Privacy Policy
Effective Date: 4th April 2025
Last Updated: 4th April 2025
1. Introduction
At DPA Cloud Services Ltd, safeguarding your privacy and personal data is of paramount importance. This Privacy Policy outlines the types of information we collect, how we use it, our data protection practices, and your rights under the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable laws.
We are committed to maintaining the confidentiality, integrity, and availability of your personal data and processing it only in ways that are fair, transparent, and aligned with your expectations.
2. Who We Are
DPA Cloud Services Ltd is a private limited company registered in the United Kingdom. We provide hosted infrastructure, software-as-a-service (SaaS), data management, and IT support solutions to businesses and individuals.
Data Controller:
DPA Cloud Services Ltd
Company Number: 16220378
Registered Address: Conway Industrial Estate, Skull House Lane, Appley Bridge, Wigan, England, WN6 9EU
Email: [email protected]
ICO Registration Number: C1669104
We are the Data Controller for the personal data you provide to us unless otherwise stated.
3. What Data We Collect
A. Information You Provide Directly
- Full name, company name, job title
- Email address, phone number, billing address
- Login credentials (where applicable)
- Support queries or survey responses
- Uploaded documents or configuration files
B. Information We Collect Automatically
- IP address and approximate location
- Browser type, OS, device identifiers
- Pages visited and usage logs
- Cookies and similar technologies (see our Cookie Policy)
C. Information From Third Parties
- Identity and contact data from partners, integrations, or public databases
- Payment and invoicing data from payment processors
- Authentication tokens from single sign-on (SSO) services
4. Legal Basis for Processing
We rely on one or more of the following lawful grounds:
- Consent: Where you have given us explicit permission (e.g., for marketing).
- Contractual Necessity: To fulfil a contract or provide requested services.
- Legal Obligation: To comply with regulatory requirements.
- Legitimate Interests: To manage our business, improve our services, prevent fraud, and maintain security, provided these interests do not override your rights and freedoms.
5. How We Use Your Data
We use your data to:
- Provide access to our services and infrastructure
- Authenticate users and secure access
- Customise and personalise your experience
- Respond to support enquiries and feedback
- Invoice and process payments
- Comply with legal, financial, or regulatory obligations
- Monitor service health, reliability, and performance
- Detect, investigate, and prevent security incidents
We do not sell or lease your personal data under any circumstances.
7. International Data Transfers
Where we or our processors transfer data outside the UK or EEA, such transfers are made in accordance with applicable data protection laws using adequate safeguards, including:
- UK Addendum to Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (BCRs)
- Transfers to countries with an adequacy decision from the UK Government
We do not transfer your personal data internationally unless it is strictly necessary and secure to do so.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including to:
- Provide and support your services
- Satisfy legal or contractual obligations
- Resolve disputes or enforce agreements
- Maintain records for auditing and accounting
Retention periods are reviewed regularly. Where data is no longer required, we securely delete or anonymise it.
9. Data Security Measures
We implement comprehensive technical and organisational measures to safeguard your data, including:
- Encryption at rest and in transit (TLS, AES-256)
- Zero Trust networking and VLAN segmentation
- No public ports exposed — access via Cloudflare Zero Trust tunnels only
- Role-based access controls (RBAC) and strict authentication
- SIEM-style audit logging and alerting
- pfSense firewalls with IDS/IPS threat inspection
- Regular patching, threat detection, and penetration testing
- Secure software development lifecycle (SSDLC) practices
Our infrastructure is built with security and privacy by design and by default.
10. Your Rights
Under data protection law, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data. |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Request deletion of data no longer needed (right to be forgotten). |
| Restriction | Ask us to limit the use of your data. |
| Objection | Object to processing based on legitimate interests. |
| Data Portability | Receive your data in a machine-readable format. |
| Withdraw Consent | At any time where consent was used as the basis for processing. |
To exercise any of these rights, contact us at: [email protected]
We may need to verify your identity before fulfilling certain requests.
11. Children's Privacy
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us so we can remove it.
13. Automated Decision-Making & Profiling
We do not use your personal data for automated decision-making or profiling that produces legal or significant effects on you.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. When we do, we’ll update the “Last Updated” date at the top of this page. We encourage you to review this page periodically.
15. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please reach out to us via:
- Email: [email protected]
- Address: Conway Industrial Estate, Skull House Lane, Appley Bridge, Wigan, England, WN6 9EU
- Contact Form: Website Contact Form
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.