Regulations on processing Personal Data in connection with
the use of Secure Cloud Storage Service
In order to ensure security to our Clients and explain the need, necessity and ways of Personal Data processing and protection, as well as other Client-related information, the Service introduces the following privacy policy (“Privacy Policy”):
§ 1
General Provisions
1. All capitalized terms not defined otherwise shall bear the meaning specified in the Regulations of use of Secure Cloud Storage Service by Clients.
2. The Administrator of personal data processed in the Service for the purpose of providing Administrator's Services shall be PIXEL-TECH Spółka Jawna Pytowski i Kubarek, NIP (tax identification number): 644-328-72-39, REGON (statistical identification number): 240352530, seated in 41-303 Dąbrowa Górnicza, ul. Laski 6A.
3. Administrator shall make every effort to maintain confidentiality and privacy of information provided. This Privacy Policy establishes current terms and policies pertaining to protection and processing of Client Data received from the Clients or Photographers acting for and on behalf the Clients.
4. For Privacy Policy purposes, “Personal Data” are any information related to, directly or indirectly, identified or identifiable natural person, in particular by reference to: name, identification number, localization data, online ID, or one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
§ 2
Collecting and processing Personal Data. Security measures
1. In connection with provision of the Services, Administrator may collect
2. the following personal data:
1.i 1.a) photographs attached to documents, with images being part of Client Personal Data;
1.i 1.b) Access codes enabling access to Client Data;
3. All Personal Data shared with the Administrator shall be processed by the Administrator according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC — that is, General Data Protection Regulation (GDPR) and shall be subject to other provisions of applicable law, for the following purposes:
1.i 1.a) proper performance of the Service — performance of the Service shall mean storage of Client Data within time limits set in the Regulations and sending these Data to a given e-mail address upon the provision of Access Code;
1.i 1.b) for Administrator’s legitimate interest — this interest involves constant improvement of quality of Services provided, by improving information security of the Secure Cloud Storage and Services provided;
4. Data provided for the purpose of Service performance (photograph with a document) are shared voluntarily, however failure to provide them prevents the conclusion and proper performance of the Service (securing Client Data and sending it to the person with the Access Code).
5. Administrator may share Personal Data only with the following recipients: entities providing information services for Administrator, Administrator’s employees within limits of their authorization to process personal data for specific purposes and within a specific activity, persons providing services to Administrator under separate agreements.
6. Users Personal Data shall be stored for the whole duration of Service provision, and after the end of this period shall be absolutely removed. Personal Data shall be also removed upon the request submitted by Client via the Service.
7. Data managed by the Administrator are subject to automated pseudonimisation. Their anonymisation can only be reversed by the Client, by using unique Access Code and after downloading the Client Data.
8. Due to the fact that Data collected remain anonymous and the Administrator has no means to de-anonymise them, Clients have no right to access, modify or amend their Personal Data (otherwise than by providing the Access Code). Clients may execute their right to remove Client Data by using the Access Code.
9. Administrator is obliged to:
a) make all reasonable efforts to immediately remove or correct Personal Data that are incorrect in respect to the purpose of processing thereof;
b) process Personal Data in a way that ensures proper security, including protection against unauthorized or illegal processing and accidental loss, damage or corruption, by applying adequate technical and organizational measures.
10. Administrator shall process Personal Data and Confidential Information in a way specified in section 8, point b) of the Privacy Policy, in particular by:
1.a) applying technical and organizational measures that protect processed Personal Data accordingly to threats and categories of data under protection;
1.b) securing Personal Data against being shared with unauthorized persons, collected by unauthorized persons, processed in breach of the law, or modified, lost, corrupted or damaged;
1.c) maintaining documents describing ways of processing Personal Data and security measures mentioned above;
1.d) allowing Personal Data to be processed exclusively by persons holding proper authorization;
1.e) exercising control over what Personal Data, when and by whom are added to data set and with whom they are shared;
1.f) keeping records of persons authorized to process Personal Data.
11. Personal Data may also be processed and used in legally justified interest of the Administrator, meaning:
a) market and statistical research conducted for the purposes of Service functioning;
b) Service administration, improvement of its functionality and quality of services provided;
c) enforcement of compliance with the Rules, fighting fraud and abuse;
d) improvement of security of Personal Data processing;
- where processing for these purposes shall take place only during the period Personal Data are also processed for one of the purposes identified in section 2.
§ 3
Collecting anonymous data
Administrator shall not register any personal data of the Clients shared or provided in connection with the use of the Service.
§ 4
Any questions, comments or complaints regarding the Privacy Policy, Personal Data or any part of the Service shall be sent to:gdpr@pixel-tech.eu.
§ 5
1. This Privacy Policy shall enter into force on 25 May 2018.
2. Administrator may modify the Privacy Policy if it is necessary to improve the quality of Services provided, adapt its provisions to new or amended Service functionalities and, if required by generally applicable provisions of law in this respect. Provisions on modification in the Rules shall apply accordingly.
3. In cases not regulated by this Privacy Policy, the provisions of the Civil Code and GDPR shall apply.