Legal Documents
Privacy Policy
Data Controller:
GeekCloud Sp. z o.o.
Melchiora Wańkowicza 2/1, 40-384, Katowice, Poland
KRS: 0000976073 | NIP: 0000976073 | VAT-EU: PL0000976073
Email: gdpr@geekcloud.pl
Effective Date: 2025.06.01
1. Introduction and Data Controller Information
1.1 Purpose of this Policy
This Privacy Policy explains how GeekCloud Sp. z o.o. ("we," "us," "our") collects, uses, stores, and protects personal data when you use Vort Cloud services in accordance with the General Data Protection Regulation (GDPR) and Polish data protection laws.
1.2 Data Controller
GeekCloud Sp. z o.o. acts as the data controller for personal data processed in connection with Vort Cloud services. For questions regarding data processing, contact us at gdpr@geekcloud.pl
1.3 Scope
This policy applies to personal data collected through our website, API, customer console, support channels, and all Vort Cloud services.
2. Personal Data We Collect
2.1 Account Registration Data
- Full name and contact information (email address, phone number)
- Company name and VAT number (for business accounts)
- Billing address and payment information
- Account credentials (encrypted passwords, API keys)
2.2 Service Usage Data
- Resource utilization metrics (CPU, memory, bandwidth, storage)
- API access logs and console activity
- Network traffic metadata (IP addresses, connection logs)
- Service configuration and deployment information
2.3 Technical and Security Data
- Device information and browser characteristics
- Security logs and access patterns
- SSH keys and security certificates
- Geolocation data based on IP address
2.4 Communication Data
- Support ticket content and correspondence
- Email communications and preferences
- Marketing communication consent records
2.5 Identity Verification Data
When required for enhanced security or compliance purposes, we may collect:
- Government-issued identification documents (ID card, passport, driver's license)
- Selfie photographs for identity verification
- Additional verification documents as required by law
Note: Identity verification is processed through Stripe Identity service and stored securely for verification purposes only.
3. Legal Basis for Processing
3.1 Contract Performance (Article 6(1)(b) GDPR)
Processing necessary for service provision, account management, billing, and technical support.
3.2 Legal Obligation (Article 6(1)(c) GDPR)
Processing required for VAT compliance, anti-money laundering regulations, and law enforcement cooperation.
3.3 Legitimate Interest (Article 6(1)(f) GDPR)
Network security monitoring, fraud prevention, service optimization, and direct marketing to existing customers.
3.4 Consent (Article 6(1)(a) GDPR)
Optional marketing communications, cookies for analytics, and identity verification when not legally required.
4. Identity Verification Process
4.1 When Verification is Required
We may request identity verification in the following circumstances:
- High-value service subscriptions or unusual payment patterns
- Suspected fraudulent activity or security concerns
- Compliance with anti-money laundering (AML) regulations
- Access to specialized services requiring enhanced security
- Legal or regulatory requirements
4.2 Verification Process
Identity verification is conducted through Stripe Identity, which processes:
- Government-issued photo identification (front and back)
- Real-time selfie photograph for biometric comparison
- Document authenticity and tampering detection
- Facial recognition matching between ID and selfie
4.3 Data Storage and Security
Verification data is stored securely and:
- Encrypted in transit and at rest using industry-standard protocols
- Stored only for verification purposes and compliance requirements
- Accessed only by authorized personnel for verification or support
- Retained according to legal requirements (typically 5 years for AML compliance)
- Shared with Stripe Identity service under our Data Processing Agreement
4.4 Verification Results
We store only the verification outcome (verified/not verified) and required compliance data. Original images may be retained for the minimum period required by applicable laws.
5. Data Sharing and Third-Party Processors
5.1 Payment Processing
Stripe processes payment data and identity verification under our Data Processing Agreement. Data is transferred to the US with appropriate safeguards (Standard Contractual Clauses).
5.2 Infrastructure Providers
EU-based data center providers process technical data necessary for service delivery under strict data processing agreements.
5.3 Legal Disclosure
We may disclose personal data to law enforcement or regulatory authorities when required by Polish or EU law, court orders, or European Investigation Orders.
5.4 No Commercial Sharing
We do not sell, rent, or commercially share personal data with third parties for marketing purposes.
6. Data Retention
6.1 Account Data
Retained for the duration of the customer relationship plus 30 days for data recovery, then permanently deleted unless legal retention requirements apply.
6.2 Billing and Tax Records
Retained for 5 years as required by Polish accounting and tax laws.
6.3 Identity Verification Data
Retained for 5 years from verification date as required by anti-money laundering regulations, then securely deleted.
6.4 Technical Logs
Security and access logs retained for 12 months for security monitoring and troubleshooting purposes.
6.5 Marketing Data
Retained until consent is withdrawn or for 3 years from last engagement, whichever is sooner.
7. Your Rights Under GDPR
7.1 Right of Access (Article 15)
Request confirmation of data processing and obtain copies of your personal data.
7.2 Right to Rectification (Article 16)
Correct inaccurate personal data and complete incomplete data.
7.3 Right to Erasure (Article 17)
Request deletion of personal data where legally permissible (subject to legal retention requirements).
7.4 Right to Restrict Processing (Article 18)
Limit processing in specific circumstances while maintaining data storage.
7.5 Right to Data Portability (Article 20)
Receive personal data in a machine-readable format for transfer to another provider.
7.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
7.7 Rights Related to Automated Decision-Making (Article 22)
We do not use automated decision-making or profiling that produces legal effects.
7.8 Exercising Your Rights
Contact gdpr@geekcloud.pl to exercise any of these rights. We will respond within 30 days and may request verification of identity before processing requests.
8. International Data Transfers
8.1 EU Data Processing
Primary data processing occurs within the European Union to minimize international transfers.
8.2 Third Country Transfers
When transfers to third countries are necessary (e.g., Stripe services), we ensure adequate protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Additional technical and organizational safeguards
9. Data Security
9.1 Technical Safeguards
- End-to-end encryption for data in transit (TLS 1.3)
- AES-256 encryption for data at rest
- Multi-factor authentication for administrative access
- Regular security audits and penetration testing
- Network segmentation and intrusion detection
9.2 Organizational Measures
- Role-based access controls with need-to-know principles
- Regular security training for all personnel
- Incident response procedures and breach notification protocols
- Data processing agreements with all third-party processors
9.3 Breach Notification
We will notify the appropriate supervisory authority within 72 hours of becoming aware of a personal data breach and inform affected data subjects when required by law.
10. Cookies and Tracking
10.1 Essential Cookies
Necessary for website functionality, user authentication, and security. These cookies do not require consent.
10.2 Analytics Cookies
Used to understand website usage patterns and improve user experience. These require your consent and can be disabled through cookie preferences.
10.3 Marketing Cookies
Used for targeted advertising and measuring campaign effectiveness. These require explicit consent and can be withdrawn at any time.
11. Contact Information and Complaints
11.1 Data Protection Contact
For privacy-related questions or to exercise your rights:
- Email: gdpr@geekcloud.pl
- Post: GeekCloud Sp. z o.o., Melchiora Wańkowicza 2/1, 40-384, Katowice, Poland
- Subject line: "GDPR Data Subject Request"
11.2 Supervisory Authority
You have the right to lodge a complaint with the Polish data protection authority:
- Urząd Ochrony Danych Osobowych (UODO)
- ul. Stawki 2, 00-193 Warsaw, Poland
- Website: https://uodo.gov.pl
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email 30 days before taking effect. Continued use of our services after updates constitutes acceptance of the revised policy.
13. Effective Date and Version
This Privacy Policy is effective as of 2025.06.01 and replaces all previous versions. The current version is always available at https://vortcloud.com/legal/privacy-policy.