Privacy Policy
1. Purpose and Commitment
Gloman Cloud (“we”, “us”, “our”) is committed to protecting the privacy of our customers and users.
We process all personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Greek data-protection laws.
2. Data Controller and Contact
- Controller: Gloman S.A.
- Registered Office: Athens, Greece
- Email: privacy@glomancloud.com
3. Categories of Personal Data
| Category | Examples | Purpose |
| Account Information | Name, company, email, phone | Account setup, billing, communication |
| Billing & Payment Data | VAT ID, payment method, transaction IDs | Invoicing, payment processing |
| Service Usage Data | IP addresses, login history | Security, diagnostics |
| Support Data | Tickets, chat logs | Troubleshooting |
| Technical Metadata | Server metrics, bandwidth | Infrastructure monitoring |
Log Data and Diagnostics
We collect limited technical logs (IP, timestamps, error traces) for operational and security purposes.
Logs may occasionally be correlated with user accounts to resolve incidents or detect abuse, otherwise stored anonymized for performance analysis.
We do not intentionally collect sensitive (“special category”) data.
4. Data Origin
Data is obtained when you register, log in, make a purchase, contact support, or visit our website.
5. Data Processing Purposes and Legal Bases
| Purpose | Legal Basis |
| Account & billing management | Performance of contract |
| Security & fraud prevention | Legitimate interest |
| Legal & tax compliance | Legal obligation |
| Marketing (optional) | Consent |
6. Data Storage and Location
All customer data is hosted in Amsterdam, The Netherlands, within the EU.
No data is transferred outside the EEA without adequate safeguards (EU SCCs or adequacy decisions).
7. Third-Party Service Providers
We use limited subprocessors to deliver our services:
- Datacenter Partner (Amsterdam, NL) – infrastructure operations
- HostBill (self-hosted, EU) – billing and client management
- Payment Processor (Stripe/PayPal – US/EU) – secure payments (via SCCs or adequacy decision)
- Email & Support Systems (EU) – communication
All subprocessors are bound by DPAs and regularly reviewed for GDPR compliance.
A current list is available at glomancloud.com/legal/subprocessors.
8. Data Retention
- Account & billing data – 7 years
- Support data – 2 years
- Technical logs – 6 months
After expiration, data is securely deleted or anonymized.
9. Cookies and Session Management
Gloman Cloud uses only essential cookies required for authentication and session continuity within its website and client portal.
These cookies do not track user behavior and are deleted automatically after logout or session expiry.
10. Your Rights under GDPR
You may request access, correction, deletion, or restriction of your data via privacy@glomancloud.com.
We respond within 30 days.
Complaints may be submitted to the Hellenic Data Protection Authority (HDPA).
11. Data Security
We apply strict technical and organizational measures, including:
Tier III datacenter, redundancy, DDoS mitigation, encryption (TLS 1.2+, AES-256), monitoring, and restricted access.
While we apply industry best practices, no system is 100% secure.
12. Data Breach Notification
In the event of a data breach, we will notify affected users and the competent authority within 72 hours, as required by GDPR.
13. Governing Law
This Policy is governed by the laws of Greece and the EU.
Disputes are subject to the courts of Athens, Greece.
Infrastructure: Amsterdam, NL Company: Gloman S.A. (Greece) © 2025 Gloman S.A.