GDPR Compliance
Last Updated: March 1, 2026
CloudLink is committed to GDPR compliance for all EU/EEA data subjects. CloudLink SASU (our EU entity registered in France) processes European personal data in accordance with the General Data Protection Regulation (EU) 2016/679.
Data Protection Officer (DPO)
Email: [email protected]
Entity: CloudLink SASU, 75008 Paris, France
Supervisory Authority: CNIL (Commission Nationale de l'Informatique et des Libertés)
Your Rights Under GDPR
- Right of Access (Art. 15) — Request a copy of your personal data
- Right to Rectification (Art. 16) — Correct inaccurate personal data
- Right to Erasure (Art. 17) — Request deletion of your data
- Right to Restriction (Art. 18) — Limit how we process your data
- Right to Data Portability (Art. 20) — Receive your data in a structured format
- Right to Object (Art. 21) — Object to processing based on legitimate interests
- Automated Decision-Making (Art. 22) — Right not to be subject to automated decisions
Lawful Basis for Processing
| Purpose | Lawful Basis | Retention |
|---|---|---|
| Account management | Contract performance | Duration of contract + 3 years |
| Service delivery | Contract performance | Duration of contract |
| Billing & invoicing | Legal obligation | 7 years (tax requirements) |
| Analytics & improvement | Legitimate interest | 26 months |
| Marketing communications | Consent | Until consent withdrawn |
| Security monitoring | Legitimate interest | 12 months |
International Data Transfers
When personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures including encryption at rest (AES-256) and in transit (TLS 1.3).
Our sub-processors are listed on our Sub-processors page.
Data Processing Agreement
CloudLink offers a pre-signed Data Processing Agreement (DPA) to all customers. Our DPA includes Standard Contractual Clauses and is available for download on our DPA page.