CREODIAS.EU PRIVACY POLICY
When you, as an individual, contact us or use our services, whether you are acting on your own behalf or on behalf of another entity (e.g. your employer, and our client) or when your data has been disclosed to us (e.g. as contact details for the performance of contracts), we process your personal data.
The following information is intended to explain who we are, how we obtain information and what we do with it. If anything is not clear to you or raises any concerns, please contact us.
- Who are we and how to contact us?
- CloudFerro SA, with its registered office in Warsaw (00-511) at ul. Nowogrodzka 31, is the controller of your personal data (hereinafter Controller) within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter GDPR), in connection with your use of our website, available at: https://creodias.eu/ (hereinafter the Site), to the extent necessary for the provision of the various services offered, as well as for information about your activity on the Site.
- Personal data is information about a natural person identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
- The following describes the specific principles and purposes of the processing of your personal data collected when you use our Site, enter into a contract with us.
- Contact with us is possible:
- at the following address: CloudFerro S.A. 31 Nowogrodzka Street, 00-511 Warsaw
- on telephone number +48 22 354 65 73,
- by email at: info@cloudferro.com.
- In matters related to the processing of your personal data, you can also contact our Data Protection Officer, who is Piotr Kociszewski, at the e-mail address: iod@cloudferro.com or by traditional correspondence to our address above.
- WHAT DATA DO WE PROCESS?
- The extent of the data we process depends on the information you provide to us in connection with your use of the Site or, for example, your employer/principal in connection with the conclusion and performance of a contract.
- We obtain this information directly from you or - if you are the designated contact person or you are the person representing our contractor/customer - from other persons, e.g., your employers/contractors.
- FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
- Your provision of personal data is voluntary; however, it may sometimes be necessary for the purposes of our cooperation, e.g., necessary to conclude or perform a contract or to respond to an enquiry or for correspondence. This means that their failure to do so may sometimes constitute grounds for the Controller to refuse to cooperate with you, or for the Controller to take legal action to resolve a possible case.
- HOW LONG DO WE PROCESS YOUR DATA?
- As a general rule, your data will only be processed for as long as is necessary for the purpose for which your data is processed.
- The duration of the processing of your data depends on the type of service provided and the purpose of the processing. As a general rule, your data is processed for the duration of the service, until you withdraw your consent or make an effective objection to the processing in cases where the legal basis for the processing is our legitimate interest.
- The processing period may be extended if the processing is necessary for the establishment and assertion of possible claims or the defence against claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly deleted or anonymised.
- WHO ACTUALLY HAS ACCESS TO YOUR PERSONAL DATA?
- Your personal data can only be accessed by:
- duly authorised employees or associates of the Controller, who are obliged to keep them confidential and not to use them for purposes other than those for which we obtained your data.
- entities that support us in the provision of services, i.e.: consulting, auditing, accounting, tax and legal service providers, debt collection, IT, banking, archiving and document destruction, marketing; entities that provide parcel delivery and postal services, entities that you may use when using our services, i.e., payment processors.
- the following entities who are Controller’s partners in developing the Site –when you consent to share your personal data with them:
- ACRI-ST, 06904 Sophia-Antipolis, France
- German Aerospace Center (DLR), 51147 Cologne, Germany
- Sinergise Ltd., 1000 Ljubljana, Slovenia
- RHEA Group, 1300 Wavre, Belgium
- T-Systems International Gmbh, 53838 Bonn, Germany
- VITO, 2400 Mol, Belgium
- We may also be obliged to provide certain information to public authorities for the purposes of their investigations. In this case, information shall only be provided if there is an appropriate legal basis for doing so.
- All persons who have access to your data are those who need such access in order to carry out certain activities.
- Your personal data can only be accessed by:
- YOUR RIGHTS
- You have the following rights: to access your data and to receive a copy of your data, to rectify your data, to request erasure of your data, to request restriction of data processing, the right to data portability (when your personal data is processed by us on the basis of consent or for the performance of a contract and, in either case, by automated means).
- You also have the right to object to the processing of your data for marketing purposes if the processing is carried out in connection with our legitimate interest and, for reasons relating to your particular situation, in other cases where the legal basis for the processing is our legitimate interest (e.g. in connection with the performance of analytical and statistical purposes).
- In order to exercise the above-mentioned rights, please contact us by e-mail at: iod@cloudferro.com or using the contact details indicated in section 1.4.
- If you have doubts about the lawfulness of our processing of your personal data, you have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
- DATA TRANSFER OUTSIDE THE EEA
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we transfer your personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
- cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of protection of personal data; in some cases, the European Commission additionally requires such processor to participate in programmes approved by it for entities outside the EEA, the participants of which are obliged to provide personal data with the same protection as they enjoy in the European Union (for details, see here);
- the use of standard contractual clauses issued by the European Commission; together with the required additional security measures, these provide personal data with the same protection as they enjoy in the European Union; model contracts can be found here;
- the application of binding corporate rules approved by the competent supervisory authority.
- We always inform you of our intention to transfer your personal data outside the EEA at the stage of collection.
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we transfer your personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
- SECURITY OF PERSONAL DATA
- We carry out risk analysis on an ongoing basis to ensure that we process personal data securely - ensuring, above all, that only authorised persons have access to data and only to the extent that this is necessary for their tasks. We ensure that all operations on personal data are recorded and carried out only by authorised employees and associates.
- We take all necessary measures to ensure that our subcontractors and other cooperating entities also provide guarantees that appropriate security measures are applied whenever they process personal data on our behalf.
- CHANGES TO THE PRIVACY POLICY
- The policy is reviewed on an ongoing basis and updated, as necessary. The current version of the policy has been adopted and is effective as of April 10, 2024.
April 10, 2024, last update May 22, 2024.