Privacy Policy for Clients
We would like to inform you that:
- CloudFerro S.A., seated in Warsaw at ul. Nowogrodzka 31, 00-511 Warsaw is a controller of your personal data (the “controller”)
- With regard to all matters regarding the processing of your personal data and the exercise of your rights connected with the data processing, you can contact our Data Protection Officer at the following email address: iodo@cloudferro.com
- Your personal data will be processed for the following purposes:
- To enter and perform the agreement for rendering services by the controller for you, or the entity represented by you, on the basis of Article 6(1) (b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”);
- To comply with legal obligations to which the controller is subject, which are:
- to observe the representation principles of an entity, with which the controller enters into an agreement, in accordance with the Civil Code and the Commercial Companies Code (if applicable);
- to comply with the accounting rules specified in the Accounting Act; and
- to perform the obligations of the tax remitter to pay advances specified in the Corporation Income Tax Act or the Personal Income Tax Act (Article 6(1)(c) of the General Data Protection Regulation)
- For the purposes of the legitimate interests pursued by the controller or by a third party, for which the controller recognizes:
- a direct offering of its own products and services or its partners (direct marketing), including its selection to suit the client’s needs (i.e. profiling);
- an execution of tasks and performance of obligations connected with conducting your enterprise or the enterprise represented by you;
- the establishment, pursuit and defense against a legal claim;
- prevention of fraud;
- securing information in the event of a legal need to demonstrate facts;
- transfer of data within the controller’s capital group;
- statistics and financial analyses of the controller;
- better selection of services to meet the needs of clients, expansion of the knowledge base regarding clients, improving customers service;
- carrying out customer satisfaction surveys;
- ensuring security of the information and communication environment; and
- using internal control systems (Article 6(1) (f) of the General Data Protection Regulation);
- Your personal data may be received by the following categories of recipients: entities rendering advisory services, audit services, accounting services, tax and legal services, debt collection services, IT services, document archiving and shredding services, marketing services; entities rendering parcel and mail delivery services; entities organizing training sessions and business events; certified accountants in connection with audits; and competent organs of the state administration, in particular tax authorities; courts, bailiffs.
- Your personal data will be stored for a period resulting from the general statute of limitations for legal claims, that is, for ten years from the end of the year in which the agreement for rendering services by the controller will have expired to which an additional 1 year is added to allow for the possibility to address claims raised at the end of the statute of limitations period and possible problems with serving; the calculation of the storage period from the end of a year is to have one date for the removal of personal data for agreements expiring in a given year; the controller can process your personal data for the purpose of direct marketing of services and products until you object (if you do so) to such processing or until the controller establishes that your personal data is outdated;
- You have the right to object to the processing of your persona data for the purposes of direct marketing to the extent that the processing is connected with the direct marketing; if you exercise this right, the controller will cease to process your data for the purpose of direct marketing;
- You have the right to object to the processing of your personal data if the processing is necessary for other purposes resulting from the legitimate interests pursued by the controller; if you exercise this right, the controller will cease to process your data for this purpose unless the controller is able to prove that with respect to your data, there are important and legally-justified basis that override your interests, rights and liberties, or that your personal data will be necessary to possibly establishing, pursuing and defending against a legal claim;
- You have the right to request from the controller access to your data and to obtain its copy; you have the right to request rectification of your personal data, the erasure of personal data, restriction of processing and transfer your data to another controller;
- You have the right to submit a complaint to the President of the Personal Data Protection Office if you recognize that the processing of your personal data infringes the legal provisions regarding the protection of personal data;
- In principle, the provision of your personal data is voluntary but necessary to perform the services agreement, thus if you decide not to provide personal data, the controller will not be able to enter or perform the services agreement; in the event that you act as a body of a legal person or upon the basis of a power of attorney, your provision of the name, surname, and position, and – where applicable – the scope of the power of attorney is a statutory requirement resulting from the Civil Code or the Commercial Companies Code (if applicable); on the other hand, your provision of an address for correspondence and a telephone number is voluntary but necessary for the controller to contact you, among other things, when it is not possible to contact you through the email address you provided.
Warsaw, 18th May 2018
_
Addenum 1
- For the operation of the services, following parties will have access to the personal data, after receiving direct consent from the user:
- ACRI-ST, 06904 Sophia-Antipolis, France
- German Aerospace Center (DLR), 51147 Cologne, Germany
- Sinergise Ltd., 1000 Ljubljana, Slovenia
- RHEA Group, 1300 Wavre, Belgium
- T-Systems International Gmbh, 53838 Bonn, Germany
- VITO, 2400 Mol, Belgium
Warsaw, 15th September 2023