I.

Basic Provisions

CLORE CLOUD s.r.o. respects your privacy and considers the protection of privacy and of personal data to be essential, and therefore, we hereby issue these Principles Relating to the Processing of Personal Data (hereinafter the “Declaration”) of the data subjects, customers (hereinafter the “Customer” or “Customers”).

The personal data controller in accordance with Article 4/(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) is CLORE CLOUD s.r.o. (hereinafter the “Controller”), ID No.: 14438208, with its registered office at Kaštanová 1055/14, CZ-779-00, Czech Republic.

The Controller’s contact addresses for correspondence are:

• By post: Kaštanová 1055/14, CZ-77900, Czech Republic

• By e-mail: [email protected].

The Principles Relating to the Processing of Personal Data of the Customers are issued in accordance with the provisions of Regulation (EU) 216/679 (GDPR). The Controller declares it complies with any and all rules in accordance with the above EU regulation.

CLORE CLOUD s.r.o. is a data controller in cases where it specifies the purpose and method of personal data processing. This usually includes situations where CLORE CLOUD s.r.o. collects data of the Customers, Customers’ representatives, prospective Customers, users of the services.

We usually process personal data on the basis of at least one of the following legal grounds:

• It results from our legal obligations

• It is necessary for the performance of the contract

• You have given your consent to the processing

• It is our legitimate interest to process the data, which, in our opinion, does not contradict the personal data protection rights.

The provision of personal data necessary for the performance of the contract, fulfilling of the Controller’s legal obligations, and protection of the Controller’s legitimate interests is mandatory. It would be impossible to provide the services without the provision of personal data for these purposes. We do not need your consent for the processing of personal data for these purposes. The processing due to the performance of the contract and fulfilling of the legal obligations cannot be refused.

II.

Extent of the Processing

Personal data are processed by the Controller in an extent necessary for the conclusion and performance of the contract. The Controller also processes data necessary for fulfilling its legal obligations. Personal data are obtained by the Controller from the subjects of these data.

The Controller usually obtains personal data from the subjects upon:

• Creating the Customer Account

• Creating an order or registering a service

• Requiring technical support or placing a request regarding the services used

• Placing a request for information regarding the services and products provided by us

• Their participation in our marketing campaigns or surveys.

CLORE CLOUD s.r.o. as the Controller does not process sensitive personal data.

The Controller may process the following data:

• Name, surname, permanent address

• Contact information for communication, e.g., telephone number, e-mail address

• Customer’s user data

• Banking data

• Information about settlements and payments, including payment details

• Information and specifications relating to the services ordered or offered

• Information about the history of and changes to the services provided

• Information about in-process and unfinished orders

• Address(es) and details of data links (e.g., URL or IP address)

• Type of browser and operating system of the computer or another device used

• Geolocation data

• Bitrates of the individual services and details about data traffic

• Details about the device loading by the service used (RAM, CPU, etc.)

• Details about the utilisation of the data space provided.

III.

Officer

CLORE CLOUD s.r.o. has no data protection officer, as this function is not required for CLORE CLOUD s.r.o. under the law.

IV.

Purpose and Legal Grounds for the Processing of Personal Data

The legal grounds for the processing of personal data include, in particular:

• Performance of the contract concluded by and between the Customer and the Controller in accordance with Art. 6/1/(b) of GDPR

• The Controller’s legitimate interest in the implementation of direct marketing, especially the possibility to send commercial communications and newsletters, in accordance with Art. 6/1/(f) of GDPR.

The purposes of the processing of personal data include, in particular:

• Fulfilment of the Customer’s orders – personal data (name, surname, address, and contacts) are required when ordering as they are necessary for successful order fulfilment

• Ensuring the exercise of the rights and duties resulting from the contractual relationship by and between the Customer and the Controller

• Sending of commercial communications and other marketing and business activities.

V.

Duration of the Processing of Personal Data

The Controller stores personal data throughout the period necessary for the performance of the rights and duties resulting from the contractual relationship and applicable laws.

Invoices and accounting documents are archived for the period of 10 (ten) years from their issue in accordance with the relevant regulations and Section 31 of Act No. 593/1991 Coll., on accounting, and especially Section 35 of Act No. 235/2004 Coll., on value added tax. Due to the necessity to document legal grounds for the issue of the invoices, any and all information relating to the given service are also archived the period of 10 (ten) years from the termination of the contract.

The Controller stores personal data for marketing purposes for the period until the consent to the processing of data for marketing purposes is withdrawn, but no longer than 15 (fifteen) years if personal data are processed based on a consent.

Customer data on the servers are not stored after the termination of the contract and/or cessation of the operation of a service, and they are safely deleted afterwards (usually within several days).

Upon entering the data necessary to create the Customer Account, the data subject gives the Controller consent to the processing which can be withdrawn any time in accordance with GDPR. Complete erasure of the Customer Account is made based upon the data subject’s authorised requirement, on condition that no active service is administered by this account. If any active service is administered by the Customer Account, said Customer Account will not be erased based on the data subject’s authorised requirement, but only deactivated without a possibility to log in. The Customer Account will then be erased once all services are terminated.

VI.

Commercial Communications

Any commercial communications sent to the Customer are always identified so that it is clear that they are sent by the Controller and their subject and body makes it evident that they are commercial communications. Such commercial communications may be sent to the Customers’ contact addresses based on the Controller’s legitimate interest, until you object to the sending. Furthermore, the Controller may send commercial communications based on the express consent to the processing of personal data for marketing and commercial purposes. Each commercial communication contains contact information to refuse further sending of such communications.

VII.

Personal Data Security

CLORE CLOUD s.r.o. as the Controller hereby declares that it has adopted any and all suitable technical and organisational measures to secure personal data.

The Controller hereby declares that it has adopted technical measures to secure personal data stored in its repositories in both electronic and printed versions.

The Controller hereby declares that personal data are only available to persons authorised by the Controller.

VIII.

Personal Data Recipients

We do not share your personal data with other controllers.

The Controller has no intention to transfer your personal data neither to any third country (outside EU), nor to any international organisation.

If necessary to fulfil its legal requirements or based on a legal requirement of public authorities of the Czech Republic, the Controller may transfer your personal data to authorities specified in valid legislation and to administrative authorities.

Recipients of personal data also include subcontractors who assist in the implementation of the contract, services, payments, supply of the goods, and marketing.

IX.

Your Rights

Under the conditions specified in GDPR, you have:

• the right of access to your personal data in accordance with Article 15 of GDPR

• the right to rectification of your personal data in accordance with Article 16 of GDPR, or the right to restriction of processing in accordance with Article 18 of GDPR

• the right to erasure of your personal data in accordance with Article 17 of GDPR

• the right to object to the processing in accordance with Article 21 of GDPR

• the right to data portability in accordance with Article 20 of GDPR

• the right to withdraw consent to the processing, either in writing or by electronic means, sent to the Controller’s postal address or e-mail address specified in Article I of this document

• the right to lodge a complaint with the Office for Personal Data Protection if you think that your right to the protection of your personal data has been breached.

The data subject has any and all rights resulting from Regulation (EU) 2016/679 the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 

X.

Cookies

If the Customer has cookies enabled in their web browser, we process information about the Customer’s behaviour based on cookies located on the website operated by CLORE CLOUD s.r.o., for the purpose of enhancing the website operation.

XI.

Final Provisions

If any modification to this Declaration is made, the modified version will be available here with the revision date. We recommend that the Customers regularly check this Declaration. If fundamental changes to this Declaration are made, concerning our practices in personal data protection, we undertake to advise the Customers by e-mail and on our website before issuing the new version of the Declaration. 

XII.

Publication and Effect of the Declaration

This Declaration is publicly available on the website of CLORE CLOUD s.r.o.

This Declaration shall take effect on 30 March 2023.