Privacy Policy

Last updated: May 20, 2025

Table of Contents

1. Introduction
2. Information We Collect
1. Technical Information Through Cloudflare
2. Email Addresses for Waitlist
3. Google Calendar Appointment Scheduling
3. Legal Basis for Processing
4. Data Retention
5. Your Rights Under GDPR
6. Data Security Measures
7. International Data Transfers
8. Use of Third-Party Services
9. Children's Privacy
10. Changes to This Privacy Policy
11. Contact Information
12. Governing Law and Jurisdiction

1. Introduction

This Privacy Policy explains how Tatracloud sp. z o.o. ("we," "our," "us," or "the Company"), operating under the brand name TatraSpace, collects, uses, and protects your personal information when you visit our website. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with applicable data protection regulations.

Tatracloud sp. z o.o. is registered in Poland (European Union) with its registered office at ul. Krzycka 71/2, 53-019 Wrocław. Our Company Registration Number (KRS) is 0001031439, and our VAT Identification Number (NIP) is 8992958011.

This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Polish Act on Personal Data Protection, and other applicable data protection laws. It outlines the types of information we collect, how we use it, the legal basis for processing your data, and your rights regarding your personal information.

2. Information We Collect

Our website is designed to be minimally invasive of your privacy. We collect only essential data necessary for providing our services and ensuring website security.

2.1 Technical Information Through Cloudflare

Our website uses Cloudflare for security and performance optimization. Cloudflare sets strictly necessary cookies to detect bots, manage traffic, and protect against malicious activity.

2.1.1. Cloudflare Cookies

• cf_clearance: Set when you complete a security challenge. Its primary purpose is to verify you're a legitimate user and not a bot.
• _cf_bm: Helps manage incoming traffic and identify malicious bots.
• cfclearance: Helps maintain secure access to the website.

These cookies are classified as "strictly necessary" under GDPR and are exempt from explicit consent requirements. They do not track users for marketing purposes or collect personal data beyond what is needed for security.

2.1.2. Cloudflare Analytics Data

Through Cloudflare's free version, we receive aggregated information about:

• IP addresses
• Number and frequency of requests
• Country and region of origin
• Browser type and version
• Operating system
• Device type
• Network information
• Time and duration of visits
• Pages visited
• Referring websites
• Other technical information related to website traffic and security

This information is processed in an aggregated manner and is not used to individually identify you unless necessary for security incident investigation or as required by law.

2.2 Email Addresses for Waitlist

When you voluntarily choose to join our waitlist through the "Join the waiting list" section on our website, we collect:

• Your email address (required)
• Submission timestamp
• Form metadata (e.g., campaign ID or source page)

We use a double opt-in process through Mailchimp, which means that after submitting your email, you must confirm your subscription by clicking a link sent to your email address before being added to our waitlist.

2.3 Google Calendar Appointment Scheduling

Our website includes a button that redirects you to Google Calendar's "Appointment schedule" feature, where you can book appointments with us.

• Your name and email address
• Preferred appointment time and additional info
• Time zone and device-related metadata

All data shared through Google is processed in accordance with their terms and privacy policy.

2.3.1. Information Collected Through Google Calendar

When you schedule an appointment through Google Calendar, the following personal data may be collected:<

• Your full name
• Your email address
• Your preferred appointment time and date
• Duration of the scheduled meeting
• Any additional information you provide in the appointment booking form
• Location information (if location-based services are enabled)
• Your time zone

3. Legal Basis for Processing

We process your personal data on the following legal bases as defined in Article 6 of the GDPR:

3.1. Cloudflare Security and Analytics

• Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
• Specific interest: Ensuring the security and optimal performance of our website, protecting against malicious attacks, and analyzing usage patterns to improve user experience

3.2. Waitlist Email Subscription

• Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
• How consent is obtained: Through a clear affirmative action when you submit your email and confirm via the double opt-in mechanism

3.3. Google Calendar Appointment Scheduling

• Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
• How consent is obtained: Through your voluntary action of booking an appointment
• Contractual necessity: Processing is necessary to fulfill our obligation to provide the appointment service you requested

4. Data Retention

We retain data only as long as necessary for the purposes described:

• Technical data: Retained temporarily by Cloudflare and anonymized for analysis.
• Email addresses: Retained until campaign ends or you unsubscribe.
• Appointment data: Retained until your meeting is complete or per legal requirements.

5. Your Rights Under GDPR

You have the right to:

• Access, correct, or delete your personal data
• Restrict or object to data processing
• Withdraw consent at any time
• Receive your data in a portable format
• Lodge a complaint with a data protection authority

To exercise these rights, please contact us using the information below.

6. Data Security Measures

We apply both technical and organizational safeguards to protect your data. These include:

• HTTPS encryption
• Firewall and DDoS protection via Cloudflare
• Access controls and staff confidentiality obligations
• Regular system updates and security assessments

7. International Data Transfers

Your data may be processed outside the EEA by trusted third-party services. Safeguards include:

• EU-US Data Privacy Framework participation
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs) where applicable

8. Use of Third-Party Services

• Cloudflare: Security and performance optimization
• Mailchimp: Email list management (compliant with data transfer regulations)
• Google Calendar: Meeting scheduling platform

9. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact us for prompt deletion.

10. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted on this page with the updated date. Material updates may be announced via prominent notice.

11. Contact Information

If you have questions about this policy or your data, please contact:

Tatracloud sp. z o.o.
ul. Krzycka 71/2
53-019 Wrocław, Poland
Email: office@tatraspace.com

12. Governing Law and Jurisdiction

This policy is governed by Polish law. Any legal matters will be resolved under the jurisdiction of Polish courts in Wrocław.