This Privacy Policy describes how Cuberdon processes personal data when providing our Customer Engagement Platform software as a service (SaaS) to our business customers. Additionally, this Privacy Policy describes how Cuberdon processes personal data of the Cuberdon website visitors. Important: Cuberdon acts as a data processor on behalf of our Customers. Our Customers are the data controllers who determine the purposes and means of processing personal data of their end users. This Privacy Policy explains our role and responsibilities as a processor.
Cuberdon processes personal data solely on behalf of and under the instructions of our customers. We do not: • Own or control the personal data collected through the CIP platform • Determine the purposes for which the data is processed • Use the data for our own marketing or commercial purposes • Share the data with third parties except as strictly necessary to provide the services
Cuberdon’s customers are responsible for: • Obtaining necessary consents from End Customers for data collection • Providing privacy notices to their End Customers • Ensuring lawful basis for processing under GDPR • Responding to data subject requests from their End Customers • Determining retention periods and deletion schedules Cuberdon needs to apply
The CIP platform processes personal data that our customers collect from their End Customers or users. The types of data may include: • Contact information (names, email addresses, phone numbers) • Customer interaction data (messages, communications, campaigns, documents) • Transaction and subscription information • Any other data our customers choose to collect through the platform
When individuals visit our website, we act as a data controller and collect the following types of information: Information You Provide • Contact information when you fill out forms (name, email, phone, company name) • Information in demo or trial requests • Communication preferences • Any other information you choose to provide through contact forms Cuberdon does not intentionally capture any other automatic information such as cookies or IP addresses and location data.
We process personal data solely in accordance with our customers documented instructions as set forth in our Customer-Cuberdon Master Agreement and applicable data processing addendum. We do not process data for any purpose other than providing the CIP platform services.
Our processing activities include: • Storing and organizing customer interaction data • Providing access to authorized users designated by the Customer • Maintaining platform functionality and performance • Providing technical support to Customers • Generating usage reports and statistics
All personal data processed through the CIP platform is hosted on Microsoft Azure’s secure cloud infrastructure. Microsoft Azure is our cloud infrastructure and software services provider, acting as a sub-processor under our data processing agreement. Azure’s infrastructure is GDPR-compliant and certified under multiple international security standards including ISO 27001, ISO 27018, SOC 2, and others.
Personal data is stored and processed exclusively within the European Union. Data may be transferred or stored in any EU member state to ensure optimal service performance and redundancy but will not be transferred outside the EU without appropriate safeguards in accordance with GDPR requirements.
We implement appropriate technical and organizational measures to ensure data security, including: • Encryption of data in transit (TLS/SSL) and at rest (AES-256) • Role-based access controls and multi-factor authentication • Network security and firewall protection • Logging and monitoring of system access • Regular backups and disaster recovery procedures • Employee confidentiality obligations
We will notify Customers of any changes to our GDPR compliant sub-processors and provide reasonable opportunity to object to such changes in accordance with our data processing agreement.
End Customers whose personal data is processed through the CIP platform have the following rights under GDPR: access, rectification, erasure; right to be forgotten, restriction of processing, data portability, objection to processing, and rights related to automated decision-making and profiling.
Important: Because Cuberdon is a data processor, End Customers must direct requests to exercise their rights to the Customer (data controller) who collected their data, not to Cuberdon directly.
We retain personal data only for as long as necessary to provide the CIP platform services to our customers. Our customers, as data controllers, are responsible for determining appropriate retention periods for their End Customer data and instructing us accordingly.
Upon termination of our agreement with a Customer, we will provide the Customer with a copy of their data in a common file format and delete all personal data from our systems in accordance with the terms of our agreement, unless legally required to retain certain data.
In the event of a personal data breach affecting data we process on behalf of our Customers, we will notify the affected Customer(s) without undue delay upon becoming aware of the breach. We will provide all relevant information to enable the Customer to fulfill any data breach reporting obligations they may have under GDPR and other applicable laws.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify our customers of any material changes and updates. Continued use of the CIP platform after such changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data processing practices, please contact us: CUBERDON BV Borgtstraat 44, 1850 GRIMBERGEN (Belgium) Email: ask@cuberdon.io Phone: +32 308 59 27