Privacy Notice

Effective Date: 27 November 2025

1. INTRODUCTION

This Data Protection Notice (“Notice”) sets out the basis upon which Cloud Kinetics (collectively, “we”, “us”, or “our”) collects, uses, discloses, stores, and processes Personal Data.

We are committed to the highest standards of data privacy and protection in accordance with our internal Global Data Privacy and Protection Policy and applicable laws, including:

  • Singapore: Personal Data Protection Act 2012 (PDPA)
  • European Union / UK: General Data Protection Regulation (GDPR)
  • India: Digital Personal Data Protection Act 2023 (DPDP)
  • United States: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • ASEAN: Relevant laws in Indonesia (PDP Law), Vietnam (Decree 13), Malaysia (PDPA), and Thailand (PDPA).

This Notice applies to our customers, vendors, partners, website visitors, and other individuals who interact with us (“you” or “your”).

2. DEFINITIONS

  • “Personal Data” (or Personal Information) refers to data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
  • “Processing” means any operation performed on Personal Data, such as collection, recording, storage, adaptation, use, disclosure, or erasure.
  • “Data Controller” (or “Data Fiduciary” in India) means the entity that determines the purposes and means of processing Personal Data.
  • “Data Processor” means the entity that processes Personal Data on behalf of the Data Controller.
  • “Data Subject” (or “Data Principal” in India) refers to the individual to whom the Personal Data relates.

Important Note on Our Role:

  • As a Controller: We act as a Data Controller when we collect your contact details for marketing, billing, or account management.
  • As a Processor: When we provide cloud management services, migration, or DevOps services to our enterprise clients, we may process end-user data on their behalf. In such cases, our client is the Controller, and we process data strictly per their instructions and our Master Services Agreement (MSA).

3. PERSONAL DATA WE COLLECT

We may collect the following categories of Personal Data:

  1. Identity & Contact Data: Name, job title, email address, telephone number, nationality, and passport/ID details (only where strictly required for regulatory compliance or onsite access).
  2. Technical & Usage Data: IP address, browser type, device identifiers, login data, and interaction data with our website (cookies).
  3. Financial & Transaction Data: Bank account details and payment history (for billing purposes).
  4. Marketing & Communications Data: Your preferences in receiving marketing from us and your communication history.

4. HOW WE COLLECT DATA

We generally do not collect your Personal Data unless:

  • Direct Interaction: You voluntarily provide it (e.g., submitting a “Contact Us” form, signing a contract, exchanging business cards).
  • Automated Technologies: As you interact with our website, we automatically collect Technical Data via cookies and server logs.
  • Third Parties: We receive data from authorized partners, recruitment agencies, or public sources (e.g., LinkedIn) to facilitate business relationships.

5. PURPOSES AND LAWFUL BASIS FOR PROCESSING

We process your data for the following purposes. In line with our Global Policy, we ensure every processing activity has a specific lawful basis:

Purpose Lawful Basis
Service Delivery: Provisioning cloud resources, migration services, and technical support. Contractual Necessity
Business Management: Invoicing, account management, and relationship maintenance. Contractual Necessity
Security: Detecting and preventing fraud, cyberattacks, and unauthorized access. Legitimate Interest
Marketing: Sending newsletters or event invitations. Consent (Explicit Opt-In)
Compliance: Meeting legal obligations (tax, accounting, law enforcement requests). Legal Obligation
Improvement: Analytics to improve our services and website. Legitimate Interest

Note: Where local laws (such as in India or Singapore) allow for “Deemed Consent” (e.g., for employment or voluntarily provided data), we may rely on this basis only where explicitly applicable and strictly necessary.

6. DISCLOSURE OF PERSONAL DATA

We may disclose your Personal Data to:

  1. Affiliates: Other entities within the Cloud Kinetics group for internal administration and support.
  2. Service Providers: Third-party vendors who provide IT infrastructure (e.g., AWS, Azure, Google Cloud), CRM systems, or professional advice (auditors, lawyers).
  3. Regulatory Authorities: Governments and law enforcement agencies where required by law.
  4. Business Transfers: In the event of a merger, acquisition, or sale of assets.

We do not sell your Personal Data to third parties for money.

7. INTERNATIONAL DATA TRANSFERS

As a global firm, we may transfer Personal Data across borders. We ensure such transfers are lawful and secure through:

  • Standard Contractual Clauses (SCCs): Binding data importers to GDPR-level standards.
  • Adequacy Decisions: Transferring to countries deemed to provide adequate protection.
  • Binding Corporate Rules (BCRs): For intra-group transfers, where applicable.

8. YOUR RIGHTS & RESPONSE TIMEFRAMES

You have specific rights regarding your Personal Data. While local laws vary, Cloud Kinetics has adopted a Global Standard to fulfill valid requests within 30 Calendar Days unless a specific local law requires a faster response (e.g., Vietnam/Indonesia).

To exercise any of these rights, please contact our DPO (see Section 12).

8.1 Global Rights (Applicable to All)

Right Description Response Timeframe
Access Request a copy of the personal data we hold about you. 30 Calendar Days
Correction Request correction of error or omission in your data. 30 Calendar Days
Erasure Request deletion of data (“Right to be Forgotten”). 30 Calendar Days
Withdraw Consent Withdraw consent for specific collections/uses. 10 Business Days

8.2 Region-Specific Rights

  • India (DPDP): You have the Right to Grievance Redressal and the right to Nominate an individual to exercise rights in case of death/incapacity.
  • USA (CCPA/CPRA): You have the Right to Opt-Out of Sale/Sharing of your personal information. You may exercise this right by sending an email request to our Data Protection Officer (DPO).
  • ASEAN (Vietnam/Indonesia): We adhere to the stricter 72-hour response requirement for specific requests where mandated by local Decree 13 or PDP Law.

9. CHILDREN’S DATA

In line with our global policy, we define a “child” as an individual under the age of 18.

  • We do not knowingly collect Personal Data from children without verifiable parental consent.
  • We do not conduct tracking or behavioral monitoring of users known to be under 18.

10. RETENTION OF PERSONAL DATA

We retain Personal Data only for as long as necessary. Adhering to our Data Retention and Disposal Policy, our standard retention periods are:

Data Category Retention Period
Client Project Data Duration of project + 7 years
Client Contact Info (CRM) Duration of relationship + 3 years
Financial & Tax Records 7 years (Statutory Requirement)
Website Analytics Data 26 months
Unsuccessful Job Applicants 2 years (from date of application)
Employee Records Duration of employment + 7 years

11. DATA SECURITY & BREACH NOTIFICATION

We implement “Technical and Organizational Measures” (TOMs) such as encryption, MFA, and role-based access control to protect your data.

Breach Notification Commitment:

In the event of a data breach likely to result in risk to your rights and freedoms, we are committed to notifying the relevant supervisory authority and/or affected individuals within 72 hours of becoming aware of the breach, adopting the strictest global standard (GDPR/ASEAN) across our operations.

12. CONTACT US / DATA PROTECTION OFFICER (DPO)

If you have questions, complaints, or wish to exercise your rights, please contact our Data Protection Officer:

Global DPO Contact:

  • Name: Jaymes Deok
  • Email: dpo@cloud-kinetics.com
  • Phone: +65 98325136
  • Address: 3 Phillip Street #11-04, Royal Group Building, Singapore 048693

Let's connect

Talk to us about anything cloud & Cloud Kinetics. We'd love to hear from you!

GET IN TOUCH

Services

About Us

Copyright 2025 © All rights reserved.