GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Customer: an entity with whom the Controller has entered into or is negotiating to enter into an agreement pursuant to which the Controller will provide it with its services.
Potential Customer: an entity which may be interested in our services and is approached by our marketing team to provide information regarding our services and process.
Representative: a person who contacts the Controller on behalf of the Customer or Potential Customer or another entity with whom the Controller cooperates or communicates.
[Data and effects of refusal to provide data]
This policy applies to the processing of Data collected from:
- Customers (if they are natural persons) or their Representatives in connection with the services we provide, such as in the course of entering into a contract or during the performance of a contracted project. [In this context, providing Data may be a condition of entering into a contract, and failure to do so may prevent performance of the contract].
- Potential Customers (if they are natural persons) or their Representatives in connection with marketing activities which may result in collecting data from publicly available and legitimate sources. [If you don’t wish to be approached by us please object]
- Subscribers to our newsletter. [Without receiving the necessary Data we will not be able to send you the newsletter].
- Persons contacting Us, in particular by telephone, e-mail or the contact form located at https://www.skyrise.tech/ [Failure to provide data may result in not receiving a response to the message].
Data may include, but is not limited to: the identifiers of the devices through which you access our site or which you use in the course of the relationship between us and you or the Customer you are a Representative of, contact information such as name, surname, e-mail address, registered or correspondence address, professional position, possibly other data, necessary for the purposes indicated below.
[Purposes, legal basis and duration of processing of Data].
We process your personal data for the purposes set out below. For each purpose, we have indicated the legal basis for the processing and the criteria for the period of processing for that purpose.
|PURPOSE||LEGAL BASIS||PROCESSING PERIOD CRITERIA|
|Processing data to provide services and ongoing contact with Customers. Providing resources and services to Customers.||Article 6 (1) (b) (f) of the GDPR – conducting a binding contract and legitimate interest of the Controller, which is the delivery of resources and services to Customers as well as providing communication.||Until the termination of cooperation with a given Customer and the statute of limitations for claims.|
|Direct marketing||Article 6 (1) (a) (f) of the GDPR – consent for marketing activities or prior to consent legitimate interest of the Controller, which is a right to develop business opportunities which does not overdrive data subjects rights and freedoms||1 year since collecting data unless data subject withdraws consent or object to processing or there is another legal ground for processing|
|Newsletter delivery. Providing marketing and advertising materials and information about Controller’s activities.||Article 6 (1) (a) of the GDPR –consent for marketing activities which is newsletter delivery||Until data subject withdraws consent|
|Website usage statistics. Analysis of website utilisation statistics||
Article 6 (1) (a) (f) of the GDPR – the consent for analytical and third party cookies or legitimate interest for Necessary (functional) cookies – which are necessary for the proper functioning of our website and systems and enable you to navigate our website and use its features.
|Administration of concluded contracts with service providers and clients. Protection of Controller’s rights and enforcement of claims||Article 6 (1) (f) of the GDPR – legitimate interest of the Controller. The legitimate interest of the Controller, in this case, is the proper implementation of contracts concluded with service providers or customers, as well as the defence of rights and enforcement of claims of the Controller.||Until the statute of limitations on claims.|
|Invoicing. Invoicing and financial reporting. Issuing invoices/payment documents to clients, bookkeeping.||processing is necessary to comply with Controller’s legal obligation to issue VAT invoices and financial reporting||5 years counted from the end of the fiscal year.|
We only process Data for as long as it is necessary. After the purpose for which the Data was processed has been fulfilled, the Data will be deleted or anonymised, unless we are required or authorized by law to retain some or all of the Data.
In some situations, we transfer your Data to third parties. Their recipients may be:
- entities to whom we outsource Data processing services, these will include our subcontractors, accounting entities, law firms;
- Public authorities, including the Police, the National Tax Administration, other law enforcement agencies, in connection with their proceedings under the relevant provisions of law.
We ensure that our processors are fulfilling all obligations and requirements stemming from art. 28 GDPR.
We do not transfer any data outside EU. We choose data storage centres located only in EU.
You have a right to be informed about Your personal data processing, including the source of Your data collection, purpose of its processing and how long it will be stored.
You have a right to access and change Your personal data.
- Erasure (“right to be forgotten”):
You have a right to demand to erase your data however we reserve the right to refuse permanent deletion for a legitimate reason, in particular but not limited to if current business affairs are not yet finished.
- Restriction on processing:
You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR.
If You need to export/import data we will help you.
- Right to withdraw consent:
You always can withdraw Your consent for processing Your data for marketing by sending us an email.
- Right to object
In case You don’t want us to reach out for Your consent for further processing please object by sending us an email.
- Lodge a complaint
You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how we processes Your personal data.
[Automated Decision Making]
We do not make decisions by automated means, including profiling.
If you have any concerns about our processing of your Data, please contact us by sending an email to: firstname.lastname@example.org.