CloudTeam (cloudteam.global) privacy policy

Effective date: october 10, 2025.

TL;DR (≈1 minute)
CloudTeam limited liability company based in Warsaw, Poland (EU) is the administrator. We host cloudteam.global in the EU region(AWS eu-central-1). We do not use Google Analytics or other advertising tools. The data from the contact form goes first to our forms service (after 48 hours it is deleted from it) and then to our CRM Pipedrive (EU) to handle the inquiry. We send emails via Amazon SES (EU); inbound/outbound correspondence is handled in Microsoft 365 (EU). You have the right to access, rectification, deletion, restriction, portability and objection. We publish the current list of subcontractors (subprocessors) separately on our legal page (link below).

Table of contents

  1. Who we are (data controller)

  2. Scope and application

  3. Simple definitions

  4. What data we collect and from where

  5. Processing purposes and legal basis

  6. Cookies and similar technologies

  7. Recipients of data (processors) and disclosures

  8. Transfers of data outside the EEA

  9. Retention periods

  10. Security

  11. Your rights

  12. Children's data

  13. Automated decisions

  14. Third party links

  15. Changes to this Policy

  16. Contact and availability

1) Who we are (data controller)

Data controller: CloudTeam limited liability company
Address: Plac Konesera 9, 03-736 Warsaw, Poland
KRS: 0000276018 (District Court for the Capital City of Warsaw in Warsaw, XIV Commercial Division of the National Court Register)
NIP: 5252388265
Share capital: 854,000.00 PLN
IOD (DPO): not appointed (no obligation)
Privacy contact: privacy@cloudteam.pl

2) Scope and application

This Policy applies to cloudteam.global and related sub-sites/subdomains (unless otherwise stated in a separate policy).
It does not apply to our B2B products with their own privacy policies (e.g. Credentium).

Who it applies to: visitors to the site, people sending inquiries via the contact form, other people contacting us (e.g. email/phone).

Our roles: with respect to the data on this site, CloudTeam acts as a data controller.

3) Simple definitions

  • Personal data - identifying or identifiable information (e.g., name, email, phone, online identifiers).

  • RODO - Regulation (EU) 2016/679.

  • Processor (subcontractor) - an entity that processes data on our behalf.

  • Cookies / localStorage / sessionStorage - browser-based techniques used to ensure the operation of the website and remember preferences.

4) What data we collect and from where

A. Data provided knowingly

  • Contact data and message content submitted through the contact form (e.g. name, email, phone, company name, content of inquiry).

  • Data provided in email/telephone correspondence.

B. Device data and server logs

  • IP address, timestamps, session IDs, basic browser/device information, security and operational logs.

Sources: You (form/e-mail/telephone) and your device/browser (logs).

5) Processing purposes and legal basis

Purpose

What this means in practice

Legal basis (RODO)

Handling your request for quotation and pre-contractual activities

Contacting about an inquiry, preparing and presenting an offer, setting a date, sales discussions

article 6(1)(b) (actions on request before concluding a contract)

Handling correspondence and business relations

Responding to emails/phone calls, conducting conversations, notes on arrangements

article 6.1.f (legitimate interest: communication at the initiative of the person concerned)

Maintenance and security of the site

Hosting, backups, monitoring, logs, abuse and incident prevention

article 6(1)(f) (legitimate interest: ensuring security and continuity)

Billing/legal obligations

B2B invoicing, ledgers, evidence archiving

article 6(1)(c) (legal obligation) and Article 6(1)(f) (defense/resistance of claims)

We do not conduct profiling or behavioral advertising on this site. We do not use Google Analytics or advertising pixels.

6) Cookies and similar technologies

We only use technically necessary (e.g., session cookies) and, optionally, functional (e.g., remembering language preferences) on this site.
We do not set analytical or marketing cookies.
You can manage cookies through your browser settings. If we enable additional categories (e.g. analytics) in the future, we will ask for your consent in advance in the banner layer.

7) Data recipients (processors) and disclosures

We work with trusted suppliers who process data only at our direction and in accordance with the RODO, under entrustment agreements.

Main categories of suppliers:

  • Hosting and infrastructure: Amazon Web Services - EU region (eu-central-1) for service and logs.

  • Email dispatch (transactional and system): Amazon Simple Email Service(SES, EU region).

  • Mail and productivity: Microsoft 365 (inbound/outbound mail processing in EU regions according to our lease configuration).

  • CRM: Pipedrive (EU) - storage and handling of sales leads.

We publish an up-to-date and maintained list of subcontractors (sub-processors), including information on processing locations and transfer bases, here:
https://legal.cloudteam.global/website/sub-processors

Non-trusted disclosures: we may disclose data to authorized public authorities or consulting entities (e.g., law firms/accounting firms) - only to the extent necessary and on the basis of law or legitimate interest (Article 6(1)(c/f).

8) Transfer of data outside the EEA

As a rule, we process data in the European Union. If a specific process involves a transfer outside the EEA (e.g., vendor technical support or global cloud service infrastructure), we apply one of the following bases:

  • EU-US Data Privacy Framework (DPF) - when the provider is DPF certified,

  • European Commission'sStandard Contractual Clauses (SCC) with supplementary measures,

  • exceptionally - Article 49 of the RODO (e.g., when the transfer is necessary for the performance of a contract at your request).

We publish details of the transfer mechanisms on our subcontractors page (link above).

9) Retention periods

We apply the principle of minimization and limitation of storage. Example periods/criteria:

  • Contact form (on the site): data located in the form handling service is deleted 48 hours after submission.

  • CRM (Pipedrive - leads): until sales calls are completed and for a maximum period necessary to protect against claims; as a general rule, we review and clean at least every 24 months.

  • Email/telephone correspondence: for the time necessary to pursue the case, and thereafter for the period of the statute of limitations for claims - to ensure that the facts can be proven (Article 6(1)(f)).

  • Tax and accounting records: for the period required by law (as a rule, 5 tax years in Poland).

  • Security and operational logs: for the period necessary for security and incident investigation (generally up to 12 months, unless longer is required for evidentiary purposes).

10) Security

We use organizational and technical measures appropriate to the risks, including but not limited to: transmission encryption (TLS), access and privilege controls, monitoring and logging of incidents, backups, security tests and reviews, minimization of data scope, staff training, and confidentiality agreements and clauses with subcontractors.

11) Your rights

You have the right to: access to data, rectification, erasure, restriction of processing, data portability, objection (where the basis is Article 6(1)(f)), and to lodge a complaint with a supervisory authority.

Supervisory Authority (Poland): President of the Office for Personal Data Protection (UODO), 2 Stawki Street, 00-193 Warsaw, uodo.gov.pl.

If processing is based on consent (e.g., in the future for additional features), you can withdraw it at any time - without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact us: privacy@cloudteam.pl.

12) Children's data

The Service is not directed to children under the age of 16 and we do not knowingly collect their data. If you believe your child has provided us with data, please contact us - we will take action to delete it.

13) Automated decisions

We do not make decisions with respect to you that produce legal effects by automated means (including profiling) on this website.

14) Third party links

The Service may contain links to external sites. We are not responsible for their privacy practices - we encourage you to read the policies of these sites before using them.

15) Changes to this Policy

We may update this Policy from time to time (e.g., when regulations, processes or providers change). We will inform you of significant changes in a prominent place on the site. We will always indicate the effective date at the top of the document.

16) Contact and Availability

Direct questions or requests regarding your personal information to: privacy@cloudteam.pl.
Upon request, we provide availability of the Policy in alternative formats (e.g., PDF, print).

Administrator: CloudTeam sp. z o.o., Plac Konesera 9, 03-736 Warsaw, Poland
Service: https://cloudteam.global

List of subcontractors (subprocessors): https://legal.cloudteam.global/website/sub-processors

Document Hash (SHA-256):
dbb0ea136f348b38fbb3901266ef4e052d1b8b7ba81b36fdd80c50322678e6c7

Download the raw content and verify: sha256sum filename.html
(The downloaded file contains the exact content used for hash calculation)