PRIVACY POLICY AND COOKIES POLICY ON
www.cdex.cloud

This Privacy Policy of a website available at cdex.cloud (hereinafter “the Website”) is for information purposes and does not give rise to any obligations for the Website users. The Privacy policy sets out the rules of processing personal data by the Website administrator, including the purpose and scope of such processing, the rights of data subjects and information about the use of cookie files and analytical tools.

The controller of personal data collected via the Website is CDEX PROSTA SPÓŁKA AKCYJNA seated in Poznań, entered into the register of entrepreneurs of the National Court Register under no KRS 0000978218; registration court which keeps the Company’s documents: District Court (Sąd Rejonowy) in Poznań – Nowe Miasto i Wilda in Poznań, VIII Economic Division of the National Court Register; share capital of: PLN 7 627 000, having registered and correspondence address at ul. Marcelińska 90, 60-324 Poznań, NIP (tax identification number): 7792541145, business identification number (REGON): 522442194, e-mail address: contact@cdex.cloud , phone number: +48 607 197 105, fax +48 61 622 95 04 (charges according to the Operator’s tariff) (hereinafter: “CDEX “, “the Owner” or “the Administrator“).

The Controller processes personal data on the Website in accordance with the applicable provisions of law, including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “the GDPR“. The official text of the GDPR: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

You use the Website voluntarily. Using the Website does not require from you any personal data, unless you want to use the one of the contact form available on the website – in that case you must provide your contact details (contractual requirement) in the scope specified in the Website’s Terms of Use and failure to provide the data makes it impossible to send the given contact form.

The Administrator exercises due diligence to protect the interest of data subjects, in particular the Controller is responsible for and ensures that the data it collects are: (1) processed lawfully; (2) collected for specific, lawful purposes and are not further processed in a way incompatible with those purposes; (3) adequate, relevant in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Considering the nature, extent, context and purpose of the processing and the risk of infringing the rights or freedom of a natural person of varied probability and varied scale of threat, the Administrator implements adequate technical and organisational measures to process data in compliance with this regulation and be  be able to demonstrate it. The measures are subject to review and update if needed. The Administrator applies technical measures to protect electronically sent data from unauthorized access and modification.

The Administrator’s contact details

CDEX PROSTA SPÓŁKA AKCYJNA

ul. Marcelińska 90, 60-324 Poznań

e-mail: contact@cdex.cloud,

telephone: +48 607 197 105

fax +48 61 622 95 04

Contact details of the Data Protection Coordinator appointed by the Administrator:

Milena Paszta-Kopacka

correspondence address: ul. Marcelińska 90, 60-324 Poznań

e-mail: milena.paszta@vectorsynergy.com

The Administrator may process personal data if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Each processing of personal data by the Administrator requires the occurrence of at least one of the above grounds. Specific grounds for the Administrator’s processing of the personal data of Website users are indicated in the subsequent paragraph of the Privacy Policy – with reference to a given purpose of processing.

In each case the purpose, basis, duration and scope as well as the recipients of personal data processed by the Administrator depends on the user’s activity on the Website. The Administrator may process personal data on the Website for the following purposes, on the following grounds and in the following scope:

For the Website to work properly the Administrator must use  services of external providers (such as a hosting company or provider of the newsletter). The Administrator uses services provided only by such processing operators who provide sufficient guarantee to implement appropriate technical and organizational measures, so that the processing meets the GDPR requirements and protects the rights of the data subject.

The transfer of personal data by the Administrator is not done each time and is not done to all recipient or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only if the Administrator has the data and if it is necessary to carry out the purpose of data processing and only in the scope necessary to carry it out.

Personal data of the Website users may be transferred to the following recipients or categories of recipients: service operators providing technical, organisational and IT solutions to the Administrator, enabling the Administrator to operate its business activity, including the Website and services offered thereon (including in particular providers of software for the Website, e-mail operators and web hosting providers). The Administrator shares the collected personal data of the user to a selected provider operating at the Administrator’s order only if and only to the extent to which it is necessary to carry out the purpose of data processing in compliance herewith.

In addition, we would like to inform, that personal data may be transferred to a third country (i.e. a country outside the European Economic Area) or an international organisation. In such a case, such transfer shall only be carried out if the Controller and the processor fulfil the conditions set out in Chapter V of the GDPR. These conditions will be met in the following situations:

• where the European Commission has issued a decision finding an adequate level of protection as referred to in Article 45 sec. 3 of the GDPR provided by the third country, territory or specific sector or sectors within that third country or by the international organisation concerned (hereinafter also referred to as the “Decision”) and where the data transfer falls within the scope of the Decision (a list of Decisions can be found on the following website: https://ec.europa.eu/info/law/lawtopic/ data-protection/international-dimension-data-protection/adequacy-decisions_pl);
• in the absence of a Decision or if the data transfer falls outside the scope of the Decision, where appropriate safeguards as set out in Article 46 GDPR (hereinafter also as “Safeguards”) are provided, including inter alia by means of the standard contractual clauses adopted by the European Commission pursuant to Article 46 sec. 2 GDPR (“Standard Contractual Clauses”), provided that the conditions for the use of the Standard Contractual Clauses are met,
• in the absence of a Decision or the impossibility of providing Safeguards, in specific situations and under the relevant conditions described in Article 49 of the GDPR.

In particular, the Controller uses modern technological solutions and some of its suppliers have servers located in the United States. At the moment, the European Commission has not approved an adequate level of protection for such transfer by issuing a Decision. The US law does not guarantee such a high level of protection of personal data as the EU regulations. The transfer of data to servers located in the United States may increase the risk that you will not be able to exercise your right to protect your personal data, e.g. to stop its unlawful use or disclosure. US law does not provide any legal way for individuals to access, rectify or erase personal data concerning them. The necessary restrictions and safeguards against data interference by US intelligence authorities have also not been implemented in the US. Therefore, the level of data protection in the US is not equivalent to EU law.

Accordingly, when data is transferred to the United States, appropriate safeguards will be in place – in particular, the transfer will take place on the basis of an agreement with the data importer containing Standard Contractual Clauses. However, if it is not possible to apply the Standard Contractual Clauses or to provide other Safeguards, the transfer of your personal data to servers located in the United States will only take place on the basis of your consent or if another of the prerequisites of Article 49 of the GDPR.

In order to obtain detailed information on the possible transfer of your data to a third country or international organisation and on the grounds and conditions for such transfer, please contact the Controller.

1. Right to access, rectify, restrict, delete or transfer – the data subject may demand from the Administrator to have access to their personal data, to rectify it, to delete it (“the right to be forgotten”) or to restrict the processing thereof, may make an objection against the processing and may transfer their data. Detailed terms and conditions of exercising the above rights are set out in Art. 15-21 of the GDPR.
2. Right to withdraw the consent at any time – the data subject whose data is processed by the Administrator on the basis of their consent (according to Art. 6 (1)(a) or Art. 9(2)(a) of the GDPR) may withdraw their consent at any time and this will not affect the lawfulness of the processing done prior to the withdrawal.
   The right to make a complaint to a supervisory authority – the data subject may file a complaint to a supervisory authority in the manner laid down in the GDPR and in the provisions of Polish law, including but not limited to the Personal Data Protection Act.  The supervisory authority in Poland is the President of the Personal Data Protection Office.
3. Right to object – the data subject has a right to object at any time – on the grounds related to their specific situation – against the processing of their data on the basis of Art. 6 (1)(e) (public tasks or interest) or Art. 6 (1)(f) (legitimate interest of the controller), including profiling on the basis of the same provisions. In such case the Administrator may no longer process such personal data unless the Administrator demonstrates that there are valid legitimate grounds for processing which overrides the interests, rights and freedoms of the data subject or for establishing, pursuing or defending a claim.
4. Right to object against direct marketing– if personal data is processed for the purpose of direct marketing, the data subject may at any time object against the processing of their data for such purpose, including the profiling, to the extent that the processing is linked to such direct marketing..

To exercise the rights referred to in this section of the Privacy Policy you may contact the Administrator by sending relevant message in writing or by e-mail to the Administrator’s address appointed hereinabove, or by using the contact form on the Website.

1. Cookies

Cookies are small pieces of text information in the form of text files sent through the server and saved on the device of the Website visitor (e.g. on the hard drive of a computer, laptop or smartphone’s memory card – depending on the device used by the Website visitor). Detailed information on cookie files with their history and origin is available at https://en.wikipedia.org/wiki/HTTP_cookie.

When a visitor uses the Website, the Administrator may process data contained in the cookie files for the following purposes: (1) provide basic functionalities of the Website such as session continuity, storage of dynamic data such as statistics, summaries, (2) adjusting the content of the Website to the Customer’s personal preferences (e.g. language of the site), (3) keeping statistics, through which may identify a way of using the Website by his users, thanks to this it is possible to improve a level of satisfaction by using the Website (user experience design) and (4) remarketing, it means a research on the behavior of Website users through anonymous analysis of their activities (e.g. from which sources they entered on Website, which content they were interested) in order to create their profile and provide them online advertisements which is close to their interests, when they visit websites which use Google Inc. Display Network plugins.

Typically the majority of available web browsers automatically accept cookies by default. Each user may define in their browser’s settings how cookies are to be used. This means you can e.g. partially limit (e.g. for a certain period of time) or completely block saving cookies – in the latter case this may affect some functionalities of the Website (for example it may become impossible to remember what language you have selected on the Website).

Browser’s cookie settings are significant when it comes to a consent for using cookie files by the Website and its Administrator – according to the provisions of law, the consent may also be expressed by the browser’s settings. If you refuse to give such consent, you should also change your browser’s cookie setting accordingly.

Detailed information on how to change cookie settings and how to delete them in the most popular web browsers is available in Help section of your web browsers.

2. Google Analytics

On the Website we use a tool called Google Analytics, which is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Google Analytics helps us in analyzing the traffic on the Website. The collected data is processed in the above service in an anonymized way to generate statistics helpful for the Administrator of the Website. These data are aggregated and anonymous in nature. It means that they do not contain any details through which is possible to identify the visitors of the Website.

Through the aforementioned service we collect such data as the source and medium of obtaining users of the Website, the way of their behavior on the Website, information which electronic devices they using, IP and domain, geographic data and demographic data (age, sex) and interests.

Specific information about using the data in the Google Analytics service you can find under the below link: https://support.google.com/analytics/answer/3379636?hl=en.

3. Google Ads

On the Website we use a tool called Google Ads, which is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Google Ads enables us to conduct marketing activities. Through this tool, we can present our offer in search results in Google, as well as on other websites that have joined to Google Ads program. Thanks to this service, we can verify the effectiveness of our advertisements and also optimize our marketing actions. The collected data is processed in the above service in an anonymized way.

Specific information about using the data in the Google Ads service you can find under the below link: https://policies.google.com/privacy.

4. HubSpot

On the Website we use HubSpot software, which is provided by HubSpot, Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141 USA).

HubSpot helps us in analyzing the behavior of Website users. Thanks to this software, we can improve Website “users experience” optimize content and functionality. The collected data is processed in the above service in an anonymized way to generate statistics helpful for the Administrator of the Website. Thanks to the HubSpot, we know what kind of actions take users of our Website.

Specific information about using the data in the HubSpot software you can find under the below link: https://legal.hubspot.com/privacy-policy.

5. Hotjar

On the Website we use a tool called Hotjar, which is provided by Hotjar Ltd (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta).

Hotjar helps us in analyzing the behavior of Website users. Thanks to this tool, we can improve Website “users experience”, optimize content and functionality. The collected data is processed in the above service in an anonymized way to generate statistics helpful for the Administrator of the Website. Thanks to the Hotjar, we know what kind of actions take users of our Website. However we can not identify action taken by a particular user.

Specific information about using the data in the Hotjar you can find under the below link: https://www.hotjar.com/privacy.

6. Facebook Pixel

On the Website we use the Facebook Pixel tool, provided by Facebook, Inc. (1601 S. California Ave., Palo Alto, CA 94304, USA).

Facebook Pixel enables us to conduct marketing activities. This tool, in an automatic way, saves the behavior of our users. Thanks to this we can target advertisements on Facebook to users of our Website. The collected data is processed in the above service in an anonymized way. Thanks to the Facebook Pixel, we know what kind of actions take users of our Website. However, we can not identify the action taken by a particular user.

Specific information about using the data in the Hotjar you can find under the below link: https://www.facebook.com/privacy/explanation.

7. LinkedIn Insight Tag

On the Website we use the LinkedIn Insight Tag, provided by LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA).

LinkedIn Insight Tag enables us to conduct marketing activities. This tool, in an automatic way, saves the behavior of our users. Thanks to this we can target advertisements on LinkedIn to users of our Website. The collected data is processed in the above service in an anonymized way. Thanks to the LinkedIn Insight Tag, we know what kind of actions take users of our Website. However, we can not identify the action taken by a particular user.

Specific information about using the data in the Hotjar you can find under the below link: https://www.linkedin.com/legal/privacy-policy.

On our Website, you can also find links to the other websites. These websites are not covered by this Privacy Policy. By clicking on the link, the user will be moved to a different website. The Administrator does not have any impact on the content which is available on such website, and he also is not responsible for any acts or omissions of administrators of these websites.