January 1, 2024
General information
- This Privacy Policy establishes the terms and conditions for processing of personal data by Nussknacker acting as a controller of personal data, for the protection of Nussknacker Customers using the Nussknacker Cloud Service (hereinafter "Nussknacker Cloud") in connection with the processing of their personal data.
- Terms defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) such as “Personal Data”, “Controller” and “Processor” have the same meaning while used in the hereunder Privacy Policy.
- This Privacy Policy describes the manner, scope, and purposes of collecting personal data related to the use of the Nussknacker Cloud.
- Our overriding goal is to ensure that Nussknacker Cloud Customers and other persons to whom Customers have granted access to Nussknacker Cloud have their privacy protected at least in accordance with the standards set forth in applicable laws, in particular the Act of July 18, 2002 on the provision of electronic services (Journal of Laws of 2002, No. 144, item 1204, as amended) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Basic terms
- All terms contained in this Privacy Policy shall be understood as defined in the Nussknacker Cloud Service Rules, and in the absence of definitions in the aforementioned document, as described below:
- Registration Data - data provided by the Customer to start using the Nussknacker Cloud in the manner described in Section How to get started, subsection 1 of the Rules, including but not limited to an e-mail address, name, and company name.
- Processing - operations performed on Personal Data such as collecting, recording, storing, developing, altering, sharing, backing up, and other operations necessary for the Nussknacker Cloud Service.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Principles and scope of data collection and processing
- The provision of the Nussknacker Cloud service includes the following activities on the part of Nussknacker: setting up an Account, performing all activities falling within the scope of the Nussknacker Cloud service and described in detail in the Rules, and activities undertaken to serve Customers, processing of complaints, invoicing, collection of fees, potential claims, and quality control of the Nussknacker Cloud.
- As part of Nussknacker Cloud, Nussknacker processes the following data:
- Registration Data and the password set by the Customer,
- data provided to Nussknacker by the Customer for the purpose of operating the Account,
- Nussknacker Cloud activity data, including but not limited to: session, device, operating system and browser data, Account login dates, data on the use of certain Nussknacker Cloud functionalities, clicks,
- Customer's history and activity related to e-mail communication with Nussknacker
- and other data provided to Nussknacker by the Customer as part of the use of Nussknacker Cloud, not covered by the Data Processing Agreement,
- The entry and provision of Personal Data, especially the Registration Data by the Customer is entirely voluntary but necessary in order to use the Nussknacker Cloud. Failure to do so will make use of the service impossible.
- Use of the Nussknacker Cloud service does not include processing of special categories of personal data referred to in Art. 9 of the GDPR, personal data related to criminal convictions and infringements of the law referred to in Art. 10 of the GDPR, or the personal data of children. Entering the above-mentioned data by the Customer is not allowed.
Purpose and legal basis for processing
Customers' Personal Data and other Personal Data provided by Customers will be processed in connection with the legitimate interests of Nussknacker for the following purposes:
- to provide the Nussknacker Cloud service;
- to process complaints under the terms and conditions described in the SLA;
- to assert or defend against claims related to the use of the Nussknacker Cloud;
- to carry out legal obligations, if any, will be incumbent on Nussknacker;
- to conclude and implement the agreements described in the Rules;
- to fulfill legal obligations incumbent on Nussknacker under tax law, accounting law, and obligations related to the keeping of tax documents;
Rights under the GDPR
Customers, as part of their use of the Nussknacker Cloud, shall have the following rights with respect to the Personal Data they provide:
- the right to be informed about the principles of Personal Data processing,
- the right of access to Personal Data,
- the right to make copies of Personal Data,
- the right to rectify Personal Data and to have Personal Data completed,
- the right to request deletion of Personal Data (the "Right to be Forgotten") – requesting deletion of all Personal Data will be equivalent to requesting deletion of the Account. The Customer has the right to request deletion of Personal Data in the following situations:
- processing of Personal Data is carried out in violation of the law or the necessity of deletion of Personal Data results from generally applicable laws,
- Personal Data are no longer necessary for the purposes for which they were being processed,
- the Customer has withdrawn consent to the processing of Personal Data (to the extent that the consent provided the legal basis for the processing),
- the Customer has objected to the processing of Personal Data where the basis for the processing of Personal Data is Nussknacker's legitimate interest,
- the right to view Personal Data, as well as to receive copies of them;
- the right to request the restriction of the processing of Personal Data (submission of such request by the Customer will entail blocking the Customer's access to the Account by Nussknacker). The Customer has the right to request the restriction of processing of Personal Data in the following situations:
- in case of comments on the correctness of the Personal Data,
- in case of unlawfulness of the processing of Personal Data (and in case of failure to exercise the right to delete the aforementioned data),
- when Personal Data are no longer necessary for the purposes for which they were collected, and the Customer needs them to assert or defend his claims,
- where the Customer has objected to the use of Personal Data.
- the right to object to the processing of Personal Data (when the basis for the processing of Personal Data remains Nussknacker's legitimate interest),
- the right to request a transfer of Personal Data.
Recipients of the data processed
- Nussknacker only shares Personal Data with third parties that provide support to Nussknacker as processors or separate controllers for the purposes of the Nussknacker Cloud.
- In all cases where a third party provides support to Nussknacker as a processor all provisions of Article 28 of the GDPR shall be followed.
- If there is a need to transfer Personal Data outside the EEA, Nussknacker shall use, as an appropriate data protection measure, the contractual clauses in accordance with Article 46 of the GDPR.
How long data are stored
The Customer's Personal Data will be stored by Nussknacker no longer than:
- for the period of the Customer's use of the Nussknacker Cloud, in particular for the period of holding the Account and for a period of 60 days after the termination of the Account;
- until such time as the Customer's objection is taken into account to the extent that the Customer's data are processed based on the so-called legitimate interest of Nussknacker;
- until the Customer withdraws its consent to data processing, if the basis for the processing was consent;
- for a period necessary for tax and accounting purposes according to relevant provisions of law;
- limitation periods in civil and criminal cases established in accordance with the applicable provisions of Polish law to the extent that the Customer's Personal Data will be processed for the purpose of establishing, asserting, or defending against claims.