Privacy Policy

Definitions

Service – the “mscloud” website operating at https://mscloud.pl

External service – websites of partners, providers or clients that cooperate with the Administrator

Service/Data Administrator – the Administrator of the Service and of personal data (hereinafter “Administrator”) is “mscloud” Sp. z o.o., ul. Twarda 18, 00-105 Warsaw, NIP 6342986326, which provides electronic services via the Service

User – a natural person for whom the Administrator provides electronic services through the Service

Device – an electronic device with software that enables the User to access the Service

Cookies – text data stored as files placed on the User’s Device

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation)

Personal data – information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person

Processing – any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Restriction of processing – the marking of stored personal data with the aim of limiting their future processing

Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

Consent – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or clear affirmative action, signifies agreement to the processing of personal data relating to him or her

Personal-data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

Pseudonymisation – the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure non-attribution to an identified or identifiable natural person

Anonymisation – an irreversible data-processing operation that destroys or overwrites personal data so that the record can no longer be linked to a specific user or individual

Data-Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data-Protection Officer. All matters concerning data processing should be addressed directly to the Administrator.

Types of cookies

Internal cookies – files placed and read on the User’s Device by the Service’s IT system

External cookies – files placed and read on the User’s Device by IT systems of external services. Scripts of external services that may place cookies on the User’s Device have been deliberately included in the Service via scripts and services installed in the Service.

Session cookies – files placed and read on the User’s Device by the Service during one browser session; they are deleted after the session ends.

Persistent cookies – files placed and read on the User’s Device by the Service until they are manually deleted; they are not removed automatically after the session ends unless the Device is configured to delete cookies at session end.

Data-storage security

Cookie storage and access mechanisms – the storage, reading and exchange of data between cookies saved on the User’s Device and the Service are carried out via built-in browser mechanisms and do not allow other data to be retrieved from the Device or from other websites visited by the User, including personal or confidential data. Transferring viruses, trojans or worms to the Device is practically impossible.

Internal cookies – the cookies used by the Administrator are safe for Users’ Devices and contain no scripts, content or information that could threaten personal data or Device security.

External cookies – the Administrator takes all possible measures to verify and select service partners with regard to User safety. Although partners are reputable global companies, the Administrator has no full control over the content of cookies from external partners and is not liable, as far as the law allows, for their security, content or licensed use. A list of partners appears later in this Privacy Policy.

Cookie control

The User may at any time change settings for saving, deleting and accessing cookie data for any website.

Instructions for disabling cookies in popular desktop browsers are available at: how to disable cookies or directly from the browser providers listed below:

The User can delete all stored cookies at any time using the tools of the Device through which the User accesses the Service.

User risks – the Administrator applies all possible technical measures to secure data stored in cookies; however, data security also depends on the User’s actions. The Administrator is not responsible for data interception, session hijacking or deletion caused by intentional or unintentional actions of the User, viruses, trojans or spyware on the User’s Device. Users should follow internet-safety guidelines.

Storage of personal data – the Administrator takes all efforts to keep voluntarily provided personal data secure, restrict access and process it only for intended purposes, protecting it with appropriate physical and organisational safeguards.

Password storage – the Administrator stores passwords in encrypted form using current standards and guidelines. Decrypting passwords entered in the Service is practically impossible.

Purposes of cookie use

  • Improving and facilitating access to the Service
  • Personalising the Service for Users
  • Enabling Service login
  • Marketing and remarketing on external services
  • Advertising services
  • Affiliate services
  • Statistics (users, visits, device types, connection speed, etc.)
  • Multimedia services
  • Social-media services

Purposes of personal-data processing

  • Improving and facilitating access to the Service
  • Personalising the Service for Users
  • Enabling Service login
  • Marketing and remarketing on external services
  • Advertising services
  • Affiliate services
  • Statistics (users, visits, device types, connection speed, etc.)
  • Multimedia services
  • Social-media services

External-service cookies

The Service collects data about Users. Some data are collected automatically and anonymously; other data are personal data provided voluntarily by Users when subscribing to specific services.

Anonymous data automatically collected:

  • IP address
  • Browser type
  • Screen resolution
  • Approximate location
  • Visited subpages
  • Time spent on pages
  • Operating-system type
  • Previous subpage address
  • Referrer address
  • Browser language
  • Connection speed
  • Internet-service provider

Data collected via form submission:

  • Name / surname / nickname
  • Email address
  • Phone number
  • IP address (collected automatically)
  • Other ordinary data

Some data (excluding identifying data) may be stored in cookies and passed to statistical-service providers.

Third-party access to personal data

To operate the Service, the Administrator uses an external hosting/VPS/dedicated-server provider – nazwa.pl.

All data collected and processed in the Service are stored on infrastructure located in Poland. Provider personnel may access data during maintenance. Access is governed by the agreement between the Administrator and the provider.

How personal data are processed

Personal data voluntarily provided by Users:

  • Data will not be transferred outside the EU unless the User publishes them voluntarily (e.g., comments), making them available to any visitor.
  • Data will not be used for automated decision-making (profiling).
  • Data will not be sold to third parties.

Anonymous data automatically collected:

  • Anonymous data may be transferred outside the EU.
  • Anonymous data will not be used for automated decision-making.
  • Anonymous data will not be sold to third parties.

Legal bases for personal-data processing

The Service collects and processes User data on the basis of:

  • GDPR
  • Article 6(1)(a) – consent of the data subject
  • Article 6(1)(b) – processing necessary for contract performance or pre-contract actions
  • Article 6(1)(f) – legitimate interests pursued by the Administrator or a third party
  • Polish Data Protection Act of 10 May 2018
  • Polish Telecommunications Law of 16 July 2004
  • Polish Copyright Act of 4 February 1994

Retention periods

Personal data voluntarily provided by Users: retained only for the duration of the Service. Deleted or anonymised within 30 days after service termination (e.g., account deletion, newsletter unsubscribe). If needed for legitimate purposes, data may be stored up to three years from the User’s deletion request.

Anonymous data automatically collected: statistical, non-personal data are stored indefinitely.

User rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to lodge a complaint with the supervisory authority

Administrator contact

  • Postal address – mscloud Sp. z o.o., ul. Twarda 18, 00-105 Warsaw
  • Email – biuro@mscloud.pl
  • Phone – +48 22 299 35 55
  • Contact form – mscloud.pl/contact

Service requirements

  • Restricting cookie storage may cause some Service functions to malfunction.
  • The Administrator is not liable for malfunctioning functions if the User restricts cookie storage or access.

External links

Articles, posts or comments may include links to external sites unaffiliated with the Service Owner. These links and their content may pose risks to your Device or data security. The Administrator is not responsible for content outside the Service.

Changes to this Privacy Policy

  • The Administrator may amend this Policy at any time regarding anonymous data or cookies without notifying Users.
  • Changes concerning personal-data processing will be emailed to registered Users and newsletter subscribers within seven days. Continued use of the Service signifies awareness and acceptance of the changes. Users who disagree must delete their account or unsubscribe.
  • Changes will be published on this page.
  • Changes take effect upon publication.