- GENERAL PROVISIONS
- The Controller of Personal data is Cloudica Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, al. Jerozolimskie 123A, 02-017 Warsaw, Poland, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Department of the National Court Register, KRS No. 0000691742, NIP [Tax Identification Number] 5272818303, REGON [statistical number] 368107922, with the share capital of PLN 150,000.00.
- Contact with the Controller is possible via phone +48 22 125 51 24 or e-mail: firstname.lastname@example.org.
- The Controller: natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data;
- Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Processing: any operation or set of operations which is performed on personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- The User: any natural person who uses the Website or social media profiles of the Controller
- The Website: the web page available on cloudicagroup.com
- The Form: one of the forms available on the Website enabling the User to contact the Controller, sign up for the Newsletter or recommend someone for job openings of the Controller.
- The Newsletter: free service provided by the Controller to the User by sending e-mail messages, in which the Controller informs about its services, products and events relevant to the Controller’s operations.
- Social media: websites and applications that enable users to create and share content or to participate in social networking.
- Cookies: small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.
- GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), pursuant to which the Controller processes Users’ Personal data.
- PROCESSING OF PERSONAL DATA
The Personal data is processed for the following purposes and on the following basis:
- Correspondence with the User, including answering inquiries and presenting offers, at the request of the User – based on Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract;
- Documenting contracts made with Users, who contacted the Controller – based on Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Performance of concluded contracts – based on Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract;
- Receiving letters, notifications and requests in electronic form, e.g., complaints and other requests – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Receiving recommendations and concluding agreements in connection with the referral – on the basis of Article 6(1)(b) of GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract; and on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Making arrangements for meetings, calls and videoconferences – on the basis of Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract;
- Pursuing claims or defending against claims, in accordance with generally applicable provisions of law – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Fulfilling obligations in accordance with applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject;
- Creation of registers required by GDPR or other applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject;
- Marketing of Controller’s products and services, including in particular sending marketing information in the form of the Newsletter and analyzing whether the User has read its content and what content the User is most interested in – on the basis of Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her Personal data for one or more specific purposes; and on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Analytical purposes, including the analysis of Personal data collected automatically when using the Website, such as cookies – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Managing the Website and the Administrator’s profiles on social media platforms – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- Providing information on the social media platforms and interacting with its Users via comments, messages etc. – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller;
- If the User consents to receiving marketing communications to his/her e-mail address and phone number, the legal basis will also be Art. 10 of the Act of July 18, 2002 on the provision of electronic services and art. 172 of the Act of July 16, 2004 – Telecommunications Law.
- COLLECTION OF PERSONAL DATA
- Providing Personal data is voluntary, but failure to provide them will result in the inability to perform actions on the Controller’s Website, in particular sending an inquiry via the Contact Form, subscribing to the Newsletter or sending a recommendation for job openings of the Controller.
- RIGHTS OF THE USERS (DATA SUBJECTS)
The GDPR grants the Users (data subjects) the following rights related to processing of personal data:
- the right to access their Personal data and receive a copy thereof,
- the right to rectify (correct) their Personal data,
- the right to delete their Personal data: if in their opinion there are no grounds for us to process your data, the User has the right to request their deletion,
- the right to limit Personal data processing – the User can request that the Controller limits the processing of data only to their storage or performance of activities agreed with the User, if in his/her opinion the Controller has incorrect data or processes it unreasonably,
- the right to object to the Processing of Personal data – the User has the right to object to the Processing of Personal data on the basis of a legitimate interest; in this case the User should indicate a specific situation that, in his/her opinion, justifies the termination of the processing covered by the objection. The Controller will not continue Processing the Personal data for these purposes unless he proves that the grounds for Personal data Processing override the User’s rights or that the User’s Personal data is necessary for the Controller to establish, assert or defend against claims,
- the right to transfer Personal data – the User has the right to receive from the Controller, in a structured, commonly used, machine-readable format, Personal data provided to the Controller on the basis of a contract or consent; the User can order the Controller to send this Personal data directly to another entity,
- the right to lodge a complaint to the supervisory body – if the User finds that the Controller is processing Personal data unlawfully, the User may submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority.
The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 – 21 GDPR. The above-mentioned rights are not absolute and will not apply to all processing of the Users’ data.
- WITHDRAWAL OF CONSENT
- If the User processes Personal data based on consent, such consent may be withdrawn at any time, which will result in the deletion of Personal data that are not processed on another basis and the cessation of activities related to the consent.
- The Controller retains the data that might be necessary in order to defend against possible claims for a period consistent with the relevant provisions on limitation periods for claims, especially provisions of Polish Civil Code, and in order to fulfill obligations imposed on the Controller by applicable provisions of law.
- TRANSFER TO THIRD COUNTRIES
- Contact Form
Personal data of persons contacting the Controller via the Contact Form may be transferred outside the European Economic Area, in particular when using the Hubspot and Calendly applications. Processors, i.e. Hubspot, Inc. and Calendly LLC guarantee an adequate level of Personal data protection, compliant with the GDPR, especially by using Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries.
- E-mail correspondence
Personal data of persons who have contacted the Controller by e-mail may be transferred outside the European Economic Area. In this case, the Personal data is adequately protected – Microsoft Corporation guarantees compliance with EU provisions on the protection of Personal data, in particular the GDPR. The processor uses Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries.
Personal data of persons who have subscribed to the Newsletter via the Controller’s Website may also be transferred outside the European Economic Area. In this case, the Personal data is adequately protected – Hubspot, Inc. and Microsoft Corporation (entities that may transfer Personal data outside the EEA) guarantee compliance with EU provisions on the protection of Personal data, in particular the GDPR. Processors also use Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries.
- Social media
Personal data of persons who liked the Administrator’s profile on social media or interacted with them may be transferred outside the European Economic Area via the platforms facebook.com, instagram.com, twitter.com, youtube.com, linkedin.com, medium. com. Meta Platforms Ireland Limited, Twitter, Inc., LinkedIn Ireland Unlimited Company and Adobe Systems Software Ireland Limited guarantee compliance with the GDPR, including by using Standard Contractual Clauses in contracts with processors. According to the documents provided by Google Ireland Limited, this entity complies with the provisions of the GDPR to the full extent. Medium Corporation, on the other hand, guarantees partial compliance with the GDPR – the Controller limited Personal data processing on this platform (data minimization), which allows increasing the security of Users’ Personal data.
Hubspot, Inc.: https://legal.hubspot.com/dpa;
Calendly LLC: https://calendly.com/dpa;
Meta Platforms Ireland Limited: https://pl-pl.facebook.com/privacy/explanation/;
Twitter, Inc.: https://twitter.com/en/privacy;
Google Ireland Limited: https://policies.google.com/privacy?hl=pl;
Linkedin Ireland Unlimited Company: https://pl.linkedin.com/legal/privacy-policy;
Medium Corporation: https://policy.medium.com/medium-privacy-policy-f03bf92035c9;
Adobe Systems Software Ireland Limited: https://www.adobe.com/privacy.html;
- DATA STORAGE PERIODS
- until the expiry of the limitation periods for claims arising from specific relationships between the parties, no longer than 6 years from the end of cooperation or settlement of the matter being the subject of contact;
- for the duration of the talks and negotiations preceding the conclusion of the contract or its performance;
- for the period required by law, including tax law – in relation to Personal data related to the fulfillment of obligations resulting from applicable provisions;
- until the objection submitted pursuant to Art. 21 GDPR – in relation to Personal data processed on the basis of the legitimate interest of the Controller, including for purposes of direct marketing;
The Personal data storage periods indicated in years are counted at the end of each year in which the data processing began.
- SOCIAL MEDIA
- In its operations the Controller uses social media platforms listed in section VII.4.
- The Controller processes the Personal data connected to its profiles on social media. For each of the platforms the co-controller is the operator of that platform (social media provider).
- RECIPIENTS OF PERSONAL DATA
Personal data will be transferred to providers of legal, auditing, accounting, postal services, couriers, banks, as well as IT service providers, including entities based in countries outside the EEA, for which the European Commission has found an adequate level of protection, or with which contracts were concluded according to Standard Contractual Clauses adopted by the European Commission.
- TECHNICAL REQUIREMENTS
To use the Website, you need Internet access and Microsoft Edge, Google Chrome, Mozilla Firefox, Safari or any other browser compatible with the Website. To subscribe to the Newsletter or contact the Controller via the Contact Form, you need an active e-mail account.
- COOKIES AND OTHER TRACKING TECHNOLOGIES
The Website uses two types of cookies, i.e. persistent and session cookies. Persistent cookies are stored by the browser and remain there for a period determined in their parameters or until they are removed by the User, whereas session cookies are saved until the browser is closed by the User.
- The Controller’s cookies
- Third Party Cookies
- Google Functionalities
The Website uses Google Analytics and Tag Manager, tools provided by Google Ireland Limited.
When visiting the Controller’s Website, a Google cookie remarketing file is automatically left on the User’s device, which with the help of a pseudonymous identifier (ID) and based on the pages you visit allows you to display interest-based advertising.
Further processing of the information takes place only if the User has given consent to Google to link the User’s browsing history and application use to his/her account and to use the information from the User’s Google account to personalize the advertisements displayed on websites. If in this case the User will be logged in when visiting the Website on Google, Google will use the User’s Personal data together with Google Analytics data to create and define lists of target groups for remarketing purposes on various devices. For this purpose, Google combines the temporarily collected information with Google Analytics data to create target groups.
Google Tag Manager is used to manage website tags via an interface. The use of Google Tag Manager does not involve the storage of cookies or the collection of Personal data. This tool enables the use of other tags that may collect Personal data under certain circumstances. Google Tag Manager does not use this Personal data. If the saving option has been deactivated at the domain or cookie level, this will apply to all tracking tags implemented via Google Tag Manager.
If you would like to learn more about the Personal data Processing as part of Google Analytics, please familiarize yourself with the information about the tool available here: https://support.google.com/analytics#topic=3544906
- Social Media Pixels
On the Controller’s Website, there are social media pixels available, including Facebook pixel, LinkedIn pixel, Youtube pixel.
After clicking on the pixel, the User is sent to the social media platform to the Controller’s page. The User can interact with the content shared, e.g. by liking or sharing it.
In order to analyze the generated traffic and conversion on the Website, the Controller has implemented pixels as part of the Website, which automatically collects information about the User’s use of the Website in terms of pages viewed.
The information collected as part of pixels is anonymous, i.e. it does not allow us to identify the User. The Controller only knows what activity the User has taken on the Controller’s Website. The Controller can also check the User’s age range, gender, where the User is connecting to the Internet. Tools such as Facebook Insights may also provide us with more information about you, but this is never information that would allow us to identify you.
However, we would like to inform you that social media platforms may combine the collected information with other information collected about you as part of the User’s use of Facebook and use it for its own purposes, including marketing.
- Content from external websites
The Controller embeds content from external websites on the Website, in particular videos from YouTube. Therefore, Google Ireland Limited cookies related to the YouTube service, including DoubleClick cookies, are used.
By playing a video or viewing other embedded material, Google receives information about it, even if the User does not have a profile with the given service provider or is not logged in. Such information (along with the User’s IP address) is sent by the browser directly to the server of a given service provider.
If the User does not want the service providers to assign the Personal data collected during video playback or reading other content on the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g. blocking scripts.
YouTube-related cookies are not loaded until the video is played, so if you do not want this to happen, please refrain from watching the video.
- Social media tools
The Website uses plugins and other social tools provided by social media sites.
By displaying the Website containing such a plug-in, the User’s browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to the User’s browser and integrated with the website. Due to this integration, service providers receive information that the User’s browser has displayed the Website, even if the User does not have a profile with a given service provider or is not currently logged in with him. Such information (along with the User’s IP address) is sent by the User’s browser directly to the server of a given service provider (some servers are in the USA) and stored there.
If the User is logged in to one of the social networking sites, this service provider will be able to directly assign a visit to the Website to the User’s profile on a given social networking site.
If you use a given plug-in, for example by clicking on the “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
If the User does not want social networks to assign the data collected during the User’s visit to the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g., blocking scripts.
- Server logs
Using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
Logs include IP address, server date and time, information about the web browser and operating system the User uses. Logs are saved and stored on the server. The Personal data stored in the server logs are not associated with specific people using the Website and are not used by us to identify the User.
The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
- The User’s Personal data will not be used for automated decision-making affecting the rights, obligations or freedoms of the User within the meaning of the GDPR.
- The Website uses tracking technologies, such as cookies, with the use of which, the User’s Personal data may be profiled. This kind of profiling allows the Controller to personalize its offer, which is directed to the User. It does not, however, impact the legal situation of the User, and is only aimed at better matching content and advertisement to the User.
14. FINAL PROVISIONS