"CloudLIMS Services" include our:
but does not include:
A "Device" is any computer used to access the CloudLIMS Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
Add-On: A bundle of code, resources and configuration files that can be used with a CloudLIMS product to add new functionality or to change the behavior of that product's existing features.
Content: Any information or data that you upload, submit, post, create, transmit, store or display in a CloudLIMS Service.
Personal Information: Information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, IP address, geographic locations or phone number. Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.
Websites: CloudLIMS's websites, including but not limited to CloudLIMS.com, any related websites, sub-domains and pages.
GDPR: General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
We collect the following information:
Account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with the CloudLIMS Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes:
Other Submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the CloudLIMS Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with an CloudLIMS product could be submitted to our Support Services.
Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the CloudLIMS Service being used, and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the CloudLIMS Services are being affected.
The analytics information we collect includes elements of Content related to the function the user is performing. As such, the analytics information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in an CloudLIMS Service.
As of date this policy went into effect, we use Google Analytics as an analytics provider. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.
Analytics Information Derived from Content: Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a group or category of services, features or users that does not contain Personal Information. For example, we may query Content to determine the most common types of workflows that users use (e.g. what percentage of all instances use ITIL style workflows?) by searching for the most common workflow names, or we may query Content to determine the most popular job titles for Confluence users in order to better understand the composition of our user base.
Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.
General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:
Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our CloudLIMS Services shall be limited to the purposes disclosed in this policy.
We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.
Your Use: When you use CloudLIMS Services, Content you provide will be displayed back to you. Certain features of CloudLIMS Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into CloudLIMS Services.
Collaboration: As a natural result of using CloudLIMS Services, you may create Content and grant permission to other CloudLIMS users to access it for the purposes of collaboration. Some of the collaboration features of CloudLIMS Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the CloudLIMS Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, that you submit to the CloudLIMS Services visible to the public, unless submitted to a restricted area.
Access by Your System Administrator: You should be aware that the administrator of your instance of CloudLIMS Services may be able to:
CloudLIMS Community: Our Websites offer publicly accessible community services such as blogs. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the CloudLIMS Community, please contact CloudLIMS technical support. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.
Service Providers, Business Partners and Others: We work with third party service providers to provide hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Please be aware that you are providing your Information to these third parties acting on behalf of CloudLIMS.
Testimonials: We may display personal testimonials of satisfied customers in the cloudLIMS Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of CloudLIMS's products and services, (d) to protect CloudLIMS, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice in the cloudLIMS Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
CloudLIMS hosts data with hosting service providers in numerous countries including the United States and Germany. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).
You may opt out of receiving promotional communications from CloudLIMS by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding CloudLIMS's Services. You can opt-out of some notification messages in your account settings.
You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator.
You or your administrator may be able to deactivate your CloudLIMS Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact CloudLIMS Support.
We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.
CloudLIMS as a Data Processor: Of all persons with a registered account in CloudLIMS software, personal data is stored in our systems. For end-users using CloudLIMS hosted on AWS, CloudLIMS is regarded as the Data Processor according to the GDPR. All data collected by CloudLIMS will be stored exclusively in secure hosting facilities provided by Amazon Web Services. CloudLIMS has a Business Associate Agreement (BAA) in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations.
How We Protect Your Personal Data: As a Data Processor, CloudLIMS has taken strict measures and implemented the required procedures to guarantee the safety of data of its customers. As a proof of its effort, CloudLIMS's cloud service provider (AWS) has been IEC/ISO27001:2013 certified. The most important measures that have been taken to ensure the protection of personal data as well as confidentiality, integrity and availability of services provided by CloudLIMS as a Data Processor are:
Right to Access: The GDRP dictates that all EU citizens have the right to access the personal data that is stored by others. To provide full system functionality the following minimal set of personal data is stored in CloudLIMS software applications:
|Personal Data||Personal Data Type||Purpose|
|First Name||Regular||Together with the Last Name used as display name in the system|
|Last Name||Regular||Together with the First Name used as display name in the system|
|Organisation Email Address||Regular||Used to login and to provide system functionalities, such as forget password, receipt of invitations, messaging and notifications|
|Group||Regular||Research group or department a user works in|
|Organisation||Regular||The organisation the user works in|
|IP address||Regular||IP address used for logging purpose and various security purposes (e.g. hacking attempts, 2FA)|
|Password||Special||Password used for authentication purpose. Passwords are stored in a hashed (encrypted) format in the database|
* In case federated login (e.g. LDAP/AD/ AD FS/ Single Sign-On) is active, passwords are not required and not stored
In addition to the required personal data, the system has the option to store other personal data, such as job title or the organization address. CloudLIMS provide direct access to all personal data in the user profile from where the user has the option to remove or change any personal information in the system.
Right to be Forgotten: The GDPR gives each citizen in Europe the right to be forgotten. Considering that an essential functionality of our software products is to provide full traceability of data, the removal of personal data from the system would counteract the possibility to track who stored data in the system. For that reason, our applications do not support a software function that can be operated by an end-user to delete an account including all personal data. To claim your right to be forgotten and to remove all personal data of your account, please contact our customer care team to guide you through our formal data removal procedure. During this procedure, approval of the organization to which the system is licensed is requested so that CloudLIMS cannot be held accountable for any loss of data as a result of the data removal.
CloudLIMS offers the option to export data. Depending on the data, the software offers the option to end-users to export data as XLS, and PDF. To structure the data in any format, the software has a so-called Application Programming Interface (API) available.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to the United States to us. By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.
SSL Certificates: CloudLIMS's has received SSL certificates from GoDaddy. An SSL Certificate protects customers' sensitive information including application data, personal information such as name, address, password, or credit card number by encrypting the data during transmission from their computer to our server. It supports up to 256-bit encryption and is recognized by all of the major desktop and mobile browsers. Our SSL Certificate protects website and application so that customers can rest assured that the information they enter on any secured page is private and can't be viewed by cyber crooks.
427 N Tatnall St #42818
Wilmington, DE 19801-2230