GDPR Information

Last updated: March 11, 2026

CloudBeem (a brand of POISE) is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page provides information about how we protect your data rights.

1. Our Commitment to GDPR

As a Swedish company, we are subject to the GDPR and the Swedish supplementary data protection legislation. We have implemented the GDPR principles into every aspect of our service delivery:

• Lawfulness, fairness, and transparency: We process data only with a valid legal basis and clearly inform you about how your data is used.
• Purpose limitation: We collect data only for specified, explicit, and legitimate purposes.
• Data minimisation: We collect only the data that is necessary for the intended purpose.
• Accuracy: We take steps to ensure personal data is accurate and up to date.
• Storage limitation: We retain data only for as long as necessary.
• Integrity and confidentiality: We implement appropriate security measures to protect your data.

2. Data Location and Sovereignty

All data processing and storage occurs within the European Union. We use exclusively European infrastructure and service providers, ensuring your data remains under the jurisdiction of EU data protection law at all times.

3. Your Data Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request, free of charge.

Right to Rectification (Article 16)

You can request that we correct any inaccurate personal data or complete any incomplete data.

Right to Erasure (Article 17)

You can request that we delete your personal data. Please note that this right is subject to legal obligations that may require us to retain certain data (e.g., domain registration records, accounting records).

Right to Restriction of Processing (Article 18)

You can request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV).

Right to Object (Article 21)

You can object to processing based on legitimate interest. We will cease processing unless we have compelling legitimate grounds.

4. How to Exercise Your Rights

To exercise any of these rights, please contact us:

• Email: info@cloudbeem.com
• Subject line: "GDPR Data Request"

We will verify your identity before processing any request. We aim to respond within 30 days. If we need more time, we will inform you within the initial 30-day period.

5. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the Swedish supervisory authority (IMY) within 72 hours of becoming aware of the breach, where required.
• Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.
• Document all breaches, including their effects and remedial actions taken.

6. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may pose a high risk to individuals' rights and freedoms.

7. Sub-processors

We use the following categories of sub-processors:

• Domain registries: For domain registration and management (ICANN-accredited, EU-based where possible).
• Payment processors: For secure payment processing (EU-based, PCI-DSS compliant).
• Infrastructure providers: EU-based data centre operators for server hosting.

All sub-processors are bound by data processing agreements that ensure GDPR compliance.

8. Supervisory Authority

Our lead supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm, Sweden
Website: www.imy.se

9. Contact

For any GDPR-related inquiries, please contact us at info@cloudbeem.com.