“CloudLIMS Services” include our:
- SaaS Products
but does not include:
- Third Party Products. These are third party products or services that you may choose to integrate with CloudLIMS products or services. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.
A “Device” is any computer used to access the CloudLIMS Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
Add-On: A bundle of code, resources and configuration files that can be used with a CloudLIMS product to add new functionality or to change the behavior of that product’s existing features.
Content: Any information or data that you upload, submit, post, create, transmit, store or display in a CloudLIMS Service.
Personal Information: Information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, IP address, geographic locations or phone number. Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.
Websites: CloudLIMS’s websites, including but not limited to CloudLIMS.com, any related websites, sub-domains and pages.
GDPR: General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Information You Provide to Us
We collect the following information:
Account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with the CloudLIMS Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes:
- Contact information such as name, email address, mailing address, IP address, geographic locations and phone number.
- Profile information such as a username, and job title, institution, Department, email and telephone number.
Other Submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the CloudLIMS Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with an CloudLIMS product could be submitted to our Support Services.
Information We Collect from Your Use of CloudLIMS Services
Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the CloudLIMS Service being used, and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the CloudLIMS Services are being affected.
The analytics information we collect includes elements of Content related to the function the user is performing. As such, the analytics information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in an CloudLIMS Service.
As of date this policy went into effect, we use Google Analytics as an analytics provider. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.
Analytics Information Derived from Content: Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Information. For example, we may query Content to determine the most common types of workflows that users use (e.g. what percentage of all instances use ITIL style workflows?) by searching for the most common workflow names, or we may query Content to determine the most popular job titles for Confluence users in order to better understand the composition of our user base.
Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.
Information We Collect from Other Sources
How We Use Information We Collect
General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:
- Provide, operate, maintain, improve, and promote CloudLIMS Services;
- Enable you to access and use CloudLIMS Services, including uploading, downloading, collaborating on and sharing Content;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and support and administrative messages;
- Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and sending updates about your team and chat rooms; and providing other news or information about us and our select partners.
- Monitor and analyze trends, usage, and activities in connection with CloudLIMS Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to CloudLIMS Services, and other illegal activities;
- Personalize CloudLIMS Services, including by providing content, features, or advertisements that match your interests and preferences;
- Enable you to communicate, collaborate, and share content with users you designate; and
- For other purposes about which we obtain your consent.
Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our CloudLIMS Services shall be limited to the purposes disclosed in this policy.
Information Sharing and Disclosure
We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.
Your Use: When you use CloudLIMS Services, Content you provide will be displayed back to you. Certain features of CloudLIMS Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into CloudLIMS Services.
Collaboration: As a natural result of using CloudLIMS Services, you may create Content and grant permission to other CloudLIMS users to access it for the purposes of collaboration. Some of the collaboration features of CloudLIMS Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the CloudLIMS Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, that you submit to the CloudLIMS Services visible to the public, unless submitted to a restricted area.
Access by Your System Administrator: You should be aware that the administrator of your instance of CloudLIMS Services may be able to:
- access information in and about your CloudLIMS Services account;
- access communications history, including file attachments, for your CloudLIMS Services account;
- disclose, restrict, or access information that you have provided or that is made
available to you when using your CloudLIMS Services account, including your Content; and
- control how your CloudLIMS Services account may be accessed or deleted.
- may have access to your stored data.
CloudLIMS Community: Our Websites offer publicly accessible community services such as blogs. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the CloudLIMS Community, please contact CloudLIMS technical support. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.
Service Providers, Business Partners and Others: We work with third party service providers to provide hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Please be aware that you are providing your Information to these third parties acting on behalf of CloudLIMS.
Testimonials: We may display personal testimonials of satisfied customers in the cloudLIMS Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of CloudLIMS’s products and services, (d) to protect CloudLIMS, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice in the cloudLIMS Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.
Information We Do Not Share
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
Data Storage, Transfer and Security
CloudLIMS hosts data with hosting service providers in numerous countries including the United States and Germany. The servers on which Personal Information is stored are kept in a controlled environment for data storage and processing of region-specific data. Dedicated servers in the US and EU regions are deployed for customers from those regions. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).
You may opt out of receiving promotional communications from CloudLIMS by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding CloudLIMS’s Services. You can opt-out of some notification messages in your account settings.
Accessing and Updating Your Information
You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator.
You or your administrator may be able to deactivate your CloudLIMS Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact CloudLIMS Support.
We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.
Compliance with GDPR
CloudLIMS as a Data Processor: Of all persons with a registered account in CloudLIMS software, personal data is stored in our systems. For end-users using CloudLIMS hosted on AWS, CloudLIMS is regarded as the Data Processor according to the GDPR. All data collected by CloudLIMS will be stored exclusively in secure hosting facilities provided by Amazon Web Services. CloudLIMS has a Business Associate Agreement (BAA) in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations.
How We Protect Your Personal Data: As a Data Processor, CloudLIMS has taken strict measures and implemented the required procedures to guarantee the safety of data of its customers. As a proof of its effort, CloudLIMS’s cloud service provider (AWS) has been IEC/ISO27001:2013 certified. The most important measures that have been taken to ensure the protection of personal data as well as confidentiality, integrity and availability of services provided by CloudLIMS as a Data Processor are:
- Secured communication via SSL encryption
- Periodic off-site encrypted data back-ups (twice every 24 hours) for disaster recovery (kept up to 1 month)
- Disaster recovery procedures
- Real-time system monitoring and logging
- Firewall and network configuration such that servers are not directly connected to the internet
- System maintenance including the installation of security patches
- Security features to protect system access, such as two-factor authentication and IP restriction
- Privacy features to block storage of personal information by end-users
- Confidentiality agreements as part of all employee contracts 10. Access to systems by CloudLIMS employees on need-to-access basis
Right to Access: The GDRP dictates that all EU citizens have the right to access the personal data that is stored by others. To provide full system functionality the following minimal set of personal data is stored in CloudLIMS software applications:
|Personal Data||Personal Data Type||Purpose|
|First Name||Regular||Together with the Last Name used as display name in the system|
|Last Name||Regular||Together with the First Name used as display name in the system|
|Organisation Email Address||Regular||Used to login and to provide system functionalities, such as forget password, receipt of invitations, messaging and notifications|
|Group||Regular||Research group or department a user works in|
|Organisation||Regular||The organisation the user works in|
|IP address||Regular||IP address used for logging purpose and various security purposes (e.g. hacking attempts, 2FA)|
|Password||Special||Password used for authentication purpose. Passwords are stored in a hashed (encrypted) format in the database|
* In case federated login (e.g. LDAP/AD/ AD FS/ Single Sign-On) is active, passwords are not required and not stored
In addition to the required personal data, the system has the option to store other personal data, such as job title or the organization address. CloudLIMS provide direct access to all personal data in the user profile from where the user has the option to remove or change any personal information in the system.
Right to be Forgotten: The GDPR gives each citizen in Europe the right to be forgotten. Considering that an essential functionality of our software products is to provide full traceability of data, the removal of personal data from the system would counteract the possibility to track who stored data in the system. For that reason, our applications do not support a software function that can be operated by an end-user to delete an account including all personal data. To claim your right to be forgotten and to remove all personal data of your account, please contact our customer care team to guide you through our formal data removal procedure. During this procedure, approval of the organization to which the system is licensed is requested so that CloudLIMS cannot be held accountable for any loss of data as a result of the data removal.
CloudLIMS offers the option to export data. Depending on the data, the software offers the option to end-users to export data as XLS, and PDF. To structure the data in any format, the software has a so-called Application Programming Interface (API) available.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to the United States to us. By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.
- Information that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
- Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America, Russia, Japan, China, and India.
- Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
- You expressly agree to the transfers of personal information described in this Section.
SSL Certificates: CloudLIMS’s has received SSL certificates from GoDaddy. An SSL Certificate protects customers’ sensitive information including application data, personal information such as name, address, password, or credit card number by encrypting the data during transmission from their computer to our server. It supports up to 256-bit encryption and is recognized by all of the major desktop and mobile browsers. Our SSL Certificate protects website and application so that customers can rest assured that the information they enter on any secured page is private and can’t be viewed by cyber crooks.
4023 Kennett Pike #50373
Wilmington DE 19807