In some of our interactions with you (for example, when you submit an entry to one of our competitions, or make a complaint), we may request additional Personal Data where it is necessary to help us to provide you with the most appropriate response. If you do not provide the Personal Data where requested, your access to the service, or our ability to assist you, may be restricted.
1.5 Sensitive or Special Category Personal Data
In certain cases, and as permitted by law, we may collect Special Category Personal Data or data relating to criminal convictions and offenses. Special Category Personal Data encompass sensitive information that discloses racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data related to a person's sex life or sexual orientation. In specific instances, we may collect your health data to evaluate your circumstances for purposes such as aiding debt recovery processes, offering supplementary support, or delivering communications in accessible formats.
1.6 Your Rights
Under the GDPR and other applicable EU and Privacy and Data Protection legislation, you have rights over your Personal Data. You may for example, be entitled to ask us for a copy of your Personal Data, to correct it, erase or restrict its processing, or to ask us to transfer some of this information to other organisations. These rights may be limited in some situations, for example if fulfilling your request would reveal Personal Data about another person, or where we can demonstrate that we have a legal requirement to process your Personal Data.
To exercise any of these rights, to obtain other information, or if you require further information on your rights or our use of your Personal Data, please contact us at dpo@united.cloud.
If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.
Your rights include (subject to legal and regulatory requirements):
A. Right to Access Personal Data
You have the right to request a copy of Personal Data that we hold about you. Before responding to your request, we may ask you to (i) verify your identity and (ii) provide further details so we can better respond to your request.
B. Right to Rectification of Personal Data
If you inform us that your Personal Data is no longer accurate, or it is incomplete, we will rectify or update it. If we’ve shared your Personal Data with others, where possible, we’ll let them know about the rectification or update.
C. Right to Erasure of Personal Data
We will delete your Personal Data in certain circumstances such as where:
- You withdraw your consent for processing the Personal Data (if we rely on your consent for the processing);
- You (exercise your right to) object to the processing of your Personal Data (if we rely on our legitimate interest for the processing);
- The Personal Data is no longer required for the purpose(s) for which it was collected;
- the Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
We might refuse to satisfy your request for deleting your Personal Data where the processing is necessary to:
- Comply with a legal obligation to which United Group or any of its affiliates are subject, or to perform a task in the public interest or the exercise of official authority vested in United Group or in any of its affiliates as the Controller of the Personal Data;
- For archiving purposes in the public interest, for scientific, historical research purposes; or
- For the establishment, exercise, or defense of legal claims.
United Cloud will inform you of relevant exemptions we rely upon when responding to any deletion request you make.
D. Right to Restriction of Processing of Personal Data
We will restrict the processing of your Personal Data in certain circumstances such as where:
- You have requested to check the accuracy of your Personal Data – for the time necessary to confirm the accuracy of your Personal Data.
- You (exercise your right to) object to the processing of your Personal Data (if we rely on our legitimate interest for the processing).
- Where processing has been restricted, United Cloud shall, with the exception of storage, only process such Personal Data on the basis of your consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest
E. Right to Withdraw Consent
If, at any time, you have provided consent to us for processing your Personal Data under the circumstances or purposes described in this policy, and you no longer wish to have your Personal Data processed in this way, you may withdraw your consent by clicking [add hyperlink] or by emailing dpo@united.cloud.
F. Right to Portability
You can ask us to provide you with your Personal Data (that you provided to us, or that we collected through your activities on our Platforms) in a structured, commonly used, and machine-readable format to send it to another controller.
G. Right to Object
You can object to the processing of your Personal Data when we use the Data for direct marketing purposes, where Personal Data are processed for scientific or historical research purposes or statistical purposes.
H. Rights in relation to Automated Decision-making and Profiling
You have the right not to be subject to a decision when it’s based solely on automated processing or profiling which produces a legal or similarly significant effect on you. We only carry out this type of decision-making where the decision is necessary for the entry into or performance of a contract; or authorized by any law applicable to us; or based on your explicit consent.
We will always inform you if we carry out any such activity using your Personal Data.
1.7 Third Party websites
Where links from our Platforms to non-United Group Platforms are provided, we are not responsible for those websites, nor do we imply endorsement of any linked third party websites. These third-party websites will be governed by their own terms of use, depending on the owner and Data Controller of those websites (including privacy notices), and you are solely responsible for viewing and using each such website in accordance with their applicable terms of use. We are not responsible for how your Personal Information is handled by such third-party websites, and they are not covered by this Notice.
1.8 Transfer of Personal Data
A. Third Parties
We transfer your Personal Data where we use third party service providers to help us process Personal Data for the purposes described in this Notice. These purposes will include customer management and intelligence solution providers, aggregated data analytics partners, web hosting facilities, audit, and compliance partners.
B. Data Controller Intragroup Transfer
United Cloud sits amongst a group of businesses which are governed by a lead entity, United Group BV, with its registered address at:
Spicalaan 41
2132 JG Hoofddorp
The Netherlands
From time to time, we may need to share Personal Data collected by United Group amongst the Group together with their Data Processors for the purposes of improving our Products and Services and providing best possible customer service. Any such transfers of Personal Data will be done in accordance with applicable EU data protection and privacy legislation.
C. Transfers outside the European Economic Area
Non-EEA countries may have Privacy and Data Protection laws that are less protective regarding the processing of your Personal Data than the legislation applicable to your jurisdiction. Where this is the case, our transfers of Personal Data will be regulated by the EU Commission's Standard Contractual Clauses relating to the transfer of Personal Data outside of the European Economic Area (or outside of jurisdictions deemed to provide “adequate” protection for Personal Data to the standards of the European Union. The jurisdictions to which Personal Data are transferred may be conditional on your nationality or location.
D. Sale or Merger
If United Group or its assets are sold to or merge with another entity outside United Group, you should expect that some or all of the Personal Data collected by United Group may be transferred to the buyer/surviving company.
1.10 Retention of Personal Data
The Personal Data you have provided us with will be retained for the duration of your relationship with us and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this policy. This includes, for example the length of time required to satisfy any legal, regulatory, accounting and reporting requirements, and to process personal information on you in order to establish, exercise or defend legal claims.
Where we process Personal Data in connection with performing a contract or for a competition, we will store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we will keep it for longer if we are required to do so by law. Otherwise, we delete it.
Personal Data collected from applicants who are unsuccessful will be promptly deleted or, if that individual may be of interest for other roles, and with their consent, kept until one year after the applicant submits their application.
Where we process Personal Data for marketing purposes, or with your consent, we process the Personal Data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing, or to process your data so that we can respect your request in future.
Cookies are stored on a per-session basis only, to aid your navigation of our websites. Persistent cookies may be set to store display related preferences. Depending on your browser you may also be able to control cookie use by altering your browser settings. For more information please see our cookie policy.
We will delete or dispose of your Personal Data at the end of the relevant retention periods mentioned above.
In determining the appropriate retention period, we consider the purpose for which we process your Personal Data, the volume, type, and nature of the Personal Data, local legal requirements, the risk of harm to the data protection rights of the individual, and whether the purpose for processing Personal Data can be established through an alternative method.
3. HOW TO CONTACT US
Should you wish to make any comments, complaints, enquiries or if you have any questions relating to this Notice, your rights, our Platforms, our Marketing and Promotion materials or Products or Services we provide, you may contact United Group’s Privacy Office by emailing or writing to:
Postal address
To the attention of the Data Protection Officer
Vilharjeva cesta 40, 1000 Ljubljana, Slovenia
Email
Email: dpo@united.cloud
You may also contact the Data Protection Authority where you live, work, or believe the breach has happened. A list of the European Supervisory Authorities can be found here.
If you are in Slovenia the Data Protection Authority will likely be the Information Commissioner of the Republic of Slovenia.
You may contact them dpo(at)ip-rs.si.
If you are in Serbia the Data Protection Authority will likely be the Commissioner for Information of Public Importance and Personal Data Protection.
You may contact them оffice@poverenik.rs
4. CHANGES TO THIS NOTICE
This Notice is subject to periodic review to ensure it is in line with applicable legislation.
We retain all applicable ownership rights to information we collect. We reserve the right to change, modify, add, or remove provisions of this Notice. Any changes to this Notice will be posted here, and we encourage you to check back from time to time. If the changes are substantial, we will notify the changes to you.
5. GLOSSARY
‘‘Biometric Data’’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
‘‘Consent’’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘‘Controller’’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘‘Genetic Data’’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
‘‘Marketing and Promotions’’ means when you subscribe to our marketing lists, social media pages, (promotions, competitions, offers or marketing campaign communications and an unsubscribe facility will be provided to you.
“Personal Data” means any information relating to an identified or identifiable individual. An individual is identifiable when they can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural, or society identity of that individual.
‘‘Personal Data Breach’’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘‘Processing’’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘‘Processor’’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘‘Profiling’’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘‘Restriction of Processing’’ means the marking of stored personal data with the aim of limiting their processing in the future;
“Sensitive or “Special Category” Personal Data” means Personal Data which may relate to: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, physical or mental health conditions or, genetic or biometric data that uniquely identifies you, your sex life or sexual orientation, and information related to criminal convictions and/or criminal offences or related proceedings.
‘‘Supervisory Authority’’ means an independent public authority which is established by a Member State.
‘‘Third Party’’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
