Legal Agreements for CloudLinux Products
What information We Collect and Process
- Personal Information.
CLOUDLINUX may collect personally identifiable information from you such as names, addresses, telephone numbers, fax numbers, physical addresses, email addresses, CVs (in the case of candidates), credit card number (in the case of direct customers) and, if applicable, company names, addresses, telephone numbers, fax numbers, physical addresses, email addresses, credit card numbers or tax ID numbers as well as similar information concerning technical contacts, marketing contacts, and executive contacts within your company or organization (collectively, “Personal Information”).
- Non-Personal Information.
CLOUDLINUX may collect non-personally identifiable information from you such as the type of browser you use, your operating system, the screen resolution of your browser, your ISP, your IP address, which pages you view on the Site and the time and duration of your visits to the Site (collectively, “Non-Personal Information”). CLOUDLINUX associates Non-Personal Information with Personal Information if you register with the Site.
- User Communications.
If you communicate with us, we may collect information relating to that communication whether it takes the form of email, fax, letter, forum posting, testimonials or any other form of communication between you and CLOUDLINUX or Submitted by you to the Site (collectively, “User Communications”).
- Server Information.
If you use one of our software products such as CloudLinux OS, KernelCare, Imunify360, CloudLinux Backup or TuxCare™ products and services, we may collect certain information concerning such software, its use, and concerning the server upon which the software operates. This information includes: (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (CloudLinux or CloudLinux reseller or partner); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”), server uptime and server hardware information including CPU, memory, disks, motherboard. Additionally, “Server Information” may also include (x) information collected by CloudLinux from time to time concerning which features of the software are most often used in order to improve and make adjustments to the software; and (y) information collected from you by CloudLinux in the event that you request technical support services including without limitation, IP addresses, usernames and passwords necessary to login to SSH, list of running processes and content of configuration files.
- Information about your customers (Imunify360)
Only if you use Imunify360, Imunify360 collects information about visitors of any site hosted on a server protected by Imunify360. That information includes visitors IP addresses, URI, browser information, screen resolution as well as other location & browser metadata. We might also collect HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis). If an attack is detected, we will collect HTTP parameters without using one-way encryption. We will still encrypt it for the purpose of transferring it to our servers. For more details please read and sign our Imunify360 Data Processing Agreement in the relevant License Agreement.
- Information about your customers (Imunify Email)
Only if you use Imunify Email, Imunify Email collects information about mail senders and recipients of any MTA agent protected by Imunify Email. That information includes sender/recipient mail addresses, IP addresses, message content and SMTP headers. Arbitrary email message content may be used for the purpose of enhancing machine learning input data. The data is never stored outside customer premises, but can be temporarily accessed by CloudLinux antispam engineers. It is never stored or transmitted in non-encrypted form and can be un-encrypted to be loaded in RAM for processing purposes. For more details please read and sign our Imunify360 Data Processing Agreement in the relevant License Agreement.
- Information about your customers (CloudLinux OS)
Only if you use CloudLinux OS Share PRO and/or CloudLinux OS Solo, CloudLinux OS may indirectly collect information about visitors of any site hosted on a server that is using CloudLinux OS Shared PRO or CloudLinux OS Solo. One of the features of both Services (the feature`s name is X-Ray) tracks the time of the SQL request execution. With the purpose to track the time and analyze the SQL request execution, the feature processes in an encrypted manner and stores the SQL requests in a depersonalized format. The SQL requests can consist of Personally Identifiable Information of the visitors of any hosted site. For more details please read and sign our CloudLinux OS Data Processing Agreement in the relevant License Agreement.
- The content of your servers (CloudLinux Backup)
If you are using CloudLinux Backup, we back up your data to cloud servers, as specified by your backup settings. Such backups may include a transfer of such data to approved locations in accordance with any Data Processing Agreement you have entered with CloudLinux.
How We Use Personal Data
Any of the information we collect from you may be used in one of the following ways:
- To improve customer service
In the context of customer support, your information helps us to more effectively respond to your customer service requests.
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, other than for the express purpose of delivering the purchased product or service requested.
- To send periodic emails
The email address you provide in the application may be used to send you information and updates pertaining to your usage, in addition to receiving occasional company news, updates, related product or service information, etc.
- To carry out the hiring process
We use identification and contact details, job performance data, and data on your suitability for the purpose of carrying out the selection process, including screening of candidates. After that, personal data is processed under the legal title of performance of the contract, implementation of pre-contract arrangements, i.e. preparation of an employment contract or agreement. We keep your personal information for the duration of the recruitment process, unless you consent to its further retention in the Candidate Database. Based on your consent, we store your information in the Candidate Database and thus process your identification, contact details, and performance data to contact you with another relevant job offer if any. We can also use your data from the Candidate Database to better understand what kinds of job candidates are interested in the careers we have to offer. With your consent, we process the data for up to 3 years after the end of the recruitment process. You may withdraw your consent at any time by contacting [email protected]. Data processing before revocation of your consent remains valid.
- To distribute marketing and advertising materials
We may contact you with the relevant information about CLOUDLINUX products and services from time to time. Most messages we will send by email. For some messages, we may use Personal Information we collect about you to help us determine the most relevant information to share with you. If you do not want to receive such messages from us, you will be able to tell us by selecting certain boxes on forms we use when we first collect your contact details. Or you can change your marketing preferences by clicking on the unsubscribe link at the bottom of our emails.
- The data collected by Imunify360 about visitors is used to provide better security for Imunify360
- The data collected by Imunify Email about sender/recipients is used to enhance anti-spam filtering efficacy for Imunify Email.
- The data backed up by CloudLinux Backup is used to analyze, improve, and provide our backup services
How We Share Personal Data
- Service Providers
We may provide your personal information to companies that provide services to help us with our business activities such as offering customer service, carrying out the recruiting process or processing your payment. These companies are authorized to use your personal information only as necessary to provide these services to us.
- With your consent
We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
- Third-Party Widgets
- Legal Disclaimer
We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In the event CLOUDLINUX is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.
We may also disclose your personal information to any other third party with your prior consent.
How We Transfer Personal Data Internationally
- International Transfer to third parties
- Data Privacy Framework Notice
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, CloudLinux is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). The Federal Trade Commission has jurisdiction over CloudLinux’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Pursuant to the Data Privacy Frameworks, EU, Swiss, and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Data Privacy Frameworks, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Cloud Linux’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Frameworks Principles. In particular, Cloud Linux remains responsible and liable under the Data Privacy Frameworks Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Cloud Linux proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, the Swiss-U.S. DPF, and UK DPF, Cloud Linux Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the Swiss-U.S. DPF, and UK DPF to VeraSafe, an alternative dispute resolution provider based in the United States, and the European Union. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit VeraSafe Data Privacy Framework Dispute Resolution Procedure for more information or to file a complaint. The services of VeraSafe are provided at no cost to you. More information about VeraSafe, an alternative dispute resolution provider, is provided in section 10(c) below.
ACCESSING OR USING OUR SITES OR SERVICES, OR OTHERWISE PROVIDING INFORMATION TO US OR OUR CUSTOMERS, CONSTITUTES CONSENTING TO OUR POTENTIAL TRANSFER, PROCESSING AND STORAGE OF SUCH INFORMATION IN THE UNITED STATES.
How we Store and Secure Personal Data
- Data Storage and Security
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive information is transmitted via Transport Layer Security (TLS) technology to and then stored into our database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential. Credit card information is transmitted directly to the payment processor and is not stored on our servers. If you have any questions about the security of your personal information, you can contact us at [email protected] or visit our Security and Compliance web section.
- Retention of Personal Data
How long we keep information we collect about you depends on the type of information and how we collect and store it. After a reasonable period of time, we will either delete or anonymize your information or, if this is not possible, then we will identify your account in our database as “deleted” or “closed” and isolate it from any further use until deletion is possible.
We retain Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Data and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in the section “Your Privacy Rights and Choices” below.
Cookies or other tracking technologies
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information.
Cookies provide a convenience feature to save you time, or tell the Web server that you have returned to a specific page.
Cookies set by the website owner (in this case, CLOUDLINUX) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites. Your cookie consent is renewed every 6 (six) months or in case we add any new third-party cookie.
We use first party and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Sites to operate, and we refer to these as “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Sites and Services. For example, CLOUDLINUX keeps track of the Sites and pages you visit within CLOUDLINUX, in order to determine what portion of the Site or Services is the most popular or most used. This data is used to deliver customized content and promotions within the Site and Services to customers whose behavior indicates that they are interested in a particular subject area. Third parties serve cookies through our Sites for advertising, analytics and other purposes. This is described in more detail below.
- What types of cookies do we use and how do we use them?
The specific types of first- and third-party cookies served through our Sites and the purposes they perform. For a list of the cookies used by CLOUDLINUX, see our cookie banner when you visit our Sites for the first time. These cookies include:
- Strictly Necessary cookies: These cookies are strictly necessary to provide you with services available through our Sites.
- Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Sites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
- Targeting cookies: Targeting cookies are used to identify visitors between different websites, e.g., content partners, banner networks. Those cookies may be used by us to build a profile of visitor interests or show relevant ads on other websites.
- Unclassified cookies: These are cookies that do not belong to any other category or are in the process of categorization.
- Log files
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
- Behavioral Targeting
Your Privacy Rights and Choices
- Personal Data Requests
Just as we have our rights and obligations to process your personal information, you also have certain rights to process your personal data. These rights include:
- Right of access: In accordance with Art. 15 GDPR, you may have the right to obtain confirmation from us as to whether or not your personal data is processed by us, and, where that is the case, to request access to your personal data. The information about personal data processing includes the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom your personal data have been or may be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. Also, you may have the right to obtain a copy of your personal data undergoing processing. For additional copies requested, we may charge a reasonable fee based on administrative costs.
- Right to rectification: In accordance with Art. 16 GDPR, you may have the right to obtain from us the rectification of inaccurate personal data. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): In accordance with Art. 17 GDPR, you have the right to request that we delete your personal data. Please keep in mind that we may keep your personal data if it is still necessary for:
- fulfilling our legal obligation;
- archival, historical, or scientific research or statistical purposes; or
- determination, exercise, or defense of our legal claims.
- Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. In this case, the respective personal data will be marked accordingly and may only be processed by us for certain purposes.
- Right to personal data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and/or to request the transfer of this personal data to another entity.
- Right to object: If you have given your consent to the processing of your data in accordance with Art. 7 III GDPR, you may revoke your consent at any time in the future. The declaration of revocation must be addressed to us and must be presented in writing or delivered by email or fax.
Please note that to protect personal information, we may verify your identity by a method appropriate to the type of request you are making. You are entitled to exercise the rights described above free from discrimination.
We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.
If you are a customer, prospect, or otherwise interact with a CLOUDLINUX customer that uses our Services and would like to access, correct, amend or delete your data controlled by the customer, please contact the relevant customer directly. CLOUDLINUX acts as a processor for our customers and will work with our customers to fulfill these requests when applicable.
- To unsubscribe from our Communications
When you register for an account, we will use your name and email address to send periodic emails to you of both promotional and transactional nature. Out of respect for your privacy, you may choose to stop receiving promotional emails by following the unsubscribe instructions included in these emails or you can contact us at [email protected].
We will also send you service-related email announcements on rare occasions when it is necessary to do so. You do not have an option to opt out of these emails, which are not promotional in nature.
- To unsubscribe from our Customer`s Communications
Our customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. Individuals who interact with a CLOUDLINUX customer can unsubscribe from our customers’ marketing communications by clicking on the “unsubscribe” link located on the bottom of their emails, or by contacting them directly.\
California Privacy Rights
For purposes of this section “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”).
- How We Collect, Use, and Share your Personal Information
We might collect the following statutory categories of Personal Information:
- Identifiers, such as names, addresses, telephone numbers, fax numbers, physical addresses, email addresses. We collect this information directly from you or from third party sources.
- Internet or network information, such as browsing and search history. We collect this information directly from your device.
- Geolocation data, such as IP address. We collect this information from your device.
- Other personal information, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Service.
- Your California Rights
You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
CLOUDLINUX does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
- How to Exercise your California Rights
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.
Please use the contact details below, if you would like to:
- Access this policy in an alternative format;
- Exercise your rights;
- Learn more about your rights or our privacy practices; or
- Designate an authorized agent to make a request on your behalf.
Data Protection Officer
Cloud Linux Inc.
2318 Louis Rd, Suite B
Palo Alto, CA 94303, USA
Other Important Privacy Information
- We never sell Personal Data
We will never sell your Personal Data to any third party.
- Information About Children
The CLOUDLINUX products and/or services are not directed at persons under 16 and we do not knowingly collect Personal Information from children under 16. If you become aware that your child has provided us with Personal Information, without your consent, then please contact us using the details above so that we can take steps to remove such information and terminate any account your child has created with us.
- Dispute Resolution
Within the scope of this privacy notice, if a privacy complaint or dispute relating to Personal Data received by CloudLinux in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through CloudLinux internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If a complaint or dispute cannot be resolved through CloudLinux internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.
- Third-Party Links
Occasionally, at our discretion, we may include links to our merchant partners (third-party products or services) on our Sites. These third party’s websites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our Sites and welcome any feedback about these third-party websites.
We display personal testimonials of satisfied customers on our Sites in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at [email protected]
- Social Media Widgets
CloudLinux Sites may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.