Your privacy is important to us. It is Cleoo Ltd's policy to respect your privacy regarding any information we may collect from you across our website, cleoo.com, and other sites we own and operate.
At Cleoo, we are fully committed to maintaining the trust and confidence of our customers and the visitors to our websites. We take your privacy seriously and our top priority is maintaining the confidentiality of the personal data you provide and protecting it from unauthorized access.
As a company under private law, we are subject to the provisions of the European General Protection Data Regulation (GDPR). We have taken technical and organizational steps to ensure that both we and our external service providers meet the data protection requirements.
In this Policy, we have tried our best to cover all the questions you may have regarding our treatment of your personal data. If you’re in a rush, you can jump to the section you are most interested in by using the links below. However, every point is important, so we hope you can find the time to read through it all carefully.
Who is Cleoo?
Cleoo Limited (referred to in this Policy as “Cleoo”, “we”, “us” or “our”) is a provider of digital advertising services. We are headquartered in the UK (registered office at 22 Great James Street, London WC1N 3ES, United Kingdom) with two further offices in Switzerland and Singapore.
Our appointed data protection officer (“DPO”) is responsible for overseeing this Policy and responding to any related questions. You can get in touch with our DPO, Yves Thielan, by emailing email@example.com or writing to:
Attn: DPO, Yves Thielan
What data does Cleoo collect about me?
Data you give us
When you engage with Cleoo, either online or directly by other means, we may ask you to provide us with personal data such as your contact details in order to submit an enquiry to us, sign up to receive our newsletter or information about our product or become a customer. You may also provide us with your personal data in other ways such as if you contact us in relation to employment opportunities or communicate with us through social media or our Customer Success teams. In these occasions, we will make the reasons why we are asking you to provide the personal data clear. Data we collect may include:
Identity data, for example your first name, last name, email address, postal address, date of birth, phone number, gender, country of residence, lifestyle/interests, appearance, style, username;
Transaction data, for example details regarding your transactions with us, including information about the products you have purchased and the date and time that you made the purchase;
Images and photographs, for example if you submit a picture to a competition, to social media or to be used in your ads as a customer of a Cleoo product;
Your opinions or other information, for example if you review a Cleoo product, provide information about a Cleoo product or if you provide us with your CV when exploring employment opportunities.
Data we collect when you use our services
When you visit our websites or engage with us digitally through social media or other means, we may collect certain information automatically from your computer, tablet or mobile phone (a “Device"). In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
The information we may collect can be broadly grouped as follows:
Identity data, for example your first name, last name, username, date of birth and gender;
Technical data, for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and broad location, browser plug-in types and versions, operating system and platform and any other technology on the devices you use to access our websites;
Usage data, information about how you use our websites such as the pages you visit, the duration of your visit and the links you click.
Some of this information may be collected using cookies and similar tracking technology, as further explained below:
How does our sites handle Do Not Track signals
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
When someone visits one of our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of the visitors to our websites.
What does Cleoo do with my data?
We can only collect and use your personal data if the law allows us to, by satisfying one or more of the reasons set out by applicable data privacy law.
The most common uses of your personal data will be:
Where we need to perform the contract we are about to enter into or have entered into with you (for example, where we have agreed to provide you with services such as a landing page, we’ll collect and use your data such as your email address to send your leads to)
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. A summary of these legitimate interests are set out below
Where we need to comply with a legal or regulatory obligation (for example, we may pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies)
Where we collect and process your data with your consent (for example, when you tick a box to receive email newsletters)
Our legitimate interests include:
selling and supplying our products and services to our customers;
protecting customers, employees and other individuals and maintaining their safety, health and welfare;
promoting, marketing and advertising our products and services;
sending promotional communications which are relevant and tailored to individual customers;
understanding our customers’ behaviour, activities, preferences and needs;
improving existing products and services and developing new products and services;
complying with our legal and regulatory obligations;
preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
handling customer contacts, queries, complaints or disputes;
managing insurance claims by customers;
protecting our company, employees and customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Cleoo;
effectively handling any legal claims or regulatory enforcement actions taken against Cleoo; and
fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
You may not always be required to provide the personal information that we have requested. However, if you choose not to provide certain information, you may not be able to take advantage of some of our services. Any information that is required is clearly marked as mandatory. If you would prefer that we not collect certain personal information from you, please do not provide us with any such information, or opt out of providing this information where applicable.
What is Cleoo’s approach to children’s data?
Our websites and other digital services are not intended for children under the age of 16 and we do not knowingly collect data relating to children. If we are made aware that we have received such data, we will use reasonable efforts to locate and remove that information from our records.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Does Cleoo share my data with anyone?
Where necessary for the proper performance of our services, our legal duties and other business-critical activities, we may share your personal data with third parties where it is reasonable and in line with the nature of the relationship. We take your privacy very seriously and do our best to establish a legitimate reason for the data to be shared before doing so. In particular, we want you to know that Cleoo is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
The types of recipients we may share your personal data with are categorised as follows:
With our service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
With our employees, contractors and/or related entities;
With courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
With courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
With an actual or potential buyer (and its agents and advisors) where reasonably requested as part of a business transfer activity in relation to any actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding;
third parties to collect and process data;
To any other person with your consent to the disclosure
We require all third parties and organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law. We do not allow any of our third-party service providers or service providers to use your personal data for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
How long does Cleoo store my data?
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
To determine the appropriate retention period for any type of personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use of disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances we may anonymise your personal data so that it may no longer be associated with you and use it for research of statistical purposes only. In this case, we may use this anonymised information indefinitely without further Policy to you.
How secure is my data with Cleoo?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used of accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The measures we use to protect your personal information are designed to provide a level of security appropriate to the risk of processing your personal information. However, please be aware that no electronic transmission of information can be entirely secure. We cannot guarantee that the security measures that we have in place to safeguard personal information will never be defeated or fail, or that those measures will always be sufficient or effective.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Does Cleoo transfer my data to other countries?
As an international company, in order to provide our services we may need to transfer and process your personal information internationally (including to destinations outside the European Economic Area (the “EEA") and the UK), particularly to those countries we have offices in as listed on our website or where our partners, affiliates and third-party providers maintain facilities.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means. However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Policy.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.
Further information can be provided on request. Please contact us using the details found in the section “How do I contact Cleoo?" We have also implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
Your rights and controlling your personal information
Notification of data breaches: We will comply laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Subject to applicable data protection law, you have the following rights in relation to your personal data:
The right to request access to personal information (commonly known as a “data subject access request”), which enables you to receive confirmation as to whether or not we are processing your personal information and access to such personal information
The right to request a change and/or correction of inaccurate personal information or to request that we delete your personal information in certain circumstances
The right to object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms
The right to request restriction of processing of your personal information which enables you to ask us to suspect the processing of your personal information in certain scenarios
The right to request portability of your personal information to a third party in a structured, commonly used, machine-readable format
The right to withdraw your consent at any time where we are relying on consent to process your personal information. Withdrawing your consent will not affect the lawfulness of any processing carried out prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
Limit of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
How do I stop receiving communications from Cleoo?
You can ask us to amend your communications settings or stop sending you marketing messages at any time by contacting us at firstname.lastname@example.org or writing to us at
Attn: Customer Success Team
How do I contact Cleoo?
If you are have a question about this Policy or are unhappy with how we have used your personal data, please contact us at email@example.com or write to us at:
Attn: DPO, Yves Thielan
If you are in the UK, you also have the right to complain to the Information Commissioner’s Office. Contact details can be found at www.ico.org.uk. We would be grateful for the change to deal with your concerns before you contact the ICO so please get in touch with us in the first instance.
This policy is effective as of 1 November 2018.