Privacy Policy

This Privacy Policy explains how CloudGovernance.org (operated by Turbot HQ, Inc.) collects, uses, and handles your personal information when you use our Websites and Services ("Services").

As used herein, the words "User," "you" and "your" mean users of the Website and Services, and the words "we," "our," "us" and "CloudGovernance.org" mean Turbot HQ Inc., the owner and operator of the Services. Your information is being collected by Turbot. We are the data controller in respect of personal information of our Users based in the European Union ("EU"). By accessing these Services, you represent, acknowledge and agree that you have read and understand the content of this Privacy Policy. We reserve the right to revise the Privacy Policy at any time by updating this posting. Users are encouraged to review the latest changes to the Privacy Policy whenever you access the Services.

Collection of Personal Information

We will not collect any personal information from you unless you provide it to us voluntarily.

Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for the CloudGovernance.org newsletter or access the Cloud Governance Library. Information we may collect for these uses may include your full name, e-mail address, company name, and other information you choose to provide.

Marketing. If you sign up for our newsletter or other downloadable content, we will, from time to time, send you information about products, promotions, news, and updates when permissible. Users who receive these marketing materials can opt out at any time by clicking the 'unsubscribe' link in any marketing email or by contacting us directly.

Events. In the future, we may host events for which you register to attend. CloudGovernance.org, or third-party service providers engaged to support event-related activities, may request personal data such as your name, mailing address, email address, phone number, and occupation details. This information is used to process your registration and provide relevant materials. If you choose to interact with our event partners, your data shared with them will be subject to their privacy policies.

Collection of non-personally identifiable information

Usage information. We collect information related to how you interact with the content on our Services. This data is aggregated and de-identified and is used to improve the Services and provide reporting. No personally identifiable usage tracking is conducted.

Cookies and other technologies. We use minimal cookies necessary for session login functionality to access the Cloud Governance Library. We do not use cookies for advertising or analytics purposes.

Bases for processing your data. We collect and use the personal data described above to provide you with the Services in a reliable and secure manner, and for our legitimate business needs. If we process your personal data for other purposes, we will ask for your consent.

Sharing Information with Others

We may share information for intended business purposes described below. Otherwise, we will not sell or share your personal information to a third-party for commercial purposes.

Others working for and with CloudGovernance.org. We use certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our Services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy, and we'll remain responsible for their handling of your information per our instructions.

Law and Order and the Public Interest. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of CloudGovernance.org or our users; or (d) protect our rights, property, safety, or interest.

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it's stored on our Services or on your home computer's hard drive. We'll abide by the following Government Request Principles when receiving, scrutinizing, and responding to government requests (including national security requests) for your data: a) be transparent, fight blanket requests, protect all users, and provide trusted services.

How do we Protect your Information?

Security. We take reasonable actions to protect your personal information from misuse, unauthorized or unlawful access or disclosure, loss, alteration, damage or destruction. These measures include; a) physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing Your Information. b) technology safeguards, like the use of anti-malware, encryption, monitoring of our systems and data centers, firewalls, encrypted channels, and secure communications software, to safeguard the confidentiality of your information. c) organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect personal information.

Retention. When you sign up for an account with us, or request information from us, we'll retain personal information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account or request deletion of your information as described below, we will initiate deletion of this information after 30 days. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. We retain non-personally identifiable information indefinitely.

Compliance with law

Any collection or use of personal information will comply with applicable law.

If you are located in the European Union, your personal information will be collected, used and retained in accordance with EU Directive 95/46/EC, as amended, replaced or superseded from time to time, including by EU General Data Protection Regulation 2016/679 ("GDPR") and the United Kingdom laws implementing or supplementing the GDPR. Please see "Transfer of Information to the US and Other Countries - European Union" below for more information.

If you are located in California, your personal information will be collected, used and retained in accordance with the California Privacy Rights Act of 2020 ("CPRA"), as amended, replaced or superseded from time to time.

CPRA creates rights which include:

  1. the right to correct inaccurate personal information;
  2. the right to limit use and disclosure of sensitive personal information
  3. the right to know (request disclosure of) personal information collected, from whom it was collected, why it was collected, and, if sold, to whom;
  4. the right to delete personal information collected;
  5. the right to opt-out of the sale of personal information (if applicable);
  6. the right to opt-in to the sale of personal information;
  7. the right to non-discriminatory treatment for exercising any rights; and
  8. the right to initiate a private cause of action for data breaches.

Although we maintain appropriate administrative, physical, and technical safeguards designed to protect the security, confidentiality and integrity of all electronic data or information submitted to our service, neither the Website nor our Products and Services have been certified as compliant with the GDPR, which covers personal information of residents of the European Union, the CPRA, which covers personal information of residents of California, or the Health Insurance Portability and Accountability Act ("HIPAA"), which covers personal health information.

CAN-SPAM

We have taken the necessary measures to ensure that we are in compliance with The Federal Trade Commission's CAN-SPAM Act of 2003. If at any time you would like to discontinue receiving email messages, we include detailed instructions on how to unsubscribe at the bottom of every email.

Children

The Website is not directed at persons under 18 years of age and our content and other services are not written, intended, or designed for persons under 18 years of age. We do not intend to collect any personal information from such individuals.

Links to Other Websites

Our website may allow links to other websites. When you click on such a link, you will leave our website. The privacy policy of the external website will then be in effect, not CloudGovernance.org’s Privacy Policy. We assume no responsibility for the information practices of sites you are able to access through the website. These links to other sites do not imply affiliation or endorsement of a linked site in any way.

Transfer of Information to the US and Other Countries

Around the world. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world-including those outside your country. Information may also be stored locally on the devices you use to access the Services.

European Union. In connection with CloudGovernance.org’s processing of personal data it receives in the U.S. from the European Union ("EU Data"), CloudGovernance.org participates in, and complies with, the EU-U.S. Data Privacy Framework Principles, UK Extension to the EU-U.S. Data Privacy Framework Principles, and Swiss-U.S. Data Privacy Framework Principles (collectively, the "DPF Principles") as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. CloudGovernance.org (operated by Turbot HQ, Inc.) has certified to the Department of Commerce that it adheres to the DPF Principles. CloudGovernance.org is committed to subjecting all EU Data, in reliance on the DPF Principles, to the DPF Principles' applicable Principles. For purposes of enforcing compliance with the DPF Principles, Turbot is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Without limiting the above, CloudGovernance.org adheres to the Principle of Accountability for Onward Transfer. As noted in Sharing of Information above, we may transfer personal information (including EU Data) to our vendors, consultants and other service providers who need access to such EU Data to carry out work on our behalf. This personal data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law.

Changes

If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you. Your Right to Control and Access Your Information

You have control over your personal information and how it is collected, used, and shared. For example, you have a right to:

  1. Withdraw consent at any time where we are processing your personal data. Turbot will stop continued processing of data applicable to your concern. You can request consent to withdraw by emailing privacy@cloudgovernance.org, or stop using these services.
  2. Erase or delete all or some of your information in your CloudGovernance.org account, or systems storing your information. You can request deletion by emailing privacy@cloudgovernance.org or replying to any email message you receive from CloudGovernance.org.
  3. Change or correct personal data. You can request updates by emailing privacy@cloudgovernance.org or replying to any email message you receive from CloudGovernance.org with the updated information.
  4. Request access and capture your data. You can ask us for a copy of personal data you provided to us by emailing privacy@cloudgovernance.org
  5. For EU Data subjects, lodge a formal complaint with the Information Commissioner in Ireland (or your local EU supervisory authority if you live outside the UK) if you have a complaint about any processing of your personal data being conducted by us. For non-EU data subjects, you have the right to contact your local data protection supervisory authority.

Contact Us

Your personal information is controlled by Turbot HQ, Inc. If you have questions or concerns about Turbot, our Services, and Privacy, contact our privacy team at privacy@cloudgovernance.org. For direct mail; Turbot Privacy, 500 Westover Dr #20232, Sanford, NC 27330. If Turbot does not resolve your complaint, you may submit your complaint free of charge to Turbot's U.S. based third-party dispute resolution provider and designated Data Privacy Framework dispute resolution provider here: https://www.jamsadr.com/dpf-dispute-resolution. Under certain conditions specified by the Principles and more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction, you may also be able to invoke binding arbitration to resolve your complaint.