TL;DR Summary: We temporarily access only the data required to perform your cloud migration, with enterprise-grade security. Your credentials are deleted post-migration, and we never analyze file contents. This policy complies with UK/EU GDPR, CCPA, and other major privacy frameworks.
1. Introduction
Clover 44 Ltd, trading as B-Legal ("we", "us", or "our"), operates secure cloud migration services for businesses worldwide. This Privacy Policy explains how we collect, use, and protect your information when you use our services to migrate data from platforms like Google Drive or OneDrive to AWS S3.
We are committed to protecting your privacy and handling your data transparently in compliance with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
California Consumer Privacy Act (CCPA)
EU GDPR (via Article 27 representation)
2. Data Collection
We minimize data collection to only what's necessary for your migration:
Essential Information
Contact Details: Your name, business email address, and phone number for service communications
Account Credentials: Temporary read-only access to your source storage (Google Drive, OneDrive etc.) - automatically revoked after migration
File Metadata: Directory structures, file sizes, and types (we never access or analyze file contents)
Financial Information
Bank Details: For UK clients paying via Tide Business Banking (processed directly through your banking portal)
Transaction Records: Payment amounts and dates for accounting purposes
3. How We Use Your Data
All data processing serves specific, limited purposes:
Service Delivery
To perform the contracted cloud-to-cloud migration
To verify successful transfer of all files
To provide post-migration support
Legal & Operational
To generate and store invoices as required by HMRC
To prevent fraud and ensure system security
To comply with lawful requests from authorities
4. Legal Basis for Processing
For EU/UK Clients (GDPR)
Contractual Necessity: Processing required to fulfill our service agreement with you
Legal Obligation: For financial record-keeping and tax compliance
For U.S. Clients
Service Delivery: Under CCPA's "business purpose" provisions
Legal Compliance: For fraud prevention and regulatory requirements
5. Data Security
We implement enterprise-grade protections:
Technical Measures
AES-256 Encryption: All data at rest in AWS S3 buckets
TLS 1.3: Encrypted transfers during migration
Zero Trust Architecture: Strict access controls with multi-factor authentication
Operational Protocols
Automatic credential revocation within 1 hour post-migration
Annual penetration testing by CREST-certified auditors
Staff training on GDPR/CCPA requirements
6. International Data Transfers
For cross-border data flows, we use:
UK Adequacy Decisions: For transfers to the EEA
Standard Contractual Clauses: For other jurisdictions, as approved by the ICO
7. Third-Party Processors
We only engage vetted partners under strict contracts:
AWS: For secure cloud storage infrastructure
Tide Platform: For UK invoice processing (we never see your full banking details)
8. Your Rights
All Clients
Access: Request a copy of your personal data
Rectification: Correct inaccurate information
Erasure: Request deletion where no legal basis for retention exists
California Residents
Know: What personal information is collected
Delete: Personal information (with exceptions)
Opt-Out: Of "sales" of personal information (we don't sell data)
To exercise these rights, email info@b-legal.co.uk with "Privacy Request" in the subject. We respond within 30 days.
9. Data Retention
We only retain data as necessary:
Migration Data: Deleted within 30 days of project completion
Financial Records: 7 years (HMRC requirement)
Contact Information: Until you request deletion or 2 years post-service
10. Policy Changes
We will notify you of material changes via email at least 30 days before implementation. Continued use constitutes acceptance.
11. Contact Us
Data Protection Inquiries:
Clover 44 Ltd T/A B-Legal
Unit 12, North Storage
Bankwood Lane, New Rossington
Doncaster DN11 0PS, UK