Privacy Notice – Data Obtained from an External Source (article 14 of the GDPR)

Pursuant to article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we hereby inform you that we process your personal data, which has been obtained from an external source.

1. Personal Data Controller

The Controller of your personal data is CloudFerro S.A. with its registered office in Warsaw (00-511), at Nowogrodzka 31.

You can contact us via:

mail: CloudFerro S.A., Nowogrodzka 31, 00-511 Warsaw, Poland

phone: +48 22 354 65 73,

e-mail: info@cloudferro.com.

2. In matters related to the processing of your personal data, you may also contact our Data Protection Officer, Mr. Piotr Kociszewski, by email at iod@cloudferro.com or by traditional mail sent to our address indicated above.

2. Purpose and legal basis for processing

We process your personal data in order to understand your business needs and potentially invite you to cooperate with us. The legal basis for the processing is our legitimate interest (article 6(1)(f) of the GDPR).

Our legitimate interest consists in establishing a relationship with you and understanding your needs, which is necessary for conducting our business activities - while ensuring that the scope of data processing is limited to the absolute minimum and in a way that does not infringe on your rights and freedoms.

3. Categories of personal data

We only process data such as your name, surname and e-mail address (either business or publicly available general contact address of your company).

4. Source of the Data

Your data has been obtained from:

1) a non-public source – from an entity providing business contact acquisition services, i.e. Clay Labs Inc., based in New York, 217 Centre Street, New York, NY, USA.

2) publicly available sources, such as public directories, registers, and websites.

This information is provided to you no later than at the time of our first contact, by e-mail, in accordance with article 14(3) of the GDPR.

5. Data Recipients

Your data may be shared with entities processing data on our behalf (e.g. IT service providers, CRM platforms, email campaign service providers), as well as with authorised public authorities - only when required by law.

6. Transfers of Data Outside the EEA

1. The level of protection for personal data outside the European Economic Area (EEA) may differ from that ensured under EU law. For this reason, we only transfer your personal data outside the EEA when necessary and with appropriate safeguards, primarily by:

cooperating with data processors located in countries for which the European Commission has issued an adequacy decision confirming an appropriate level of data protection. In some cases, the Commission additionally requires the processor to participate in approved programs for non-EEA entities, ensuring the same level of protection as within the EU (you can find more detail).

using standard contractual clauses (SCCs) issued by the European Commission - combined with required additional safeguards, these ensure a level of protection equivalent to that in the EU. Templates are available here.

applying binding corporate rules (BCRs) approved by the relevant supervisory authority.

2. We always inform you at the data collection stage if we intend to transfer personal data outside the EEA.

7. Data retention period

Your data will be processed for no longer than 3 years from the date of collection, or until you object to the processing - whichever comes first.

8. Your rights

You have the following rights:

To access your data and obtain a copy of it, to rectify your data, request its deletion, request restriction of processing, and the right to data portability.

To object to the processing of your data if it is based on our legitimate interest - including, for reasons related to your particular situation.

To exercise any of the above rights, please contact us at iod@cloudferro.com or using the contact details provided in section 1 above.

If you believe that your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office.

9. Automated decision-making

We do not make decisions about you based solely on automated processing, including profiling, as referred to in article 22 of the GDPR.

We provide you with over 90 PB of EO data.

Sherlock - Managed Generative AI Service

Check out our cloud services offer.

Need some help with your cloud?

Want to talk about your project?

Find out who we are looking for to join our CloudFerro team

Cities and nature from orbit: the 6th international “Seize the beauty of our Planet” contest

Key takeaways from ESA Living Planet Symposium 2025

Mapping wetlands fire using AI and Sentinel-2 data

Privacy Notice – Data Obtained from an External Source (article 14 of the GDPR)