Privacy statement

Updated on: 9 December, 2024

Our Commitment to Privacy

Clouds of Care (including its business units Epilog and Somnilog), (hereinafter: “Clouds of Care”, “we” or “our”), in its capacity as data controller, values privacy and is therefore committed to protect personal data with the greatest possible care, and to process personal data only in a fair and lawful manner in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) as well as any applicable current or future national or international legislation in execution or replacement thereof. Clouds of Care also processes your personal data in accordance with US legislation, such as (i) the Health Insurance Portability and Accountability Act of 1996, (ii) the Health Information Technology for Economic and Clinical Health Act and (iii) all rules, regulations, and related laws and acts promulgated under and in connection therewith.

This Privacy Statement is applicable to (i) our websites https://www.epilog.care/, https://www.cloudsofcare.com, https://www.somnilog.care and our platform(s) (hereinafter referred to as: websites”, and (ii) all (commercial) relations between Clouds of Care, and/or its business units Somnilog and Epilog, and its customers, prospects and business partners for the personal data collected and processed by Clouds of Care through these websites and the related services.

Notions such as “processing”, “processor”, “controller” or “personal data” shall have the meaning attributed under the GDPR.

This Privacy Statement contains essential information on how Clouds of Care, as the data controller, collects and processes your personal data, including for what purposes, for how long and what your rights as a data subject are. Should you have any additional questions after reading this Privacy Statement carefully, do not hesitate to contact us by using the contact details in section 7 below.

The websites may include links to other websites over which we have no control. Clouds of Care is not responsible for the privacy policies or practices of other websites. If you access these websites via our website, you should review the privacy policies of those sites so you can understand how they collect, use and share your information.

Processing of Personal Data

Personal data can be defined as any information that allows a natural person to be identified, directly or indirectly. You can provide us with your personal data in the context of the following activities, for the corresponding purposes and based on the stated grounds:

  • Contact form or correspondence: By completing the contact form on the websites, Clouds of Care will process name, surname, e-mail address, telephone number and the content of your question or message. If you contact us directly (by e-mail, telephone or letter), we will process your contact details and the content of this correspondence. We only use this information to sufficiently handle your question or message. We process this personal data on the basis of the execution of a contract. We don’t rely on your consent to process your personal data in this context, because the processing of your contact information and the content of your message or question is necessary for us to be able to provide you with an answer.
  • For the provision of our products & services: When you buy certain products or services from Clouds of Care, we collect your contact details and billing data. This is for the purpose of providing our services and managing our (customer) relationship and on the basis of your purchase agreement with Clouds of Care. We keep this information for 7 years after the last contract was concluded.
  • For sales and marketing purposes: If you are a customer of the services or products of Clouds of Care, then we can use your name and contact details for direct marketing campaigns, to inform you on promotions with regard to the products and services Clouds of Care provides of which we suspect they will be interesting to you. We can also use the data to make targeted offers, e.g. via email, or to display an advertisement on our own websites. To the extent permitted by law, we send these communications or place the advertisements, based on the legitimate interest of Clouds of Care, if we notice that you are interested in or benefit from our services or products. If required, we will obtain your prior consent for these purposes. It will be just as easy to withdraw consent as it is to provide it. Clouds of Care stores your personal data that is used for sales and marketing purposes until 3 years after you’re no longer a customer.
  • Optimization and tailoring of the websites and communication to you: On the basis of our legitimate interest to do so, we can process your web behavior (e.g. click rates, time spent in websites, the type of browser you use,…) in aggregate to allow us to optimize the websites and our communication to you.
  • Processing of personal data via social media: Clouds of Care is also active through social media platforms (e.g. LinkedIn). When you use these platforms, you may be sharing certain personal data with them. The processing of your personal data by these platforms is subject to the privacy policy of the relevant platform. In addition, we can also process personal data that you share with us via social media platforms. The legal basis that we apply in this case depends on the situation and context. If you for example request more information about our services via social media, the legal basis that we apply for this use of your personal data is the necessity for the performance of the agreement.
  • Other relations: We collect contact details of our current or future suppliers and partners. We process this information to enter into our agreements and to manage our relationships or collaborations. This processing is therefore based on the conclusion and execution of our contracts and business relations. Clouds of Care keeps this personal data for 7 years after the last contract was concluded.

Clouds of Care commits to process your personal data only in a way that is compatible with the purposes for which the data were initially collected.

Your Rights as a Data Subject

One of the aims of the GDPR is to empower individuals and to give them control over their personal data. Subject to the provisions of the GDPR and to the extent applicable, you have the possibility to exercise the following rights as described in the GDPR, subject to certain limitations:

  • Right to information: You have the right to be informed about how your personal data is being processed (in particular, which personal data is being processed, for what purposes and on the basis of which legal ground). The privacy statement you are reading right now aims to do just this.
  • The right of access: You have the right to access your personal data and to request a copy of the personal data.
  • Right to rectification: You have the right to have incorrect personal data corrected, or incomplete personal data completed.
  • Right to erasure: You can request the erasure of the personal data that is being kept about you. The request to erase your personal data cannot always be granted, for example due to contractual or legal obligations.
  • Right to object: You have the right to object to the processing of your personal data, for example if the processing takes place on the ground of the legitimate interest or on the ground of the public interest of Clouds of Care processing your data. When your personal data is used for direct marketing purposes, you have an absolute right to object to this processing activity.
  • Right to withdraw consent: For the processing of your personal data collected by Clouds of Care with your consent, you can withdraw your consent at any time. However, the withdrawal of your consent does not apply to processing carried out by Clouds of Care prior to your withdrawal.
  • Right to restriction of processing: You have the right to obtain restriction of processing in certain situations, for example if you contest the accuracy of the personal data, for a period enabling Clouds of Care to verify the accuracy.
  • Right to data portability: You have the right to receive the personal data concerning yourself, processed by Clouds of Care, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.
  • Right to lodge a complaint: In case of issues, we encourage you to contact Clouds of Care in order to reach an amicable solution. However, if you believe an amicable solution is not possible or desirable, you can use your right to lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, email: contact@apd-gba.be.

As Clouds of Care is acting as a data controller for the purposes of these websites, you, as a data subject, can send a request to exercise your rights to us. We will make sure to handle your request in accordance with the GDPR.

When submitting a request to exercise your rights, Clouds of Care may ask for additional information to verify your identity.

If processing your request requires unreasonable measures (e.g. it is technically or organizationally almost impossible or extremely costly) then Clouds of Care can charge you reasonable compensation in light of the administrative costs involved in fulfilling the request. Clouds of Care can also refuse to process requests that are excessive, particularly due to their repetitive nature.

You can contact us with any questions or requests by sending an e-mail to privacy@cloudsofcare.com.

Recipients and International Transfers

Clouds of Care will refrain from disclosing or selling personal data of data subjects to third parties as well as publicly disclosing data subjects’ personal data, unless in the following specific cases:

  • Personal data can be shared between the different branches of Clouds of Care, in case this transfer is required for the provision of our products or services in line with the predetermined purpose;
  • Purchasers, or potential purchasers, of all or part of Clouds of Care’s business (and their professional advisors);
  • Personal data can be shared with third party service providers to which Clouds of Care outsourced certain processing activities (such as accounting, marketing, transport of deliveries, payment processing, database management, …). These third parties are bound by contractual obligations to keep your personal data confidential and appropriately secure, such as (i) hosting companies (hosting our online platforms), (ii) technology / marketing tool companies (helping us manage our customers and deliver messages), (iii) analytics companies (helping us improve the experience) and (iv) event companies (helping us manage events); and
  • Government authorities, regulatory agencies and law enforcement officials, if required for the purposes specified above, if mandated by law, or if required for the legal protection of our legitimate interests in compliance with applicable data protection laws.

Regarding international transfers of personal data and processing outside the European Economic Area (EEA), your data are only transferred other branches of Clouds of Care or to parties in third countries, such as software providers and cloud or mailing services, when permitted under the applicable data protection legislation. We guarantee appropriate safeguards which ensure that your rights are also respected by the data recipient outside the EEA in accordance with an adequate level of data protection.

Retention of your Personal Data

Clouds of Care does not retain your personal data longer than strictly necessary for the realization of the purposes for which we received the data, e.g. for the execution of a contract or for fulfilling a legal obligation. The retention periods differ with regards to the type of processing activity and the purpose for which the personal data were collected.

For example, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason for us to retain them.

We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.

Security and Cofidentiality of your Personal Data

Clouds of Care has taken technical and organizational security measures to prevent the destruction, loss, falsification, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorised processing of these data. Notwithstanding Clouds of Care’s actions in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, Clouds of Care is, in this context, not in a position to guarantee absolute security.

We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. These measures include the appointment of a DPO, access control, cryptography, physical security, operational security, security of communications, business continuity management and measures for compliance and accountability. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.

Finally, the security of your account will also partly depend on the confidentiality and complexity of your password. Clouds of Care will never ask for your password, meaning that you will never be required to communicate it personally. If you have nonetheless communicated your password to a third party – for example because this third party has indicated that it wishes to offer additional services - this third party shall have access to your account and your personal data via your password. In such cases, you are liable for the transactions which occur as a result of the use made of your account. Clouds of Care therefore strongly advises you, if you observe that someone has accessed your account, to immediately change your password and contact us.

Contact Details

If you have comments, questions or concerns about any of the information in this Statement, or any other issues relating to the processing of your personal data by Clouds of Care (including its business units Somnilog and Epilog), please contact us via e-mail at privacy@cloudsofcare.com or via mail at Vlasgaardstraat 52, 9000 Gent.

Changes to our Privacy Statement

We may amend or update this Privacy Statement from time to time to reflect changes in our practices with respect to the processing of your personal data, or changes in applicable law. We will be doing this by posting the updated version on these websites. When we publish changes to our Privacy Statement, we will change the date and version number of the Privacy Statement. Significant changes will be reported on our homepage. Nevertheless, we encourage you to read our Privacy Statement periodically.