1. Data Controller
Cloud-PVE is a service operated by LenoIT SARL, a company incorporated under French law. For any privacy-related enquiries, you may contact us at contact@cloud-pve.com.
2. Data We Collect
We collect the following categories of personal data:
- Account data: name, email address, company name, and billing information provided at account creation.
- Technical data: IP addresses, server logs, and usage metrics generated during your use of the platform.
- Contact form data: name, email address, company name, and the content of your message, submitted when you use our contact form.
We do not collect sensitive personal data as defined under Article 9 of the GDPR.
3. Purposes of Processing
Your personal data is processed for the following purposes:
- Account creation and management
- Service delivery and provisioning of Cloud-PVE infrastructure
- Customer support
- Invoicing and payment processing
- Security monitoring and fraud prevention
- Communication regarding service updates and maintenance windows
4. Legal Basis for Processing
- Contract performance: processing necessary to manage your account and deliver the service you subscribed to (Art. 6(1)(b) GDPR).
- Legitimate interest: security monitoring, fraud prevention, and platform integrity (Art. 6(1)(f) GDPR).
- Legal obligation: retention of invoicing and accounting records as required by French law (Art. 6(1)(c) GDPR).
5. Data Retention
- Account data: retained for the duration of your contract, plus 3 years after termination.
- Server and access logs: retained for 12 months.
- Billing and invoice records: retained for 10 years in compliance with French accounting law.
6. Third-Party Recipients
Your data may be shared with the following categories of third parties:
- Payment processor: Stripe, Inc., for secure payment processing. Stripe operates under its own privacy policy.
- Infrastructure providers: EU-based data center operators hosting the Cloud-PVE platform.
- Contact form processor: Formspree, Inc. (United States) receives and forwards messages submitted through our contact form. This transfer outside the EEA is governed by the European Commission's Standard Contractual Clauses. Formspree operates under its own privacy policy.
We do not sell, rent, or trade your personal data to any third party.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: obtain a copy of the data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your data where no legal basis for retention applies.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to restriction: request that we limit the processing of your data.
- Right to object: object to processing based on legitimate interest.
To exercise any of these rights, send an email to contact@cloud-pve.com. We will respond within 30 days. Identity verification may be required before we can fulfil your request.
You also have the right to lodge a complaint with the French data protection authority, the CNIL (Commission Nationale de l'Informatique et des Libertés), at cnil.fr.
8. Cookies and analytics
Cloud-PVE uses session cookies strictly necessary for authentication and maintaining your logged-in session.
The site also uses SiteBehaviour, an audience measurement and navigation analytics tool. It records, in aggregate form and as heatmaps, the pages viewed, clicks and movements, in order to improve the site's usability and content. This tool stores information in your browser and sends navigation data to its provider. It is not used for advertising or commercial profiling.
You can object to this audience measurement by enabling your browser's tracker blocking, a dedicated extension, or private browsing mode.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- TLS 1.3 encryption for all data in transit
- Access controls limiting data access to authorised personnel only
- Regular security audits and vulnerability assessments