• 800-619-7377
  • info@cloudnav.com
Contact

Cloud Navigator

Privacy Policy

1. Privacy

1.1 U.S. Data Privacy Compliance

To the extent applicable, the parties will comply with the requirements of all relevant United States federal and state data privacy laws regarding the collection, use, transfer, retention, and other processing of Personal Data originating in the United States. Applicable laws include, but are not limited to, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and any other applicable state privacy laws. All handling of Customer Data will adhere to these regulations and any additional data protection requirements communicated by Publisher to the Customer.

1.2 Personal Data

Customer consents to the processing of Personal Data by Publisher, its Affiliates, and their respective agents and Subcontractors, as provided in this Agreement. Before providing any Personal Data to Publisher, Customer will obtain all required consents from third parties (including Customer’s contacts, partners, distributors, administrators, and employees) under applicable privacy and data protection laws.

1.3 Processing of Personal Data; GDPR (International Transfers)

To the extent Publisher is a processor or sub-processor of Personal Data subject to the European Union General Data Protection Regulation (GDPR) or the data protection laws of the United Kingdom or Switzerland, the Standard Contractual Clauses (SCCs) will govern that processing, and the parties also agree to the following terms in this subsection (“Processing of Personal Data; GDPR”):

a. Processor and Controller Roles and Responsibilities

Customer and Publisher agree that Customer is the controller of Personal Data and Publisher is the processor of such data, except when (a) Customer acts as a processor of Personal Data, in which case Publisher is a sub-processor, or (b) stated otherwise in any Offering-specific terms. Publisher will process Personal Data only on documented instructions from Customer. In any instance where the GDPR applies and Customer is a processor, Customer warrants to Publisher that Customer’s instructions, including appointment of Publisher as a processor or sub-processor, have been authorized by the relevant controller.

b. Processing Details

The parties acknowledge and agree that:

  • i. The subject matter of the processing is limited to Personal Data within the scope of the GDPR;
  • ii. The duration of the processing will be for the duration of the Customer’s right to use the Offering and until all Personal Data is deleted or returned in accordance with Customer instructions or the terms of this Agreement;
  • iii. The nature and purpose of the processing will be to provide the Offering pursuant to this Agreement;
  • iv. The types of Personal Data processed by the Offering include those expressly identified in Article 4 of the GDPR; and
  • v. The categories of data subjects are Customer’s representatives and end users, such as employees, contractors, collaborators, and customers, and other data subjects whose Personal Data is contained within any data made available to Publisher by Customer.

c. Data Subject Rights; Assistance with Requests

Publisher will make information available to Customer in a manner consistent with the functionality of the Offering and Publisher’s role as a processor of Personal Data to allow Customer to fulfill data subject requests under the GDPR. Publisher will comply with reasonable requests by Customer to assist with such responses. If Publisher receives a request from Customer’s data subject to exercise GDPR rights in connection with an Offering for which Publisher is a data processor or sub-processor, Publisher will redirect the data subject to make its request directly to Customer. Customer will be responsible for responding to such requests, including, where necessary, by using the functionality of the Offering. Publisher will comply with reasonable requests by Customer to assist with Customer’s response to such a data subject request.

d. Use of Sub-processors

Customer consents to Publisher using the sub-processors listed at the applicable Publisher URL or as otherwise communicated to Customer. Publisher remains responsible for its sub-processors’ compliance with the obligations herein. Publisher may update its list of sub-processors from time to time, providing Customer at least 14 days’ notice before giving any new sub-processor access to Personal Data. If Customer does not approve of any such changes, Customer may terminate any subscription for the affected Offering without penalty by providing written notice of termination prior to expiration of the notice period, including an explanation of the grounds for non-approval.

e. Records of Processing Activities

Publisher will maintain all records required by Article 30(2) of the GDPR and, to the extent applicable to the processing of Personal Data on behalf of Customer, make them available to Customer upon request.

1.4 Security

Publisher will take appropriate security measures as required by applicable data protection laws and in accordance with good industry practice relating to data security.

1.5 Support Data

Publisher may collect and use Support Data internally to provide technical support for the Offering. Publisher will not use Support Data for any other purpose unless otherwise agreed in writing by the parties.

Have Questions? Start a Conversation with Us.

Let's explore IT strategies, services, business solutions, and address your compliance concerns with Cloud Navigator.

Our Mission: To modernize the workplace and eliminate risks so that organizations can achieve more every day.

Follow us

Linkedin-in Facebook-f Envelope

ABOUT

EXPERTISE

ADDRESS

Headquarters:

CONTACT

Copyright ©2025 Cloud Navigator

Scroll to Top