Your privacy matters to us.

1. Who we are

CMS (Cloud Made Simple) is a managed IT services company providing security, support, cloud infrastructure, and AI automation services to small and medium businesses across Australia, the United Kingdom, and New Zealand. We've been operating since 2007.

For the purposes of data protection law, CMS is the data controller of the personal information we collect through this website.

Our business entities

CMS operates through three legally separate entities, all trading as Cloud Made Simple:

• Australia: Simple iD Pty Ltd · ABN 30 152 432 105 · 11 Orford Street, Moonee Ponds, VIC 3039, Australia
• United Kingdom: Simple iD Limited · Company Number 07820537 · Flat 64 Wilmslow Road, Manchester M14 6AJ, United Kingdom
• New Zealand: Simple iD Limited · Company Number 4395951 · c/- DFK Oswin Griffiths Carlton, Level 4, 52 Symonds Street, Auckland 1010, New Zealand

Contact email for all entities: [email protected]

2. What information we collect

We only collect the information we actually need to do what you're asking us to do. Specifically:

Information you give us directly

• Contact form submissions: first name, last name, business email, company name (optional), the service you're interested in, and the message you send us.
• Booking enquiries: when you book a call via Microsoft Bookings, Microsoft processes your name, email, and chosen time slot.
• Direct emails or phone calls: any information you choose to share when contacting us through these channels.

Information collected automatically

• Technical information: your IP address, browser type and version, operating system, the pages you visit, and the time of your visit. This is collected via standard web server logs.
• Cookies and similar technologies: see our Cookie Notice for full details.

We do not collect special category personal data (such as health information, racial or ethnic origin, religious beliefs, or political opinions) through this website.

3. How we use your information

We use the information we collect for the following purposes:

• To respond to your enquiry or request for information
• To provide you with a quote for our services
• To deliver the services you've engaged us to provide
• To improve our website and services based on how visitors actually use them
• To send you operational communications relating to services you've engaged (e.g. invoices, security alerts, maintenance notices)
• To comply with our legal obligations (e.g. tax records, regulatory reporting)

We will not use your information for marketing communications unless you have explicitly opted in. We will never sell your personal data to third parties.

4. Legal basis for processing

Under UK GDPR and equivalent provisions in Australian and New Zealand law, we process your personal information on one or more of the following legal bases:

• Consent: where you have given us explicit consent (e.g. signing up to a newsletter).
• Contract: where processing is necessary to provide services you've engaged us to deliver.
• Legitimate interests: where we have a legitimate business interest that doesn't override your rights and freedoms (e.g. responding to enquiries, improving our services).
• Legal obligation: where we're required by law to process your information (e.g. tax record-keeping).

5. Who we share information with

We share your information only with carefully chosen third parties who help us run our business. These include:

• Web3Forms: processes our contact form submissions and delivers them to our support inbox.
• Microsoft (Microsoft 365 and Azure): we use Microsoft services for email, calendar, file storage, and our customer booking system.
• Our IT and accounting service providers: we use trusted third-party providers for backup, security monitoring, and bookkeeping.
• Legal and regulatory authorities: we may share information where required by law, court order, or to protect our legal rights.

All third-party providers we use are bound by confidentiality obligations and may only use your information for the specific purposes we've engaged them for.

6. International data transfers

Because CMS operates across Australia, the UK, and New Zealand, your personal information may be transferred between these countries. We may also use cloud-based services (such as Microsoft 365 and Web3Forms) where data may be processed outside your country of residence.

Where personal data is transferred outside the country in which you reside, we ensure appropriate safeguards are in place, including standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

7. How long we keep your data

We keep your personal information only as long as we reasonably need it for the purposes we collected it for, or as required by law:

• Contact form enquiries that don't lead to engagement: 24 months from last contact.
• Customer records: for the duration of our service relationship, plus 7 years for tax and regulatory purposes.
• Web server logs: typically 90 days.
• Cookies: see our Cookie Notice.

8. Your rights

Depending on which country you're in, you have various rights regarding your personal data. These include:

• Right to access: request a copy of the personal data we hold about you.
• Right to correction: ask us to fix inaccurate or incomplete data.
• Right to deletion ("right to be forgotten"): ask us to delete your data, subject to legal exceptions.
• Right to object: object to our processing of your data based on legitimate interests.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.
• Right to lodge a complaint: with the relevant data protection authority (see Contact section).

To exercise any of these rights, please email us at [email protected] with the subject "Privacy Request". We'll respond within 30 days.

9. How we protect your data

We take data security seriously — it's literally our job. We protect your data with:

• Encrypted connections (HTTPS) for all data transmitted to and from our website
• Access controls and multi-factor authentication on our internal systems
• Regular security audits and penetration testing of our infrastructure
• Staff training on data protection and information security
• Documented incident response procedures in case of a data breach

In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

10. Children's privacy

Our services are aimed at businesses, not individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we do, we'll update the "Last updated" date at the top. If the changes are significant, we'll notify you directly (where we have your contact details) before they take effect.

12. Contact and complaints

If you have questions about this policy, or want to exercise any of your rights, please contact us at:

• Email: [email protected]
• Subject line: "Privacy Request"

If you're not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your country:

• Australia: Office of the Australian Information Commissioner (OAIC) – oaic.gov.au
• United Kingdom: Information Commissioner's Office (ICO) – ico.org.uk
• New Zealand: Office of the Privacy Commissioner – privacy.org.nz