GDPR and Data Processing

The publisher and, where applicable, controller is CREANODE sp. z o.o., entered in the Polish KRS register under number 0001246748, NIP 5372697081, REGON 544966129, with registered office at Sokule, gmina Drelów, Polska. Electronic contact: contact@creanode.com. Website: https://creanode.com.

This document explains when CREANODE sp. z o.o. acts as controller and when it may act as processor for client systems connected with creanode.com or CREANODE OS. Contact: contact@creanode.com.

• Document version: 2026-06-13.

CREANODE separates controller, processor and possible joint controller roles per process and client system.

• For CREANODE leads, accounts and billing, CREANODE is usually the controller.
• When CREANODE operates systems on client instructions, it may act as processor under Article 28 GDPR.
• A data processing agreement should define subject matter, duration, nature, purpose, data categories and data subjects.
• Sub-processors, transfers, security measures, breach assistance and deletion or return rules must be controlled in writing.
• CREANODE assists with data subject requests only within the agreed processor role and technical possibility.

When CREANODE processes personal data on documented instructions, a data processing agreement should cover Article 28 GDPR requirements.

• Subject matter and duration of processing.
• Nature and purpose of processing.
• Categories of personal data and data subjects.
• Confidentiality, security, sub-processors and transfer rules.
• Deletion or return of personal data after the service.

Technical and organisational measures are selected proportionately to the project and may include access control, logging, backups, encryption in transit and environment separation.

• Client remains responsible for the lawfulness of data supplied to CREANODE.
• CREANODE reports relevant incidents according to the agreed role and legal duties.

Retention periods are limited to what is needed for communication, contract performance, accounting, security, claims, legal duties or consent management. After that period data is deleted, anonymised or kept only when a legal reason remains.

• CREANODE assists with data subject requests when it acts as processor and the client is controller.
• Direct requests related to CREANODE own processing are handled through contact@creanode.com.

Questions about personal data, cookies, security, accessibility or service rules should be sent to contact@creanode.com. A data subject may lodge a complaint with Prezes Urzędu Ochrony Danych Osobowych when they believe processing infringes data protection rules.

CREANODE may update this document when the website, services, tools, legal duties, security measures or company data change. The current version is published on the website and is identified by the effective date.