Our privacy policy
Executive summary:
We actually do care about your fundamental right to privacy, that is why we promote Digital Sovereignty and why we setup a Cloud platform that keeps your data local.
We will collect your personal data if you wish to communicate with us and enter into a mutually beneficial business relationship.
We’ll do our best to protect your data and to share it with third parties only if required by law or to provide you with the requested services.
GDPR and Privacy notice
Who we are
Omnis Cloud Sarl is a Luxembourgish company (RCS B228034) with offices at: 9 Avenue des Hauts-Fourneaux, L-4362 Esch-sur-Alzette.
We are the data controller which processes your personal data in connection to your visit to our web site and in relation to eventual communications between us or business relationships.
Personal data we may collect or receive
We, as matter of principle and in compliance with GDPR, tend to collect the bare minimum amount of personal data that is necessary to deliver our services:
Website – when you visit our website we do not intentionally collect personal information. The web site analytics platform we use (Matomo) is hosted on our own Cloud, it does not store information that may allow us to identify you, even your IP address is anonymised, and it does not share any information with third parties. Your IP address may appear in servers logs but they are not processed to identify web site visitors, they are used only to identify eventual malfunctions or attempt to attack our platforms.
Retention period: 1 year maximum
Email, CRM, accounting software, support, Cloud services – If we exchange contact details or we enter into a business relationship, your personal data may be added into platforms that will help us manage communications with you, deliver services to you and comply with technical, legal and accounting duties and regulations.
Your personal data will not leave our own Cloud infrastructure hosted in Luxembourg unless required by European Laws or Regulations.
Retention period: 5 years since last business transaction (invoiced services/items) to cover legal/warrany retention periods
Retention period: 3 years since last contact which didn’t generate business transactions
Third party services we may use
We do not use any third party processors, Cloud or collaboration services (such as Microsoft 365, Google Suite or similar) where your personal data could be processed.
We use all the Open Source platforms we host on our own Cloud infrastructure and we encourage you to do the same.
Cookies
We use local and anonymous cookies to manage browsing sessions on our web site and the services you may access through our site. If you simply visit our web site we will only use technical cookies.
Eventual technical and necessary cookies will be deleted when you close the browser.
Google Analytics free area
We all know that, in its effort to suggest you the most relevant ads, Google tracks your every move on the Internet through various services including Google Analytics and Google Fonts. These services are unfortunately being used by most sites, even by some Privacy challenged institutional sites.
We decided that your privacy is more important than a few shiny graphs which can be created with other nice, Open Source and privacy respecting tools.
We have chosen to use Mamoto Analytics (previously known as Piwik) to evaluate which pages are being visited the most on our web site. Mamoto provides the same features you may find to be cool in Google Analytics but the data generated does NOT leave our servers, is not sold to third parties and is not aggregated to any external data sources.
We may also use some fancy fonts on our web site but instead of subjecting you to tracking services, like Google Fonts, we serve those fonts directly from our web servers.
Safe Harbor (invalidated), Privacy Shield (invalidated), TheNextFigLeaf (soon to be invalidated) and complex SCCs
Our servers and data will, at all times, reside in the EU so we do not need or wish to use legal workarounds to transfer your data to privacy challenged countries. We are aware that, unfortunately, some providers may route your requests to our servers through countries that may not respect your right to Privacy but that is completely out of our control. To make sure that the communication between our servers and your device is secure, we use SSL certificates provided by Let’s Encrypt with all our web services.
Third party websites
We do not currently integrate services from third parties.
There may be links pointing to external websites on which we have no control or responsibility.
Information Security
We take commercially reasonable precautions to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We process all personal data and any other information using industry-standard techniques and tools.
To reduce our attack surface and limit the risk for your personal information we only use Linux based desktops and servers.
All personal data on our Cloud infrastructure is replicated at least once on our Cloud, backed up on servers within the data centre and in some cases also encrypted and backed up off-site.
Your rights under EU Regulation 2016/679
We’d like to tell you that GDPR also allows you to exercise the following rights:
- Right of access by the data subject (art. 15)
- Right to rectification (art. 16)
- Right to erasure (‘right to be forgotten’) (art. 17)
- Right to restriction of processing (art. 18)
- Notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 19)
- Right to data portability (art. 20)
- Right to object (art. 21)
- Right not to be subject to a decision based solely on automated processing (art. 22)
If you have a complaint or you’d like to send to us your Subject Access Requests, you can write to us to the email address privacy (at) omniscloud.eu or send letter to our offices address to the “GDPR compliance officer”.
In the unlikely event that you are not satisfied with the way we respond to your request you can also lodge a complaint with the local Supervisory Authority called CNPD which will promptly act on your request.
