Privacy Policy

Updated January 2022

At Leafcloud, we care a great deal about your privacy. We treat your data with care. When you decide to use our services, we want to make sure you know how Leafcloud handles your data. On this page, you will find information about:

1. Leafcloud

Leafcloud B.V. (referred to as “Leafcloud” and “we”) is a Dutch organization based in the Netherlands. At Leafcloud, we are committed to being transparent about how we collect and use personal data and protect the privacy of all users. When you use any of the Leafcloud cloud services or visit the Leafcloud websites, we collect information (e.g., via forms) to provide our products and services fairly and lawfully. Leafcloud collects and processes personal data in accordance with applicable laws.

See the ‘Personal data processing’ and ‘Data sharing’ sections of this document for more information.

This privacy statement is intended to inform how we process personal data. This privacy statement may be modified from time to time. Please check this page regularly for any changes. Customers will be informed by email if and when any changes occur.

This privacy policy was last updated in January 2022.

2. Purposes for collecting your personal data

We collect and process personal data to provide requested services. This includes (but is not limited to):

Delivering you our services
Ensuring the security of our services
Responding to your support requests
Communicating with you about updates of our products
Sending you invoices
Improving the user experience of our products

Our processing activities rely on legal grounds; we use data to facilitate our business relations, pursue our legitimate business interests, and comply with our financial regulatory and other legal obligations.

3. Personal data processing

Leafcloud collects and processes personal data provided both directly and indirectly. The provision of personal data is part of a statutory requirement. Failing to provide personal data may result in Leafcloud not providing requested services.

3.1 Direct personal data collection and processes

Leafcloud collects and processes personal data directly through forms & cookies on our websites and applications. Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. When you visit our website, we collect information from you automatically through cookies.

We use cookies for the following purposes:

analytics
understanding how you use our website

The personal data that you provide directly to us will be apparent from the context in which you provide the data. This may include:

Contact details (such as name, address, email address, phone number)
Business details (such as business name, VAT ID, business registration ID)
Any additional data that provided (such as attachments or comments)

3.2 Indirect personal data collection and processes

Leafcloud collects and processes personal data that is automatically collected through our websites and applications. This includes:

Device data (such as IP address, browser, device type)

Usage data (such as time spent on Leafcloud websites, which Leafcloud services are used, what software is run using Leafcloud services, login times & sessions, compute capacity used)
Billing data (such as invoices)

4. Data sharing

Leafcloud may share specific data with a supplier or contractor organization supplying services that require the use and/or creation of data for the purposes described in this privacy statement and in accordance with applicable laws.

Including (but not limited to):

Invoicing
Scheduling
Messaging
Infrastructure support
Data storage

In these limited situations, selected third parties may access data maintained by Leafcloud. Before sharing any information with any third party-party, we ensure that all third-party recipients are bound to strict compliance standards.

Leafcloud does not sell or trade data to any third party. Leafcloud can be obliged to share specific data with third parties, such as government authorities, in accordance with applicable laws. Leafcloud retains the ability to share data to protect the legal rights of Leafcloud in accordance with applicable laws.

5. Data retention

Leafcloud will retain a customer's data for as long as the aforementioned customer maintains a Leafcloud account. After closing said account, or if no such Leafcloud account exists, Leafcloud will only retain personal data if there is a legal obligation to do so (e.g., financial records).

Leafcloud may also retain data if there is a ‘business need’ to do so. These needs include but are not limited to:

audit logs to ensure security
other reasons

Without prejudice to local legislation, customer data will be kept for a maximum of 3 years (i.e., 1095 days). This means that storage periods in local legislation are taken into account and complied with.

To ensure customer data is kept safe, Leafcloud maintains regular backups of its data, housed in Leafcloud infrastructure, within the European Union. These may include personal data. It is impossible for Leafcloud to remove selections of data from backups; therefore, data may remain in these backups after the retention period has expired.

Backups are removed after at most three months.

Data within these backups are restored only in emergencies (e.g., Marvin accidentally deleting our production database during spring cleaning). If deleted personal data is ever restored as part of a backup, Leafcloud will delete that data within the thirty-day period following the notification.

6. Security

Leafcloud uses a number of technical, physical, and organizational security measures to assure the integrity, confidentiality, and availability of user data. Leafcloud has implemented security technologies and procedures to protect the data we store from:

unauthorized access
improper use
alteration
unlawful or accidental destruction
accidental loss

We continue to improve our security procedures as new technology becomes available. Access to data is limited. Leafcloud data processors and employees are thoroughly screened and only have access to the data needed to complete specific tasks. Leafcloud data processors and employees are obliged to respect privacy and handle data with care.

Leafcloud ensures adequate security to protect manual and electronic processing of your data and prevent its misuse, all in accordance with applicable local legal requirements. Leafcloud also ensures that third parties and affiliates processing data on Leafcloud’s behalf will observe similarly adequate security measures, in accordance with applicable local legal requirements.

Users have an important role to play in assisting Leafcloud in keeping their data secure. Users should use a unique password for Leafcloud, keep it confidential at all times, and only use Leafcloud credentials for Leafcloud services.

7. Rights

Leafcloud users retain the following rights:

The right to access: Users have the right to request copies of their personal data
The right to rectification: Users have the right to request correction of any information they deem incorrect or incomplete.
The right to erasure: Users have the right to request the erasure of personal data under certain conditions.
The right to restrict processing: Users have the right to restrict the processing of personal data under certain conditions.
The right to object to processing: Users have the right to object to the processing of personal data under certain conditions.
The right to data portability: Users have the right to request a transfer of their collected data to another organization under certain conditions.

Leafcloud only has an obligation to correct user data in the following cases:

when the user data is factually inaccurate
when the user data is incomplete
when the user data is irrelevant to the purpose for which Leafcloud processes the data.

You can contact Leafcloud to exercise access and correction rights. Leafcloud will process requests and rectify errors within a thirty-day period after receiving a request.

8. Marketing

Leafcloud sends information about the company updates, products, and services. In the case an individual agrees to receive marketing material (e.g., the Leafcloud newsletter) they can opt out at any time.

9. Contact information

Any requests to exercise your rights under European data protection law, or any other requests, questions, or complaints with regard to personal data can be directed to:

Leafcloud B.V.
Overhoeksplein 2
1031KS Amsterdam
The Netherlands
+31 (0)20 2443 794 info@leaf.cloud

In the case a user considers Leafcloud’s processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection, see this website for more information https://www.consuwijzer.nl/doe-uw-melding-bij-acm-consuwijzer.