VikingCloud News & Resources
Check out the latest news and resources from VikingCloud.
Explore all Resources
Privacy Policy
When we say ‘we’ or ‘us’ in this notice, we’re referring to Viking Cloud, Inc., on behalf of itself and its affiliates, which is a Delaware corporation with an address at 111 North Wabash Ave. Suite 100 #3230, Chicago, IL 60602, USA.
This notice describes how we collect, store, use, and share personal information if you visit our websites or offices (Visitors), as well as if we identify you as a potential client / if you have contacted us about our products and services (Prospects), or if you are a registered contact for one of our clients (Client Representatives). It explains the rights you have in relation to the personal information that we hold about you.
If you are a merchant and your payment provider has contracted with us to provide you with PCI DSS compliance services (rather than you buying from us directly), the use of your information is determined by your payment provider. Please contact them for information.
If you are a merchant and you have purchased SecureTrust PCI Manager (Cloud Compliance Direct) services or Digital Certificates from us via the SecureTrust website (securetrust.com), you can find more information about our use of your information here: VikingCloud Direct Clients Privacy Notice – SecureTrust.
This Privacy Notice has been written in alignment with the requirements of the General Data Protection Regulation (GDPR), the UK GDPR, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), South Africa’s Protection of Personal Information Act (POPIA), Canada’s Personal Information protection and Electronic Documents Act (PIPEDA) and India’s Personal Data Protection Act (PDPA).
If you are based in Mexico, the Ley Federal de Protección de Datos Personales en Posesión de los Particulares doesn’t apply to people acting in a professional capacity. We are also not directly in scope for the California Consumer Privacy Act (CCPA) or the Australian Privacy Act. However, the collection and use of your information will remain the same, so you can still review this Privacy Notice if you’d like to know more.
Where do we get your information from?
We collect information from you in a variety of ways, such as when you;
- Complete a form on our website
- Subscribe to our communications
- Contact us by phone, email, physical mail, or social media (we have accounts on LinkedIn, X, Facebook, and Instagram)
- Visit our offices
- Share your contact details with us at an event or conference (or for some events, the event organiser will share details of all attendees with us)
- Attend one of our webinars
- Visit our website (see our Cookie Notice for more information on the tracking technologies we use).
- Interact with us or one of our adverts on social media
We also use lead providers, who will provide us with names, roles, and business contact details.
Your employer may also share your details with us if they have nominated you to manage the services we provide to them (i.e., you’re a Client Representative / named as a contact in our contracts).
What kinds of information do we collect about you?
The information we collect is;
- Personal – your name, country, and, if you are based in the US, your state. We may also collect your address solely to send you merchandise on a case-by-case basis; you decide whether this is a personal or work address.
- Employment – your employer and role/job title.
- Work contact details – your work email address and phone number.
- Professional interests – if you complete a form on our website or talk to one of our sales or relationship management colleagues, we will collect details on your interests and opinions, such as the service(s) you believe your employer needs.
- Meeting recordings – if you have a meeting with us, you may agree to the meeting being recorded (or request us to record it).
- CCTV footage/building access logs – if you visit any of our offices, we will capture images of you and record information relating to your visit.
- Website server logs – if you visit one of our websites, we automatically collect server logs containing your IP address and your approximate location (town/city level).
- Webinar analytics – if you attend one of our webinars, we can see who joined and when.
- Cookie information – please see our Cookie Notice for information on what information we collect using such technologies / how your information is used.
- Advertising reports – if you are a Meta user (you use Facebook or Instagram), then we will obtain some aggregated analytics data on our campaigns. This doesn’t allow us to identify you, but the platforms we use do know who you are, and we are jointly responsible with them for these activities.
- Social media engagement – if you engage with our social media pages, we will process information about page views, comments, shares, reactions, and direct messages. We will also process aggregated engagement metrics which include total and unique accounts reached, impressions, engagement rates, links clicked, video views, video watch time, average watch duration, age range, gender distribution, countries/cities, and active times (days and hours followers are most active).
How do we use your personal information, and what are our legal grounds?
Some global data protection laws require organizations to process personal information only where they have a legal basis.
In the table below, you can see more details on legal bases under the General Data Protection Regulation (GDPR), which is aligned to Brazil’s LGPD and South Africa’s POPIA.
In Canada and India, we require your consent. This is not the same as consent under the GDPR. We will imply your consent by providing you with this Privacy Notice when you provide your information to us.
Reason for using your personal information | Legal ground |
|---|---|
Website Monitoring If you provide your consent via our cookie tool, we will set and access cookies and UTMs when you visit our website. See our Cookie Notice for more information. Sales & Marketing Where you have provided your consent, most often in regions where this is required or if you sign up via our website, we will send marketing messages relating to our products and services, including webinar invitations and white papers. Call recording for Conversation Intelligence Where you have provided your consent, we record sales calls and use artificial intelligence (AI) tools to transcribe and analyse the conversation. We use this analysis to monitor, evaluate and improve the quality, consistency and effectiveness of our sales communications and customer engagement. | Consent Under EU laws, we can only use non-essential cookies (such as analytics cookies) if we receive your consent. We may need your consent to send marketing in some countries. Under EU laws, we can only use non-essential cookies (such as analytics cookies) if we receive your consent. We rely on your consent to record sales calls and to use artificial intelligence (AI) tools to transcribe and analyze the conversation. |
Legal Duties We will disclose or share your personal information to comply with any legal obligation, such as a court order. Where we must comply, we’ll only provide the minimum information needed to comply. | Necessary for compliance with a legal obligation Your personal information may be processed to meet any legal obligations VikingCloud is subject to. |
Protecting Life We will disclose your information to the police or other authorities if we have serious concerns about your or another person’s wellbeing. | Necessary to protect vital interests This will usually only apply in ‘life-or-death’ scenarios. |
Necessary for legitimate interests
We also use your information when we have a ‘legitimate interest’, and this doesn’t unfairly impact on you or your privacy rights. Each activity is assessed, and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectations.
We'll assess the information we need, so we only use the minimum. If you want further information about processing under legitimate interests, you can contact us using the details at the end of this Privacy Notice.
You have the right to object to any use of your information where we use the reason of ‘legitimate interests’. We'll reassess our interests and yours, considering your individual circumstances. If we have a very strong reason for the use of your information, we may continue to use your information. We use ‘legitimate interests’ for the following:
Reason for using your personal information | Legitimate interest(s) |
|---|---|
Sales & Marketing Prospects Email Marketing List Where the territory you are in does not require you opt-in consent, we will send marketing messages relating to our products and services, including webinar invitations and white papers. Events Where we acquire your information from webinars, events and conferences, our salespeople will contact you about our products and services and we will add you to our email marketing list. We use LinkedIn to contact and talk to people who may be interested in our products and services. This activity is synced to our Customer Relationship Management (CRM) system, so we have accurate records of all contact with you. Advertising & Social Media Engagement - Meta We advertise on Meta (Facebook and Instagram), targeting users based on non-sensitive info such as age and gender. We get aggregated reports on how many people have been targeted, how many users see the adverts, and how many people click on the adverts. We keep the aggregated results confidential, don't share them with anyone except our ad partner, and don't use them for any other purposes. Meta Ireland is jointly responsible for this activity. Please see Meta Ireland's Privacy Policy at https://www.facebook.com/about/privacy for more information about their use of your information. Advertising – Google and LinkedIn If you consent to cookies on our website, we can show you advertisements on Google or LinkedIn (this is called re-targeting – directing adverts to you on these platforms based on the fact that you visited our website). See our Cookie Notice for more information on your choices. Social Media Engagement (X Corp., Vimeo, Inc., and YouTube, LLC) If you visit, follow, or interact with our social media profiles on these platforms, we process information relating to your engagement with our content. ZoomInfo We use ZoomInfo to source leads (find people who work in relevant roles, for organizations in industries we’re targeting) and ensure our CRM records remain accurate (we share your name, role, and employer, as well as business contact details). | We need to promote our products and services to run a successful business. |
Analysis and management reporting We analyze and report on our sales & marketing activities. Where we do so, we do this to produce aggregated reports - i.e., facts and figures, which no longer contain personal information. Key KPIs which are analyzed relate to matters such as the success of marketing campaigns – how many people respond to the campaign, how many led to conversations, how many resulted in sales, etc. We also analyze who attended our webinars and attendance times to assess and improve such activities. | We need to analyze and assess our performance to optimize our resources. |
Relationship Management Client Representative If you are a Client Representative, we will use your contact details to keep in touch about the services. This will mainly be data your employer is responsible for, but if it’s not a core part of the agreement, then we’re responsible for this use of your data. ZoomInfo We use ZoomInfo to ensure our CRM records remain accurate (we share your name, role, and employer as well as business contact details). | We need to keep in touch with our clients to ensure you are happy and our products and services are fulfilling your business needs (i.e., for retention purposes). |
Crime prevention and detection, safety and security Visitors VikingCloud buildings are monitored by CCTV cameras to protect us and our colleagues/visitors. If you visit one of our sites, your images will be captured. We will also record details of visitors to our site; your name, your company, who you visited, and dates/times. If you visit one of our datacenters, you will be asked for additional information: vehicle registration and a form of national identification containing a photograph, e.g., driver's license, passport. | We need to ensure the safety and security of VikingCloud staff, clients, and other visitors as well as our and our client’s information. |
Technical security and support Logs are automatically reviewed to produce alerts for manual review, with alerts being generated if there are indications of errors, problems with our technology, or security concerns. Logs often include usernames, emails, activities, and the dates and times of these. | We need to ensure the security of our systems and our information, as well as make sure our technology is working effectively / as intended. |
Online Tracking
At present, we do NOT respond to Do Not Track signals your browser sends. But you can use our cookie tool to let us know your preferences.
Who do we share your personal information with?
We share your personal information with other organizations. The organizations we share personal information with are as follows;
- Sales and marketing software and service providers
- Productivity tool providers
- Our website provider
- Finance software providers
- Security tool/service providers
- Survey providers
- Telephone providers
- Webinar platform providers
- Advertisers and advertising agencies
- Cookie consent tools
- Government Bodies and Regulators
- Professional services providers and consultants, such as contractors, external auditors, and lawyers
- As part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization.
We only share personal information where there is a requirement to do so, and where appropriate technical, organizational, and, where necessary, contractual measures are in place to ensure its protection.
Overseas transfers
The information that we process about you will be stored in the United States. It may also be stored or accessed by authorized individuals who operate in a variety of countries, or who work for us or for one of our suppliers.
If you are based in the EU or UK, we need to have specific protections in place to transfer your information to another country. We also need to let you know which methods we use.
- Some countries have been assessed by the relevant authorities as being ‘adequate’, which means their legal system offers a level of protection for your information that is equal to the level of protection in your country. This applies to some of our suppliers, as well as some of the transfers of information within VikingCloud.
- The EU Commissioner and the UK have also approved Binding Corporate Rules (BCRs) to protect information shared within a group of companies. This requires the group to commit to meeting European / UK standards across all regions. These rules need to be approved by all the EU supervisory authorities or (for the UK, the UK regulator) and require extensive monitoring and oversight as they are authorized. Some of our suppliers have BCRs.
- Where the country or mechanism hasn’t been assessed as ‘adequate’, the method we use most frequently is Standard Contractual Clauses (SCCs). These contract terms place EU standards on companies in other jurisdictions. The European Commission approved standard contractual clauses are available via the link below, or let us know if you’d like more information: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
- We have SCCs in place to allow sharing between VikingCloud entities globally.
- We use SCCs for some of our service providers - we make sure we have contract terms and make checks of their practices / agree additional controls to ensure that your information is treated securely and in accordance with this Privacy Notice.
If you’re based in a country outside of the EEA, there may be local obligations with regard to the transfer. See below for details of the additional controls which we will apply to satisfy these.
- Brazil – the LGPD contains the same requirements as the GDPR in relation to international transfers. However, the Brazilian Authority (ANPD) has yet to issue approved terms. We have extended the EU SCCs to cover your information.
- Canada – clear privacy notices explaining the transfer. We also need to tell you who to contact for more information. Please contact the Data Protection Team using the details in the 'Contact’ section below.
- India – at present, no restrictions are in place unless sensitive personal information is involved (which doesn’t apply here).
- South Africa – we must ensure a binding agreement is in place which ensures POPIA’s principles are upheld, including when further transferring personal information. Again, South Africa has yet to issue approved contract terms, so we have extended the EU SCCs to cover your information.
How long do we keep personal information for?
Unless otherwise set out in this Privacy Notice, any information we process about you will be retained by us until we no longer need it for the purposes for which it was collected, as set out in this Privacy Notice. We will base that decision on criteria, including;
- Any legal or regulatory requirements to delete or retain the information for a specific timeframe,
- Our legitimate business reasons for keeping the information, such as to analyse and assess our activities,
- The likelihood of a claim arising where we’d need to defend our conduct, and
- Whether the information is likely to remain up to date.
We will review and delete or destroy personal information on a regular basis. If we are unable, using reasonable endeavors, to delete or destroy personal information, we will ensure that the personal information is encrypted or protected by security measures so that it is not readily available or accessible by us.
Automated decisions/profiling
Automated decisions are decisions made by a computer or AI system without a human being directly involved. Profiling is the use of information about you to analyze or predict certain aspects, such as your likely reactions, preferences, or behavior.
When you provide your consent to call recording and AI analysis during sales calls, the AI system performs profiling by analyzing your tone of voice and the words you use to generate a sentiment assessment. This assessment categorizes interactions as positive, neutral, or negative, helping our team understand how the conversation is perceived.
The insights generated by AI are not used to make automated decisions that have legal or significant effects on you. They are solely used to assist our colleagues in monitoring calls, identifying potential issues, and improving the quality of our sales and service interactions. A human colleague reviews the AI insights and decides how to act on them.
We do not use this profiling to score or rank individuals, and it is not used for model training or any other purpose beyond improving internal service quality and communication.
Security
We align with the International Standard for Information Security, ISO 27001, as well as the one relating to Privacy, ISO 27701. This involves setting up a system to manage risk around both information security and data protection/privacy, as well as putting in place measures and objectives to keep improving.
An example of a measure we take is enforcing TLS1.2 when transferring information externally to our suppliers; TLS1.2 is a network protocol for encrypting information in transit.
Access to your information is only provided to our people who have a need to know. We implement role-based access control, so only those with a relevant role are given permissions. We audit access on a regular basis.
Your rights
There are several rights available under global data protection and privacy laws.
Not all rights apply in all situations, and regions have timeframes from 1 calendar month to 45 days, with the ability to extend timeframes in some situations. However, to avoid this Privacy Notice getting too long, we have not included full details of timeframes and what applies here.
The easiest way to exercise any of your rights, enquire if a right is applicable in a specific circumstance, or to check what timescales apply would be to contact our Data Protection Team using the contact details below. If we need further information to comply with your request, we’ll let you know.
In relation to our advertising activities, we have entered into a legal agreement with Meta to clarify who is responsible for your information and when. Meta Ireland is responsible for responding to your rights once our advertising activities have completed (as they’ll keep some records about this against your profile). However, if in doubt, get in contact with us, and we’ll help.
Right of access/right to know
You have the right to ask for access to and receive copies of your personal information. You can also ask us to provide a range of information relating to how we collect/use your information.
Right to rectification/right to correct
If you believe personal information we hold about you is inaccurate or incomplete, you can ask us to correct that information.
Right of erasure/right to be forgotten / right to delete / right to anonymization
In some circumstances, you have the right to ask us to delete and/or anonymize personal information we hold about you.
Right to restrict processing/right to have information preserved
In some circumstances, you are entitled to ask us to restrict the processing of your personal information. This means we will stop using your personal information, but we won’t delete it. Or you could ask us to NOT delete your information.
Data portability
You have the right to ask us to provide your personal information in a format that allows you to share your personal information with another provider.
Right to object
You are entitled to object to us processing your personal information if the processing is based on legitimate interests. You also always have the right to object to our use of your information for marketing purposes.
All marketing messages, regardless of the nature of your relationship with us, contain a link to allow you to opt out, along with a link to this Privacy Notice. However, we will still need to send you messages, where these are necessary for us to deliver our services (i.e., if you are a Client Representative) or if the message is legally required (e.g., updates to this Privacy Notice).
Changes to this Privacy Notice
This Privacy Notice was last updated in March 2026.
Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.
Contact
Our Data Protection Team can be contacted at the following email address: dataprotectionprivacy@vikingcloud.com, or alternatively by writing to 1st Floor, Block 71A, The Plaza, Park West Business Park, Dublin 12.
Questions, comments, and requests regarding the Privacy Notice are welcomed and should be addressed to dataprotectionprivacy@vikingcloud.com.
If you have any concerns about the ways in which we process your personal information, in many countries you have a right to complain to the relevant supervisory authority in your jurisdiction. We’d encourage you to contact us first, so we can address your concerns (some regulators require this before they take up a complaint).
Please see below for details of the relevant regulators.
- Brazil
- Autoridade Nacional de Proteção de Dados (ANPD)
- https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao-titular-de-dados/peticao-de-titular-contra-controlador-de-dados
- Telephone: (61) 3411-4733
- Canada
- Office of the Privacy Commissioner of Canada
- https://www.priv.gc.ca/en/report-a-concern/
- Telephone: 1-800-282-1376
- European Economic Area
- EU regulators, plus those from Iceland, Liechtenstein, and Norway
- https://edpb.europa.eu/about-edpb/about-edpb/members_en
- Telephone: See details in the link above.
- India
- The Data Protection Board for the Digital Personal Data Protection Act 2023 has not yet been implemented
- South Africa
- Information Regulator (South Africa)
- https://inforegulator.org.za/complaints/
- Telephone: 010 023 5200
- United Kingdom
- Information Commissioner’s Office (ICO)
- https://ico.org.uk/global/contact-us/contact-us-public/
- Telephone: 0303 123 1113
