We at CLOUDS EXPRESS respect the privacy of our visitors and are committed to preserving your online safety by preserving your privacy at anytime you visit or communicate with our site.
Data can be collected and processed during the operations of our website. The following are ways we may perform these actions: Data regarding your visit(s) to our website and any resources used are collected. The following is included and not limited to: location data, weblogs, traffic data, and any other communication information. Any forms you filled out on our site allows us to collect data such as registering for information or when you complete a purchase. If for any reason you communicate with our personnel or site we may collect information.
Our Use of Your Information
Information stored or collected regarding you helps us improve and offer services you need. The following list contains how we might use your data: Any request you make of our site or personnel allows us to use information you provided us with, relating to the products or services we have. We may also send information on products or services you may be interested in, as long as consent has been received. Contract Commitments: To meet any Commitment we make to you. Changes or Improvements made to the site can warrant use of your information, with regard to notification of such changes. An existing customer may be contacted regarding products and services related to any item of previous sale you made on our site. We use your personal information to contact you to give you information relating to your orders with us, this is mandatory in order for us to process and fulfil your order. Anyone who does not wish to give consent for our site or third party use has the opportunity to decline. Once we receive your withhold for consent we will remove your details from any mailings or third party communications.
Personal Data Storage
At times we may disclose personal information to persons in our group. This can include subsidiaries, holding companies, or any other subsidiaries involved in our business, if applicable. Third Party disclosure may occur for, but not limited to, the following reasons:
Selling any or all of our business to a third party may result in sharing your information.
At any time when we are legally required to we may disclose information about you and your visits to our sites.
To prevent fraud and help in fraud protection in order to reduce risk, we may disclose information.
Third Party Links
Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, especially with the EU General Data Protection Regulation (GDPR – available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our sservice and the choices you have associated with that data.
Scope of validity
This data privacy statement applies to our Website and the services (the “Services”) provided therefore.
Controller & data protection officer
The following party is responsible for the processing of data in relation to the Services:
Address: 86, Triq L - Casolani, Birkirkara, Malta.
Email address: [email protected]
Our data protection officer can be contacted using the contact details above.
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information needs to be provided for the relevant service. In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
In various cases, you may also be asked to grant us your consent to the further processing of data (or some of the data, as applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and about the purposes which we pursue in these processing operations.
Transfer of personal data to third countries
When we send data to countries outside the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.
If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for the establishment, exercise or defence of legal claims, and if no other exemption applies at law, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate safeguards under Art. 46 GDPR.
Hosting at external service providers
Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses.
Transmission to government authorities
We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject or when it is necessary for the assertion, exercise or defence of legal claims.
Period of storage
Data will not be kept in excess of two (2) years. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage is required by law or unless you grant us extended consent.
Minimum Age Protection
Individuals under the age of 18 should not submit any personal data to us without the compliance of parents or guardians. We do not request personal information from children and adolescents. We do not intentionally collect such data and do not share it with any third parties.
Right to object
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing. You also have the right, at any time and for reasons relating to your particular situation, to object to the processing of personal data concerning you. The right to object may be exercised free of charge.
Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and the other information listed in terms of law.
Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay and you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erase Data and the right to Restrict Processing of Data
You have the right to obtain from us the erasure of personal data concerning you and to restrict use of personal data concerning you in terms of law.
Right to data portability
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance on our part. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.
Right to withdraw consent
If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Aim and Scope
This Policy sets out the use and management of the CCTV System in compliance with the relevant data protection and privacy laws including but not limited to the Data Protection Regulation (EU) 2016/679
(“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
The Policy aims to:
- i) define the purpose of processing of CCTV monitoring and recording; and
- ii) define the procedure for access, disclosure and use of such CCTV recordings and limit this to specified and justified purposes only.
Clouds Express Limited (the Company) is committed to ensure that the collection and use of such CCTV recording is fair and that it complies with the requirements of the relevant legislation.
This Policy applies to all of the Company’s CCTV System. The Company’s CCTV System may capture images and audio recordings. CCTV recordings are monitored and retained in strict accordance with this Policy.
- Purpose of processing of data from CCTV
The use of CCTV is primarily for the following purposes:
- Deterring, prevention and detection of crime including misuse/abuse of equipment/ buildings.
- Identification, apprehension and prosecution of offenders.
- Aid in investigation of the incidents/injuries.
- Confirmation of alarms.
- Investigations by internal audit.
- Investigations and disciplinary action by HR.
- Protection of Company facilities from intrusion.
- Ensure the safety of staff, clients, and visitors.
- Detect, prevent or reduce the incidence of crime.
- Prevent and respond effectively to all forms of possible harassment and disorder.
- Reduce the fear of crime.
- Create a safer environment.
- Provide emergency services assistance.
The CCTV system operates 24 hours a day, 7 days a week.
- Categories of Personal Data
The information processed may include visual images, personal appearance and behaviors. This information may be about staff, guests, visitors, suppliers, business partners and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Any monitoring of staff will be carried out in accordance with applicable legislation.
- Processing of collected information
Personal data collected in the course of the CCTV recording activities will be processed fairly and lawfully in accordance with the current Data Protection Act and the European General Data Protection Regulation.
The Company’s legitimate interest for processing such personal data stems from the following: CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime and safety related incidents. The Company recognizes the effect of such a CCTV System on the individual and the right to privacy and protection of personal data.
Equipment used, image quality, camera positioning and locations are appropriate to ensure that the images are adequate and exclusive for the purpose for which they are being collected.
Clouds Express Limited ensures that footage collected will be:
- Adequate, relevant and not excessive;
- Used for the purpose(s) stated in this Policy in Section 2 only and not used for any other purposes;
- Accessed and disclosed in line with Applicable Law and internal policies;
- Treated confidentially;
- Stored securely; and
- Not kept for longer than necessary for the legitimate business needs and will be securely destroyed once the issue(s) in question have been resolved.
- Control of access to CCTV Footage
All recording media used for the monitoring and capture of images on Clouds Express’s CCTV system belongs to and remains the property of Clouds Express. It is important that access to and disclosure of images is restricted and carefully controlled, not only to ensure that the rights of individuals are preserved but also to ensure that the chain of evidence remains intact should the images be required for evidential purposes. Viewing of the footage is centered in defined areas and restricted to those who need to have access in accordance with this Policy and any governing legislation. All staff who have access to the CCTV System are made aware of the sensitivity of handling CCTV images and recordings.
To ensure CCTV camera images are not available to unauthorized employees/external personnel, preventive actions have been taken to ensure monitors are not visible from external areas.
- Disclosure of CCTV Footage
Disclosure of images from the CCTV system is controlled and is consistent with the purpose for which the system was established. The Company will share personal data with third parties only if there is a legal obligation imposed on it to do so.
Clouds Express will be the Data Controller at the point of images/footage being recorded, however if any images are released to any other authorized organization/individual, the legal responsibility in relation to the images that have been released, will be transferred to that organization.
- Storage and recording of CCTV recordings and security measures
CCTV systems are configured to record continuously and will re-write over aged data on a rotational basis and will be retained exclusively for the period in which the Company may lawfully retain your personal data.
The Company shall implement and maintain appropriate and sufficient technical and organizational security measures, taking into account the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to protect personal data against any unauthorized accidental or unlawful destruction or loss, damage, alteration, disclosure or access to personal data transmitted, stored or otherwise processed and shall be solely responsible to implement such measures.
The Company shall ensure that its staff who process personal data are aware of such technical and organizational security measures and shall ensure that such staff are bound by a duty to keep personal data confidential.