Cloud GatewayCloud Gateway Logo
Get in touch
Home / compliance / privacy policy

General Privacy Notice 


We may update this Privacy Notice from time to time. This version was last updated in July 2025. 

We are


Company Name: CLOUD GATEWAY LIMITED

Company number: 10660712

A registered company in: England

With our registered address at: 7th & 8th Floors, 24 King William Street, London, EC4R 9AT

ICO registration: ZA413371

Referred to as “Cloud Gateway” / “we” / “us”


This Privacy Notice describes how we collect and use your personal information in relation to Cloud Gateway products and services, including the website and applications and describes what information we collect about you, how we use it, and the rights you have in relation to that collection and usage. 

We have an appointed Data Protection Officer. They can be contacted in writing by:

  1. Sending a letter to The Ministry, 79-81 Borough Road, London, SE1 1DN

  2. Emailing compliance@cloudgateway.co.uk


1. Key definitions

1.1. The key terms that we use throughout this Privacy Notice are defined below, for ease: 

Data Controller: under Data Protection Law, this is the organisation or person responsible for deciding how Personal Data is collected, stored and used.

Data Processor: a Data Controller may appoint another organisation or person to process Personal Data on behalf of, and on the written instructions of, the Data Controller.

Sub-processor: acts under the instructions of the Data Processor, meaning that they may process individuals' Personal Data on behalf of the Data Processor.

Personal Data: any information from which a living individual can be identified. It does not apply to information that has been anonymised. 

Special category information: certain Personal Data requires extra protection under Data Protection Law. This includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.

Automated decision making: this term refers to making a decision automatically without human involvement.

Data Protection Law: the Data Protection Act 2018, the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations. 

2. What Personal Data do we collect?


2.1. We collect personal information throughout the course of providing our goods and services to you. The types of information that we gather are as follows:

Delivery and support for our goods and services

  • Identity information. Information relating to your identity such as your name, title, company. (MANDATORY)

  • Contact information. Information relating to your contact details such as email address, addresses, telephone numbers. (MANDATORY)

  • Payment information. Information relating to the methods by which you provide payment to us such as (bank account details, credit or debit card details) and details of any payments (including amounts and dates) that are made between us. (MANDATORY)

  • Transaction information. Information relating to transactions between us such as details of the goods, services and/or digital content provided to you and any returns details. (MANDATORY)

  • Other personal information. Any additional information including, but not limited to, Personal Data provided during calls and meetings, or as free text in emails, form submissions, support tickets, etc. (OPTIONAL)

Marketing communications

  • Identity information. Information relating to your identity such as your name, title, company. (OPTIONAL)

  • Contact information. Information relating to your contact details such as email address, addresses, telephone numbers. (OPTIONAL)

Applying for a job

  • Recruitment information. Information relating to the enablement of recruitment, such as a curriculum vitae (CV). (MANDATORY)

Using our website

  • Mandatory cookies. Necessary cookies to ensure the functioning of the website. For more information on how we process cookies, view our Cookie policy here. (MANDATORY)

  • Optional cookies. Analytics, personalisation and marketing cookies permitted with your consent. For more information on how we process cookies, view our Cookie policy here. (OPTIONAL)

  • Other personal information. Provided in contact forms or online chat support (OPTIONAL)

3. What special category information do we collect or process?


3.1. We do not purposefully collect or hold any special category information about you.

3.2. Personal Data processed by you through our service (the network) may contain special category information. We do not have visibility of this information unless the criteria detailed in item 6.2 is met.

4. Why do we use Personal Data?


4.1. We are only able to use your Personal Data for certain reasons set out in Data Protection Law. In most cases, we will use your Personal Data for the following:

  • Contract: To perform our obligations under a contract we have entered into with you;

  • Legal obligation: To perform a legal obligation by which we are bound;

  • Consent: You have given us your consent to use your Personal Data for a specific reason or reasons;

  • Legitimate interests: To fulfil legitimate interests of our own, so long as that legitimate interest does not override your fundamental rights, freedoms or interests.

4.2. We use your Personal Data for the following purposes:

  • To enrol you as a customer (Contract)

  • To process your payments (Contract)

  • To manage our contract with you and to notify you of any changes (Contract)

  • To communicate with you e.g. via phone or email. (Contract)

  • For record keeping, including in relation to any guarantees or warranties provided as part of the sale of goods, services and/or digital content. (Contract)

  • To comply with audit and accounting matters (Legal obligation)

  • To improve our offerings, e.g. meeting and call recordings and transcriptions for training and quality purposes (Consent)

  • To recommend and send communications to you about goods, services, and/or digital content that you may be interested in (Consent, Legitimate interest). Further details about our marketing practices are set out in Section 12 below.

4.3. If you do not provide us with the required Personal Data, such as that which is required to deliver our contract or comply with legal obligations, we may not be able to supply the goods and services to you.

4.4. It is important that you keep your Personal Data up to date. If any of your Personal Data changes, you may be able to update your details through the Cloud Gateway Portal. Examples of information you can access and update through the Cloud Gateway Portal include:

  • Your name, email address, phone number, and other similar contact information

  • Usernames, aliases, roles, and other authentication and security credential information

To update other information, please contact us as soon as possible. If you do not do this, we may not be able to supply the goods and services to you.

4.5. Where we rely on consent as the legal reason for processing your Personal Data, you have the right to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details provided at the beginning of this notice. We will stop processing your Personal Data unless we have another legal reason to keep processing it – in which case, we will confirm that reason to you. 

4.6. We may anonymise Personal Data so that you can no longer be identified by it and use this for our own purposes. This is permissible because you are not identifiable.

5. Who your Personal Data may be shared with 


5.1. We may need to share your Personal Data with other organisations or people. These can include third parties such as, but not limited to:

  • a. Regulatory bodies, e.g. HMRC and fraud prevention agencies

  • b. Our advisors e.g., lawyers, accountants, auditors and insurance companies

  • c. Our bank and credit/debit card payment agencies

  • d. Credit reference agencies

  • e. Suppliers, e.g. network providers, IT and customer relationship support services, payment providers, subcontractors, etc.

  • f. Email, meeting and voice platforms and automated (artificial intelligence) transcription services

  • g. Marketing agencies, e.g. events management or email campaigns support providers

  • h. Analytics and search engine providers that assist us in the improvement and optimisation of the website

  • i. Any organisations involved in the purchase of our business and assets; and/or

  • j. Law enforcement. We may release Personal Data when we believe it is needed to comply with the law, enforce our terms, or protect the rights, property, or security of our business, customers, or others

5.2. When we are a Data Processor and share your Personal Data with another Data Processor, and they are therefore a Sub-processor, we will ensure that contracts are in place to detail the responsibilities we have and they have with regards to handling and protecting Personal Data. You can view our Sub-processors here.

5.3. We do not sell any of the Personal Data that you provide to us.

6. Are we a Data Controller or a Data Processor?


6.1. We are the Data Controller of the Personal Data we collect, hold and use about you where we determine the means and purpose of processing, as per this Privacy Notice.

6.2. As a network connectivity provider, we are not commonly a Data Processor for our customers. Data is transferred through our gateway and across the network we have connected for you.

6.3. Where you choose to send data across the network we have connected for you in an encrypted format, as is strongly recommended to all of our customers, we will have no access to it. By its very nature, we cannot access encrypted data, and therefore are not a Data Processor of Personal Data transferred in this way.

6.4. Where you choose to send data across the network we have connected for you in an unencrypted format, we are a Data Processor only under the following circumstances:

  • We, under your instruction to provide customer support or to investigate network health, need to review unencrypted traffic packets AND;

  • The contents of the packet contains identifiable Personal Data of UK/EU citizens

Access to this Personal Data is restricted to only our technical engineers, and under no other circumstances are engineers obliged to or permitted to view traffic content.

6.5. Where we act as a Data Processor, it is your responsibility as the Data Controller to provide a data processing table to us to specify processing activities.

7. Do we transfer data outside of the European Economic Area (EEA)?


7.1. If we transfer any Personal Data outside of the EEA, we will implement safeguards to ensure the data is protected to a similar degree, as though it had remained within the EEA.

7.2. The safeguards set out in Data Protection Law may include:

  • a. The transfer is to a country or territory that the ICO has approved as ensuring an adequate level of protection (“Adequacy decision”)

  • b. Binding corporate rules are in place where the transfer is to another organisation within our group, under an agreement covering this situation; or

  • c. An international data transfer agreement (approved by the ICO) or standard contractual clauses (SCCs) are/is in use

7.3. Where relevant under applicable legislation, we will assess the level of risk the transfer introduces and ensure adequate protection of the Personal Data.

8. How do we secure personal information?


8.1. We maintain a wide variety of compliance programmes that validate our security controls. These include, but are not limited to the ISO/IEC 27001 information security standard, CyberEssentials PLUS and PCI DSS.

8.2. We use encryption protocols and software to protect the security of data during transmission to or from our websites, applications, products or services.

8.3. We maintain physical, electronic, and procedural safeguards when we collect, store, and/or disclose Personal Data, such as access control restrictions and authentication requirements.

8.4. We provide all employees with training to ensure awareness and understanding of information security and data protection principles.

8.5. We ensure that all employees are made aware of their individual obligations in respect to information security and data protection.

8.6. We reserve the right to enact disciplinary action should an employee/s not comply with information security and data protection policies, procedures and responsibilities.

8.6. Notwithstanding the above provisions, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet, you do so at your own risk.

9. How long will we hold your Personal Data?


9.1. We will only hold your Personal Data for as long as necessary. The length of time will depend upon the purposes for which the data was collected and whether we are under any legal obligation to keep it (such as accounting or auditing records). We may also need to keep Personal Data in case of any legal claims, such as to ensure any warranties provided with the goods, services and digital content.

10. Do we conduct any automated decision making?

10.1. We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you.

11. What are your rights under Data Protection Law?


11.1. Under Data Protection Laws, you have certain rights in relation to your Personal Data. These are:

11.1a. Right to object

You have the right to object to us handling your Personal Data when:

  • a. We are handling your Personal Data based on our legitimate interests (as described in section 4.2 above). If you ask us to stop handling your Personal Data in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your Personal Data should continue; or

  • b. We are handling your Personal Data for marketing purposes. If you ask us to stop handling your Personal Data on this basis, we will stop.

11.1b. Right of access

You are entitled to receive confirmation as to whether your Personal Data is being processed by us, as well as various other information relating to our use of your Personal Data. You also have the right to access your Personal Data which we are handling.

11.1c. Right to rectification

You have the right to require us to rectify any inaccurate Personal Data we hold about you. You also have the right to have incomplete Personal Data we hold about you completed, by providing a supplementary statement to us.

11.1d. Right to restriction

You can restrict our processing of your Personal Data where:

  • a. You think we hold inaccurate Personal Data about you;

  • b. Our handling of your Personal Data breaks the law, but you do not want us to delete it;

  • c. We no longer need to process your Personal Data, but you want us to keep it for legal reasons; or

  • d. We are handling your Personal Data because we have a legitimate interest, and you are in the process of objecting to this use of your Personal Data.

  • e. Where you exercise your right to restrict us from using your Personal Data, we will then only process your Personal Data when you agree, except for storage purposes and to handle legal claims.

11.1e. Right to data portability

You have the right to receive the Personal Data we hold about you in a structured, standard machine readable format and to send this to another organisation controlling your Personal Data.

11.1f. Right to erasure

You have the right to require us to erase your Personal Data which we are handling in the following circumstances:

  • a. We no longer need to use your Personal Data for the reasons we told you we collected it for;

  • b. Where we needed your consent to use your Personal Data and you have withdrawn your consent;

  • c. You object to our use of your Personal Data and we have no compelling reason to carry on handling your Personal Data;

  • d. Our handling of your Personal Data has broken the law; or

  • e. We must erase your Personal Data to comply with a law we are subject to.

11.1g. Right to withdraw consent

Where we rely on consent as the legal reason for processing your Personal Data, you have the right to withdraw your consent at any time.

11.2. If you want to exercise any of the above rights, please contact us using the details provided at the beginning of this notice. Ahead of your request, please note:

  • a. We may need more information from you to verify your identity;

  • b. We do not charge a fee unless your request is unfounded or excessive; and

  • c. If your request is unfounded or excessive, we may refuse to action it.

12. Marketing


12.1. If you have purchased from us before, we may reach out to you periodically with further marketing communications about our business and relevant products and services.

12.2. If we think you are a potential customer based on your role and industry you work in, we may contact you with relevant information about our products and services using a trusted data supplier.

12.3. Any marketing communications you may receive from us will provide an option to unsubscribe and withdraw your consent to receiving them. You can also contact us directly using the details provided at the beginning of this notice, if you wish to change your communication methods and preferences.

12.4. We will periodically reach out to you to confirm that you wish to continue to receive marketing communications.

12.5. If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not related to marketing.

12.6. As per item 5.3, we do not sell your personal information and this includes contact information for marketing purposes.

13. Complaints


13.1. If you are unhappy about the way that we have handled or used your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO). Please contact us in the first instance if you wish to make a complaint, so that we have the opportunity to resolve the situation. You can contact us using the details provided at the beginning of this Privacy Notice.

14. Changes to this Privacy Notice


Any changes we make to our Privacy Notice in the future will be signposted on our website and, where appropriate, notified to you by email. Please check back frequently to see any changes.

15. Enquiries


Questions, comments and requests regarding this Privacy Notice are welcomed and should be directed to us using the contact details provided at the beginning of this Notice.