Roftr Clouds Contact us

Data Protection Policy

Last Updated: 16 January 2026

This Data Protection Policy outlines the standards and procedures Roftr Clouds LLP follows to protect personal data of clients, partners and employees, in alignment with global data protection principles.

1. Data Protection Governance

Roftr Clouds LLP has implemented internal governance measures to ensure accountability, compliance and continuous improvement in data protection practices.

Designated Officer:
A designated Data Protection Officer (DPO) oversees implementation, compliance monitoring and internal awareness.

Accountability:
The DPO manages training, audits, and responses to data access, correction or deletion requests as defined in contractual agreements.

2. Security Measures

We implement the following technical and organizational safeguards to protect personal data against unauthorized access, alteration, disclosure or destruction:

Measure
Detail
Encryption
Data in transit is protected using SSL/TLS encryption (HTTPS). Sensitive data is secured using encryption at rest.
Access Controls
Access to systems, code and client data is restricted through role-based permissions and unique credentials, granted strictly on a need-to-know basis.
Security Audits
Periodic security audits and vulnerability assessments are conducted to identify and remediate potential risks.
Staff Training
Employees undergo regular training on secure data handling, confidentiality obligations and incident response procedures.

3. Data Breach Procedure

Roftr Clouds LLP maintains an internal Data Incident Response Plan to manage suspected or confirmed personal data breaches.

  • Detection & Containment: Immediate actions are taken to isolate the incident and prevent further impact.
  • Investigation: The DPO leads an internal assessment to identify cause, scope and affected systems or data.
  • Regulatory Reporting: Where legally required, relevant authorities are notified within prescribed timeframes.
  • Client Notification: Affected clients are informed promptly with details of the incident, potential risks and mitigation steps taken.