Privacy Policy

Privacy policy

This Privacy Policy determines the terms and conditions of using the Website, the cookies and other tracking technologies policy and terms and conditions of Personal data Processing and protection. We ask you to read this Privacy Policy carefully. 

  1. GENERAL PROVISIONS
    • This Privacy Policy sets out the rules for the processing and protection of personal data provided by the Users, as well as cookies, via the website cloudicagroup.com and social media platforms, on which the Controller has its profiles. 
    • The Controller of Personal data is Cloudica Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, al. Jerozolimskie 123A, 02-017 Warsaw, Poland, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Department of the National Court Register, KRS No. 0000691742, NIP [Tax Identification Number] 5272818303, REGON [statistical number] 368107922, with the share capital of PLN 150,000.00. 
    • The Controller reserves the right to change this Privacy Policy at any time, and the User should be familiar with its current content. 

 

  1. DEFINITIONS
    • Privacy Policy: this privacy policy; 
    • The Controller: natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data; 
    • Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
    • Processing: any operation or set of operations which is performed on personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 
    • The User: any natural person who uses the Website or social media profiles of the Controller 
    • The Website: the web page available on cloudicagroup.com 
    • The Form: one of the forms available on the Website enabling the User to contact the Controller, sign up for the Newsletter or recommend someone for job openings of the Controller. 
    • The Newsletter: free service provided by the Controller to the User by sending e-mail messages, in which the Controller informs about its services, products and events relevant to the Controller’s operations. 
    • Social media: websites and applications that enable users to create and share content or to participate in social networking. 
    • Cookies: small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session. 
    • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), pursuant to which the Controller processes Users’ Personal data. 

 

  1. PROCESSING OF PERSONAL DATA

The Personal data is processed for the following purposes and on the following basis: 

    • Correspondence with the User, including answering inquiries and presenting offers, at the request of the User – based on Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract; 
    • Documenting contracts made with Users, who contacted the Controller – based on Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Performance of concluded contracts – based on Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract; 
    • Receiving letters, notifications and requests in electronic form, e.g., complaints and other requests – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Receiving recommendations and concluding agreements in connection with the referral – on the basis of Article 6(1)(b) of GDPR – performing a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract; and on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Making arrangements for meetings, calls and videoconferences – on the basis of Article 6(1)(b) of the GDPR – performing a contract to which the data subject is a party or to act at the request of the data subject before concluding the contract; 
    • Pursuing claims or defending against claims, in accordance with generally applicable provisions of law – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Fulfilling obligations in accordance with applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject; 
    • Creation of registers required by GDPR or other applicable provisions of law – on the basis of Article 6(1)(c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject; 
    • Marketing of Controller’s products and services, including in particular sending marketing information in the form of the Newsletter and analyzing whether the User has read its content and what content the User is most interested in – on the basis of  Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her Personal data for one or more specific purposes; and on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Analytical purposes, including the analysis of Personal data collected automatically when using the Website, such as cookies – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Managing the Website and the Administrator’s profiles on social media platforms – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • Providing information on the social media platforms and interacting with its Users via comments, messages etc. – on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the Controller; 
    • If the User consents to receiving marketing communications to his/her e-mail address and phone number, the legal basis will also be Art. 10 of the Act of July 18, 2002 on the provision of electronic services and art. 172 of the Act of July 16, 2004 – Telecommunications Law. 

 

  1. COLLECTION OF PERSONAL DATA
    • The Controller processes Personal data of Users which have been provided by them via the Forms or during e-mail correspondence and the data which has been collected automatically with the use of cookies or server logs. Other than that, the Controller obtains Personal data of Users of social media platforms on which it has its profiles, when the User interacts with those profiles. 
    • Providing Personal data is voluntary, but failure to provide them will result in the inability to perform actions on the Controller’s Website, in particular sending an inquiry via the Contact Form, subscribing to the Newsletter or sending a recommendation for job openings of the Controller. 

 

  1. RIGHTS OF THE USERS (DATA SUBJECTS)

The GDPR grants the Users (data subjects) the following rights related to processing of personal data: 

    • the right to access their Personal data and receive a copy thereof, 
    • the right to rectify (correct) their Personal data, 
    • the right to delete their Personal data: if in their opinion there are no grounds for us to process your data, the User has the right to request their deletion, 
    • the right to limit Personal data processing – the User can request that the Controller limits the processing of data only to their storage or performance of activities agreed with the User, if in his/her opinion the Controller has incorrect data or processes it unreasonably, 
    • the right to object to the Processing of Personal data – the User has the right to object to the Processing of Personal data on the basis of a legitimate interest; in this case the User should indicate a specific situation that, in his/her opinion, justifies the termination of the processing covered by the objection. The Controller will not continue Processing the Personal data for these purposes unless he proves that the grounds for Personal data Processing override the User’s rights or that the User’s Personal data is necessary for the Controller to establish, assert or defend against claims, 
    • the right to transfer Personal data – the User has the right to receive from the Controller, in a structured, commonly used, machine-readable format, Personal data provided to the Controller on the basis of a contract or consent; the User can order the Controller to send this Personal data directly to another entity, 
    • the right to lodge a complaint to the supervisory body – if the User finds that the Controller is processing Personal data unlawfully, the User may submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority. 

The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 – 21 GDPR. The above-mentioned rights are not absolute and will not apply to all processing of the Users’ data. 

 

  1. WITHDRAWAL OF CONSENT
  • If the User processes Personal data based on consent, such consent may be withdrawn at any time, which will result in the deletion of Personal data that are not processed on another basis and the cessation of activities related to the consent. 
  • The Controller retains the data that might be necessary in order to defend against possible claims for a period consistent with the relevant provisions on limitation periods for claims, especially provisions of Polish Civil Code, and in order to fulfill obligations imposed on the Controller by applicable provisions of law.  

 

  1. TRANSFER TO THIRD COUNTRIES

Personal data covered by the Privacy Policy, especially in terms of the Controller’s social media profiles, the Newsletter and setting up appointments through the Contact Form, may be transferred to third countries by co-controllers or processors. Each time the Controller cooperates with another entity in Processing of Personal data, this entity is carefully checked in terms of compliance with GDPR. 

  • Contact Form 

Personal data of persons contacting the Controller via the Contact Form may be transferred outside the European Economic Area, in particular when using the Hubspot and Calendly applications. Processors, i.e. Hubspot, Inc. and Calendly LLC guarantee an adequate level of Personal data protection, compliant with the GDPR, especially by using Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries. 

  • E-mail correspondence 

Personal data of persons who have contacted the Controller by e-mail may be transferred outside the European Economic Area. In this case, the Personal data is adequately protected – Microsoft Corporation guarantees compliance with EU provisions on the protection of Personal data, in particular the GDPR. The processor uses Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of Personal data to third countries. 

  • Newsletter 

Personal data of persons who have subscribed to the Newsletter via the Controller’s Website may also be transferred outside the European Economic Area. In this case, the Personal data is adequately protected – Hubspot, Inc. and Microsoft Corporation (entities that may transfer Personal data outside the EEA) guarantee compliance with EU provisions on the protection of Personal data, in particular the GDPR. Processors also use Standard Contractual Clauses adopted by the European Commission Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries. 

  • Social media 

Personal data of persons who liked the Administrator’s profile on social media or interacted with them may be transferred outside the European Economic Area via the platforms facebook.com, instagram.com, twitter.com, youtube.com, linkedin.com, medium. com. Meta Platforms Ireland Limited, Twitter, Inc., LinkedIn Ireland Unlimited Company and Adobe Systems Software Ireland Limited guarantee compliance with the GDPR, including by using Standard Contractual Clauses in contracts with processors. According to the documents provided by Google Ireland Limited, this entity complies with the provisions of the GDPR to the full extent. Medium Corporation, on the other hand, guarantees partial compliance with the GDPR – the Controller limited Personal data processing on this platform (data minimization), which allows increasing the security of Users’ Personal data. 

Detailed information available on the Processing of Personal data in cooperation with the above-mentioned platforms is included in the content of the privacy policy of each of the providers of these services, available on their websites: 

Hubspot, Inc.: https://legal.hubspot.com/dpa; 

Calendly LLC: https://calendly.com/dpa; 

Microsoft Corporation: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?year=2021; 

Meta Platforms Ireland Limited: https://pl-pl.facebook.com/privacy/explanation/; 

Twitter, Inc.: https://twitter.com/en/privacy; 

Google Ireland Limited: https://policies.google.com/privacy?hl=pl; 

Linkedin Ireland Unlimited Company: https://pl.linkedin.com/legal/privacy-policy; 

Medium Corporation: https://policy.medium.com/medium-privacy-policy-f03bf92035c9; 

Adobe Systems Software Ireland Limited: https://www.adobe.com/privacy.html; 

 

  1. DATA STORAGE PERIODS

Personal data, to which the Privacy Policy relates, is stored: 

    • until the expiry of the limitation periods for claims arising from specific relationships between the parties, no longer than 6 years from the end of cooperation or settlement of the matter being the subject of contact; 
    • for the duration of the talks and negotiations preceding the conclusion of the contract or its performance; 
    • for the period required by law, including tax law – in relation to Personal data related to the fulfillment of obligations resulting from applicable provisions; 
    • until the objection submitted pursuant to Art. 21 GDPR – in relation to Personal data processed on the basis of the legitimate interest of the Controller, including for purposes of direct marketing; 
    • until the consent is withdrawn or the purpose of processing or business purpose is achieved – in relation to Personal data processed on the basis of consent, subject to other provisions of the Privacy Policy; 
    • until the Personal data lose their usefulness – in relation to data processed for analytical and statistical purposes, use of cookies and administration of social media profiles, not longer than 3 years from their collection; 

The Personal data storage periods indicated in years are counted at the end of each year in which the data processing began. 

 

  1. SOCIAL MEDIA
    • In its operations the Controller uses social media platforms listed in section VII.4. 
    • The Controller processes the Personal data connected to its profiles on social media. For each of the platforms the co-controller is the operator of that platform (social media provider). 
    • The Controller has access to the User’s Personal data made available on social media platforms, on which he possesses his profiles. User’s rights are described in this Privacy Policy. 

 

  1. RECIPIENTS OF PERSONAL DATA

Personal data will be transferred to providers of legal, auditing, accounting, postal services, couriers, banks, as well as IT service providers, including entities based in countries outside the EEA, for which the European Commission has found an adequate level of protection, or with which contracts were concluded according to Standard Contractual Clauses adopted by the European Commission. 

 

  1. TECHNICAL REQUIREMENTS

To use the Website, you need Internet access and Microsoft Edge, Google Chrome, Mozilla Firefox, Safari or any other browser compatible with the Website. To subscribe to the Newsletter or contact the Controller via the Contact Form, you need an active e-mail account. 

 

  1. COOKIES AND OTHER TRACKING TECHNOLOGIES

The Website uses two types of cookies, i.e. persistent and session cookies. Persistent cookies are stored by the browser and remain there for a period determined in their parameters or until they are removed by the User, whereas session cookies are saved until the browser is closed by the User. 

During the first visit to the Website, the information about the use of cookies is shown to the User along with a question about consent to the use of these files. The User can always change cookie settings from your browser or delete cookies altogether. 

Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings. Please remember that disabling or limiting the use of cookies may cause difficulties in using our website, as well as many other websites that use cookies. 

  • The Controller’s cookies 

The Controller uses its own cookies to ensure the proper functioning of the Website. The Controller’s own cookies also store information about the User’s consent to the use of cookies and information about cookie settings defined by you on the Website. 

  • Third Party Cookies 

The Website functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below. 

  • Google Functionalities 

The Website uses Google Analytics and Tag Manager, tools provided by Google Ireland Limited. 

When visiting the Controller’s Website, a Google cookie remarketing file is automatically left on the User’s device, which with the help of a pseudonymous identifier (ID) and based on the pages you visit allows you to display interest-based advertising. 

Further processing of the information takes place only if the User has given consent to Google to link the User’s browsing history and application use to his/her account and to use the information from the User’s Google account to personalize the advertisements displayed on websites. If in this case the User will be logged in when visiting the Website on Google, Google will use the User’s Personal data together with Google Analytics data to create and define lists of target groups for remarketing purposes on various devices. For this purpose, Google combines the temporarily collected information with Google Analytics data to create target groups. 

Google Tag Manager is used to manage website tags via an interface. The use of Google Tag Manager does not involve the storage of cookies or the collection of Personal data. This tool enables the use of other tags that may collect Personal data under certain circumstances. Google Tag Manager does not use this Personal data. If the saving option has been deactivated at the domain or cookie level, this will apply to all tracking tags implemented via Google Tag Manager. 

If you would like to learn more about the Personal data Processing as part of Google Analytics, please familiarize yourself with the information about the tool available here: https://support.google.com/analytics#topic=3544906 

  • Social Media Pixels 

On the Controller’s Website, there are social media pixels available, including Facebook pixel, LinkedIn pixel, Youtube pixel. 

After clicking on the pixel, the User is sent to the social media platform to the Controller’s page. The User can interact with the content shared, e.g. by liking or sharing it. 

In order to analyze the generated traffic and conversion on the Website, the Controller has implemented pixels as part of the Website, which automatically collects information about the User’s use of the Website in terms of pages viewed. 

The information collected as part of pixels is anonymous, i.e. it does not allow us to identify the User. The Controller only knows what activity the User has taken on the Controller’s Website. The Controller can also check the User’s age range, gender, where the User is connecting to the Internet. Tools such as Facebook Insights may also provide us with more information about you, but this is never information that would allow us to identify you. 

However, we would like to inform you that social media platforms may combine the collected information with other information collected about you as part of the User’s use of Facebook and use it for its own purposes, including marketing. 

  • Content from external websites 

The Controller embeds content from external websites on the Website, in particular videos from YouTube. Therefore, Google Ireland Limited cookies related to the YouTube service, including DoubleClick cookies, are used. 

By playing a video or viewing other embedded material, Google receives information about it, even if the User does not have a profile with the given service provider or is not logged in. Such information (along with the User’s IP address) is sent by the browser directly to the server of a given service provider. 

If the User is logged on to the website of a given service provider, this service provider will be able to directly assign a visit to the Website to the User’s profile on a given social network. The purpose and scope of Personal data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings to protect the User’s privacy are described in the privacy policy of individual service providers. 

If the User does not want the service providers to assign the Personal data collected during video playback or reading other content on the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g. blocking scripts. 

YouTube-related cookies are not loaded until the video is played, so if you do not want this to happen, please refrain from watching the video. 

  • Social media tools 

The Website uses plugins and other social tools provided by social media sites. 

By displaying the Website containing such a plug-in, the User’s browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to the User’s browser and integrated with the website. Due to this integration, service providers receive information that the User’s browser has displayed the Website, even if the User does not have a profile with a given service provider or is not currently logged in with him. Such information (along with the User’s IP address) is sent by the User’s browser directly to the server of a given service provider (some servers are in the USA) and stored there. 

If the User is logged in to one of the social networking sites, this service provider will be able to directly assign a visit to the Website to the User’s profile on a given social networking site. 

If you use a given plug-in, for example by clicking on the “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there. 

In addition, this information will be published on a given social network and will appear to people added as the User’s contacts. The purpose and scope of Personal data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings to protect the User’s privacy are described in the privacy policy of individual service providers. 

If the User does not want social networks to assign the data collected during the User’s visit to the Website directly to the User’s profile on a given website, the User must log out of this website before visiting the Website. You can also completely prevent the plug-ins from being loaded on the website by using appropriate extensions for the User’s browser, e.g., blocking scripts. 

  • Server logs 

Using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. 

Logs include IP address, server date and time, information about the web browser and operating system the User uses. Logs are saved and stored on the server. The Personal data stored in the server logs are not associated with specific people using the Website and are not used by us to identify the User. 

The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server. 

Personal data, to which the Privacy Policy relates, is stored: 

 

  1. PROFILING
    • The User’s Personal data will not be used for automated decision-making affecting the rights, obligations or freedoms of the User within the meaning of the GDPR. 
    • The Website uses tracking technologies, such as cookies, with the use of which, the User’s Personal data may be profiled. This kind of profiling allows the Controller to personalize its offer, which is directed to the User. It does not, however, impact the legal situation of the User, and is only aimed at better matching content and advertisement to the User. 

 

14. FINAL PROVISIONS

    • The application of the Privacy Policy shall be govern ed by Polish law. 
    • Any matters not regulated by the Privacy Policy shall be governed by the relevant provisions of the binding law. 
    • The Privacy Policy comes into effect on September 1, 2022. 

Once the above questions have been answered, a disaster recovery and backup readiness index can be calculated based on the following scale: 

  • Level 1: Inadequate – The organization has significant gaps in its disaster recovery and backup posture.  
  • Level 2: Developing – The organization has some disaster recovery and backup processes in place, but significant improvements are needed.  
  • Level 3: Mature – The organization has a mature disaster recovery and backup posture, but there is room for improvement.  
  • Level 4: Robust – The organization has a strong disaster recovery and backup posture and is well-prepared to address potential disruptions.  
  • Level 5: Exceptional – The organization has a comprehensive and mature approach to disaster recovery and backup. 

The disaster recovery and backup readiness index can be calculated by assigning a score of 1-5 to each question based on the level of readiness demonstrated. The scores are then averaged across all questions in each category to determine the readiness level for that category. The overall disaster recovery and backup readiness index is calculated by averaging the readiness levels across all categories. 

Level 1: Basic
You have minimal cybersecurity processes in place and face a high risk of cyberattacks. Immediate attention and significant improvements are necessary to enhance your security posture.

Level 2: Developing
You have some cybersecurity processes in place but require substantial improvements to reach a mature state. You should focus on strengthening your policies, procedures, and security controls.

Level 3: Mature
You have a solid cybersecurity posture, but there is still room for improvement. You should continue enhancing your processes, monitoring capabilities, and incident response practices.

Level 4: Advanced
You have a strong cybersecurity posture and are well-prepared to address potential threats. However, you should remain proactive and stay abreast of emerging threats and technologies to maintain your advanced level of security.

Level 5: Leading
You have a comprehensive and mature approach to cybersecurity. You are a leader in cybersecurity best practices and continually innovate to stay ahead of evolving threats.

Dziękujemy za rejestrację!

Link do webinaru otrzymają Państwo mailowo dzień przed spotkaniem.

23 Marca 2023

10:00 via MS Teams

Tomasz Woźniak

Thank you!

To download our e-book „The best way to Outsource IT Staff” click button below