Respecting the confidentiality and integrity of our customers’ data is a priority for Clever Cloud. That is why we take care to limit our processing of personal data to what is necessary for the provision of our services, and to fully respect your rights guaranteed by the European Regulation on the Protection of Personal Data (“GDPR”) of April 27, 2016.

In general and except for the specific needs detailed below, Clever Cloud does not access the data you choose to host on the platform. In any case, Clever Cloud never exploits the data of your own customers and users. This Privacy Policy details what data we process, why we process it, and what rights you have. It applies to our own customers’ personal data collected during your use of the Clever Cloud Platform, accessible on the Clever-Cloud.com domain. However, each Clever Cloud customer who uses our hosting services to run an application is solely responsible for the processing of his or her own users’ data, subject to the Data Processing Agreement that is part of the Contract between you and Clever Cloud.

1. The data processings by Clever Cloud

Clever Cloud processes personal data for various purposes, in particular:

Statistical analysis of website visits

During your visit to the Platform, including the site accessible at www.clever-cloud.com, Clever Cloud collects data necessary to detect anomalies, to track visits to the various pages and components of the Platform, to verify the suitability of the content to the expectations of our visitors and users, and to optimize the performance of the website and the Platform.

These data strictly necessary for the proper administration of the Platform include:

• The first half of your IP address (e.g. 192.168.xxx.xxx);
• The version of your browser;
• Your operating system (e.g. Windows, Mac OS, Linux…);
• The type of terminal (e.g. telephone, computer…) and its screen resolution;
• The URL of the pages you visit or the type of action you take;
• A pseudonymous identifier.

They are kept and processed for 180 days within the Matomo Analytics tool hosted on its own servers by Clever Cloud, and are therefore not shared with third parties. If you do not wish to have your visits recorded, you can refer to the following instructions:

This processing is carried out on the basis of the legitimate interest of Clever Cloud to analyze the traffic of its website (Article 6.1.f of the GDPR).

Platform security, error management and access logging

In order to secure the Platform, in particular by detecting attempted intrusions, fraud, illicit copying of content or denial of service attacks, and to detect any anomalies in the operation of the Platform, Clever Cloud implements technical processes requiring the processing of personal data such as:

• Your IP address;
• The User Agent of your browser;
• Your login and passwords;
• The source code of your Applications (e.g. for automated malware detection);
• A log of your activities and events on the Platform (such as system error logs)

These processing operations are carried out on the basis of Clever Cloud’s legitimate interest in securing its services and the data of its Customers, and ensuring the proper functioning of the Platform (Article 6.1.f of the GDPR).

In addition, in order to comply with its legal obligations to retain connection data, Clever Cloud retains for 1 year the aforementioned data related to your content (source code) creation, modification or deletion operations. The Customer is reminded that it is up to him to collect and retain the connection data related to the contents of his own customers, in accordance with his own legal obligations. 

Administration and billing of your customer account

When you register on the Platform and use it, you may provide Clever Cloud with data associated with your customer account such as:

• Your name
• Your marital status
• Your e-mail address
• Your phone number
• Your mailing address
• Your login
• The organizations to which you are attached
• Your applications and associated data

This data is kept for the duration of the Contract between you and us (based on article 6.1.b of the GDPR) for the purpose of managing and securing your customer account, as well as for billing our services. They may also be kept beyond this date, until the expiry of the retention periods imposed by our legal and regulatory constraints (on the basis of article 6.1.c of the GDPR).

The password associated with your login is never stored in clear text by Clever Cloud and you will never be asked for it anywhere other than on the interface that allows you to login to the Platform, exclusively from the Clever Cloud website. You have the possibility to activate the two-factor authentication to reinforce the security of the access to your account. Clever Cloud encourages you to activate it to limit the risk that third parties fraudulently access your data.

The banking information you enter during a payment is processed exclusively by the Clever Cloud partner you choose at the time of payment:

• Stripe, whose privacy policy is available at: https://stripe.com/privacy  
• Paypal, whose privacy policy is available at: https://www.paypal.com/fr/webapps/mpp/ua/privacy-full 

Technical and commercial support

In order to respond to requests for technical or commercial assistance from its Customers, Clever Cloud may process the following data on the basis of the performance of the contract between you and Clever Cloud (Article 6.1.b of the GDPR):

• Your IP address
• The organizations to which your account is attached
• Your email address
• Your phone number
• The content of your messages 
• The date and time of your last activity.

Clever Cloud shares this data with its partner Crisp, exclusively for the purpose of processing your support request, whose Privacy Policy is available at https://crisp.chat/fr/privacy/ 

In this context, Clever Cloud deploys a messaging tool integrated to the Platform, requiring the installation on your browser of Crisp cookies. These cookies are necessary to restore chat sessions with the technical support team and to maintain the continuity of exchanges during your navigation in our pages. These cookies are kept under the conditions explained in Crisp’s privacy policy.

If you call the hotline, your phone number is retained while we process your request. The data is shared with our voice server provider Twilio, whose privacy policy is available at https://www.twilio.com/legal/privacy 

Processing of applications (recruitment)

For its recruitment activities, on the basis of the need to process your applications (article 6.1.b of the GDPR) Clever Cloud must process the personal data that you provide in the process of your application, such as your full name, date of birth, addresses, telephone contact details, resumes, emails, dates and results of interviews, salary expectations,…

This data is kept for the time necessary to process your application and at the latest 12 months from the last contact, unless you authorize otherwise. It will not be passed on to third parties without your permission. If you apply from a third party service, you must read and agree to the service’s privacy policy.

2. Security measures

Clever Cloud implements technical and organizational measures in order to secure the data you entrust to us as well as possible, for example by using encryption measures as systematically as possible, or by limiting access rights to data to employees and service providers who have a legitimate interest in accessing it within the framework of the missions entrusted to them.

Clever Cloud’s services creation processes incorporate stringent data security requirements from the outset, and are monitored throughout the development and subsequent upgrades, with continuous evaluation and improvement of security requirements.

Data is hosted exclusively on servers managed by Clever Cloud, in highly secure data centers of your choice. You can find more information on how we secure your data and the security certifications of our data centers on the following page: https://www.clever-cloud.com/security/

3. Exercising your rights

In accordance with the GDPR, you have the following rights to your personal data:

• right of access (article 15 GDPR), rectification (article 16 GDPR), update, completeness of your data
• the right to withdraw your consent at any time (article 13.2.c of the GDPR)
• the right to limit the processing of your data (Article 18 of the GDPR)
• right to object to the processing of your data (Article 21 of the GDPR)
• right to portability of the data you have provided to us, where your data is subject to automated processing based on your consent or on a contract (Article 20 of the GDPR).
• right to erasure of your personal data (Article 17 of the GDPR)

In accordance with Article 12 of the GDPR, each request to exercise rights must be accompanied by relevant information to demonstrate your identity. In case of reasonable doubt, Clever Cloud may request that additional information necessary to confirm the identity of the person requesting the exercise of his or her rights be provided. Personal data relating to the exercise of these rights will be kept for a period of 1 year from the date of the reply sent by Clever Cloud.

You also have the right to instruct us as to what to do with your data after your death and to choose whether or not we disclose your data to a third party that you have designated. In the event of your death and in the absence of instructions from you, we undertake to destroy your data, except where their retention is necessary for evidential purposes or to meet a legal obligation.

You can exercise these rights by writing to us at dpo@clever-cloud.com or by sending a letter to the address indicated in our legal notice, for the attention of the Legal Department.
You may also file a complaint before a competent national Data Protection Authority, which list is accessible at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Revision history

Date	Comments
2022/05/05	In the introduction, reference added to Clever Cloud’s DPA