(+48) 22 276 22 00

Privacy Policy

The Ucloud privacy policy describes the principles of personal data processing, use of cookies and data protection.

Test us

PRIVACY AND COOKIES POLICY
FIBERAX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

When, as a natural person, you contact us, use our services, act on behalf of our contractor or client, or when we have obtained your Personal Data from other sources (e.g. from publicly available industry websites or when your data has been disclosed to us as contact details for the performance of agreements), we begin processing your Personal Data. We treat all information concerning you responsibly and in accordance with applicable law – in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).

The purpose of the information below is to explain who we are, how we obtain information, and what we do with it in the course of business, commercial and marketing relationships, as well as in connection with your contact with us. If anything is unclear or raises any doubts, please contact us.

  1. WHO ARE WE?

The controller of your Personal Data is Fiberax Sp. z o.o., with its registered office in Warsaw, ul. Puławska 405a lok. 303, 02-801 Warsaw, NIP: 9512571325, REGON: 525646336, entered in the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0001043360, share capital: PLN 1,000,000.00 (hereinafter the “Controller”).

The Controller has appointed a Data Protection Officer, attorney-at-law Grzegorz Leśniewski, who can be contacted at: gdpr@ucloud.eu

  1. BASIC DEFINITIONS

Personal Data – all information that we process about you, such as your first name, surname, e-mail address, etc.;

Processing – all actions we perform on your Personal Data, such as collecting, storing, updating, deleting;

Contractor – a consumer, a natural person conducting business activity, a legal person, or another organisational unit with whom the Controller establishes a business relationship;

Representative – a member of a governing body, representative or attorney of the Contractor with whom the Controller has entered into an agreement for the purpose of implementing cooperation;

Contact Person – any natural person who contacts employees, representatives or attorneys of the Controller in order to establish or implement business cooperation; in particular, a Contact Person may be an employee of the Contractor or another person designated by the Contractor or acting on its behalf.

Website – the Controller’s website available at: https://ucloud.eu/

Cloud – an organised ICT system consisting in particular of computer hardware, software and telecommunications links, used by us to provide services.

III. PROCESSING OF PERSONAL DATA OF REPRESENTATIVES OR CONTACT PERSONS OF A CONTRACTOR – PURPOSES AND LEGAL BASES FOR PROCESSING

If you are our Contractor or a Representative, we may process your identification data, contact data, and data related to the performance of the agreement by you, i.e. in particular your first name and surname, the name of the employing entity, contact telephone number, e-mail address, your position/authorisations held, and our possible correspondence. If you are a party to an agreement concluded with us, we will also process your registration data and data relating to our settlements.

We process Personal Data for the purpose of proper performance of the agreement concluded between us and the Contractor, including documenting its conclusion and identifying persons authorised to perform tasks specified in the agreement. This is necessary to pursue the legitimate interests of the controller (Article 6(1)(f) GDPR), namely performance of the agreement with our Contractor. If, as a natural person, you are a party to an agreement concluded with us, your Personal Data will be processed by us for the purpose of performance of that agreement (Article 6(1)(b) GDPR).

Additionally, where your Personal Data is processed for the purpose of:

  1. fulfilling the legal obligations of the controller (e.g. tax, accounting obligations), the legal basis for processing your data is compliance with legal obligations imposed on the controller (Article 6(1)(c) GDPR);
  2. statistical, analytical and marketing purposes, the legal basis for such processing is the legitimate interest of the controller (Article 6(1)(f) GDPR); in the case of processing for marketing purposes, the legitimate interest arises from the fact that you have granted consent to be contacted for marketing purposes through a specific communication channel;
  3. establishing, pursuing or defending against potential claims, the legal basis for processing your data is our legitimate interest (Article 6(1)(f) GDPR).

We obtained your data directly from you or from your employer/entity for which you act as a Representative. Disclosure of Personal Data is voluntary, but providing it is a condition enabling conclusion of the agreement or allowing you to perform tasks specified in the agreement (failure to provide it will prevent our cooperation).

Information on recipients of your Personal Data is described in detail in Section IX below.

The rights to which you are entitled in connection with the processing of your Personal Data are described in detail in Section XI below.

  1. BUSINESS RELATIONSHIPS – PURPOSES AND LEGAL BASES FOR PROCESSING

The scope of data we process depends on what information you or, for example, your employer provide to us, the form of contact you choose, and what information is necessary in connection with our relationship – this includes mainly the content of documents, the content of our correspondence/communication, and possibly other information that we have obtained from publicly available sources related to our business relationship (e.g. industry portals).

This includes in particular:

  1. identification data, including first name and surname;
  2. contact data, including correspondence address, telephone number, e-mail address or other contact details.

If you use our helpline, electronic communicators or e-mails, we will process data identifying you (respectively e.g. telephone number, e-mail address, IP number), communication metadata (e.g. date of contact, call duration), and the content of our communication (e.g. chat history, e-mail content, recording of a phone call, if you have been informed of this in advance). We process the above information in order to respond to your inquiries, improve our communication, improve customer service quality, as well as for the marketing of our services and concluding an appropriate agreement with you.

The legal basis for these activities depends on the context of the communication. If these are general inquiries or conversations, the basis will be our “legitimate interest” as the Controller (resulting from the purposes indicated above; Article 6(1)(f) GDPR). However, if the inquiry aims at concluding an agreement or is related to an agreement already concluded, the legal basis will be “taking steps at the request of the data subject prior to entering into a contract” or the necessity to perform the contract (Article 6(1)(b) GDPR).

Some of your data may have been obtained from you during a conference or industry event attended by our representatives, or from the organiser of such event. In such a case, data from a business card, inquiry or participant list are processed in our database in order to send you information that was of interest to you, respond to your inquiry and conduct future correspondence/contact on the matter, or to send a thank-you message for a meeting or participation in the event. In such cases, the legal basis for our actions is our legitimate interest (Article 6(1)(f) GDPR).

Regardless of the above, your Personal Data, i.e. mainly your first name, surname and correspondence address or, where applicable, e-mail address, may be used by us to send you occasional correspondence (e.g. holiday greetings) or to contact you regarding promotion of the Controller’s products or services. The legal basis for processing your Personal Data for this purpose will be our legitimate interest (Article 6(1)(f) GDPR), consisting in maintaining our relationship, building a positive image of the Controller, and marketing its products or services.

Additionally, where your Personal Data is processed for the purpose of:

  1. defending against potential claims and pursuing claims, the legal basis for processing your Personal Data for this purpose is our legitimate interest (Article 6(1)(f) GDPR);
  2. fulfilling the legal obligations of the controller (e.g. tax, accounting obligations), the legal basis for processing your Personal Data for this purpose is compliance with legal obligations imposed on the controller (Article 6(1)(c) GDPR).

In all cases, we send commercial information to electronic addresses (e-mail/telephone) only if you have given prior consent.

Data collected solely in connection with ongoing contact, if you are not our Contractor, are stored depending on the category of the information concerned: for a period of 2 years (more detailed inquiries and conversations that may be relevant to our future contact), or until the limitation period for potential claims expires.

Providing Personal Data by you is voluntary; however, in some cases it may be necessary for purposes related to our cooperation, e.g. to conclude or perform an agreement, respond to an inquiry, or conduct correspondence. This means that failure to provide such data may in some situations result in the Controller refusing to establish cooperation or taking legal steps to terminate a possible agreement.

Where processing is based on consent, please note that you may withdraw the consent previously given at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. If your data are processed on the basis of the controller’s legitimate interest, you have the right to object to such processing.

Information on recipients of your Personal Data is described in detail in Section IX below.

The rights to which you are entitled in connection with the processing of your Personal Data are described in detail in Section XI below.

  1. USE OF OUR SERVICES – PURPOSES AND LEGAL BASES FOR PROCESSING

Once you start using our services, in addition to the data we may process in accordance with Sections III and IV above, we also process information related to the provision of our services, such as usage data, data on the manner in which services are used, the course of performance of the agreement, as well as your possible communication with us. The purpose and legal basis for this processing is proper performance of the agreement concluded (Article 6(1)(b) GDPR) – e.g. adjusting infrastructure parameters, generating settlements. The scope of data that we may process also results, in addition to the GDPR, in particular from Article 18 of the Act on the Provision of Services by Electronic Means.

Regardless of the above, we may also analyse information on traffic to/from your virtual machines made available to you, for the purpose of ensuring Cloud security and preventing abuse. In such a case, the legal basis for our actions is our legitimate interest (Article 6(1)(f) GDPR).

Some information is processed in order to fulfil obligations imposed by law – this mainly applies to data relating to our settlements (tax regulations; Article 6(1)(c) GDPR).

As a rule, we do not analyse or review the content that you store on our servers. Moreover, such actions will be impossible for us if you properly encrypt your data.

Information on recipients of your Personal Data is described in detail in Section IX below.

The rights to which you are entitled in connection with the processing of your Personal Data are described in detail in Section XI below.

  1. PROCESSING OF JOB APPLICANTS’ DATA – PURPOSES AND LEGAL BASES FOR PROCESSING

If you wish to work with us, the scope of Personal Data that we process depends on what information you provide in your application – this includes the content of documents, information on how they were submitted, as well as the content of our possible further communication and conclusions from the recruitment process.

Please note that if the position you apply for involves concluding an employment contract, we are entitled to require you to provide the data listed in Article 22¹ of the Polish Labour Code, and to document such data to the extent necessary to confirm them, i.e.:

  1. first name(s) and surname,
  2. date of birth,
  3. contact details,
  4. education,
  5. professional qualifications,
  6. employment history,
  7. other data if they are necessary to exercise a right or fulfil an obligation resulting from a legal provision.

Failure to provide the above data may result in our inability to assess your application and, consequently, refusal to include you in the recruitment process or employ you. However, as regards data going beyond the scope resulting from the Labour Code, such data are provided by you voluntarily, which means that refusal to consent to their processing will not entail negative consequences.

In the case of recruitment for a position where the basis of cooperation between us will be an employment contract, the legal basis for processing your Personal Data will be:

  1. with regard to categories of data required by Article 22¹ § 1, 2 and 4 of the Labour Code, compliance with legal obligations incumbent upon us in connection with the recruitment process (Article 6(1)(c) GDPR) and taking steps at your request prior to entering into an employment contract (Article 6(1)(b) GDPR);
  2. with regard to other data – your consent expressed by including in your application Personal Data to a broader extent than required by law (Article 6(1)(a) GDPR) and taking steps at your request prior to entering into an employment contract (Article 6(1)(b) GDPR).

In the case of recruitment for a position where the basis of cooperation will be a civil law contract (e.g. mandate contract or B2B agreement), the legal basis for processing your data will be taking steps at your request prior to entering into a contract (Article 6(1)(b) GDPR) or your consent (Article 6(1)(a) GDPR).

In every case, the purpose of processing is:

  1. to assess your candidacy against the requirements for the position indicated in the job advertisement to which you responded, or, as applicable, to conduct future recruitment processes for similar positions;
  2. if you meet the requirements for the position – to present you with an offer of cooperation and conclude an agreement;
  3. to demonstrate compliance of the recruitment process with legal requirements.

We may also process your data for statistical purposes or in connection with the defence against claims. In such a case, the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR).

If you have consented to participation in future recruitment processes, the legal basis for our processing of your Personal Data will be your consent (Article 6(1)(a) GDPR).

Where processing is based on consent, please note that you may withdraw the consent previously given at any time, without affecting the lawfulness of processing already carried out on that basis. Refusal to grant consent or its withdrawal may not constitute grounds for adverse treatment and will not result in any negative consequences, in particular it will not constitute a reason justifying refusal of employment.

If we process your Personal Data in connection with a single recruitment process, it will be deleted no later than 6 months after the end of the recruitment process understood as conclusion of an agreement with another candidate. This period allows completion of the trial period and confirmation that the position has indeed been effectively filled.

Data processed on the basis of consent for future recruitment will be processed until such consent is withdrawn or until the purpose for which it was given has been fulfilled (i.e. your employment), but no longer than 2 years from the date you granted consent.

The above periods may be appropriately and necessarily extended in the event of potential claims and court proceedings – for the duration of such proceedings and their settlement – as well as where legal provisions require us to process such data for a longer period in specific cases.

Information on recipients of your Personal Data is described in detail in Section IX below.

The rights to which you are entitled in connection with the processing of your Personal Data are described in detail in Section XI below.

VII. PROCESSING OF EMPLOYEES’ AND CO-WORKERS’ DATA – PURPOSES AND LEGAL BASES FOR PROCESSING

If you are a member of our team, regardless of the legal basis of our cooperation, we process your Personal Data.

The scope of Personal Data that we process depends on the legal basis of our cooperation (e.g. employment contract or another civil law contract), as well as what information you provided to us in connection with the conclusion of the agreement and during its term – this includes in particular the content of documents and the content of our possible communication.

Where the basis of our cooperation is an employment contract, we process in particular the Personal Data indicated in Article 22¹ § 1 and 3 of the Labour Code, collected at the recruitment and employment stage, i.e.:

  1. first name(s) and surname,
  2. date of birth,
  3. contact details,
  4. education data,
  5. professional qualification data,
  6. employment history,
  7. residential address,
  8. PESEL number, and if unavailable – the type and number of an identity document,
  9. other Personal Data, including the Personal Data of your children and other immediate family members – where provision of such data is necessary for you to exercise specific rights under labour law,
  10. bank account number, unless you have requested payment of remuneration in cash.

As a rule, we may also process other Personal Data if they are necessary to exercise a right or fulfil an obligation resulting from a legal provision, you have consented to this, or we have a legitimate interest in doing so.

Additionally, the scope of Personal Data processed by us includes information resulting from your employment contract, including your position, remuneration, place of work, working time, commencement date, as well as data arising in the course of employment concerning, among other things, the timing and duration of annual leave, maternity leave, parental leave, childcare leave, sick leave, accidents at work, additional benefits or evaluation of your work. In order to enable you to exercise your rights related to your life or family situation (e.g. payment of sick pay, etc.) and in order to fulfil our statutory obligations, we may process your “sensitive” Personal Data that you have disclosed to us in connection with such entitlement.

If the basis of our cooperation is another civil law contract, e.g. mandate contract, contract for specific work, or service agreement in a B2B relationship, then, as a rule, in practice the scope of data collected by us is analogous to the above, adjusted as appropriate depending on the content of the cooperation relationship between us and the obligations of the parties (in every case, however, we collect only data necessary for proper performance and settlement of the agreement).

Where the basis of our cooperation is an employment contract, providing the Personal Data required by the Labour Code and other data necessary to exercise a right or fulfil an obligation resulting from law is necessary for its conclusion and lawful performance. Providing other Personal Data (not required by law), or where another civil law contract exists between us, is voluntary, although sometimes it may be necessary for purposes related to our cooperation.

This means that failure to provide the above data may constitute grounds for our refusal to establish cooperation, taking steps to terminate the agreement, or refusal to grant certain benefits.

In every case where the basis for our processing of your Personal Data is or may be your consent, lack of consent or its withdrawal will not be grounds for adverse treatment and will not result in any negative consequences for you, in particular it will not constitute a reason justifying refusal of employment, termination of your employment contract, or termination without notice by us.

We process your Personal Data for purposes necessary for employment performance (management of the employment relationship or another type of cooperation established), i.e. mainly for the organisation of work and business trips, payment of remuneration, enabling you to exercise your specific rights and benefits, fulfilling legal requirements including tax and social insurance obligations, and fulfilling other requirements imposed by internal regulations in connection with employment.

The legal basis for processing your Personal Data is primarily:

  1. the agreement binding us (Article 6(1)(b) GDPR), and
  2. compliance with a legal obligation incumbent upon us (Article 6(1)(c) GDPR) – with regard to Personal Data whose collection and storage is required by generally applicable law, e.g. tax and accounting law, personnel file regulations, or payment obligations towards the Social Insurance Institution (ZUS), in particular the Labour Code (unless the basis of our cooperation is a contract other than an employment contract), implementing acts, tax laws and social insurance regulations (in the case of “sensitive” data in this context, the legal basis is the necessity for carrying out obligations and exercising specific rights by us or by you (Article 9(2)(b) GDPR)).

Sometimes we may process Personal Data exceeding the scope indicated above, e.g. your image, if you voluntarily disclosed it during and in connection with our cooperation. In such a case, the legal basis for processing may be your consent (Article 6(1)(a) GDPR, and for “sensitive” Personal Data – Article 9(2)(a) GDPR) or our legitimate interest (e.g. improvement of management processes and internal communication) – Article 6(1)(f) GDPR.

Consent may constitute the basis for processing your Personal Data made available by you at our request or provided on your own initiative. In the case of “sensitive” Personal Data, consent may only relate to situations where disclosure of such data takes place on your own initiative.

You may withdraw your consent at any time – however, this will not affect the lawfulness of processing carried out before its withdrawal.

We will also process your Personal Data in connection with the possible occurrence of disputes between us, for statistical and analytical purposes, to ensure workplace safety, including the safety of persons and property, or control of production or maintaining confidentiality of information whose disclosure could expose us to damage, or for our marketing purposes (e.g. to send a holiday greeting card) – the legal basis for processing in such cases is the legitimate interest of the controller (Article 6(1)(f) GDPR).

As a rule, certain categories of your Personal Data will be processed for the period of:

  1. employment,
  2. until withdrawal of consent (with regard to processing based on your consent) or fulfilment of the purpose for which it was given,
  3. effective objection (in the case of data processed on the basis of legitimate interest),

unless legal provisions require us to process such data longer (in particular for document archiving purposes), or we store them longer due to potential claims for the limitation period specified by law, in particular the Labour Code or the Civil Code (in each case, the longer applicable processing period shall apply).

In particular, where the basis of our cooperation is:

  1. an employment contract – we may process your Personal Data contained in employee documentation for a maximum period of 10 years from the end of the calendar year in which the employment relationship was terminated or expired;
  2. another civil law contract, including B2B – we process your Personal Data for the duration of the agreement and usually for approximately 7 years after its termination/expiry, as required by tax/accounting regulations;
  3. an employment contract, mandate contract or another service agreement (except B2B) – the storage period for Personal Data resulting from payroll records, remuneration cards or other evidence on the basis of which the pension or disability benefit calculation base is determined may amount to approximately 10 years after the end of cooperation, in accordance with specific legal provisions.

The above periods may be appropriately and necessarily extended in the event of potential claims and court proceedings – for the duration of such proceedings and their settlement.

Information on recipients of your Personal Data is described in detail in Section IX below.

The rights to which you are entitled in connection with the processing of your Personal Data are described in detail in Section XI below.

VIII. HOW LONG DO WE PROCESS YOUR DATA?

As a rule, unless stated otherwise, data processed on the basis of our legitimate interest will be processed until you object or until the purpose for which they were processed has been achieved.

Data processed solely on the basis of consent are processed until you withdraw your consent or until the purpose for which it was given has been achieved.

Data related to performance of various agreements, including data of Representatives and Contact Persons, are stored for the duration of the agreement and usually for up to 7 years after its termination, as required by tax regulations and limitation periods for certain claims.

These periods may be appropriately and necessarily extended in the event of potential claims and court proceedings – for the duration of such proceedings and their settlement – as well as where legal provisions require us to process them longer in specific cases.

  1. WHO ACTUALLY HAS ACCESS TO YOUR PERSONAL DATA?

Access to your Personal Data is granted only to:

  1. duly authorised employees or co-workers of the Controller, who are obliged to keep them confidential and not to use them for purposes other than those for which the Controller obtained the data;
  2. entities supporting us in the provision of services on the basis of appropriate data processing agreements, such as e-mail marketing platforms, providers of ICT services or tools used to establish contact (communicators);
  3. providers of legal, advisory, accounting and tax services;
  4. providers of audit services;
  5. postal operators and couriers;
  6. providers of archiving services;
  7. entities whose services you may use in connection with using our services, i.e. payment service providers;
  8. companies affiliated with the Controller by capital links, e.g. in connection with organisational support regarding tools used or provision of certain services to us.

All these entities have access only to the information necessary for them to perform specific activities.

Fiberax may also be obliged to provide certain information to public authorities (e.g. law enforcement authorities, courts, tax offices) for the purposes of proceedings conducted by them. In such a case, information is provided only if there is an appropriate legal basis.

Sometimes some of the entities providing us with solutions may be based outside the European Economic Area (EEA). In every case of transfer outside the EEA, we apply the required safeguards, including standard data protection clauses adopted by decision of the European Commission. In addition, to protect Personal Data, both during transmission and after receipt, we apply generally accepted standards that meet GDPR requirements. You have the right to obtain a copy of the safeguards we apply in relation to the transfer of Personal Data to a third country by contacting us at: gdpr@ucloud.eu

  1. WHAT ARE “COOKIES” AND OTHER SIMILAR TECHNOLOGIES? HOW AND FOR WHAT PURPOSE DO WE USE THEM?

“Cookies” are small text files sent by a server and stored on your device (usually on your computer’s hard drive). They store information that we may need in order to adapt to the way you use our website and to collect statistical data.

During your visit to our website, we may collect data concerning the domain name of your internet service provider, browser type, operating system type, IP address, websites visited by you, items downloaded by you, as well as operational data or information about the location of the device you use.

We assure you that all information obtained in this way is used by us solely for the purposes indicated in this policy and under no circumstances is harmful either to you or to the device you use, because it does not introduce any configuration changes to it.

Of course, you may change the way cookies are used, including blocking or deleting them entirely via your browser settings. However, you should remember that such actions may prevent or significantly hinder the proper functioning of our Website, for example by significantly slowing it down, which is why we recommend not disabling cookies in your browser.

Information precisely explaining to our Clients which cookies we use and for what purposes is always provided during the first visit to our Service.

Cookies used on the website:

  1. Essential (technical) – include cookies necessary for the proper functioning of the website and enabling website functionality; however, their operation is not related to user tracking;
  2. Analytical – used to analyse user behaviour on the website for statistical and analytical purposes (improving website performance). These cookies help provide information on visitor numbers, bounce rate, traffic source, etc.

To view a detailed description of the cookies we use (including the provider, type of file and purpose of use), click the “Customize” field in the cookie banner displayed upon entering the Website or the “Manage cookies” button available on every subpage of our Website.

Third-party cookies

We may also cooperate with other companies in relation to analytical activities carried out by them. For the purposes of this cooperation, cookies originating from these entities may also be stored on your device. These are so-called third-party cookies.

The above-mentioned entities, in connection with the use of their own cookies within our Website, may become controllers of your Personal Data.

We may use the following entities or services of entities that use cookies within the Service. Detailed information on the rules for processing Personal Data by our partners can be found in the privacy policy of the relevant partner:

  1. Google Tag Manager, https://www.google.com/analytics/terms/tag-manager/
  2. Google Analytics, https://policies.google.com/technologies/partner-sites?hl=pl
  3. Meta Platforms, Inc., https://www.meta.com/pl/legal/privacy-policy/

Cookie management

You may change the way cookies are used at any time by managing the consents you have given within the privacy settings on our Website or through your browser functions. To do so, change your privacy settings within our Website or your browser. In particular, you may withdraw previously given consent – however, this will not affect the lawfulness of activities carried out on the basis of consent before its withdrawal.

Withdrawal of consent to the collection of cookies from the level of our Website is possible via the cookie consent management platform. You can display the cookie banner by clicking the “Manage cookies” button available in the footer of every subpage of our Website.

Once the banner is displayed, you may withdraw consent for all cookies other than essential ones by clicking the “Reject” button. To customise (manage consent for) selected categories of cookies, move the slider next to the selected category of cookies and click the “Save my preferences” button.

Withdrawal of consent to the use of cookies is also possible through browser settings. Browser manufacturers provide help pages describing how you can manage cookies in their products. More information can be found at the links below:

In the case of other browsers, please refer to the documentation provided by the browser manufacturer.

  1. WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA BY THE CONTROLLER AND HOW CAN YOU EXERCISE THEM?

Please note that the instructions regarding the method/form of contacting us provided below are only recommendations, not requirements.

Access to Personal Data

You may always request access to your Personal Data in order to see what data we process about you and obtain detailed information on:

  1. whether we process your Personal Data,
  2. for what purpose,
  3. what categories of data we process,
  4. who the recipients are,
  5. where possible – the planned period for which the data will be stored, and where this is not possible, the criteria used to determine that period,
  6. if the Personal Data were not collected from you – any available information as to their source.

To streamline the process of providing information, please send requests for access to Personal Data to: gdpr@ucloud.eu, with the subject line: “data access – GDPR”.

Right to rectification of Personal Data

If, in your opinion, the information we hold about you is incorrect or incomplete, you have the right to request rectification of data that you believe is inconsistent with reality or incomplete in scope. To streamline the rectification process, please send requests for rectification or completion to: gdpr@ucloud.eu, with the subject line: “data rectification – GDPR”.

Right to erasure of Personal Data

In certain situations, the GDPR grants you the so-called right to be forgotten. Circumstances justifying such a request include:

  1. the Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent to the processing of Personal Data where there is no other legal basis for further processing;
  3. you object to the processing of Personal Data and there are no overriding legitimate grounds for processing;
  4. you object to the processing of Personal Data for marketing purposes;
  5. your data are processed unlawfully;
  6. compliance with a legal obligation laid down in Union law or the law of a Member State to which the Controller is subject.

To streamline the erasure process, please send requests for deletion to: gdpr@ucloud.eu, with the subject line: “data erasure – GDPR”.

Right to restriction of processing

You may request restriction of processing of your Personal Data if:

  1. you contest the accuracy of the Personal Data processed by us – for a period allowing us to verify the accuracy of the data;
  2. the processing of your Personal Data is unlawful, but instead of erasing them you prefer restriction of processing;
  3. the Controller no longer needs your Personal Data for processing purposes, but you require them for the establishment, exercise or defence of legal claims;
  4. you have objected to the processing of your Personal Data – only until the dispute is resolved.

A valid request for restriction of processing will result in limiting our actions on the data specified by you and within the scope of specified operations/purposes of processing to the necessary minimum – in principle, only storage.

To streamline the restriction process, please send requests for restriction to: gdpr@ucloud.eu, with the subject line: “restriction of data processing – GDPR”.

Right to data portability

You have the right to receive your data in a commonly used, machine-readable format and to transmit them to another controller.

You may exercise this right if:

  1. processing is based on your consent or a contract, and
  2. processing is carried out by automated means.

To streamline the portability process, please send requests for transfer to: gdpr@ucloud.eu, with the subject line: “data portability – GDPR”.

Right to object

In certain situations, you have the right to object to specific processing. You may exercise it:

  1. against the processing of your Personal Data based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, including profiling, on grounds relating to your particular situation;
  2. against the processing of your Personal Data where it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling, on grounds relating to your particular situation;
  3. against the processing of your Personal Data for direct marketing purposes, at any time, to the extent that the processing is related to such direct marketing;
  4. against the processing of your Personal Data for statistical purposes, on grounds relating to your particular situation.

Please note, however, that if despite your objection we conclude that there are compelling legitimate grounds for the processing overriding your interests, rights and freedoms, or grounds for the establishment, exercise or defence of claims, we will continue to process the data covered by the objection. If you disagree with such an assessment, you may exercise your right to lodge a complaint with the supervisory authority (more information below).

To streamline objection handling, please send objections to: gdpr@ucloud.eu, with the subject line: “objection – GDPR”.

Right to lodge a complaint with a supervisory authority

In connection with our activities as the Controller of your Personal Data, you have the right to lodge a complaint with the supervisory authority.

Of course, if you have any comments regarding the way we operate, we encourage you first to contact our Data Protection Officer at: gdpr@ucloud.eu. This is an independent person who, within our structure, is responsible for ensuring that we fully comply with obligations related to the processing of Personal Data. If we make an error anywhere, they will certainly take appropriate steps.

If you wish to lodge a complaint with a supervisory authority, a list of local authorities responsible for the protection of Personal Data in the European Union and their contact details can be found at:
https://edpb.europa.eu/about-edpb/board/members_en

In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (PUODO). A detailed description of the complaint procedure before PUODO is available on the website maintained by PUODO at:
https://uodo.gov.pl/pl/83/155

XII. CURRENT VERSION OF THE POLICY

This policy is effective as of 31 January 2025.