CloudX IT Services Limited logo
AI-ready software engineering
Data Protection

GDPR Statement

This statement summarises how CloudX IT Services Limited meets its obligations under the EU General Data Protection Regulation (GDPR) and Irish data protection law when we act as a data controller for personal data you provide through this website or direct contact.

Last updated: 24 May 2026

Privacy Policy Contact us
Professional reviewing data protection documentation.
GDPR Clear rights, accountable processing, and a defined path to raise concerns.

1. Data controller

For personal data collected through this website and direct business enquiries, the data controller is:

  • OrganisationCloudX IT Services Limited
  • AddressEngineering House, Unit 79, Block 5, Ballymount, Dublin 12, D12 NRY2, Republic of Ireland
  • Emailinfo@cxits.ie

When we deliver services under contract, we may process personal data on behalf of a client as a data processor. In those cases, the client’s privacy notice and contract terms apply.

2. Our GDPR principles

We aim to process personal data in line with GDPR requirements, including:

  • Lawfulness, fairness, transparencyWe process data on documented lawful bases and explain our practices clearly.
  • Purpose limitationWe collect data for specified purposes and do not use it in incompatible ways.
  • Data minimisationWe collect only what is reasonably needed for the purpose.
  • AccuracyWe take reasonable steps to keep data accurate and up to date.
  • Storage limitationWe retain data only as long as necessary (see our Privacy Policy).
  • Integrity and confidentialityWe apply appropriate security measures, aligned with our ISO 27001 practices.
  • AccountabilityWe maintain records and controls appropriate to our processing activities.

3. Lawful bases we rely on

Depending on the context, we may rely on one or more of the following lawful bases:

  • ConsentWhere you opt in (for example marketing or form consent checkboxes).
  • ContractWhere processing is necessary to perform a contract or take pre-contract steps you request.
  • Legal obligationWhere we must comply with applicable law.
  • Legitimate interestsWhere we have a legitimate business need that is balanced against your rights (for example responding to an enquiry you initiated).

Further detail on purposes and categories of data is set out in our Privacy Policy.

4. Your rights under GDPR

Subject to applicable law, you may have the right to:

  • Be informedAbout how we use your personal data.
  • AccessObtain a copy of personal data we hold about you.
  • RectificationCorrect inaccurate or incomplete data.
  • ErasureRequest deletion in certain circumstances.
  • Restrict processingLimit how we use your data in certain circumstances.
  • Data portabilityReceive certain data in a portable format where applicable.
  • ObjectObject to certain processing, including direct marketing.
  • Withdraw consentWhere processing is based on consent, without affecting prior lawful processing.

5. Making a data subject request

To exercise your rights, email info@cxits.ie with the subject line “Data subject request”. Please describe the right you wish to exercise and provide enough information for us to identify your records.

We will respond within one month of receiving a valid request, as required by GDPR, unless an extension is permitted in complex cases. We may ask for proof of identity where necessary to protect personal data.

We do not charge a fee unless a request is manifestly unfounded or excessive.

6. Complaints to the supervisory authority

We encourage you to contact us first at info@cxits.ie so we can address your concern. You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC):