Buena Cloud | GDPR Privacy Policy (Datenschutzerklärung)

1. Controller (Verantwortlicher)

The Controller for the collection, processing, and use of your personal data according to Art. 4 No. 7 GDPR is:

Cezary Augustynowicz
Buena Cloud Sp. z o.o. (Wichrowa 20C, 60-449 Poznań)
Email: info@buenacloud.com
Phone: +48 61 624 03 12 (Polish contact) / +49 2131 3847404 (German contact)

If you wish to object to the collection, processing, or use of your data, you can address your objection to the Controller at any time.

2. Data Minimization Principle & Processing Purpose

We primarily focus on corporate clients. We generally do not use personal data, except for a few necessary exceptions detailed below.

We kindly ask you not to send us any unnecessary personal data in contact forms or emails. We only require necessary company data to fulfill our business purposes.

We process personal data only for the operation of the website, contract fulfillment, and internal HR purposes, adhering to the subsequent points.

3. Specific Data Processing Activities

3.1. Hosting & Access Data (Server Logfiles)

Our hosting services cover infrastructure, security, and technical maintenance for operating the website. We, or our hosting provider, automatically collect server logfiles (Access Data) when you visit this website, which include: Name and URL of the retrieved file, date and time of retrieval, transferred data volume, browser type and version, operating system, referrer URL, and IP address.

Legal basis: Our legitimate interest (Art. 6 para. 1 sentence 1 f) GDPR) in efficient and secure provision of our website, security purposes, and statistical analysis (traffic). IP addresses are stored for a limited period where required for security.

3.2. Cookies

We use **Session Cookies** (deleted after closing the browser) for optimization and functionality (e.g., shopping cart features). We also use **Persistent Cookies** (remaining on your device for 1 month to 10 years) to recognize your browser on your next visit, allowing us to present our offer more user-friendly and effective. Data stored includes login information, language settings, and search terms.

Legal basis: Our legitimate interest (Art. 6 para. 1 sentence 1 f) GDPR) in making our website more user-friendly, effective, and secure. You can configure your browser to reject cookies, but this may limit website functionality.

3.3. Data for Contract Fulfillment

We process personal data required to fulfill our contractual obligations, such as Name, Address, Email, ordered products, and billing data. Data is deleted after the expiration of warranty periods and legal retention obligations (e.g., tax or commercial law).

Legal basis: Fulfillment of contractual duties (Art. 6 para. 1 sentence 1 b) GDPR).

3.4. E-mail Contact

When you contact us (via form or email), we process your data to handle the request. If the processing serves pre-contractual measures or contract fulfillment, the legal basis is Art. 6 para. 1 sentence 1 b) GDPR. Otherwise, it is based on your consent (a) or our legitimate interest (f) in responding to your email.

4. Use of Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. This service uses cookies (see 3.2). The information generated is typically transferred to a Google server in the USA.

We have activated IP anonymization (anonymizeIp) on this website. Your IP address is abbreviated by Google within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a server in the USA and abbreviated there.

You can prevent the collection of data generated by the cookie (including your IP address) and its processing by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en.

Legal basis: Our legitimate interest (Art. 6 para. 1 sentence 1 f) GDPR) in the analysis, optimization, and efficient operation of our website.

5. Data Security and Transfer

We prioritize the security of your data using technical and organizational measures (Art. 32 GDPR). Your personal data is transmitted encrypted using the SSL (Secure Socket Layer) coding system (e.g., for orders or customer login).

Generally, we only use your personal data within our company. Data transfer to places outside the EU is not planned, except for the necessary operation of services (e.g., Google Analytics).

6. Your Rights under the GDPR

Under applicable laws, you have various rights regarding your personal data. To assert these rights, please send your request via email to the Controller.

Right of Access (Art. 15): You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and access to this data along with a copy.
Right to Rectification (Art. 16): You have the right to request the immediate correction or completion of inaccurate personal data concerning you.
Right to Erasure ("Right to be Forgotten," Art. 17): You have the right to request the deletion of your personal data without undue delay, particularly if the data is no longer necessary for the purposes for which it was collected.
Right to Restriction of Processing (Art. 18): You have the right to obtain restriction of processing where one of the legal conditions is met (e.g., contesting the accuracy of the data).
Right to Data Portability (Art. 20): You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
Right to Object (Art. 21): You have the right to object to the processing of your personal data at any time, based on your particular situation.
Right to Withdraw Consent (Art. 7): You have the right to withdraw your consent to the processing of personal data at any time.
Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence or place of work, if you consider that the processing infringes the GDPR.