Who actually does have access to the data or the hardware the data is stored on Cloud?

This will be determined by the nature of the cloud service offering one select. A cloud service provider will almost certainly have access to the hardware on which data is stored, but one effect of virtualized storage is that access to hardware generally does not by itself provide logical access to stored data. It is the contracts with your preferred cloud service providers limit access to authorized personnel and provide for specific procedures to be followed (and strict limitations governing)  when preferred cloud service provider personnel or contractors access your data. No matter where your data is stored or accessible, it is always possible that a regulator or court of competent jurisdiction might attempt to access data (a) maintained on a service provided by a cloud service provider that is within its jurisdiction, (b) accessible by a cloud service provider or third party within its jurisdiction or (c) maintained on computing equipment within its jurisdiction.

In appropriate circumstances, where particularly sensitive data is involved, you may wish to consider encrypting cloud-based data using strong encryption with keys that you, rather than the cloud service provider  maintain.