CREODIAS.EU PRIVACY POLICY

When you, as an individual, contact us or use our services, whether you are acting on your own behalf or on behalf of another entity (e.g. your employer, and our client) or when your data has been disclosed to us (e.g. as contact details for the performance of contracts), we process your personal data.

The following information is intended to explain who we are, how we obtain information and what we do with it. If anything is not clear to you or raises any concerns, please contact us.

  1. Who are we and how to contact us?
    1. CloudFerro SA, with its registered office in Warsaw (00-511) at ul. Nowogrodzka 31, is the controller of your personal data (hereinafter Controller) within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter GDPR), in connection with your use of our website, available at: https://creodias.eu/ (hereinafter the Site), to the extent necessary for the provision of the various services offered, as well as for information about your activity on the Site.
    2. Personal data is information about a natural person identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
    3. The following describes the specific principles and purposes of the processing of your personal data collected when you use our Site, enter into a contract with us.
    4. Contact with us is possible:
      1. at the following address: CloudFerro S.A. 31 Nowogrodzka Street, 00-511 Warsaw
      2. on telephone number +48 22 354 65 73,
      3. by email at: info@cloudferro.com.
    5. In matters related to the processing of your personal data, you can also contact our Data Protection Officer, who is Piotr Kociszewski, at the e-mail address: iod@cloudferro.com or by traditional correspondence to our address above.
  1. WHAT DATA DO WE PROCESS?
    1. The extent of the data we process depends on the information you provide to us in connection with your use of the Site or, for example, your employer/principal in connection with the conclusion and performance of a contract.
    2. We obtain this information directly from you or - if you are the designated contact person or you are the person representing our contractor/customer - from other persons, e.g., your employers/contractors.
  1. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
    1. Your provision of personal data is voluntary; however, it may sometimes be necessary for the purposes of our cooperation, e.g., necessary to conclude or perform a contract or to respond to an enquiry or for correspondence. This means that their failure to do so may sometimes constitute grounds for the Controller to refuse to cooperate with you, or for the Controller to take legal action to resolve a possible case.
  1. USE OF THE WEBSITE
    1. We process your personal data left on the Site or provided by you (including your IP address or other identifiers and information collected through cookies or other similar technologies):
      1. for the purpose of providing electronic services in terms of providing you with access to the content collected on the Site - in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR).
      2. for our analytical and statistical purposes, in which case the legal basis for the processing is our legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of user activity as well as user preferences in order to improve the functionalities used and services provided.
      3. for our marketing purposes - the rules for processing personal data for marketing purposes are described in the MARKETING section.
    2. Your activity on the Site, including your personal data, is recorded in system logs (a special computer program used to keep a chronological record containing information about events and activities that relate to the computer system used to provide our services). The information collected in the logs is processed primarily for purposes related to the provision of services. We also process it for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR).
  1. CONTACT FORM
    1. We provide you with the possibility to contact us using an electronic contact form. The use of the form requires the provision of personal data necessary to make contact with you and to respond to your enquiry. The provision of data marked as mandatory is required in order to carry out the requested contact or to address the enquiry, and their failure to do so will result in the impossibility to carry out the requested contact or to handle the enquiry sent. The provision of other data is voluntary.
    2. We process the personal data obtained via the above form:
      1. in order to identify the sender and to handle his/her enquiry sent via the form provided and to respond to the enquiry - the legal basis for the processing of mandatory data is our legitimate interest (Article 6(1)(f) GDPR) in responding to enquiries addressed to us regarding our business activities; as regards data provided on an optional basis, the legal basis for the processing is consent (Article 6(1)(a) GDPR);
      2. for analytical and statistical purposes - the legal basis for the processing is our legitimate interest (Article 6(1)(f) of the DPA), consisting of keeping statistics on the requests made by users through the Website in order to improve its functionality.
  1. E-MAIL OR TRADITIONAL CORRESPONDENCE
    1. When you address us by email or post, correspondence that is not related to the services provided to you or any other contract you have with us, the personal data contained in that correspondence is processed for the sole purpose of communication and resolution of the matter to which the correspondence relates.
    2. The legal basis for the processing is our legitimate interest (Article 6(1)(f) of the GDPR) to deal with correspondence addressed to us in connection with our business activities.
    3. We only process personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a way that ensures the security of the personal data (and other information) it contains and is only disclosed to authorised persons.
  1. CALL
    1. When you contact us by telephone, on matters not related to the contract concluded or the services provided, we may only request your personal data if this is necessary to handle the matter contacted. The legal basis in this case is our legitimate interest (Article 6(1)(f) GDPR) consisting of the need to resolve the reported matter related to our business.
  1. PROCESSING OF PERSONAL DATA OF PERSONS APPOINTED TO CONTACT OR REPRESENT CLIENTS/CUSTOMERS
    1. In connection with the conclusion of contracts in the course of our business, we obtain data from contractors / customers on the persons involved in the conclusion and execution of such contracts (e.g., contact persons, representatives, agents). The extent of the data provided is in each case limited to the extent necessary for the performance of the contract and does not normally include information other than name and business contact details (in the case of contact persons) or name, function, signature, data contained in public records or in the content of a power of attorney (in the case of representatives or agents).
    2. Such personal data is processed for our and our contractor's legitimate interest (Article 6(1)(f) GDPR) in enabling the correct and effective performance of the contract. Such data may be disclosed to third parties involved in the performance of the contract.
    3. The personal data referred to above may also be processed in order to comply with a legal obligation incumbent on us in connection with the obligation to keep books of account and tax settlements, in the case of persons whose data will be contained in documents whose obligation to keep and maintain arises from tax and accounting law - the legal basis for the processing is the legal obligation incumbent on us (Art. 6(1)(c) GDPR).
    4. The data are processed for the period necessary to pursue the above contracts and comply with regulatory obligations.
  1. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE PROVISION OF SERVICES OR PERFORMANCE OF OTHER CONTRACTS
    1. In connection with the conclusion of contracts in the course of our business, we obtain personal data of our contractors / customers. The provision of personal data by the contractor / customer is required in order to conclude and perform a contract with us. Failure to provide data will result in the impossibility of concluding and performing this contract.
    2. Such personal data are processed for the purpose of entering into and performing contracts with us. The legal basis for the processing of personal data is the necessity of the processing for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR). Personal data may also be processed for the purpose of complying with a legal obligation incumbent on us, in connection with the obligation to keep accounts and tax returns - the legal basis for the processing is a legal obligation incumbent on us (Article 6(1)(c) GDPR). Such data may be disclosed to third parties involved in the performance of the contract.
    3. The data are processed for the period necessary to pursue the above interests and comply with regulatory obligations.
  1. MARKETING
    1. We process your personal data in order to carry out marketing activities, which may consist of various analytical and statistical activities, as well as those related to direct marketing of services (sending commercial information by e-mail).
    2. Your personal data may also be used by us to target you with marketing content via email. Such activities are only undertaken by us if you have given us your consent, which you can withdraw at any time.
    3. Your personal data is processed:
      1. for the purpose of sending requested commercial information - the legal basis for the processing is our legitimate interest (Article 6(1)(f) GDPR in connection with the relevant electronic communication legislation) to promote our services in connection with the consented communication channel.
      2. for analytical and statistical purposes - the legal basis for the processing is our legitimate interest (Article 6(1)(f) of the DPA), consisting of conducting analyses of user activity on the Site in order to improve the functionalities used.
  1. SOCIAL NETWORKS
    1. If you visit our social media profiles (X, Facebook, Instagram, YouTube, GitHub), we process your personal data. This data is processed exclusively in connection with the operation of the profile, including to keep you informed about our activities and to promote various events, services, and products. The legal basis for our processing of your personal data for this purpose is our legitimate interest (Art. 6(1)(f) GDPR) in promoting our own brand.

      NOTE: The above information does not apply to the processing of personal data by service Controllers (X, Facebook, Instagram, YouTube, GitHub).
  1. HOW LONG DO WE PROCESS YOUR DATA?
    1. As a general rule, your data will only be processed for as long as is necessary for the purpose for which your data is processed.
    2. The duration of the processing of your data depends on the type of service provided and the purpose of the processing. As a general rule, your data is processed for the duration of the service, until you withdraw your consent or make an effective objection to the processing in cases where the legal basis for the processing is our legitimate interest.
    3. The processing period may be extended if the processing is necessary for the establishment and assertion of possible claims or the defence against claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly deleted or anonymised.
  1. WHO ACTUALLY HAS ACCESS TO YOUR PERSONAL DATA?
    1. Your personal data can only be accessed by:
      1. duly authorised employees or associates of the Controller, who are obliged to keep them confidential and not to use them for purposes other than those for which we obtained your data.
      2. entities that support us in the provision of services, i.e.: consulting, auditing, accounting, tax and legal service providers, debt collection, IT, banking, archiving and document destruction, marketing; entities that provide parcel delivery and postal services, entities that you may use when using our services, i.e., payment processors.
      3. the following entities who are Controller’s partners in developing the Site –when you consent to share your personal data with them:
        • ACRI-ST, 06904 Sophia-Antipolis, France
        • German Aerospace Center (DLR), 51147 Cologne, Germany
        • Sinergise Ltd., 1000 Ljubljana, Slovenia
        • RHEA Group, 1300 Wavre, Belgium
        • T-Systems International Gmbh, 53838 Bonn, Germany
        • VITO, 2400 Mol, Belgium
    1. We may also be obliged to provide certain information to public authorities for the purposes of their investigations. In this case, information shall only be provided if there is an appropriate legal basis for doing so.
    2. All persons who have access to your data are those who need such access in order to carry out certain activities.
  1. YOUR RIGHTS
    1. You have the following rights: to access your data and to receive a copy of your data, to rectify your data, to request erasure of your data, to request restriction of data processing, the right to data portability (when your personal data is processed by us on the basis of consent or for the performance of a contract and, in either case, by automated means).
    2. You also have the right to object to the processing of your data for marketing purposes if the processing is carried out in connection with our legitimate interest and, for reasons relating to your particular situation, in other cases where the legal basis for the processing is our legitimate interest (e.g. in connection with the performance of analytical and statistical purposes).
    3. In order to exercise the above-mentioned rights, please contact us by e-mail at: iod@cloudferro.com or using the contact details indicated in section 1.4.
    4. If you have doubts about the lawfulness of our processing of your personal data, you have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
  1. DATA TRANSFER OUTSIDE THE EEA
    1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we transfer your personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
      1. cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of protection of personal data; in some cases, the European Commission additionally requires such processor to participate in programmes approved by it for entities outside the EEA, the participants of which are obliged to provide personal data with the same protection as they enjoy in the European Union (for details, see  here);
      2. the use of standard contractual clauses issued by the European Commission; together with the required additional security measures, these provide personal data with the same protection as they enjoy in the European Union; model contracts can be found here;
      3. the application of binding corporate rules approved by the competent supervisory authority.
    2. We always inform you of our intention to transfer your personal data outside the EEA at the stage of collection.
  1. SECURITY OF PERSONAL DATA
    1. We carry out risk analysis on an ongoing basis to ensure that we process personal data securely - ensuring, above all, that only authorised persons have access to data and only to the extent that this is necessary for their tasks. We ensure that all operations on personal data are recorded and carried out only by authorised employees and associates.
    2. We take all necessary measures to ensure that our subcontractors and other cooperating entities also provide guarantees that appropriate security measures are applied whenever they process personal data on our behalf.
  1. CHANGES TO THE PRIVACY POLICY
    1. The policy is reviewed on an ongoing basis and updated, as necessary. The current version of the policy has been adopted and is effective as of April 10, 2024.

April 10, 2024, last update May 22, 2024.