Skip to content


Respecting the right to privacy of those who have entrusted Cloudity sp. z o.o. z oo (hereinafter: ”Cloudity”) with their personal data, including participants in events and business breakfasts organised by Cloudity, our contractors and their employees, persons participating in Cloudity’s recruitments and newsletter subscribers (hereinafter: ”User”), we declare that all data obtained is processed in accordance with national and European legislation and conditions that guarantee its security.


In the following policy, we set out Cloudity’s applicable data protection rules established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR). 


Data Controller

The Controller, i.e. the entity deciding on the purpose and manner of processing your personal data, is Cloudity sp. z o.o. with its registered office in Warsaw (00-640), ul. Mokotowska 1, with the following identification numbers: NIP: 951-23-79-071, KRS: 000005582, REGON: 147192818 (hereinafter: “Controller” or “Cloudity”). In matters concerning the processing of your personal data, you can contact us via e-mail:


The recipients of the personal data

The recipients of your data will be entities that cooperate with the Controller, i.e. inc. based in San Francisco, Salesforce Tower 415 Mission Street, 3rd floor, CA 94105.


Personal data may also be made available at the request of public authorities or other entities entitled to such access under the law.


Access to personal data is obtained by entities providing services to Cloudity, in case it is necessary. Such entities include, in particular, IT service providers, entities providing analytical services and opinion polls on the Internet, entities performing mailing campaigns, advertising agencies. In such cases, Cloudity has entered into appropriate agreements with these entities to secure personal data against unauthorised access.


In accordance with conducted operations, Cloudity will disclose your personal information to the following entities:


  • people running businesses, including consultants, translators, lawyers working with Cloudity in the area of services provided to Cloudity’s clients,
  • governmental organs or other entitled entities on legal grounds,
  • entities supporting Cloudity’s business at their request, specifically: external IT system providers supporting our business, courier companies,
  • entities auditing our business,
  • entities providing accounting services or entities working with Cloudity on marketing campaigns, during which the entities will process data on the grounds of the contract with Cloudity and only in accordance with their instructions,
  • banks in the event of settlement processes.


Collection of data and purpose of processing

Cloudity is an IT company that offers Salesforce solution implementation. In pursuing its business objectives, Cloudity processes data information for the following reasons:

Purpose of the processing

Legal basis and the period of data storage

Legal purpose, if any

Signing and execution

of a contract with a

client or contractor

Art. 6.1.b and 6.1.f of GDPR

For the duration of the contract and after termination of the contract until the expiry of the time limit for arising claims – generally 3 years, maximum


Controller,  in connection with
activities undertaken in order to
complete a contract, contacts with
employees/associates of clients and contractors with a justified purpose.

Processing of


Art. 6.1.b and 6.1.f of GDPR

By 1 year after the end of the warranty period or settlement of the complaint.

Controller, in connection with the processing of complaints, contacts with employees/associates of clients and contractors with a justified purpose.

Claiming or defending

against legal claims

Art. 6.1.f of GDPR

For the duration of proceedings in the scope of pursued claims – until the final termination, and in the case of enforcement proceedings – until the claims have been finally satisfied.

Controller, in connection with the
claiming or defending against legal claims, contacts with employees/associates of clients and contractors with a justified purpose

Archiving documents,

i.e contracts and

settlement documents

Art. 6.1.c of GDPR

For the duration indicated by law, and if, as with certain documents, they are not indicated, for the time when their storage falls under the legitimate aim of the controller regulated by the time of pursuing claims.

Managing statistics

Art. 6.1.f of GDPR

Up until the time where another operation is indicated in this table. We do not store personal data only

for statistical purposes. 

Holding information about statistics

ran by the Controller allows for

the improvement of business.

Conducting marketing

activities without using electronic



Art. 6. 1. f of GDPR

Until an objection is made, i.e. to show us in any way that you do not want to stay in touch with us and receive information about our actions.

Conducting marketing activities promoting business.

Conducting marketing

activities while using




Art. 6.1.a of GDPR

Such operations, subject to other laws, such as the Telecommunications Act and the Act on Provision of Electronic Services , are carried out till you withdraw your, i.e. you show us in any way that you do not wish to be contacted by us and receive information about our activities, and after cancellation of your consent, in order to prove the correctness of of Cloudity’s legal obligations and any related claims (up to 6 years after cancellation of consent).

Conducting marketing operations

promoting business using e-mail

addresses and phone numbers.



Art. 6.1.a, 6.1.c and 6.1.f

Up to 6 months from the end of the recruitment process, and in the event of approval for further recruitment processes, no longer than one year.

The Controller without any additional approval from those whose data may be affected, can store the personal data of candidates to work, who have not been employed for another 6 months after the end of the recruitment process as a justified aim of the controller, due to the fact that the employee may not work

sufficiently or may resign

Human Resources

Management –

Employees and


Art. 6.1.a of GDPR, 

As regards labour law for 50 years, and in certain cases 10 years. The 10-year retention period for work-related and personal records will apply to all employees hired after 1 January 2019. For employees hired after December 31, 1998, and before January 1, 2019, records related to work and personal employee files will be retained for a period of 50 years from the date of termination or expiry of the employment relationship, unless the employer declares its intention to provide all employees and subcontractors employed during this period with information reports , and these reports are actually filed. If the retention period is shorter, the controller will comply with the shorter storage period. In the case of civil law contracts, these contracts will be kept until the expiry of the time limits for claims arising from them .

The Controller uses the image

only on the grounds of the

employee/colleague’s consent..

If the deadlines applicable to the pursuing of possible claims are shorter than the periods of retention of settlement documents for tax purposes, we will store these documents for the period of time necessary for tax and settlement purposes, i.e. for 5 years from the end of the year in which the tax obligation has been updated.


Joint controlling of the data by Cloudity

In connection with the organization of various events by Cloudity, i.e. business breakfasts, a situation may arise where Cloudity and the entity co-organizing an event (e.g., Salesforce) will be the joint controllers of your data. You will be informed of such a situation in the information clause sent to you, referred to in Art. 13 and Art. 14 of the GDPR.


Rights in relation to the data processed and the voluntariness of providing the data

You have the following rights in relation to your personal data:

  1. the right of access to your personal data – Cloudity will, upon your request, inform you what type of personal data is processed and provide you with a copy of that data; 
  2. the right of rectification of personal data if the personal data is incorrect or incomplete; 
  3. the right to erasure of personal data – available only in certain situations;
  4. the right to restrict the processing of personal data – in this case, in specific situations, the User may request to temporarily stop the processing of his/her data. The User may request the restriction of the processing of his personal data in situations where he raises an objection; 
  5. the right to request personal data portability;
  6. the right to withdraw consent to the processing of personal data;
  7. the right to object to the processing of personal data – in this case, the User may request to stop the processing of his/her personal data due to his/her particular situation, when:
  1. the User’s personal data are processed by Cloudity on the basis of a legitimate interest of Cloudity or a third party, except where such interests prove to be overridden by the interests, rights and freedoms of the User;
  2. the User’s personal data is processed for direct marketing purposes;
  3. the processing of personal data involves automated decision-making in relation to the User, including profiling.
  1. The User has the right to lodge a complaint with the President of the Office for Personal Data Protection.


Is it mandatory to provide personal information?

Provision of personal data is voluntary, although failure to provide certain data may prevent the use of certain services offered by Cloudity, as well as receipt of newsletters, etc.

Providing the data is required to conclude the contract, settle businesses and Cloudity’s compliance with legal requirements. This means that by using services offered by Cloudity (including training, support with system implementation) or to become its employee, you must provide your personal information. Your personal information (meaning full name, phone number and email address) can be shared with Cloudity by the entity in which you registered for training organized by Cloudity.

In all other areas (specifically the data to be processed by Cloudity for marketing purposes), providing data is voluntary.


Disclosure of data to third party

Data will be processed on the territory of the European Economic Area.


Processing of personal data in an automated way

Personal data will not be processed in an automated way (including profiling) in such a way that as a result of such automated processing, any decisions could be made, other legal effects would be caused or would have a significant impact on our clients, contractors and their employees.


Technical and organizational measures to secure data

Cloudity uses appropriate technical and organizational measures to secure Users’ personal data against unauthorized access, unlawful use or disclosure. Personal data is processed in a controlled environment with high standards of protection. 

Processing of children’s data 

Cloudity does not offer services targeted at persons under the age of 18 and does not knowingly process personal data of children. If personal data of persons who are under the age of 18 is processed without the consent of their legal guardians, appropriate steps will be taken to delete such personal data as soon as possible.

Changes in Privacy Policy

The content of the Privacy Policy is subject to change. After each change, a new version of the Privacy Policy will be published on the Cloudity website.


Use of ”cookies” 

  1. ”Cookies”

The website uses mechanisms such as: „cookies”, „Local Storage”, „Session Storage”, which are used for automatic data storage (hereinafter jointly referred to as „cookies”). Cookies are used in order to better adapt the website to the users’ needs. 

Cookies are text files stored on the User’s terminal device and serve to identify the User’s browser. They provide the Controller with statistical information about User traffic, User preferences and activity, and the way the website is used. They make it possible to adapt content and services to User preferences. Cookies do not collect information allowing direct identification of a User, i.e. name and surname, residential address, e-mail address or telephone number.

Most of the ”cookies” are so-called session cookies which are automatically deleted from the hard drive after the session ends (i.e. after logging out or closing the browser window). Some of the ”cookies” allow the recognition of the User’s terminal equipment when re-visiting the website – they are not deleted automatically but are stored on the terminal equipment. In the case of mobile devices, a similar mechanism has been used as in the case of stationary devices to accept cookies, allowing the storage of information related to a given User.

Cloudity also uses Local Storage and Session Storage technology on its Services. This technology is similar in principle to ”cookies”. It is a separate part of the browser’s memory, which allows web applications to store data locally. Data in Local Storage is stored for a long time by the browser, and is not deleted when the browser is closed. They also have no expiry date. The data stored in Session Storage is deleted when you close your browser. You can delete data stored in Local or Session Storage at any time.

  1. Purposes of using ”cookies”

Cloudity uses ”cookies” in order to carry out analysis and research into the performance of the website and ways of using the website, as well as to ensure the security of the website.

  1. Social network

The Cloudity website uses cookies, plugins and other social tools provided by social networks such as: Facebook, Instagram, Twitter, Glassdoor, Xing and Linkedin. When using the Cloudity service, your browser will establish a direct connection to the servers of the controllers of the social networks (service providers), so they will receive information that you are using the Cloudity website, even if you do not have a profile with the service provider or are not currently logged in with them. This information, together with the IP address of the User’s device, is transferred to the server of a given service provider, where it is stored. It should be noted that some servers are located outside the European Economic Area, e.g. in the USA. In this case, the personal data are transferred to third countries where the possibilities for the exercise of data subjects’ rights and effective legal remedies are in place, whereby the controller and the service provider ensure adequate safeguards for the personal data by applying binding corporate rules or accepted standard data protection clauses.

With regard to transfers of personal data to service providers, Cloudity and the service providers are joint controllers of the Users’ personal data, whereby the User should exercise his/her rights directly against the respective service provider. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility to make settings to ensure the protection of the User’s privacy are described in the privacy policies of individual service providers::









  1. Managing „cookies”

The User has the option to disable cookies in his/her browser. However, the User must be aware that this may cause difficulties in using the Cloudity website. The stored cookies can be deleted by using the appropriate functions of the Internet browser, programs for this purpose or tools available within the operating system used by the User.

Failure to make changes in the settings of the used browser to manage cookies will result in cookies being placed automatically on the User’s terminal equipment. Failure to modify the browser settings resulting in the deactivation of cookies and simultaneous use of the website shall mean that the User consents to the placement and reading of cookies and use of similar technologies by Cloudity under the terms described in this Policy.

Due to the variety of browsers and applications used to operate websites, the management of cookies may vary, depending on the browser used, so we recommend that you familiarize yourself with how to manage privacy/security features before using the website. Desktop devices: Internet Explorer, Chrome, Safari, Firefox, Opera. Mobile devices: Chrome, Safari, Windows Phone, Blackberry.

To clear data from mobile apps, depending on the system that is installed on your mobile device, you will need to:

  1. for Android: go to Settings, go to Applications, search for the application, select Memory and choose the option ”Clear data”.
  2. In case of iOS: it is not possible to clear the data of the application. The only solution is to delete and reinstall the application.