Privacy Policy

 

Privacy & Cookies Policy of Clorce Solutions Sp. z o.o.

Last updated: [02 October 2025]

1) Controller and contact

The controller of your personal data is Clorce Solutions Sp. z o.o., ul. Irysowa 18, 60-175 Poznań, Poland, KRS 0000752499, NIP 7792497444, REGON 381540480 (“Clorce”, “we”, “us”).
Contact: [email protected].
[Optional] Data Protection Officer: [if appointed, insert name/email].

2) Scope

This Policy explains how we process personal data of website visitors, event participants, contractors and their staff, job applicants, and how we use cookies and similar technologies on our websites.

3) Legal bases and purposes (GDPR)

We process personal data only when we have a legal basis (Art. 6 GDPR):

  • Contract & pre-contract (Art. 6(1)(b)): concluding and performing agreements; service delivery and support.

  • Legal obligation (Art. 6(1)(c)): tax, accounting, compliance.

  • Legitimate interests (Art. 6(1)(f)): website security, fraud prevention, analytics in an aggregated/limited manner, establishing/defending claims, B2B relationship management (including identifying company visits – see Leadinfo).

  • Consent (Art. 6(1)(a)): marketing communications (email/SMS/phone), storing/reading cookies for analytics and advertising, and sending advertising data to Google (Consent Mode v2).

Main processing purposes

  • Service delivery, customer care, invoicing.

  • Organising events, webinars, business breakfasts.

  • Recruitment (processing CVs, interviews).

  • Marketing: newsletters, promotional messages, remarketing (only with consent where required).

  • Analytics and site performance: traffic measurement, troubleshooting, quality improvement.

  • Security: detecting spam/abuse, protecting our services.

4) Categories of data and sources

  • Identification and contact data (name, email, phone), organisation and role/title (B2B).

  • Communication content (emails, forms), event data (registration, attendance).

  • Technical data from your browser/device: IP address, headers, identifiers (cookies or similar), pages viewed, timestamps, referrers, UTM parameters, consent choices.

  • For Leadinfo: company-level identification of visits based on IP address and public/company data sources (see §10).

5) Recipients and vendors

We share data with trusted processors and independent controllers where needed:

  • Google products: Google Tag (gtag.js) / Google Tag Manager, Google Analytics (if enabled), Google Ads (if enabled), Google Search Console.

  • Leadinfo B.V. (Netherlands) – company visitor identification (B2B).

  • Hosting, email and IT providers, CRM/marketing tools, accounting and legal advisors.
    We sign data processing agreements where required. For tools acting as independent controllers (e.g., some Google services), those providers determine their own purposes of processing—see their privacy policies.

6) International transfers

Some vendors may process data outside the EEA. Where this occurs, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and—if applicable—additional measures). You can request a copy of relevant safeguards at [email protected].

7) Retention

We store data only as long as necessary:

  • Contracts & billing: statutory periods (usually up to 6 years in Poland).

  • Recruitment: up to 6 months for a given process unless you consent to a longer talent pool (typically up to 24 months).

  • Marketing lists: until you withdraw consent or object.

  • Technical logs/security: typically up to 12 months unless needed longer for security or claims.

  • Cookies: per the lifetimes shown in the cookies table (§11).

8) Your rights

You have the rights of access, rectification, erasure, restriction, portability, and objection (Arts. 15–21 GDPR). Where processing is based on consent, you may withdraw it at any time (without affecting past lawful processing).
You may lodge a complaint with the President of the Personal Data Protection Office (PUODO) in Poland.

9) Marketing communications

We send marketing messages only if permitted by law (consent or legitimate interest in B2B contexts) and always with an easy opt-out. You may unsubscribe via the link in messages or by writing to [email protected].

10) Leadinfo (B2B company visitor identification)

We use Leadinfo (Leadinfo B.V., Netherlands) to identify company visits to our website. Leadinfo matches the IP address of a visitor’s network with publicly available and commercial company databases to tell us which organisation (not a private individual) has visited our site, which pages were viewed and when. We use this for B2B lead generation and sales analytics (our legitimate interest, Art. 6(1)(f) GDPR).

  • Data involved: truncated IP and network/domain information, page URLs, timestamps, and company metadata (e.g., sector, size).

  • What we do not do: we do not resolve private home users to a person; no tracking across third-party sites via Leadinfo.

  • Retention: company visit records are kept for typical sales cycle needs ([e.g., 12–24 months]) unless you object earlier.

  • Opt-out / objection: If your organisation prefers not to appear in our Leadinfo insights, contact us at [email protected] with your corporate IP ranges; we will suppress future matching for those ranges.

11) Cookies and similar technologies

11.1. Consent and Google’s EU requirements

In the EEA/UK we use a consent banner (CMP) that implements Google Consent Mode v2. Until you give consent, tags are adjusted to limited, cookieless pings. You can manage choices at any time via the “Privacy settings” link in the site footer.

Consent categories we use (Consent Mode v2 signals):

  • ad_storage (ads cookies/IDs)

  • analytics_storage (analytics cookies/IDs)

  • functionality_storage (site preferences)

  • personalization_storage (e.g., preferred content)

  • security_storage (fraud prevention, authentication)

  • Additional signals (if applicable): ad_user_data and ad_personalization (to control sending advertising data and personalisation to Google).

We respect your choices and propagate them to tags fired via Google Tag/Google Tag Manager.

11.2. Types of cookies

  • Strictly necessary (no consent): essential for site operation, security, load balancing, basic consent logging.

  • Preferences/Functionality (consent): remember settings like language.

  • Analytics (consent): measure visits and performance in aggregate (e.g., Google Analytics).

  • Advertising/Remarketing (consent): build or use audiences, measure ads, personalise content (e.g., Google Ads).

11.3. Tools we use (examples)

Tool / VendorPurposeData CollectedCookie/ID Lifetime (typical)Controller role
Google Tag (gtag.js) / Tag ManagerDeploy and control tags; pass consent signals; no standalone profilingEvent triggers, tag states, consent flagsNo persistent cookies by GTM itselfProcessor/independent per tag
Google Analytics (if enabled)Site analytics and performancePage views, events, device info, truncated IP, consent flagse.g., 1–24 months, depending on configurationController (Google)
Google Ads (if enabled)Ads measurement, remarketing, conversionsAd clicks, conversions, page events, pseudo-IDs, consent flagse.g., up to 13 months for some ads cookiesController (Google)
Google Search ConsoleSEO diagnostics and search performance (aggregate)Search queries and site performance aggregates (no per-visitor cookie set by us)n/a (tool on Google side)Controller (Google)
Leadinfo (B2B)Identify company visitsNetwork/IP to company match, pages viewed, timestampsNo third-party cookies; first-party data stored in our systemsProcessor for us / independent provider for its service

Exact cookie names and durations can vary by browser, product updates and your consent. Our CMP displays up-to-date details at the moment of consent.

11.4. Managing cookies

You can:

  • Use the “Privacy settings” link in our footer to change/withdraw consent at any time.

  • Configure your browser to block, delete or alert about cookies.

  • Use industry tools (e.g., AdChoices) to manage interest-based ads in your region.

Effects of refusal: some site features may not work fully without certain cookies/IDs.

12) Google products we use

12.1. Google Tag (gtag.js) & Google Tag Manager

We use these to deploy tags and pass your consent choices (Consent Mode v2). They themselves generally do not set profiling cookies; they load other tools according to your consent.

12.2. Google Search Console

Helps us understand search visibility and site health (indexing errors, queries, impressions, clicks). It does not identify individual visitors on our site.

12.3. Google Analytics / Google Ads (if enabled)

If you consent to analytics and/or ads, we may measure usage and ad performance, build remarketing audiences, and share limited event data with Google. You can revoke consent anytime via Privacy settings.

13) Children’s data

Our services are intended for professionals and adult users. We do not knowingly target children. If you believe a child provided data, contact us to erase it.

14) Automated decision-making

We do not make decisions producing legal effects based solely on automated processing. We may use scoring for internal prioritisation (e.g., B2B sales leads), but you can object at any time.

15) Security

We use appropriate technical and organisational measures (access controls, encryption where appropriate, backups, vendor due diligence) to protect your data.

16) Changes to this Policy

We may update this Policy from time to time. Material changes will be signposted on our website. The current version is always available on this page.