Cleura's use of personal data to deliver services

When Cleura provides services to customers, Cleura AB (Cleura) is a controller of the processing of some personal data.

This privacy notice explains how Cleura handles the following types of information:

• Billing information
• Contact information for service messages
• Customer main account
• Service logs
• Service cases

Billing information

Cleura has a legitimate interest in providing its services to customers, and customers have a legitimate interest in using those services. This necessitates processing of billing information, which contains personal data.

Cleura also has a legal obligation to process some billing data, under corporate accounting rules.

When and how we process billing data

Billing information is used to invoice customers and receive payment from customers.

Billing information is stored a number of years in compliance with Swedish accounting laws.

Types of personal data we handle and why

We handle the following personal data:

• Email address provided by the customer
• Contact name
• Contact address
• Payment verification hash (if you pay with a credit card)

We use this data to:

• Request and receive payment for services.
• Ensure compliance with legal accounting obligations.

Contact information for services messages

Cleura has a legitimate interest in providing its services to customers, and customers have a legitimate interest in using those services. This necessitates Cleura sending its customers information and alerts regarding the services.

Cleura also has a legal obligation under Article 32(1) GDPR to implement appropriate technical and organisational measures together with the controller, to ensure appropriate security of personal data. Sending service related information and alerts is a necessary part of this.

Cleura also has a legitimate interest in providing customers news and updates regarding Cleura’s services, and to survey customers about their satisfaction with Cleura’s services.

When and how we process personal data

The customer provides Cleura with an email address. Cleura sends emails containing information and alerts to the recipient email address. Information is stored for a period of time, regarding which recipients have been sent which emails.

Types of personal data we handle and why

We handle the following personal data:

• Email address provided by the customer
• Information about which recipients have received which emails

We use this data to inform, and ensure we have informed, customers of:

• Potential security breaches
• Updates and changes to the agreement between the customer and Cleura
• Relevant changes in the technical and organisational security measures
• Upcoming maintenance windows
• Potential service disruptions

We also use the email address to send:

• News and updates regarding Cleura’s services
• Surveys of the customer’s satisfaction with Cleura’s services

Customer main account

Cleura has a legitimate interest in providing cloud services to customers, and customers have a legitimate interest in using those services. When a customer uses cloud services, Cleura needs to create a main account for that customer.

Other details regarding the customer are tied to the main account. The customer can use its main account to create Cleura Cloud Management Portal and API user accounts.

When and how we handle personal data

When a new customer uses Cleura’s services, Cleura creates a main account in Cleura’s IT system.

Cleura keeps the main account for at least as long as the services are provided to the customer.

Types of personal data we handle and why

We handle the following personal data to set up and maintain the main account:

• Account user-id
• Account user email address
• Name of the person at the customer using the main account

Cleura uses the main account to enable customers to manage administrative affairs related to their business relationship with Cleura, and to create Cleura Cloud Management Portal and API user accounts.

Service logs

Cleura has a legitimate interest in providing cloud services to customers, and customers have a legitimate interest in using those services. This necessitates Cleura logging certain information related to the customer’s use of the services.

Cleura also has a legal obligation under Article 32(1) GDPR to implement appropriate technical and organisational measures together with the controller, to ensure appropriate security of personal data. Logging certain information related to the customer’s use of the services is a necessary part of this.

When and how we handle personal data

Cleura keeps logs of actions taken using Cleura Cloud Management Portal user accounts and API user accounts. Logs of actions are automatically recorded and sent to a main log, where they are saved.

Cleura keeps the logs for at least as long as the services are provided to the customer.

Types of personal data we handle and why

• Which Cleura Cloud Management Portal user accounts and API user accounts are used.
• What actions each account performs.
• At what time actions are performed.

We use this data to ensure Cleura complies with its agreement with the customer regarding the proper provision of services, and Cleura’s legal obligations.

Cleura’s use of personal data in service cases

Cleura processes personal data in service cases when someone emails us, uses our contact form or calls a dedicated support number. We provide information about this here (link).