We process your personal data. In this privacy statement we inform you about the personal data we process as a ‘data controller’ within the meaning of the General Data Protection Regulation (“GDPR”). Personal data processed by Cleeng includes personal data relating to (i) persons visiting our Site (“visitors”), (ii) persons that use our products and services including end-uses of the Cleeng Merchant Module (“users”) and (iii) persons applying for a job, internship or to do other work at Cleeng (“applicants”). Cleeng processes the following personal data:
We may only process personal data if a valid legal basis exists. We therefore only process the above mentioned data if:
The tables below state for which purposes we process personal data on persons and on what legal basis.
|Website functionality and analytics||Legitimate interest (specifically: our business interest to have a well-functioning and relevant website in place), where appropriate: consent|
|Communications with you (as initiated by you: e.g. by email or phone)||Legitimate interest (specifically: our business interest, our and your interest to respond to your questions and requests) or performance of the agreement|
|Marketing (product updates, mailings, newsletters, contests etc.)||Consent, legitimate interest (specifically: our business interest)|
|Considering your application||Contract, legitimate interest (specifically: our business interest to recruit workforce), where appropriate: consent|
|Communication with you||Contract, legitimate interest (specifically: our business interest to recruit workforce)|
|Communication with you||Contract, legitimate interest (specifically: our business interest to respond to questions and requests)|
|Execution of orders, transactions and provision of products and services to you||Contract|
|Marketing (product updates, mailings, newsletters)||Consent, legitimate interest (specifically: our business interest to maintain customer relationships)|
Finally, we may disclose your personal data in specific situations with your consent or in case of a legal obligation
We do not retain personal data any longer than necessary for the purposes for which the personal data are processed.
We take the protection of your data seriously and take appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized changes. If you have the impression that your data is not properly secured or there are indications of abuse, please contact us at [firstname.lastname@example.org].
We are SOC Type 2 certified and follow the measures set out in the SOC Type 2 framework in the respect of the protection of personal data.
The GDPR gives you the following rights with regard to personal data relating to you:
We will deal with a request in connection with the exercise of these rights in the manner as prescribed by law. However, these rights are not absolute; they do not apply under all circumstances and the applicable rules provide for exceptions. If we do not grant your request, we will explain to you why. In order to exercise these rights, you can send an email to [email@example.com]. You can also use this email address if you wish to file a complaint about the manner in which we have processed your personal data.
We are a global business and we, or our service providers, may process, transfer, and store information about you on servers located in countries outside the European Union (EU) and European Economic Area (EEA), including in the United States. If such a situation presents itself, and personal data are transferred to a country outside the EEA that provides less legal protection to personal data, we will provide for appropriate safeguards in order for the transfer to take place in accordance with the privacy laws here. We may do this by concluding a contract with the recipient in accordance with a format that the European Commission or a national supervisory authority has approved for this purpose, see in particular the EU Standard Contract Clauses (Article 46(2) GDPR). You can access this documentation on the European Commission website (see here, as updated from time to time). We may also rely on the derogations in Article 49 GDPR, such as your consent or necessity to perform the contract between you and Cleeng.
For any questions regarding the data processing via social media buttons, please contact one of our joint data controllers:
Twitter International Company can be reached online or by mail at: Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. You can contact Twitter’s data protection officer here.
Youtube can be reached online.
This policy will be reviewed at least once a year and will be approved by our data protection officer. This current policy was last reviewed on Mar 29, 2022.
If we amend this policy in the future, we will publish the amended statement on our site, stating the date on which the amendments will take effect. If there are amendments that affect one or more data subjects to a considerable degree, we will do our best to also directly inform these data subjects about this.Version: March 29th, 2022.