Last updated: 11th August 2025

Data Controller

UpCloud Oy (later referred to as “UpCloud”, “we, “us”)

A limited liability company registered in Finland with the business ID: 2431560-5
Address: Aleksanterinkatu 15 B, 7th floor, 00100 Helsinki, Finland
upcloud.com

Contact person:
UpCloud Support Team, email: [email protected]
UpCloud’s Data Protection Officer, email: [email protected]

Introduction

Introduction

This Privacy Notice informs you why and how we process your personal data and how we respect your privacy. This Privacy Notice applies to you if you are:

• UpCloud’s customer or a representative of UpCloud’s customer (“Customer”)
• User of UpCloud’ services (“User”)
• A representative of UpCloud’s business partner (“Partner”)
• Visitor of UpCloud websites (“Visitor”)

This Privacy Notice only covers personal data processing carried out by UpCloud. This Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties. This applies also in cases where our services or websites include hyperlinks to third parties’ websites.

Please note that this Privacy Notice applies to processing of personal data carried out by UpCloud as a data controller. As regards any personal data that our Customers or Users store in or upload to our service, we process such personal data on behalf of our Customers as a data processor. This means that the Customer (or their end-customer, as the case may be) is considered as the data controller with respect to such personal data.

For information about how we process personal data in relation to our prospective customers and marketing practices, please refer to our Marketing Privacy Notice

PERSONAL DATA PROCESSING 

(A) Customers & Users

Personal Data We Collect & Data Sources

Customers

When signing up to our service online or signing an agreement with us, we ask you to provide basic contact information, such as name, email, phone number, address, user name, job title, employer/company name.

In addition, we process the following data in relation to the service provision: (i) Information about the customer relationship, such as the contract between us, start and end dates of customer relationship and details of the services ordered; (ii) Billing information, such as credit card details, invoicing, bank account information, payments made, outstanding payments; and (iii) All your interactions with us, such as communication with our Support or Sales Teams, contact requests, feedback and complaints.

If you participate in our webinars or events, we may process additional information about your attendance, such as your interest in the webinar/event topic, and any information that you provide us in connection with the registration (for example your dietary requirements).

In addition, we may process virtual meeting recordings, including video and/or audio, with your prior consent.

Finally, we may utilise data enrichment tools to enhance above-mentioned data by obtaining additional information from external sources.

Please note that if you do not provide all the personal data we may reasonably request, we may not be able to provide our services to you.

Users

We collect two types of data from the Users: (i) account data; and (ii) technical data.

Primarily the account data is received directly from Users when they register to the service or otherwise at the beginning of and during the customer relationship. We collect and process for example the following type of account data about the Users: (i) Name and contact details; (ii) E-mail address; (iii) Phone number; (iv) Credit card details, invoicing and billing information; (v) Other personal data Users provide themselves for example when communication with our Support Team.

Please note that if you do not provide all the personal data we may reasonably request, we may not be able to provide our services to you or the Customer you represent.

We collect technical data about your use of our service. This data is linked to your account data. We collect the following technical data: (i) Event and activity logs related to your account; (ii) User’s IP address; (iii) Browser type and version; (iv) Preferred language; (v) Geographic location using the IP address; (vi) Operating system and computer platform; (vii) The full Uniform Resource Locator (URL) clickstream to, through, and from our service, including date and time; (viii) Products or services User viewed or searched for while using our service; and (ix) Areas of our service User has visited.

We use cookies and other analytics technologies to collect and process technical data when Users interact with our service through UpCloud Control Panel at https://hub.upcloud.com/. This allows us to e.g. calculate the aggregate number of people accessing our service and to monitor the use of the service, and to enable certain functions of the Control Panel, such as support chat. We may use website analytics to compile technical data and reports on the usage of our services to help us improve our services.

For information about use of cookies on our website, please see Section “Visitors” below.

Purposes of the Processing

(i) To provide our services and carry out our contractual obligations

We process personal data to be able to offer the services to our Customers and Users and for managing our relationships with Customers and Users. This includes, for example, managing user credentials to provide access to the service, restoring forgotten password through phone verification, debt collection procedures, processing service fees, and facilitating transactions and payments. If a Customer or User contacts our Support Team, we will use the personal data for communication and solving possible issues with the service.

(ii) For managing the customer relationship

To manage the customer relationship with our Customers, we process basic contact information of our Customers and/or their representatives so that we may contact the Customer to provide them relevant information about our services, advertise new features and products, to schedule meetings, or to invite them to webinars or events hosted by UpCloud.

(iii) For customer communication 

We process personal data for the purpose of contacting Customers and Users regarding our services and to inform them of updates and changes in our services or related documentation. We may also send promotional communications to our Customers regarding new features in our service or to invite them to UpCloud events and webinars. To improve the efficiency of our communications, we may use artificial intelligence (AI) during video meetings to analyse conversations with your prior consent. AI may also be used to assist in drafting messages to Customers.

(iii) For quality improvement and trend analysis

We process the personal data regarding the use of our services to improve the quality of our services and for research and analysis purposes. When possible, we will do this using only aggregated, non-identifiable data.

(v) Ensuring compliance with our Terms of Service and applicable laws

We process personal data to monitor and ensure that our Customers and Users comply with our Terms of Service and the applicable laws and regulations,  including our obligations under the EU Digital Services Act and EU Terrorist Content Online Regulation, and to investigate suspicious or fraudulent activity, to protect our business from fraud or risks, to take action in the event of a security breach, or to investigate any disputes or account misuse.

We also carry out customer screening to ensure we do not violate international sanctions and export control regulation by providing services to prohibited parties, and to prevent fraud or misuse of our services, and to protect the security and integrity of our services. 

Legal grounds for processing

The above described processing of personal data is based:

(i) On our legitimate interests to run and manage our business, to protect our service from fraud, misuse and criminal activities, to improve and develop our services, and to promote our services.

(ii) On our contractual obligations to provide the services to our Customers.

(iii) In some cases, on your consent (e.g. using non-essential cookies, and when using AI in video meetings).

(iv) On our legal obligations (e.g. our obligation to report criminal activities to the law enforcement).

(B) Partners

Personal Data We Collect & Data Sources

We collect personal data of the representatives of our Partners to manage the partner relationship. We process basic contact information, such as name, email address, phone number, job title, employer/company name, to contact Partners and provide them relevant information about our services, to schedule meetings, or to invite them to webinars or events hosted by UpCloud. We also process personal data relating to any interactions the Partners may have with us, such as communications with our partner team via email or Slack, or submissions through our contact forms.

Personal data of Partners is primarily received directly from the Partners. We may also search potential new Partners from publicly available sources, such as LinkedIn, and contact them. 

In addition, we may process virtual meeting recordings, including video and/or audio, with your prior consent.

Purposes of the processing

We process personal data of Partners to manage and develop our business partnerships and to communicate with our Partners. We may contact Partners to provide them relevant information about our services, to schedule meetings, or to invite them to webinars or events hosted by UpCloud.

Legal grounds for processing

The processing of personal data is based on our legitimate interests to market and promote our services and to improve and develop our service offerings.

(C) Visitors

Personal Data We Collect & Data Sources

We collect personal data of our website Visitors with the help of cookies. Cookies that are not necessary for the provision of the website are created and stored on the basis of the consent given by the Visitor. Visitors can change their consent settings at any time by clicking the “Cookie Settings” button below.

[COOKIE SETTINGS BUTTON]

For more information about cookies used on our website, please see our Cookie Notice https://upcloud.com/global/cookie-policy/

In addition, we utilise hCaptcha security service (hereinafter “hCaptcha“) on our website to help ensure that interactions on our website are from human users and not automated bots. When you access UpCloud’s sites protected by hCaptcha, we may share technical and behavioral data including your IP address, browser and device information, and your patterns of interaction on our site with our hCaptcha provider Intuition Machines, Inc (“IMI”) To the extent that this data is personal data, IMI processes it on UpCloud’s behalf as a Data Processor.

For more information about hCaptcha’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms

Purposes of the processing

We process personal data of our website Visitors in order to provide the website and to analyse its usage, e.g. to understand how the Visitors interact with the website and to gather analytics on the number of visitors and their geographical location. This processing also serves to protect our service from abusive automated crawling, spam, and other forms of abuse that may harm our service or service users.

Legal grounds for processing

The above described processing of personal data is based on:

(i) Our legitimate interest to provide and maintain our website and to protect our service from abuse; and/or

(ii) Your consent (e.g. in case of non-essential cookies).

International Transfers

We store the personal data primarily within the European Union (EU). However, we may transfer the personal data outside the EU or European Economic Area (EEA) in limited cases. This happens in the following cases: 

(a) We share the personal data with our affiliated companies that are located outside the EEA. For example, our support service includes teams based in Singapore and the United States to ensure 24/7 assistance for our customers and users. 

(b) We may share the personal data with our selected business partners located outside the EEA if it is necessary for preparing a joint proposal, managing the customer relationship, or promoting our complementary service offering.

(c) When we use external service providers or vendors that are located outside the EEA to support our operations. For example, we work with payment service providers based outside the EEA to process transactions.

If we transfer personal data outside the EEA, we take steps required by law to ensure that your privacy is protected. This includes us requiring our service providers and vendors to enter into binding contractual commitments with us designed to protect your data and the evaluation of the information security measures undertaken by such service providers and vendors. When we share personal data outside the EEA, we rely on either the Standard Contractual Clauses approved by the EU Commission or EU Commission’s Adequacy Decision, depending on the transfer location. All UpCloud group companies regardless of their location follow the same information security management system that is designed to ensure high level of security and confidentiality of UpCloud’s information assets.

How We Share Personal Data

We may share the personal data with third parties in the following circumstances:

• UpCloud group companies

Your personal data may be shared with or accessed by UpCloud group companies as part of running our business. UpCloud group companies may use your personal data for the purposes defined in this Privacy Notice to enable internal collaboration between our group companies, such as sales and marketing activities, customer relationship management, service provision, customer support services, and the management of our internal IT systems.

• For the provision of UpCloud services, and managing and developing the customer relationship

We share personal data of our Customers, Users and Partners with third-party service providers to the extent necessary to provide our services, to manage the customer relationship and to promote UpCloud services (data storage, analytics, sales, marketing and customer support services). While the customer database is hosted on UpCloud’s own servers within the EU, we use third-party tools for example to facilitate credit card payments and manage the communications between our Support Team and the Customers and Users. 

For payment processing, we collaborate with Apple Pay, Google Payments, PayPal and Sift Science. These providers act as independent controllers for the processing of personal data related to payments and fraud prevention. To understand how they handle your personal data, please refer to their respective privacy notices:

Apple Pay Privacy Notice

Google Payments Privacy Notice

PayPal Privacy Notice

Sift Science Privacy Notice

We have taken appropriate contractual and organisational measures to ensure that the personal data is processed exclusively for the purposes allowed by UpCloud in a secure manner and in accordance with all applicable laws and regulations.

• For legal compliance

We may share the personal data with third parties to comply with our legal obligations:

• • When we have a good faith belief that we have to disclose the information in response to lawful requests by public authorities or law enforcement requirements, or legal process (for example, a court order, search warrant or subpoena), including those arising under the EU Digital Service Act and the EU Terrorist Content Online Regulation.
  • To satisfy any requirements of applicable laws or regulations.
  • Where we believe that any of our property, equipment, data, technology, or other assets, are being used in illegal activities or committing a crime, including to report such criminal activity to the law enforcement, and other security precautions; and to detect, prevent, or otherwise address fraud, security or technical issues.
  • When we have a good faith belief that there is an emergency that poses a threat to your health and safety, to ours or to another person’s health and safety, or the general public.

Where possible, we will inform you in advance about such disclosure and processing.

• For other legitimate reasons

We may share the personal data with third parties if we have a legitimate reason for it:

• • To ensure complementary service offering for our Customers and to be able to respond to tenders, we may share personal data of Customers with our business partners.
  • In case that UpCloud undertakes efforts to engage in a business transition like a merger with or acquisition by another company, or sale of all or part of its assets, we may disclose or transfer relevant information we have, including personal data, to the prospective sellers or buyers in the transaction.

• With your explicit consent

We may share personal data with third parties for other reasons than the ones mentioned above when we have your explicit consent to do so. You have the right to withdraw this consent at all times.

All of our affiliates and third-party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Notice and in accordance with our instructions.

Retention

UpCloud does not store personal data longer than it is legally permitted and what is necessary for the purposes described in this Privacy Notice. The storage period depends on the nature of the information and the purposes of processing.

(A) Users

Typically, we will store User’s personal data for as long as the User is a registered user of our services. We may retain the personal data longer if it is required by law or authorities’ orders, if we have reasonable grounds to believe that it is necessary for investigations relating to illegal or criminal activities or breach of our Terms of Service, and if we need to retain the personal data for internal reporting and reconciliation purposes.

(B) Customers and Partners

We retain the personal data for as long as the customer or partner relationship continues and thereafter for as long as we may need it for internal reporting and reconciliation purposes or to initiate or defend against legal proceedings.

(C) Visitors

You can delete the cookies stored on your device at any time through your browser settings.

Your Rights

You have always the right to:

1. Obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.
2. Request an electronic copy of the personal data for portability.
3. Have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have collected about you corrected or completed.
4. Request restriction of processing of your personal data in the circumstances referred to in Article 18 of the GDPR.

You have also the right to:

1. Request erasure or deletion of your personal data. UpCloud will always respond to your request and inform you whether your personal data will be deleted, or retained despite your request, including reasoning behind the retention.
2. Withdraw your consent at any time, where the processing of your personal data is based on your consent.

Where the processing of your personal data is based on UpCloud’s legitimate interest, you have the right to:

1. Object to the processing of your personal data in the circumstances referred to in Article 21 of the GDPR.

Please note that if you request deletion of or restrictions to the personal data we process about you, we may not be able to provide our services to you.

How to use the rights

If you want to make a request to exercise any of the above rights, please contact UpCloud Support Team at [email protected]. Please include the following information to your request: the full name, company name (if applicable), address, e-mail address, and phone number.

When you exercise your rights, we may need to request additional information from you to verify your identity. This is a security measure to ensure that we do not disclose personal data to any person who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

Direct marketing

Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to opt-out of receiving electronic direct marketing communications from us by using the unsubscribe possibility offered in connection with any direct marketing messages.

Regardless of your possible opt-out, we will use the Customers’ and Users’ email addresses to send occasional communications regarding updates to our services or important information regarding the UpCloud infrastructure.

Lodging a complaint

You have the right to make a complaint at any time to the supervisory authority in your country of residence. List of the EEA supervisory authorities can be found here. The relevant supervisory authority overseeing UpCloud Oy is The Finnish Data Protection Ombudsman. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority. 

Security

We have physical, technical, and organisational measures and procedures in place to safeguard and secure the personal data we collect and process. The measures include, for example, where appropriate, encryption, firewalls, secure facilities and managing access rights to systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our websites, data centres, systems, and other assets for security vulnerabilities.

However, please remember that you as a Customer or User are responsible for the confidentiality and security of the credentials and passwords used to access UpCloud services. To protect your account with an extra layer of security, we encourage you to enable two-factor authentication (2FA).

Updates

We may update this Privacy Notice from time to time by publishing a new version on our website. If we plan to introduce material changes, we will inform you about it in advance.

Questions or Concerns?

If you have any questions about this Privacy Notice or the way UpCloud processes your personal data, please contact UpCloud’s Data Protection Officer at [email protected].