Cloud Software Group, Inc. and its subsidiaries, respect your concerns about privacy. References in this Policy to “Cloud Software Group”, “we”, “us”, and “our” are references to the Cloud Software Group entity responsible for the processing of your personal information. This Policy describes the types of personal information we collect, how we may use that personal information, with whom we may share it and how you may exercise your rights regarding our processing of that information. It also describes the measures we take to safeguard the personal information we obtain and how you can contact us about our privacy practices.
Personal information we obtain
The information we obtain subject to this Policy is limited to the information you provide when submitting a report or is otherwise collected as part of a business conduct inquiry. Specifically, it is: (i) your name and contact details (unless you report anonymously) and whether you are employed by Us; (ii) the name and other personal information of the persons you name in your report if you provide such information (i.e., description of functions and contact details); (iii) a description of the alleged misconduct as well as a description of the surrounding circumstances; and (iv) any additional information that you may provide or that we may collect during the course of follow-up inquiries.
How we use personal information and who may access personal data and information
We use your personal information as described in this Policy and relies on a number of legal bases as described further below:
- We use personal information for legitimate HR purposes related to enforcing compliance with our policies and applicable law, including disciplinary matters and investigations.
- We use personal information for legitimate safety and security purposes, including for investigative purposes, protecting the health and safety of our employees and others, safeguarding and maintaining IT infrastructure, facilities and other property, and protecting the corporate network and data from intrusion or other loss. We process personal information for these purposes because it is necessary for our legitimate interests in maintaining the security of our IT systems and premises, and protecting our employees and others.
- We also use personal information when necessary to protect our legal interests or to comply with legal and other requirements. We process personal information for these purposes because we are required to do so by law or it is necessary for the establishment, exercise or defense of legal claims.
We may share your personal information internally within our/or with affiliates for the purposes described in this notice. We also may share your personal information with third parties that perform services on our behalf, including third-party service providers (such as the operator of this reporting tool). We require these parties to respect the security of your data and to treat it in accordance with the law.
We reserve the right to share with relevant third parties information you provide in the event of a potential or actual sale or transfer of all or a portion of our business or assets, including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, liquidation or other business transaction.
We also may disclose personal information about you:
- If we are required by applicable law, regulation or legal process (such as a court order or subpoena);
- To law enforcement authorities or other government officials to comply with a legitimate legal request;
- When we believe disclosure is necessary to prevent physical harm or financial loss to us, our users or the public; or
- To establish, exercise or defend our legal rights, and in connection with an investigation of suspected or actual fraud, illegal activity, security or technical issues.
We have put in place security measures designed to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected data security breach.
We only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Your personal information may be stored and processed in the United States or in another country in which we or our affiliates, subsidiaries, or third party service providers conducts business. When we transfer personal information to a country outside of an employee’s location, we may use a variety of legal mechanisms authorized by law, including standard contractual clauses approved by the European Commission or other data transfer agreements.
Data subject rights
To the extent provided by the law of your jurisdiction, you may request access to the personal information we maintain about you or request that we correct, update, amend or delete your information, or that we restrict the processing of such information by contacting us as indicated below. These rights are not absolute; if we are unable to accommodate your request, we will provide written notification specifying the basis for such conclusion. Depending on your location, you may have the right to file a complaint with a government regulator if you are not satisfied with our response.
If you are a resident of California, Cloud Software Group has a California Consumer Privacy Statement which is available for review here.
How to contact us
Cloud Software Group, Inc.
Attn: Chief Privacy Officer
100 District Avenue, Ste 213
Burlington, MA 01803
Last Updated: May 22, 2023