CloudArmy GDPR Compliance
Cloud Army Network Inc. (CloudArmy) values privacy and is committed to full compliance with the European General Data Protection Regulation (GDPR).
Data We Collect and Protect
CloudArmy collects four categories of data:
- Customer Content used to create test designs in our Reactor Portal
- Personal information entered in our Reactor Portal pertaining to the users of the portal who create and analyze tests
- Results from respondents who take tests on our Reactor platform
- Contact information gathered from various sources and used for marketing purposes
- IP addresses collected from all web users for security and platform maintenance
CloudArmy does not collect sensitive personal data as defined by the GDPR, such as criminal records, sexual preferences, religious views, etc.
Customer Content: The CloudArmy terms of service specify that no personally identifiable data may be included in test designs created on the Reactor platform.
Respondent Data: The CloudArmy terms of service specify that no personally identifiable data may be collected by tests run on the Reactor platform. In addition, CloudArmy neither solicits nor accepts any personally identifiable information about respondents from panel providers. Therefore, CloudArmy respondent data never includes any personally identifiable information.
Customer Personal Data: CloudArmy obtains unambiguous consent before collecting personal data from our customers and portal users.
Marketing Data: Whenever CloudArmy collects data for marketing purposes we always get unambiguous consent first and we always provide the option to unsubscribe from any marketing channels, including email lists.
System Diagnostics: CloudArmy gathers and stores diagnostic data which includes Internet Protocol (IP) addresses and error messages from all web users who access our services. This data is held for between 14 days and 1 year and is used only to diagnose and handle issues related to the security and integrity of our services.
CloudArmy does not act as a processor for our customers, and when we process personal data as a controller, we minimize the amount collected and keep it as safe as possible through pseudonymization and other security measures.
CloudArmy has mechanisms and processes in place to allow customers to exercise their rights under the GDPR:
- The Right to be Forgotten: CloudArmy will delete any piece of personal data that it has received on the basis of consent within a reasonable period of time as long as it does not conflict with our other legal obligations.
- The Right to Data Portability: Upon request, CloudArmy will send within a reasonable period of time and in a machine-readable format any personal data received by consent from that individual.
CloudArmy does not store personal data in cookies without explicit consent.