1.1. Administrator and/or OChK – Operator Chmury Krajowej Sp. z o.o. with its registered office in Warsaw at ul. Grzybowska 62, 00-844 Warsaw.
1.2. Personal data – information about an identified and/or identifiable natural person. An identifiable natural person is one who can be identified, directly and/or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier and/or to one or more factors specific to the physical, physiological, genetic, mental, the economic, cultural and/or social identity of a natural person.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – website run by OChK at ochk.cloud
1.6. User – any natural person visiting the Website and/or using the functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
2.1. In connection with the User's use of the Website, OChK collects data to the extent necessary to run it and make its functions available to Users, as well as information about the User's activity on the Website. The detailed rules and purposes of information processing, including Personal Data, in particular those collected when the User uses the Website, are described below.
3. OBJECTIVES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA BY OCHK
USE OF THE WEBSITE
3.1. Information collected via the Website, including Users' Personal Data, is processed by the Administrator:
3.1.1. in order to provide Users with content collected on the Website - then the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the possibility of running the Website and making its functions available to Users;
3.1.2. for statistical purposes - then the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyses of Users' activity, their preferences and how to use the Website, in order to improve the functions provided on the Website, and published content;
3.1.3. in order to possibly establish and pursue claims and/or defend against claims - the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of its rights;
3.2. The User's activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities that relate to the IT system used to provide functions on the Website). The legal basis for processing the information collected in the logs is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the achievement of goals related to providing access to the Website's functions, including sharing the content collected on the Website, achieving technical and administrative goals binding related to the management of this system, related to ensuring the security of the IT system, as well as the implementation of statistical purposes.
3.3. OChK provides the possibility of contacting it using electronic contact forms. Using the form requires the provision of Personal Data necessary to contact the User and answer the inquiry. The user may also provide other data to facilitate contact and/or handling the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide them results in the inability to service. Providing other data is voluntary.
3.4. Personal data is processed:
3.4.1. in order to identify the sender and handle his inquiry sent via the provided form - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR), consisting in effective communication with Users;
3.4.2. for the purposes of establishing and pursuing claims and/or defending against claims - the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in defending his rights;
3.4.3. for the purposes of enabling Users to express marketing consents - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR), consisting in handling Users' consents for a specific marketing communication channel.
3.4.4. Detailed information on the processing of Personal Data by OChK can be found in the GDPR Information Clause, available at the link
4. SOCIAL MEDIA
4.1. The Administrator processes the Personal Data of Users visiting the Administrator's profiles in social media (Linkedin, Twitter, YouTube). These data are processed only in connection with maintaining the profile, including in order to inform Users about the Administrator's activity and to promote various types of events, services and products. The legal basis for the processing of Personal Data by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in promoting its own brand.
4.2. To the extent that Personal Data of visitors to social networking sites are processed by the administrators of these sites, separate privacy policies provided by these entities apply.
6. PERIOD OF PROCESSING PERSONAL DATA
6.1. The period of data processing by the Administrator depends on the purpose of processing. Personal data processed for the purposes of communication via the contact form are processed until the matter to which the correspondence relates is settled.
6.2. In cases where the legal basis for data processing is the legitimate interest of the Administrator, Personal Data is processed for the period necessary to implement a given interest, and in the event of objection to data processing, until such objection is taken into account.
6.3. The period of data processing may be extended if the processing is necessary to establish and pursue any claims and/or defend against claims, and after that time only if and to the extent required by law.
6.4. After the processing period has expired, the data is deleted.
7. USER RIGHTS
Data subjects, under the conditions set out in the GDPR, have the following rights:
7.1. the right to information about the processing of personal data - on this basis, the Administrator provides the natural person submitting the request with information about the processing of data, including in particular about the purposes and legal grounds for processing, the scope of data held, entities to which they are disclosed, and the planned date of data removal;
7.2. the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data concerning the natural person submitting the request;
7.3. the right to rectification – the Administrator is obliged to remove any inconsistencies and/or errors in the processed Personal Data and supplement them if they are incomplete;
7.4. the right to delete data – on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which they were collected;
7.5. the right to limit processing – in the event of such a request, the Administrator ceases to perform operations on Personal Data - with the exception of operations to which the data subject has consented, and data storage, in accordance with the adopted retention rules – and/or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority will be issued allowing further data processing);
7.6. the right to object to data processing - the data subject may at any time object - for reasons related to his particular situation - to the processing of Personal Data, which is carried out on the basis of the Administrator's legitimate interest; an objection in this respect should contain a justification;
7.7. the right to complain - if it is found that the processing of Personal Data violates the provisions of the GDPR and/or other provisions regarding the protection of Personal Data, the Data Subject may submit a complaint to the body supervising the processing of Personal Data, competent for the place of habitual residence of the Data Subject, its place workplace or where the alleged infringement occurred. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
8. DATA RECIPIENTS
8.1. In some cases, if it is necessary to achieve the purposes described above, Personal Data will be disclosed to external entities that provide services to OChK, e.g. suppliers of IT systems and services, entities providing legal services, as well as providers of audit services.
8.2. Personal data may be disclosed to competent authorities or third parties who submit a request for such information, on the appropriate legal basis and in accordance with the provisions of applicable law.
9. TRANSFER OF DATA OUTSIDE THE EEA
9.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
9.1.1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the determination of an adequate level of protection of Personal Data (detailed information can be found here);
9.1.2. the use of standard contractual clauses issued by the European Commission, which, together with the required additional security measures, provide personal data with the same protection as they are entitled to in the European Union (details can be found here);
9.1.3. application of binding corporate rules approved by the competent supervisory authority.
9.2. Personal data, to the extent necessary, may be transferred outside the European Economic Area in the event of cooperation with entities operating in third countries and/or using IT solutions of entities processing Personal Data in third countries. The list of suppliers and countries to which the Administrator may transfer data is available here.
9.3. To obtain a copy of information on the security measures that the Administrator uses when transferring data outside the EEA, please contact the Administrator.
10. SECURITY OF PERSONAL DATA
10.1. The Administrator implements technical and organizational measures to ensure that Personal Data is processed by him in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by these persons tasks.
10.2. The Administrator takes all necessary actions to ensure that its subcontractors and other entities cooperating in the processing of Personal Data provide sufficient guarantees for the implementation of appropriate security measures so that the processing meets the requirements of the provisions on the protection of personal data and protects the rights of data subjects.
11. CONTACT DETAILS
11.1. Contact with the Administrator is possible via the e-mail address firstname.lastname@example.org, and/or the address of the registered office: ul. Grzybowska 62, 00-844 Warsaw.
11.2. Contact with the Data Protection Officer is possible via the e-mail address email@example.com, and/or the address of the registered office: ul. Grzybowska 62, 00-844 Warsaw.
12.1. The policy is reviewed on an ongoing basis and updated if necessary.
12.2. The current version of the Policy has been in force since March 21, 2023.