CLOUDBRINK, INC.
PRIVACY POLICY
This Privacy Policy describes how the practices used by Cloudbrink, Inc., and its affiliates, (“Cloudbrink”, “our”, we”, “us”) to protect the data and respect the privacy of Cloudbrink customers and users (“Client”, “you”, “your”). Any questions or concerns with respect to your data or privacy should be directed to privacy@cloudbrink.io.
1. Applicability of this Privacy Policy
This Privacy Policy applies to Cloudbrink’s website located at www.cloudbrink.io cloudbrink.com www.cloudbrink.com and other Cloudbrink websites and domains (collectively, the “Websites”), Cloudbrink’s online performance management tools and platform, including web and mobile applications (collectively, the “Services”), and any other interactions (e.g., customer support inquiries, etc.) you may have with Cloudbrink.
This Privacy Policy does not apply to any third-party applications or technology that integrate with the Services, or any other third party products, services, or businesses (“Third Party Services”). While using the Services, you may be directed to a third-party website via links or other references, which may take you to that third party website (“Third-Party Websites”). This Privacy Policy does not apply to you or any other data collected from or provided by you to Third-Party Websites. You should review such Third-Party Services’ or Third-Party Websites’ privacy policy (and such other terms and conditions) to determine how your data will be used before sharing any Personal Data.
2. Notice to End Users
By visiting the Websites, accessing or using the Services, or interacting with any aspect of our business, you accept the terms of this Privacy Policy and expressly consent to our collection, use, and disclosure of data, including Personal Data, provided to or otherwise received by us for the purposes and in the manner described in this Privacy Policy and the applicable Client Agreement.
A separate agreement governs the delivery, access, and use of the Services (the “Client Agreement”), including the processing of any “Client Data,” which is defined in the applicable Client Agreement but generally includes all data, files, messages, content, or information that Client and/or Authorized Users transmit, upload, transfer, process, store, or submit on or through the Services. The organization (e.g., your employer or another entity or person) that entered into the Client Agreement (“Client”) controls their instance of the Services (their “Workspace”) and any associated Client Data. Client, and individuals who have been authorized by Client, who access or use the Services via their Workspace (e.g., Client’s employees, managers, and human resources administrators) are “Authorized Users”. Your use of the Services may be subject to your Client’s (e.g. your employer’s) policies, if any. If you have any questions about your specific Workspace settings and privacy practices, please contact the Client with whom you have a direct relationship and whose Workspace you use. Cloudbrink is not responsible for the privacy or security practices of our Clients, which may differ from those set forth in this Privacy Policy.
3. Data We Collect and Receive
Sometimes you provide us with data and sometimes data about you is collected automatically. To the extent data is associated with an identified or identifiable natural person and is protected as personal data or personal information under applicable data protection and privacy laws, it is referred to in this Privacy Policy as “Personal Data.” You acknowledge and agree we may collect, process, store, access, and disclose Personal Data disclosed by you or your Client (e.g., your employer) to facilitate the provision of Services and related support for the Services in the manner described in this Privacy Policy and the applicable Client Agreement.
3.1 Client Data
Clients and Authorized Users routinely submit Client Data to Cloudbrink when using the Services. Client Data is governed by the Client Agreement. Client Data may include Client Data or Monitoring Data or any data otherwise as defined in the Client Agreement. If you have any questions about your Personal Data with respect to Client Data, please contact the Client with whom you have a direct relationship and whose Workspace you use.
Account Information. To create or update an Authorized User account for the Services, you or your Client (e.g. your employer) provide us with data about you and your employment, such as:
-
-
- Name
- Email Address
- Password
- Employee ID
- IP Address
- Preferred Name
- Job Title
- Location
- any other applicable Personal Data that may identify you individually
-
Hosted Data. When a Client uses, or Authorized User interacts with, the Services, we may collect, process, and store any data that is created, posted, uploaded, stored, displayed, transmitted, or submitted on or through the Services (collectively, “Hosted Data”), as a function of rendering the Services. Hosted Data may contain Personal Data to the extent a Client or Authorized User discloses Personal Data on or through the Services. Cloudbrink is a passive recipient and takes no active part in collecting or storing Hosted Data. Except to the extent necessary to render the Services or related support for the Services, Cloudbrink does not purposefully access any Hosted Data. For example, if you submit a review of another Authorized User, the Services passively processes and stores such performance review for the purpose of rendering the Services, and we will only access such information to the extent necessary to provide the Services and related support for the Services.
3.2 Other Information
Cloudbrink may collect other, information from Clients and Authorized Users related to their usage of the Services and interactions with Cloudbrink (“Other Information”). Other Information may include Metadata, Log Data, Technical Data, Cookie Data, Third-Party Services, and additional information provided to Cloudbrink. If you have any questions about your Personal Data with respect to Other Information, please contact Cloudbrink at privacy@cloudbrink.io.
Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the Services and the way Authorized Users use the Services (“Metadata”). Cloudbrink collects aggregated Metadata of the Services, so that the resulting data and statistics are not personally identifiable to any individual Authorized User.
Log Data. Like most websites and web-based technology services, our servers automatically collect data when you access or use our Websites or the Services and record it in log files (“Log Data”). The Log Data may include your Internet Protocol (IP) address, Internet service provider (ISP), browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
Technical Data. Cloudbrink collects technical data, such as information about devices accessing the Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers (“Technical Data”). Cloudbrink does not collect Personal Data with any Technical Data or relate any Technical Data to any individual Authorized User except to provide the Services.
Cookie Information. Cloudbrink uses cookies and similar technologies in our Websites and Services that help us collect Other Information. The Websites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Websites and Services. Cookies are small text files sent by us to your computer or mobile device for later retrieval. They are unique to your Authorized User account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. We use both session-based and persistent cookies to help with authentication, security, identifying your preferences, analytics, and otherwise monitoring the functionality and performance of the Services. If you do not wish to have cookies placed on your computer or in local storage, you may adjust your web browser settings accordingly. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to block cookies or to alert you when cookies are sent. However, restricting cookies may impede your ability to use the Services or certain features of the Services.
Third Party Services. Clients may choose to permit or restrict integrations with Third-Party Services for their Workspace. Once enabled, the enabled Third-Party Services may share certain data with Cloudbrink to effectuate the integration. You should check the privacy settings and notices of these Third-Party Services to understand what data may be disclosed to Cloudbrink.
Additional Information Provided to Cloudbrink. Cloudbrink receives data when submitted to our Websites or through our Services, or if you contact us (e.g., by email, telephone calls, written correspondence, web based forms, or otherwise), request support, apply for or take a job with us, contract with us, interact with our social media accounts, or otherwise communicate with Cloudbrink.
3.3 No Sensitive Personal Data
Cloudbrink does not intentionally collect, process, or store, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Data on or through the Services or in Client Data. “Sensitive Personal Data” includes, but is not limited to, government-issued identification numbers; financial account numbers; credit or debit card numbers; consumer reports; background checks; any code or password that could be used to gain access to personal accounts unrelated to the Service; genetic data or biometric data; any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or data concerning health or sex life or sexual orientation. Cloudbrink is not responsible and will not be liable for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Data while using the Services.
3.4 No Children’s Data
Cloudbrink’s business activities are directed to other businesses and the Services are intended for use only by those who are 18 years of age and over. The Services are not directed to or intended for children, and Cloudbrink does not intentionally collect, process, or store any Personal Data from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored any Personal Data from a person under 13 years of age, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).
4. How and Why We Use Data
Client Data will be used by Cloudbrink in accordance with Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of Services functionality, and as required by applicable law. Client may, for example, use the Services to grant and remove access to a Workspace, create Authorized Users accounts, assign roles and configure settings, access, modify, share, restrict, export, and remove Client Data and otherwise apply its own policies to the Services.
Other Information will be used by Cloudbrink to operate our business and provide the Websites and render the Services with a lawful basis for processing, such as with your express consent for a specific purpose, to perform our contractual obligations, to comply with legal obligations, or otherwise in furtherance of our legitimate interests. Specifically, Cloudbrink may use Other Information for these purposes and legal bases:
Providing the Websites and Services. To provide the Websites and render the Services under a Client Agreement, manage Authorized Users requests interacting with the Services (e.g. login and authentication, remembering settings, etc.), hosting and back-end infrastructure, analyze and monitor usage, monitor and address service performance, security, and technical issues.
Improving the Websites and Services. To improve and optimize the Websites and Services, such as to test and validate features, drive product roadmap and design decisions, and improve quality of data, analytics, and text processing.
Support Services. To respond to support requests via live chat, phone, or email and otherwise provide support for and resolve problems with the Services.
Communications. To send technical, administrative, and marketing emails, messages, and other communications. Services-related technical and administrative communications and important Services-related notices, such as maintenance and security announcements, are essential to delivery of the Services and you cannot opt-out. Marketing communications about new product features, service offerings, and other news about Cloudbrink are optional, you have the choice whether or not to receive them, and you may opt-out at any time.
Account Management. To contact for billing, account management, feedback, and other administrative matters.
Security Purposes. To help prevent and investigate security issues and abuse.
Legal Obligations. To comply with legal obligations as required by applicable laws, legal process, or regulations.
5. How We Share and Disclose Data
Except as described in this Privacy Policy or the applicable Client Agreement, Cloudbrink will not use, share, or disclose your Personal Data for any purpose other than to the extent necessary to provide the Websites and render the Services and related support for the Services, unless you expressly consent to any other use or disclosure. Cloudbrink may share and disclose data with respect to:
Client’s Instructions. Cloudbrink will share and disclose Client Data in accordance with a Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of the Services functionality, and as required by applicable law. Pursuant to the Client Agreement, Client Data is generally treated as the confidential information of Client unless stated otherwise.
Client Access. Administrators, Authorized Users, and other Client representatives and personnel may be able to access, modify, or restrict access to your data. For example, your Client (e.g., your employer) may use the Services administrative controls and features to access or modify your account details or view certain activities in their Workspace.
Displaying the Services. When an Authorized User submits data on the Services, it may be displayed to the Client and other Authorized Users in the same Workspace. For example, an Authorized User’s name, job title, and work email address, among other things, may be displayed with their profile accessible to the Client and other Authorized Users in the same Workspace. While in some cases you can make certain data private to specific users, by default most data is public to other Authorized Users in the same
Workspace. You are solely responsible for all data you post, upload, store, display, transmit, or submit on the Services, including Personal Data, and the consequences thereof. Cloudbrink is not responsible and will not be liable for the data disclosed on the Services.
Rendering the Services. Cloudbrink employees and contractors may have access to your data on a need to know and confidential basis to the extent necessary to render the Services and related support for the Services.
Third-Party Service Providers. Cloudbrink engages third parties to process data in support of delivering the Services (“Third-Party Service Providers”). Cloudbrink may share your data with Third-Party Service Providers (e.g., email services, platform hosting, cloud computing services, data storage and processing facilities) to the limited extent necessary to let them perform business functions and services for us or on our behalf in connection with the provision of the Services; provided that such Third-Party Service Providers process data in a manner consistent with this Privacy Policy and applicable data protection and privacy laws and will not use or disclose Personal Data for any other purpose.
Third-Party Services. Client may enable or permit integrations with or use of Third-Party Services in connection with the Services. When enabled, Cloudbrink may share certain data with such Third-Party Services as requested to effectuate the integration. Third-Party Services are not owned or controlled by Cloudbrink and third parties that have been granted access to your data may have their own policies and practices for its collection and use. You should check the privacy settings and notices of these Third-Party Services to understand their privacy practices.
Changes to Cloudbrink’s Business. If Cloudbrink engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), Cloudbrink may share or disclose data in connection therewith, subject to standard confidentiality obligations.
Aggregated or De-identified Data. If any data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as statistical analysis, predictive analysis, to research trends, or to develop or improve the Services.
Enforcement of Agreements. Cloudbrink may disclose data to ensure compliance with and enforce Client Agreements and any other contractual or legal obligations with respect to the Services and our business.
Protection of Rights. Cloudbrink may disclose data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third party rights, including intellectual property and privacy rights.
Legal Compliance. If we are compelled by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements, Cloudbrink may disclose data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
Safety and Security. Cloudbrink may disclose data to protect your safety and security; to protect the safety, security and property of Clients; and to protect the safety, security, and property of Cloudbrink and our employees, agents, representatives, and contractors.
Your Consent. Cloudbrink may disclose your data to third parties when we have your express consent to do so.
6. Retention
Cloudbrink will retain Client Data in accordance with a Client’s instructions, including any applicable terms in the Client Agreement and Client’s use of the Services functionality, and as required or permitted by applicable law. Cloudbrink may retain Other Information and any data pertaining to you, including Personal Data, for as long as your Authorized User account is active and thereafter for as long as necessary for the purposes described in this Privacy Policy, including for the period of time needed to pursue our legitimate business interests, provide your Client (e.g., your employer) with the Services, conduct audits, resolve disputes, comply with contractual obligations (including but not limited to Client Agreements), and comply with (and demonstrate compliance with) legal obligations.
7. Security Measures
Cloudbrink maintains physical, technical, and administrative procedures to safeguard and secure the data we collect.
Please remember:
- You provide Personal Data at your own risk.
- Unfortunately, no data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
- You are responsible for safeguarding your Authorized User account and password.
- If you believe your privacy has been breached, please contact us immediately at privacy@cloudbrink.io.
8. Identifying the Data Controller and Data Processor
Data protection and privacy laws in certain jurisdictions differentiate between the “controller” and “processor” of data. In general, Client is the controller of Client Data. In general, Cloudbrink is the processor of Client Data and the controller of Other Information.
9. International Data Transfers
Cloudbrink is established in the United States and primarily processes and stores data in connection with the Services in the United States. However, the Services are global and all data, including Personal Data, may be processed and stored in any country where we have operations or where we engage Third-Party Service Providers. We may transfer data, including Personal Data, to countries outside of your country of residence, which may have data protection and privacy laws that are different from those of your country.
We will take measures to ensure that your Personal Data remains protected to the standards described in this Privacy Policy and any such transfers comply with applicable data protection and privacy laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
9.1 Transfer Mechanisms for Restricted International Data Transfers
Cloudbrink does not transfer Personal Data from the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to, or process such Personal Data in, a location outside of the foregoing, without Client’s prior written consent. However, Cloudbrink may transfer Personal Data from the EU, the EEA, the UK, and Switzerland to, or process such Personal Data in, the United States where Cloudbrink has implemented an international data transfer mechanism compliant with applicable data protection and privacy laws, which for example may include an international data transfer: (i) subject to an adequacy decision by the European Commission; (ii) to a recipient certified under Privacy Shield; (iii) subject to the Standard Contractual Clauses for the transfer of Personal Data to processors, which are incorporated herein by reference; (iv) where another appropriate safeguard pursuant to Article 46 of the General Data Protection Regulation (“GDPR”) applies; or (v) where a derogation pursuant to Article 49 of the GDPR applies.
10. Your Rights
Individuals located in certain countries and jurisdictions have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to exercise your rights and request certain actions with respect to your Personal Data.
10.1 General Privacy Rights
Cloudbrink is committed to maintain accurate information that you share with us and will use commercially reasonable efforts to allow you to access your Personal Data. Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Data. To request this information or if you wish to access, modify, or remove your Personal Data, please contact us as privacy@cloudbrink.io. Cloudbrink will endeavor to respond to all reasonable written requests to access, modify, or remove Personal Data in a timely manner within thirty (30) days.
If you seek to access, modify, or remove Personal Data held or processed by us on behalf of a Client, you should direct your inquiry to the Client (e.g., your employer). Upon receipt of a request from one of our Clients for us to access, modify, or remove the data, we will respond to their request in a timely manner within thirty (30) days.
If you consent to receiving communications from a third party, such third party may have its own privacy policy which will apply to you and you will need to communicate with them directly if you wish to access, modify, or remove the Personal Data you provided to them, or later decide that you no longer wish to receive such third party’s communications.
10.2 Additional Rights for Europe
Individuals located in the EU, the EEA, the UK, and Switzerland, have certain statutory rights under the GDPR. To the extent that Cloudbrink’s processing of your Personal Data is subject to the GDPR, Cloudbrink relies on its legitimate interests set forth in this Privacy Policy to process your Personal Data. If you are located in the EU, the EEA, the UK, or Switzerland, you may have the right to exercise additional rights available to you under the GDPR, including:
Right to Erasure (aka “Right to be Forgotten”). You may have a broader right to erasure of Personal Data that we hold about you, such as, for example, if it is no longer necessary in relation to the purposes for which it was originally collected or we do not have a legal reason to continue to process and hold it. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.
Right to Restrict Processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances, such as, for example, where you believe that the Personal Data we hold about you is inaccurate or unlawfully held. We may be permitted to store the data but not further process it. We may need to keep just enough data to make sure we respect your request in the future.
Right to Data Portability. You may have the right to be provided with your Personal Data in a structured, machine readable and commonly used format and to request that we transfer the data to another data controller without effecting the usability of the data.
Right to Object to Processing. You may have the right to request that we stop processing your Personal Data, such as for the purpose of direct marketing, scientific and historical research, or for a task in the public interest.
Right to Lodge a Complaint. You may also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
When offering Services to its Clients, Cloudbrink acts as a “processor” under the GDPR and our receipt and collection of any Personal Data is completed on behalf of our Clients in order for us to provide the Services. Please direct any data subject requests under the GDPR to the Client with whom you have a direct relationship and whose Workspace you use.
For any other requests related to your applicable rights under the GDPR, please contact us at privacy@cloudbrink.io. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
10.3 Additional Rights for California
10.3.1 California Consumer Privacy Act
California residents have certain statutory rights under the California Consumer Privacy Act of 2018, as amended (“CCPA”) regarding their personal information (as defined by the CCPA). If you reside in California, you may have the right to exercise additional rights available to you under the CCPA, including:
Right to Access. You may have the right to request disclosure of the categories and specific pieces of personal information collected about you. Upon a verifiable request to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required to be disclosed. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, readily useable format that allows you to transmit this information to another entity without hindrance. We may provide personal information to you at any time but shall not be required to provide personal information to you more than twice in a 12-month period.
Right to Deletion. You may have the right to request the deletion of your personal information. Upon a verifiable request to delete personal information, we will promptly delete such personal information from our records and direct any service providers to delete such personal information from their records, subject to certain exceptions under the CCPA.
Right to Opt-Out of the Sale of Information. You may have the right to opt-out of the sale of your personal information to third parties. Cloudbrink does not sell your personal information to third parties and will never sell your personal information to third parties without your express authorization.
Cloudbrink will not discriminate against you for exercising your rights under the CCPA. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services, or provide you a different level or quality of services.
When offering Services to its Clients, Cloudbrink acts as a “service provider” under the CCPA and our receipt and collection of any consumer personal information is completed on behalf of our Clients in order for us to provide the Services. Please direct any requests to exercise your rights under the CCPA to the Client with whom you have a direct relationship and whose Workspace you use.
For any other requests related to your rights under the CCPA, please contact us at privacy@cloudbrink.io. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
10.3.2 California “Shine the Light” Notice
Cloudbrink does not disclose Personal Data to third parties for any third parties’ direct marketing purposes and will not do so unless the Client or Authorized User affirmatively consents to such disclosure. Since Cloudbrink provides its California users with notice of its rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, Cloudbrink is in compliance with California’s “Shine the Light” law and is not obligated to provide California users with the names and addresses of all the third parties that received Personal Data from Cloudbrink for the third parties’ direct marketing purposes during the preceding calendar year.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout
11. Enforcement
Cloudbrink will actively monitor its relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third parties subject to this Privacy Policy that Cloudbrink determines is in violation of this Privacy Policy or applicable data protection and privacy laws will be subject to disciplinary action up to and including termination of such services. If you believe there has been a violation of this Privacy Policy or applicable data protection and privacy laws, please contact us immediately at privacy@cloudbrink.io.
12. Changes to this Privacy Policy
Cloudbrink may change, modify, or update this Privacy Policy from time to time, in whole or in part, in Cloudbrink’s sole discretion, at any time without prior notice by posting updated versions on the Cloudbrink website. When we do, we will revise the “last updated” date at the bottom of this page. If and when we make such changes, we will make commercially reasonable efforts to notify you by email, through the Services, or by posting a prominent notice on our Website. We encourage you to visit this page at www.cloudbrink.io/privacy-policy to stay informed on our privacy practices and review our most current Privacy Policy. Any changes, modifications, or updates to this Privacy Policy will become effective immediately upon such posting. Your continued use of the Services constitutes your agreement to be bound by such changes to this Privacy Policy. If you disagree with the changes to this Privacy Policy, your only remedy is to discontinue use of the Services and deactivate your account.
13. Contact Cloudbrink
We encourage you to contact us with any questions, complaints, or requests with respect to your Personal Data, this Privacy Policy, and/or our privacy practices.
You may contact us at:
Email: privacy@cloudbrink.io
Cloudbrink, Inc.
Attn: Legal
530 Lakeside Drive, Suite 190
Sunnyvale, CA 94085
USA
Version 1.0
Last Updated: September 3, 2021