IMPORTANT – PLEASE READ CAREFULLY
This policy was last reviewed and updated in March 2026 to ensure compliance with current EU and US data protection regulations, including general data protection regulation (GDPR), California Privacy Rights Act (CPRA), and applicable state privacy laws.Previous versions are available upon request.Cleeng B.V. (a private limited company organized under the laws of the Netherlands, with registered office at Reimersbeek 14, 1082 AG Amsterdam, Netherlands) (“Cleeng”, “we”, “us”, “our”) provides subscription retention management services and merchant services, including operating as a Merchant of Record for certain Transactions.This Privacy Policy explains what personal data Cleeng collects, uses, shares, and otherwise processes about the following data subject categories:
Scope and Roles
This Privacy Policy applies to Personal Data processing by Cleeng in our capacity as a data controller (when we determine purposes and means of processing) and, when we process Personal Data on behalf of Merchants, in our capacity as a data processor.
This Policy is intended to be transparent, accessible, and fair. We are committed to being clear about how we collect, use, protect, and share your Personal Data.
Definition of Personal Data and other definitions
“Personal Data” means any information relating to an identified or identifiable natural person. This includes both directly identifying information (such as name, email address, or payment card details) and indirectly identifying information (such as transaction histories, device identifiers, or usage patterns) that, alone or in combination with other information, could identify an individual.
Terms not defined in this Privacy Policy shall have a meaning as specified in the Master Subscription Agreement and Merchant Schedule.
2. Personal Data We Collect
2(a). Categories of Personal Data by data subject type
We collect different categories of Personal Data depending on how you interact with Cleeng.
A. Visitors (Website and Online Properties) 🌐
|
Category of Personal Data |
Examples / Data Points |
|
Identifiers |
Name, email, phone number (when provided via forms); IP address, device identifier, browser information, unique identifiers (e.g., cookie IDs, advertising IDs). |
|
Internet and network activity |
Pages visited, content accessed, date/time of visits, referral sources, search terms, device/browser type. |
|
Commercial information |
Inquiry content, interests expressed, event registration information, content preferences. |
|
Technical data |
Log data, analytics information, performance and error data, security and authentication tokens. |
B. Merchants and Merchant Representatives 🤝
|
Category of Personal Data |
Examples / Data Points |
|
Identity and contact information |
Full legal name, business name, contact information (email, phone, postal), title/role, government-issued IDs, tax IDs, VAT numbers. |
|
Financial and Documentation |
Banking information, financial account details, payment instrument information (for fees/payouts), copies of IDs and business registration, bank statements (for underwriting), compliance attestations. |
|
Commercial information |
Business type, industry, account details, transaction history, sales data, pricing tier, subscription plan, billing and contract information. |
|
Operational and technical data |
Login credentials, API keys/access tokens, activity logs, support ticket history, usage analytics. |
|
Marketing and preferences |
Consent to product updates/newsletters, marketing preferences, event registration, product feedback, and surveys. |
|
Special category / sensitive data |
Information from KYC and AML screening (where applicable and permitted by law). |
C. Managed Users of Merchants (Merchant of Record Model) 🛒When you purchase or subscribe through a merchant using Cleeng as Merchant of Record, we act as an independent data controller for payment, tax, compliance, and fraud purposes, and as a data processor for other services strictly on the Merchant's instructions.
|
Category of Personal Data |
Examples / Data Points |
|
Personal and contact details |
Full name, email address, postal address (billing/shipping), telephone number. |
|
Purchase and payment details |
Details of services purchased, price, currency, date, masked payment card details (PCI DSS compliant), transaction IDs, refunds, chargebacks. |
|
Account and subscription information |
Account identifiers, subscription plan details, renewal dates, status (active/cancelled), access entitlements, history of changes. |
|
Device, technical, and usage |
IP address and approximate location, device identifiers, browser/OS type, log data related to access/authentication, interaction with checkout flows and communications (e.g., open rates). |
|
Communications and support |
Records of communications with Cleeng support (email, ticketing, chat), notes and records to resolve queries. |
|
Derived and profiling data |
Internal risk and fraud indicators (e.g., failed payments), customer lifetime value, churn indicators (used to manage our MoR business and comply with obligations). |
D. Job Applicants and Candidates 📃
|
Category of Personal Data |
Examples / Data Points |
|
Identity and contact information |
Full legal name, email address, phone number, postal address, nationality/citizenship, government-issued IDs (for verification). |
|
Professional information |
Resume/CV, work history, education, qualifications, certifications, skills, previous employer contacts, and references. |
|
Background check information |
Criminal history records or credit history (subject to applicable law and consent), education/employment verification results. |
|
Communication and interview |
Interview notes, assessments, feedback, communications during recruitment, performance test results. |
|
Consent and preference |
Consent to background/reference checks, communication preferences, job/location preferences. |
2(b). Personal Data from third-party sources
We may receive Personal Data about you from service providers (e.g., payment processors, analytics providers), law enforcement, regulatory authorities, business partners, public records, data aggregators (for underwriting/KYC/AML), and customer feedback platforms. We only process this data where we have a lawful basis and the data was lawfully obtained.
2(c). Data we do not intentionally collect
We do not deliberately collect or process, unless strictly necessary and permitted by law: Special category data (race, health, sex life, etc.), children’s data under 18 years of age, precise real-time location data, protected health information governed by HIPAA, or social media data (unless voluntarily linked).
2(d). Data minimization principle
We adhere to the principle of data minimization and only collect Personal Data that is adequate, relevant, and limited to what is necessary for the purposes identified. If you believe we are collecting unnecessary data, please contact us at privacy@cleeng.com.
3. Purposes and Legal Basis for Processing Personal Data
Under GDPR and equivalent laws, we process Personal Data only where at least one legal basis applies.
3(a). General Legal Bases ⚖️
Processing Activities by Purpose:
Processing Purpose |
Legal Basis |
|
Service Delivery & Business Operations 💼 Processing and settling payments, managing subscriptions, account creation, customer support, fraud detection, and compliance with financial/tax regulations |
Contract; Legal obligation; Legitimate interest |
|
Security and Abuse Prevention 🔐 Protecting networks, detecting/preventing security incidents, monitoring for misuse of terms, and supporting investigations |
Legal obligation; Legitimate interest |
|
Analytics, Improvement, and Optimization 📈 Analyzing usage and performance, improving product features, conducting A/B testing, and producing internal reports 📊 |
Legitimate interest; Consent (where required) |
|
Marketing and Communications 📢 Sending newsletters, product updates, managing events, conducting surveys, and educating Merchants |
Consent; Legitimate interest (for certain B2B contexts) |
|
Recruitment and HR Operations 👤 Managing recruitment, evaluating candidates, conducting interviews/checks, and managing HR records |
Contract; Legitimate interest; Legal obligation; Consent |
|
Merchant of Record-specific Purposes 💳 Processing payments/refunds, administering access rights, providing customer service on behalf of Merchants, and handling disputes/reporting |
Contract; Legal obligation; Legitimate interest |
3(b). Purpose limitation and compatibility
We will not use your Personal Data for purposes that are incompatible with those listed above unless:
3(c). Withdrawal of Consent
Where we rely on consent, you may withdraw it at any time by emailing privacy@cleeng.com with “Withdraw Consent” in the subject line and specifying which processing you want to stop. Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.
4. Sharing of Personal Data with Third Parties
We share Personal Data only when necessary, with appropriate safeguards, and subject to the purposes outlined in Section 3.
4(a). Service Providers and Processors
We engage third parties to perform services on our behalf (as data processors). These vendors assist with core business functions, including:
These providers are bound by Data Processing Agreements (DPAs) requiring them to process Personal Data only on our documented instructions and implement appropriate security measures.
4(b). Merchant Customers and Partners
4(c). Corporate and Legal Disclosures
We may disclose Personal Data to:
4(d). Data Sharing Prohibitions
We do not:
4(e). International Transfers
We operate globally and may transfer Personal Data to countries other than the one in which you reside. Where we transfer Personal Data from the EU/EEA or UK to countries without an adequacy decision, we rely on the following legally approved mechanisms:
You may contact privacy@cleeng.com to obtain more details about our international transfer mechanisms.
5. Data Retention and Deletion
Cleeng manages the retention of your Personal Data by holding it only for the duration required to achieve the objectives detailed in this Policy, to comply with our binding legal obligations, or while a demonstrable legitimate business need exists that adheres to all relevant legal and compliance mandates. In specific circumstances, we must retain Personal Data for longer periods, for example, when necessary to fulfill statutory requirements, resolve disputes, collect outstanding fees, or when an extended period is mandated or expressly permitted by an applicable law, rule, or regulation.
If you have chosen to receive marketing materials from us, we will preserve records of your marketing preferences until you decide to opt out of such communications. This retention is executed in accordance with our documented internal policies.
The precise retention period for your Personal Data is determined by considering a set of factors:
Following the expiration of the determined retention period, any remaining information is either aggregated or rendered completely depersonalized, ensuring it can no longer be used to identify you individually.
5(a). Your right to deletion
You can request deletion of your Personal Data under the conditions described in Section 7. We may retain certain data where necessary to comply with legal obligations, prevent fraud, or establish, exercise, or defend legal claims.
5(b). Secure destruction
When we delete Personal Data, we use appropriate technical and organizational measures to ensure secure destruction or anonymization, and we periodically review and audit retention and deletion practices.
6. Security and Protection of Personal Data
We implement technical, organizational, and administrative measures designed to protect Personal Data against unauthorized access, loss, misuse, alteration, and destruction.
6(a). Technical measures
- Encryption of data in transit (TLS 1.2+).
- Encryption of sensitive data at rest (e.g., AES‑256).
- Strong authentication and role‑based access control.
- Firewalls, intrusion detection and prevention, and DDoS protection.
- Regular vulnerability scanning and penetration testing.
- PCI DSS Level 1 controls for payment data (including tokenization).
6(b). Organizational measures
- Appointment of a Data Protection Officer (DPO) contactable at privacy@cleeng.com.
- Privacy‑by‑design and by‑default practices in product and process design.
- Data Protection Impact Assessments for high‑risk processing.
- Cleeng personnel (employees and contractors) training and confidentiality obligations.
- Third‑party risk management and security due diligence.
- Data Processing Agreements and audit rights with processors.
6(c). Incident response and breach notification
- Continuous monitoring for suspicious activity where feasible.
- Prompt investigation and containment of suspected incidents.
- Notification to relevant supervisory authorities within statutory timelines (e.g., 72 hours under GDPR where required).
- Notification to affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms.
- Cooperation with Merchants to support their own breach notification duties.
6(d). Your responsibilities
You are responsible for:
- Keeping account credentials confidential.
- Using strong, unique passwords and enabling multi‑factor authentication where available.
- Promptly notifying us of any suspected unauthorized access or compromise.
7. Your Privacy Rights
The rights available to you depend on your location and applicable law (e.g., GDPR, CCPA/CPRA, and other state or national laws).
7(a). Your Rights
Depending on your jurisdiction, you may have the right to:
We provide a “Do Not Sell or Share My Personal Information” mechanism where required (for example, via website footer or cookie settings).
7(b). Other jurisdictions
Residents of other jurisdictions (for example, Switzerland, United Kingdom, Canada, or additional US states) may have similar rights under their respective privacy laws.
7(c). How to exercise your rights
To exercise your rights:
We will respond within the timelines set by applicable law (typically 30–45 days, with possible extensions for complex requests). If we deny or limit your request, we will explain the reasons and tell you how you can appeal or complain to a regulator.
7(d). Complaints to supervisory authorities
If you believe that our processing of your Personal Data infringes data protection laws, you may lodge a complaint with a competent supervisory authority or regulator in your jurisdiction. You are also encouraged to contact us first so that we can try to resolve your concerns.
8. Cookies, Tracking Technologies, and Analytics
We use cookies and similar technologies to operate, secure, and improve our services, personalize content, and support marketing and analytics, as described in our Cookie Policy.Cookies are grouped into categories, such as:
- Strictly necessary / essential cookies (required for core functionality and security).
- Performance / analytics cookies (for understanding usage and improving services).
- Functional / preference cookies (for remembering settings and preferences).
- Marketing / advertising cookies (for measuring and delivering relevant advertising).
You can manage cookie and tracking preferences using:
- Our cookie consent banner and settings.
- Your browser or device settings.
- Global Privacy Control or similar signals where supported.
For full technical details about the cookies and trackers we use, please see our separate Cookie Policy.
9. Contact Information and Data Protection Officer
If you have questions about this Privacy Policy or our data practices, or you wish to exercise your privacy rights, please contact:
|
Data Protection Officer (DPO) |
|
|
Email: |
privacy@cleeng.com |
|
Address: |
Cleeng B.V., Data Protection Officer, Reimersbeek 14, 1082 AG Amsterdam, Netherlands |
We review this Privacy Policy at least annually and update it as needed to reflect changes in our practices, legal requirements, and industry standards.
Effective Date: 13 March, 2026
Last Updated: 13 March, 2026
As a leader in OTT we have established partnerships with the most popular solutions on the market. Together with Synamedia, Sportradar, FanReach and more we support more than 250 broadcasters around the world. If you can’t see your streaming provider below, don’t worry, with Cleeng’s APIs you are able to effortlessly integrate streaming solution.
Your Subscriber Retention Management® solution
Products
Copyright © 2026 Cleeng | All Rights Reserved |
Terms & Conditions