Privacy statement

Personal Data Processing

1. The controller of personal data is:

Ferste Sp. z o.o., ul. Chmielna 73B, 00-801 Warsaw, NIP: 5273124689, KRS: 00011201770, registered in the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register. Share capital: PLN 5,000.

Email: biuro@ferste.pl

  1. The legal basis for data processing is the performance of the Agreement concluded with the Customer, for which data processing is necessary. Personal data is processed solely for purposes related to the performance of the Agreement and to take necessary actions before its conclusion. Providing personal data is not mandatory, but failure to do so will make it impossible to conclude and execute the Agreement. Data will be stored no longer than necessary, i.e., for the time required to perform the Agreement and for the period necessary to establish, pursue or defend claims, or to protect the rights of the Controller or other persons.

  2. The Controller may transfer customer data to recipients with whom appropriate data processing agreements have been concluded, solely for the purpose of executing this Agreement.

  3. The Customer has the right to request access to their data, rectification, portability, erasure, restriction of processing, and the right to object. In connection with the processing of personal data, the Customer also has the right to lodge a complaint with a supervisory authority.

Data Processing Delegation

  1. Within the scope of the services provided by the Processor to the Customer (data controller), the Customer entrusts the Processor with the processing of personal data under Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “Regulation”), for the purpose of providing the Customer with disk space within the Processor’s infrastructure, where the Customer manages and decides what data is stored.

  2. The Processor undertakes to process the entrusted personal data in accordance with the Regulation and other generally applicable laws protecting the rights of data subjects, exclusively for the purpose of executing this Agreement.

  3. The Processor declares that it applies technical and organizational measures that comply with the requirements of the Regulation and ensure the protection of the rights of data subjects. The Processor agrees to:

  • secure the personal data using appropriate technical and organizational measures ensuring a level of security appropriate to the risk related to data processing, as referred to in Article 32 of the Regulation;
  • exercise due diligence in processing the entrusted personal data;
  • ensure confidentiality, as referred to in Article 28(3)(b) of the Regulation, of the processed data by the persons authorized to process the personal data for the purpose of fulfilling the Agreement;
  • upon completion of the services related to processing, delete all personal data and any existing copies thereof, unless Union or Member State law requires the retention of personal data.

  1. The Processor may subcontract the processing of personal data provided by the Customer in connection with the Agreement solely for its execution, including to the owner of the storage infrastructure if the Processor is not the owner.

  2. The above provisions also apply in situations where the Customer grants the Processor access to personal data located on external servers for the purpose of fulfilling the subject of the agreement.