Collection of Personal Data Policy

1. Who we are & what we do?

Cloud Managed Data S.A. ( is a privately owned Luxembourgish ICT company located in Luxembourg. offers Managed IT Services as its core contracted services. In order to provide these services as per the conditions outlined in each contract, requires certain personal data.


2. Whose personal data do we collect?  

  • Customers.
  • Users of our Managed ICT Services.
  • Visitors to our website and web portal.
  • Vendors, Suppliers & Service providers.
  • Staff and employment applicants.
  • Potential prospects.


3. Why do we need your personal data?

  • To meet the contractual service level agreements for requested services.
  • To secure customers digital assets.
  • To provide controlled access to Managed ICT Services.
  • To provide proof of access to Managed ICT Services.
  • To verify identity or authorization level enabling us to perform customer requests.
  • To communicate to and between persons and companies for daily business, emergencies and marketing.
  • To analyse website and web portal traffic.


4. What kind of personal data do we collect?

  • First and Last name.
  • Email address.
  • Telephone number.
  • Company name.
  • Company address.
  • Job Title.
  • Access logs of whom and what time the Managed ICT Services were used.
  • Website and web portal analytics.


5. When and how do we collect your personal data?

  • When you enter into a contract with
  • When you engage in communication with via telephone, fax, email or the web portal.
  • When you log-in, connect to and use any Managed IT Services.
  • When you visit our website or fill out any forms on our website/web portal.
  • When you work for us or want to work for us.
  • When you meet us at a trade show or event.
  • When your employer, customer, supplier or business partner etc. provides us your personal data.
  • When you request a quote/offer from us.
  • When you physically visit our premises.


6. When do you give your consent for us to collect your personal data?

By communicating with us, using our web portal, or by using our Managed IT Services. By engaging in communication or requesting a service from you give your consent to process your personal data.


7. Where do we keep your personal data?

Your personal data is stored on paper and/or in digital format on our high availability systems and servers. Our systems and servers are owned by us and are located exclusively in Luxembourg.


8. How long do we keep your personal data?

  • As part of doing business in Luxembourg we comply with the data retention guidelines as retained in the Luxembourg Commercial Code. This is applicable to data used for accounting, financial and contracts etc.
  • Personal data falling within the scope of providing services expires at contract termination unless required by the Luxembourg Commercial Code.
  • Data stored by the customer on Managed IT Services expires at contract termination and is either returned or deleted as per the contract.  All data outside of the above listed conditions expires by default after 2 years.


9. Who is in contact with your personal data?

We share your data only with the applicable staff necessary to provide or support the requested services. Our staff is comprised of, The Wagner Group and our contracted third-party service providers for payroll and legal counsel.

When using our Managed IT Services, the log data generated by your use is shared with the only necessary internal staff to provide security and support for the contracted services. CMD does not share any personal data to any other third parties unless legally obliged to do so. If legally obliged, will notify all affected parties.


10. How do we protect your personal data?

Your data is protected through modern IT security measures in a secure building along with an information security code of conduct.  Our information security measures are state of art and conform to the CNIL guidelines and ISO27002 controls.


11. What do we do in case of a data breach? 

Without undue delay CMD will analyze the breach and notify any applicable parties such as the CNPD and those who are affected. All actions notification details will be in compliance with GDPR articles 33 & 34.


12. What are your rights?

Any person whose personal data has been collected and stored by possesses the rights as indicated in the GDPR articles 15 to 22.

Please note that in the case of requests from persons whose personal data has been given to us by their employer, customer, supplier or business partner etc., we will communicate the request to whom has provided us the personal data.


13. How do you contact us about your personal data?

Any general questions on our policies, our security measures or general data protection inquiries please email

Official requests stemming directly from a GDPR article such as 15 to 22 are to be made via written registered letter with a copy of your ID to and will be processed within one month of receipt.

ATTN: Data Protection Officer
Cloud Managed Data (CMD)
43, rue du Père Raphaël
L-2413 Luxembourg


Version 1.3  |  06/10/2020

+352 27 67 67 67

5, rue Christophe Plantin
L-2339 Luxembourg