1. Data Administrator

The administrator of your personal data is Hinty Sp. z o.o., located at ul. Rynek 60 lok. 2, 50-116 Wrocław, registered in the business register KRS under the number 0000953416
Contact regarding personal data: privacy@clereo.co

2. What data do we collect and from where

Data provided directly by you:

• Email address (waitlist form, account registration)

• First and last name (during registration or contact)

• Company name

• Invoice data (NIP, company address)

Data collected automatically:

• IP address and browser type

• Pages visited on the site and duration of the visit

• Data from cookies and similar technologies (Google Analytics 4)

3. Purpose and legal basis for processing
   
   

• Handling registration for the waiting list - Art. 6 sec. 1 lit. b (performance of the contract / taking steps before entering into the contract)

• Provision of Clereo service - Art. 6 sec. 1 lit. b (performance of the contract)

• Sending product information (newsletter) - Art. 6 sec. 1 lit. a (consent)

• Analysis of usage of the service - Art. 6 sec. 1 lit. f (legitimate interest (improving service quality))

• Issuing invoices and settlements - Art. 6 sec. 1 lit. c (legal obligation)

• Enforcing claims - Art. 6 sec. 1 lit. f (legitimate interest)

  
  

4. Data recipients

Your data may be shared with:

• Providers of technical services (hosting, email, analytics) acting as data processors on our behalf

• Google LLC - in connection with the use of Google Analytics 4 and Google Tag Manager. Data may be transferred to the USA based on standard contractual clauses (SCC)

• Public authorities - solely based on applicable law

We do not sell personal data to third parties.

5. Data retention period

• Account data - for the duration of the contract + 3 years from its termination (civil claims)

• Invoice data - 5 years from the end of the tax year (legal obligation)

• Waiting list - up to 24 months from registration or until consent is withdrawn

• Analytical logs - 14 months (Google Analytics settings)

• Email correspondence - 3 years

  
  

6. Your rights

Under GDPR, you have the right to:

• Access your data

• Correct inaccurate data

• Delete data (“right to be forgotten”)

• Restrict processing

• Data portability (machine-readable format)

• Object to processing based on legitimate interest

• Withdraw consent at any time (without affecting prior processing)

7. Cookies

We use cookies and similar technologies for the following purposes:

• Necessary - Site operation (session, security)

• Analytical - Google Analytics 4 - traffic statistics

• Marketing - Google Tag Manager

You can manage cookie settings through the banner visible during your first visit or through browser settings.

8. Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, or destruction - including HTTPS encryption, access control, and regular security reviews.

9. Policy changes

We will inform you of significant changes via email or notice on the site with at least a 14-day notice period.