CloudX IT Services Limited logo
AI-ready software engineering
Privacy & Data Protection

Privacy Policy

This notice explains how CloudX IT Services Limited collects and uses personal data when you visit our website, contact us, or otherwise interact with us. We aim to be clear, proportionate, and aligned with the EU General Data Protection Regulation (GDPR) and Irish data protection law.

Last updated: 24 May 2026

Contact us View compliance
Professional reviewing secure documentation at a desk.
Your data Handled with the same discipline we apply to client delivery.

1. Introduction

CloudX IT Services Limited (“CloudX”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy describes our practices when we act as a data controller — for example, when you use this website or submit an enquiry to us directly.

When we deliver software engineering services to clients, we may also process personal data on a client’s instructions. In those cases, the client is usually the data controller and we act as a data processor. That processing is governed by our contract with the client and any applicable data processing agreement, not solely by this website notice.

Please read this policy carefully. We may update it from time to time; material changes will be reflected on this page with an updated “last updated” date.

2. Who we are

The data controller responsible for personal data described in this notice is:

  • Legal nameCloudX IT Services Limited
  • Registered officeEngineering House, Unit 79, Block 5, Ballymount, Dublin 12, D12 NRY2, Republic of Ireland
  • Emailinfo@cxits.ie
  • Websitecxits.netlify.app and any successor domains we operate for CloudX

For privacy-related questions or requests, contact us at info@cxits.ie with the subject line “Privacy enquiry”. We will respond within a reasonable period and, where required by law, within one month.

3. Scope of this notice

This notice applies to personal data we process in connection with:

  • Website visitsBrowsing our public pages and resources.
  • Enquiries & contactForms, email, phone, or meetings you initiate with us.
  • Business relationshipsProspective and existing client, supplier, and partner interactions.
  • Marketing communicationsWhere you have opted in or where we have another lawful basis to contact you.

This notice does not cover third-party websites, platforms, or services that we do not control, even if linked from our site. Please review the privacy policies of those providers separately.

4. Personal data we may collect

“Personal data” means information relating to an identified or identifiable person. We do not intentionally collect more data than we need for the purposes described below.

Depending on how you interact with us, we may process:

  • Identity & contactName, job title, company name, work email, telephone number, and postal address.
  • Enquiry contentInformation you include in contact forms, emails, or calls (for example project context, technical requirements, or timelines).
  • Relationship recordsNotes from meetings, proposals, contracts, invoices, and support correspondence.
  • Technical & usage dataIP address, browser type, device type, referring URL, pages viewed, and approximate interaction data collected through our hosting infrastructure.
  • Consent recordsRecords of permissions you give us (for example marketing opt-in or form consent checkboxes), including date and method.

We do not ask you to provide special category (sensitive) personal data through this website. Please avoid submitting sensitive information unless it is necessary and you have a lawful basis to share it with us.

5. How we collect personal data

We may obtain personal data from:

  • You directlyContact forms, email, phone, video calls, events, or in-person meetings.
  • Your organisationWhere you interact with us in a professional capacity on behalf of your employer or client.
  • Our website & hostingServer logs and security records generated when you access our site.
  • Service providersHosting, form handling, email, or IT providers that process data on our instructions.
  • Public sourcesProfessional profiles or company information you have made publicly available, where relevant to a legitimate business enquiry.

6. Purposes and lawful bases for processing

Under GDPR, we must have a lawful basis for each processing activity. The table below summarises typical purposes. Where more than one basis could apply, we rely on the most appropriate basis in context.

Purpose Typical data Lawful basis
Respond to enquiries and discovery calls Contact details, enquiry content Consent; legitimate interests; pre-contract steps
Deliver and manage client services Contact, project, and billing data Contract; legitimate interests; legal obligation
Operate and secure our website Technical and usage logs Legitimate interests; legal obligation
Send relevant updates (where permitted) Contact details, preferences Consent; legitimate interests
Comply with law, tax, and audit requirements Records required by regulation Legal obligation; legitimate interests
Establish, exercise, or defend legal claims Relevant correspondence and records Legitimate interests; legal obligation

Where we rely on legitimate interests, we balance our interests against your rights and only process data where the impact on you is reasonable and expected in a B2B engineering context (for example responding to a business enquiry you initiated).

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Withdrawing consent may mean we cannot continue a specific activity (for example marketing emails).

7. Cookies and similar technologies

Our website is designed to work with a minimal use of cookies. We do not currently use advertising cookies or third-party analytics trackers on this site. Full details are in our Cookie Policy.

You may encounter:

  • Strictly necessary cookiesSmall technical cookies required for security, load balancing, or form submission through our hosting provider.
  • Embedded contentImages or assets loaded from third-party CDNs (for example stock photography) may cause those providers to receive technical data such as your IP address under their own policies.

You can control cookies through your browser settings. Blocking strictly necessary cookies may affect how parts of the site function.

8. Sharing personal data with third parties

We do not sell your personal data. We share data only where necessary, under appropriate safeguards, with:

  • Hosting & form providersFor example Netlify, to host the site and process contact form submissions securely.
  • Professional advisersLawyers, accountants, or insurers where required for our business.
  • IT & communication providersEmail, collaboration, and security tools used to run our operations.
  • Regulators & authoritiesWhere required by applicable law, court order, or lawful request.
  • Business transfersIn connection with a merger, acquisition, or asset sale, subject to appropriate confidentiality protections.

Processors acting on our behalf are required to process personal data only on our instructions and to implement appropriate technical and organisational security measures.

9. International transfers

CloudX is based in Ireland. Some service providers we use may process data outside the European Economic Area (EEA). Where that happens, we take steps required by GDPR, such as:

  • Adequacy decisionsTransfers to countries recognised by the European Commission as providing adequate protection.
  • Standard contractual clausesApproved contractual safeguards with the provider.
  • Other lawful mechanismsWhere applicable under GDPR Article 46 or related guidance.

You may request further information about safeguards for international transfers by contacting info@cxits.ie.

10. How long we keep personal data

We retain personal data only for as long as necessary for the purposes described in this notice, including to satisfy legal, accounting, or reporting requirements.

Indicative retention periods:

  • Sales enquiriesTypically up to 24 months from last meaningful contact, unless a longer period is needed for an active opportunity or dispute.
  • Client & contract recordsFor the duration of the relationship and up to 7 years thereafter where required for tax, legal, or audit purposes.
  • Website server logsTypically up to 90 days unless needed longer for security investigation.
  • Marketing consentsUntil you withdraw consent or we no longer have a lawful basis, plus a short record of your preference.

When data is no longer required, we delete or anonymise it using reasonable technical and organisational measures.

11. Security

We apply administrative, technical, and organisational measures appropriate to the nature of our business, including controls aligned with our ISO 27001 information security management practices. Measures may include access controls, least-privilege principles, secure development practices, and supplier due diligence.

No method of transmission over the internet or electronic storage is completely secure. While we work to protect personal data, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure, please contact us promptly.

12. Your rights under GDPR

If you are in the EEA or UK (and where applicable law provides similar rights elsewhere), you may have the following rights in relation to your personal data, subject to legal exceptions:

  • AccessRequest a copy of personal data we hold about you.
  • RectificationAsk us to correct inaccurate or incomplete data.
  • ErasureAsk us to delete data in certain circumstances.
  • RestrictionAsk us to limit processing in certain circumstances.
  • Data portabilityReceive data you provided in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • ObjectionObject to processing based on legitimate interests or for direct marketing.
  • Withdraw consentWhere processing is based on consent, withdraw it at any time.

To exercise your rights, email info@cxits.ie. We may need to verify your identity before responding. We will not charge a fee unless your request is manifestly unfounded or excessive.

If your request relates to data we process on behalf of a client, we may need to refer you to that client as the data controller.

13. Complaints

We encourage you to contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with a supervisory authority. In Ireland, the supervisory authority is:

14. Children

Our website and services are directed at business professionals. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will take appropriate steps to delete it.

15. Changes to this notice

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. The “last updated” date at the top of this page will change when we publish a revised version. We encourage you to review this page periodically.

16. Contact us

For any questions about this Privacy Policy or how we handle personal data, contact:

  • Emailinfo@cxits.ie
  • PostCloudX IT Services Limited, Engineering House, Unit 79, Block 5, Ballymount, Dublin 12, D12 NRY2, Republic of Ireland
Questions

Need procurement or security context?

Our compliance page summarises ISO 9001, ISO 27001, and ISO 20000 certification. For privacy-specific questions, contact us directly.

View compliance info@cxits.ie
Related documents