concerning you or significantly affects you. Cloud Essentials does not make any decisions based purely on automated processing of your personal information. Should this such decision making be incorporated into our processes, you will be notified accordingly. Should you have any questions about our privacy policy or the processing of your personal information, please contact the Information Officer at privacy@cloudessentials.com.

    Cloud Essentials POPIA contact information

    Should you have any questions about this policy, believe Cloud Essentials has not adhered to it, need further information about our privacy safeguards, need to give or withdraw consent or otherwise exercise your rights detailed above, please contact our Information Officer, Chris Hathaway at:

    CloudEssentials (Pty) Ltd

    Unit 12, 11 York Street, Kensington B, Randburg

    Tel: + 27 (0) 10 5912323

    Email: privacy@cloudessentials.com

    For a copy of your personal information (in terms of POPIA), please submit a completed access form to Cloud Essentials at any of the contact details above.

    Updating of this privacy notice

    Cloud Essentials may update this notice periodically.  Customers should check the privacy notice on the Cloud Essentials website at www.cloudessentials.com for the latest notice.

    Updated: July 2021