Policy- Rights - Laws

Your California Privacy Rights

Last Updated: July 31, 2025

This notice supplements the information contained in the Cloud Media and Management Privacy Policy and applies solely to our users, freelancers, clients, and others who reside in the State of California. We adopt this notice to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Any terms defined in the CCPA/CPRA have the same meaning when used in this notice.

Your Rights and Choices

The CCPA/CPRA provides California residents with specific rights regarding their personal information. This section describes your rights and explains how to exercise them.

1. Right to Know and Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Upon receiving and verifying your request, we will disclose to you:

  • The categories of personal information we have collected about you.

  • The categories of sources from which the personal information was collected.

  • Our business or commercial purpose for collecting, "selling," or "sharing" that personal information.

  • The categories of third parties to whom we disclose that personal information.

  • The specific pieces of personal information we have collected about you.

2. Right to Delete

You have the right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

3. Right to Correct Inaccurate Information

You have the right to request that we correct any inaccurate personal information we maintain about you. Upon receiving and verifying your request, we will use commercially reasonable efforts to correct the information as you have directed.

4. Right to Opt-Out of the "Sale" or "Sharing" of Personal Information

You have the right to direct us not to "sell" or "share" your personal information at any time. We do not "sell" personal information in the traditional sense for monetary value. However, the use of certain advertising and analytics cookies may be considered a "sale" or "sharing" under California law.

To opt-out of the "sale" or "sharing" of your personal information, please visit our privacy management link below.

[Do Not Sell or Share My Personal Information - Link]

We do not knowingly sell or share the personal information of consumers under 18 years of age.

5. Right to Limit Use of Sensitive Personal Information

You have the right to request that we limit the use and disclosure of your sensitive personal information. Please note that Cloud Media and Management only collects and uses sensitive personal information as necessary to perform the services you have requested (e.g., payment processing information) or as otherwise permitted by law.

6. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, provide a different level or quality of service, or suggest that you may receive a different price or quality of service for exercising your rights.

How to Exercise Your Rights

To exercise the rights to know, delete, or correct described above, please submit a verifiable consumer request to us by:

  • Emailing us at: privacy@cloudmediaandmanagement.com

  • Writing to us at: Cloud Media and Management, Attn: Privacy, 123 Business Park Dr, Arroyo Grande, CA 93420

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. We will need to verify your identity before processing your request.

"Shine the Light" Law

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users who are California residents to request a list of all third parties to which we have disclosed certain personal information during the preceding year for those third parties’ direct marketing purposes. To make such a request, please contact us at privacycloudmandM@gmail.com with "Shine the Light Request" in the subject line.

Cloud Media and Management Global Data Processing Agreement

This Global Data Processing Agreement (the “DPA”) is entered into by the Client agreeing to these terms (“Client”), and Cloud Media and Management or any other entity that directly or indirectly controls, is controlled by, or is under common control with Cloud Media and Management (as applicable, “Cloud Media and Management”) (each, a “party” and collectively, the “parties”).

The parties have entered into a services agreement under which Cloud Media and Management has agreed to provide a platform where Clients and Freelancers can connect to buy and sell professional services online (the “Service”) to the Client (as amended from time to time, the “Agreement”).

This DPA applies to the extent Cloud Media and Management processes any personal data governed by applicable data protection laws on your behalf in your role as a Client. This DPA, including its appendices, supplements the Agreement. To the extent of any conflict or inconsistency between this DPA and the remaining terms of the Agreement, this DPA will govern.

1. Introduction

This DPA reflects the parties’ agreement regarding the processing and security of Client Data under the Agreement.

2. Definitions

The terms “personal data”, “data subject”, “processing”, “controller”, “processor”, and “supervisory authority” have the meanings given in the GDPR. Unless stated otherwise:

  • “Client Account Data” means personal data related to the Client’s relationship with Cloud Media and Management, including the names and contact information of individuals authorized by the Client to access the Client’s account.

  • “Client Personal Data” means the personal data contained within the Client Data.

  • “Client Data” means the data entered into the Service by or on behalf of any End User, but excludes Client Account Data.

  • “Data Incident” means a breach of Cloud Media and Management’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Client Data on systems managed or controlled by Cloud Media and Management.

  • “European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the UK GDPR.

  • “GDPR” means Regulation (EU) 2016/679.

  • “EU SCCs” means the Standard Contractual Clauses approved by the European Commission in decision 2021/914.

  • “Notification Email Address” means the contact email address you provided to Cloud Media and Management for receiving official notices.

  • “Subprocessors” means third parties authorized under this DPA to process Client Data to provide parts of the Service. For clarity, freelancers that Clients engage via Cloud Media and Management are not Subprocessors under this DPA.

  • “UK IDTA” means the International Data Transfer Agreement or the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner's Office.

3. Duration of this DPA

This DPA will remain in effect until, and automatically expire upon, the deletion of all Client Data by Cloud Media and Management as described in this DPA.

4. Processing of Data

We don’t sell your information nor do we give out any personal data. All information given is with permission to be shared by all parties. You can opt out at any point this will result in some situations with freelancers or sales will result in departure in working with Cloud Media and Management.

4.1 Roles and Responsibilities

The parties acknowledge and agree that for the purposes of European Data Protection Legislation:

  • The Client is the controller (or a processor, as applicable) of the Client Personal Data.

  • Cloud Media and Management is the processor (or a subprocessor, as applicable) of the Client Personal Data.

  • Each party will comply with its respective obligations under applicable data protection laws.

4.2 Scope of Processing

Cloud Media and Management will process Client Personal Data only in accordance with the Client’s lawful instructions, which include providing and optimizing the Service and as documented in the Agreement and this DPA. The subject matter and details of the processing are described in Appendix 1.

5. Data Deletion

5.1 Deletion by Client

During the Term, Cloud Media and Management will enable the Client to delete Client Data in a manner consistent with the functionality of the Service.

5.2 Deletion on Termination

Upon the expiration of the Term, the Client instructs Cloud Media and Management to delete all Client Data from its systems. Cloud Media and Management will comply with this instruction as soon as reasonably practicable, unless applicable law requires storage. The Client is responsible for exporting any Client Data it wishes to retain before the Term expires.

6. Data Security

6.1 Security Measures

Cloud Media and Management will implement and maintain appropriate technical and organizational measures designed to protect Client Data against security incidents. These measures are described in Appendix 2 (“Security Measures”).

6.2 Data Incidents

If Cloud Media and Management becomes aware of a Data Incident, it will: (a) notify the Client at the Notification Email Address promptly and without undue delay; and (b) take reasonable steps to minimize harm and secure the Client Data.

6.3 Client’s Responsibilities

The Client is solely responsible for its use of the Service, including securing its account credentials and making appropriate use of the Service to ensure a level of security appropriate to the risk in respect of the Client Data.

6.4 Audits

If European Data Protection Legislation applies, Cloud Media and Management will allow the Client or its appointed independent auditor to conduct audits to verify compliance with this DPA, subject to reasonable advance notice, confidentiality obligations, and cost coverage by the Client.

7. Data Subject Rights

Cloud Media and Management will enable the Client to access, rectify, and restrict the processing of Client Data. If Cloud Media and Management receives a request from a data subject regarding their personal data, it will advise the data subject to submit their request to the Client. The Client is responsible for responding to such requests.

8. International Data Transfers

Cloud Media and Management may store and process Client Data in any location where it or its Subprocessors maintain facilities. Where required by European Data Protection Legislation, data transfers will be governed by the EU SCCs or the UK IDTA, which are incorporated into this DPA and are deemed completed as specified in the original agreement text, with Ireland selected for governing law and jurisdiction.

9. Subprocessors

The Client provides general authorization for Cloud Media and Management to engage its Affiliates and other third parties as Subprocessors. Information about current Subprocessors is available upon request. Cloud Media and Management will provide the Client with advance notice of any new Subprocessors and give the Client an opportunity to object.

  • To request subprocessor information, please email: privacy@cloudmediaandmanagement.com

  • To object to a new subprocessor, please email: legal@cloudmediaandmanagement.com

10. Liability

The total combined liability of either party and its Affiliates under or in connection with the Agreement and this DPA will be limited to the liability cap specified in the main Agreement.

11. Contact Information

For privacy inquiries related to this DPA, please contact Cloud Media and Management at: