In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter „GDPR“) we meet our information obligation with respect to the processing of your personal data.

Please read the following information on how we process your personal data. With respect to the processing of your personal fata, you are a data subject, i.e. a person whose personal data we process.

Who is the controller?

Controller: Cloud-IT, s. r. o. company, Jozefská 7, 811 06 Bratislava, Company ID No (IČO): 46 731 610, registered in the Business register of the District Court of Bratislava I, Section Sro, File No. 82629/B (hereinafter „controller“).

Controller‘s contact details: Telephone No. 0948074014, e – mail: slavko.fulek@cloud-it.sk.

If you have any questions or you wish to exercise your rights with respect to the processing of your personal data, please contact the controller using the above mentioned e-mail address. You may also exercise your rights in writing by delivery (by post or in person) to the controller‘s address.

Where do we obtain your personal data from?

We obtain your personal data directly from you.

We process personal data according to the following legal bases:

• based on contractual and pre-contractual relationships (Article 6 (1) (b) of the GDPR),
• based on the compliance with a legal obligation (Article 6 (1) (c) of the GDPR),

If conclusion or performance of a contract is the legal basis for the processing of personal data, the provision of your personal data is a requirement that is necessary for the conclusion or performance of the contract. Failing to do so may prevent you from entering a contractual relationship.

If specific law or the provision of a public-service task or the excercise of public authority is the legal basis for the processing of personal data, the data subject‘s obligation to provide personal data, as well as the consequences of not providing them depends on the processing purpose and are, thus, specific for every processing activity. In such  cases, the data subject is obliged to provide the personal data.

What is the purpose and legal basis of the processing of your personal data?

• For the purpose of processing your request made by filling in a contact form on the web to obtain information – demand in relation to the services we offer.

The processing for this purpose is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract.

• For the purpose of performing activities aimed to the conclusion of the contract.

This purpose includes controller‘s activities performed before making a deal with a potential client, especially contacting a potential client and arranging a meeting with them.

If the client is a natural person and the processing started on the basis of their request/inquiry of our services, the processing is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract (pre-contractual relationships).

• For the purpose of performing the existing contractual relationships with clients, i.e. the purpose of supplying our services on the basis of a contract concluded with a client, including the records of clients.

In this event the processing is necessary to perform a contract.

• For the purpose of the conclusion of valid contractual relationships and ensuring their performance.

In this event the processing is necessary to perform a contract.

• For the purpose of identification of a party to a legal dispute and a debtor in an enforcement petition.

If we process your personal data for these purposes, we do so because it is our legal obligation to identify the deptor in an enforcement petition (especially the Civil Code, the Enforcement Code), and the plaintiff or defendant in court proceesings (especially Code of Contentious Civil Procedure, Code of Administrative Procedure).

• For the purpose of registry administrator.

This purpose includes activities related to the fulfillment of the controller‘s registry obligations, including records of sent and received mail. Your personal data are processed for this purpose on the legal basis: processing is necessary for compliance with the controller‘s legal obligations under Act No. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts.

• For the purpose of bookkeeping, processing of accounting and tax documents, billing and cash register records.

The processing for this purpose is necessary to comply with the controller‘s legal obligations, in particular pursuant to Act No. 431/2002 Coll. On Accounting, Act No. 222/2004 Coll. on Value Added Tax and Act No. 595/2003 Coll. on Income Tax.

• For the purpose of dealing with the request for the exercise of rights of data subjects.

For this purpose, your personal data is processed on a legal basis: processing is necessary for compliance with the controller‘s legal obligations under the personal data protection legislation (GDPR) in relation to the exercise of data subjects‘ rights under Article 15 to 22 of the GDPR.

Personal data recipients

To ensure compliance with the controller‘s legal obligations, and in connection with the conclusion or performance of a contractual relationship are or may be recipients of your personal data tax authorities, government and public authorities for audit and oversight, courts and law enforcement authorities (for instance labour inspectorate), an attorney, an enforcement officer, a data protection officer under the GDPR, a provider of postal services, a provider of a certified data centre and provider of information technology administration and SW solution and database in Cloud, a provider of website support and operation, a provider of auditing services, providers of programming.

If we process your personal data using processors as a special category of recipients of personal data, we make sure that they comply with the applicable laws and terms and conditions agreed in the personal data processing agreement, that they are bound by confidentiality and that they protect your data in accordance with the GDPR requirements.

Will your personal data be provided outside the European Union?

Your data are not transferred to a third country or international organisation.

Will your personal data be used for automated individual decision-making?

Your personal data will not be used for automated individual decision-making, including profiling.

How long will we store your personal data?

If your personal data is processed to comply with the controller‘s legal obligations and the law defines the storage period, we will store your personal data and the related documentation for the period required by the applicable law.

We will store your personal data for the period necessary to achieve the purpose with which the personal data are processed.

Personal data processed with the purpose of accounting records keeping are stored for 10 years.

We store personal data in the records of sent and received mail for 5 years.

Personal data processed on the legal basis of the necessity of processing for the performance of a contract will be stored for the period of the duration of the contractual relationship until the settlement of mutual rights and obligations, but at least for 10 years. During the same period we also store personal data of data subjects for the purpose of pre-contractual relationships, conclusion of valid contractual relationships and ensuring their performance.

Personal data processed for the purpose of administration of pending disputes and enforcement proceedings or other proceedins, are stored for the period of the duration of legal time of limitation and foreclosure, but at least for 5 years from the lawful finality of the proceedings.

We will store your personal data processed for the purpose of dealing with the request for the exercise of rights of data subjects for 5 years from the date of processing the request, but at least until the finality of the administrative proceedings initiated by the data subject in connection with the request.

Personal data processed for the purpose of commercial communication are stored for 5 years.

What are your rights with respect to personal data processing?

• Right to access personal data under Article 15 of the GDPR:

The data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed by the controller. The data subject has the right to gain access to their personal data and information in the extent under Article 15 of the GDPR.

• Right to rectification of personal data under Article 16 of the GDPR:

The data subject has the right to have inaccurate personal data concerning them rectified or to have incomplete personal data completed. The controller must comply with a request to rectify or complete personal data without undue delay.

• Right to erasure (right to be „forgotten“) under Article 17 of the GDPR:

The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where on of the grounds in Article 17 (1) of the GDPR applies (e.g. if the personal data obtained by the controller are no longer necessary for the purposes for which they were collected or otherwise processed). The controller will asses this right of the data subject with respect to all relevant circumstances in accordance with Article 17 of the GDPR (e.g. the controller does not comply with the request of processing is necessary – to comply with the controller‘s legal obligation or to establish, exercise or defend legal claims).

• Right to restriction of processing of personal data under Article 18 of the GDPR:

The data subject has the right to obtain from the controller restriction of processing of their personal data in one of the circumstances specified in Article 18 (1) of the GDPR. Where processing has been restricted under Article 18 (1) of the GDPR, such personal data will, with the exception of storage, only be processed: (a) with the data subject‘s consent or (b) for the establishment, exercise or deference of legal claims or (c) for the protection of the rights of another natural or legal person or (d) for reasons of important public interest of the Union or of a Member State.

• Right to portability of personal data under Article 20 of the GDPR:

The data subject has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller, where the processing is based on consent, or on a contract and is carried out by automated means. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

• Right to object under Article 21 of the GDPR:

If the processing is based on legitimate interests (Article 6 (1) (f) of the GDPR), the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them, including profiling based on those interests. In this event, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishement, exercise or deference of legal claims.

If the data subject objects to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing, the personal data must no longer be processed for such purposes.

• Right to lodge a complaint with the Office for Personal Data Protection:

You may lodge a complaint regarding the processing of your personal data at any time with the supervisory authority, i.e. Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, tel.: +421 2 3231 3220, www.dataprotection.gov.sk.

Google Workspace API

We explicitly affirm that Google Workspace APIs are not utilized for the development, improvement, or training of generalized or non-personalized artificial intelligence (AI) and machine learning (ML) models. Any data processed through Google Workspace APIs is handled strictly in accordance with our privacy policies and for the specific purposes intended, ensuring that no personal or user data is employed in broader AI or ML initiatives.

Privacy Policy for Google User Data

Our app collects and uses data from user Google account (if connected with RECRU) in compliance with Google’s User Data Policy.

1. Data We Access

Our app requires the following access to user Google data:

• Primary Google Account Email Address: We collect user primary email address to identify and authenticate user account within our application.
• Personal Information: We may access personal information, such as user profile picture and display name, to personalize the experience within the app.
• Google Calendar Events: Our app accesses user Google Calendar to view, create, modify, and delete calendar events based on user interactions within the app.
• Gmail Access: We access user Gmail account to read, compose, send, and manage emails, including deleting emails when required.

2. How We Use the Data

• Authentication and Identification: User email address and personal information are used for authentication and user identification within the app.
• Calendar Management: We interact with user Google Calendar to facilitate scheduling, event management, and synchronization of events between the app and user Google account.
• Email Management: The app may send emails on behalf of the user, organize messages, and allow users to read or compose emails through the app interface.

3. Data Storage and Security

• Storage of Google User Data: Our app stores certain data from user Google account, including past emails and calendar events, unless they are explicitly deleted by the user. This data retention is necessary to maintain a history of interactions between the user and their candidates.
• Data Security: We use industry-standard security measures, including encryption protocols, to protect user Google data. Access to this data is restricted to authorized personnel only, and all data is stored securely.
• Data Retention: Emails, calendar events, and other user data will remain in our system unless they are manually deleted by the user or unless the user requests full deletion of their account.
• Data Transmission: Data transmitted between Google services and our app is encrypted using SSL/TLS to ensure it remains secure.

4. Data Sharing

We do not share user Google data with third parties, except when required to comply with legal obligations or in accordance with user instructions.

5. User Control

User can revoke our app’s access to Google account data at any time through user Google account settings.