Privacy and Policy

At Cloudeo, we respect your privacy and are committed to protecting your personal data. This policy outlines how we collect, use, and protect your information when you use our services.

Privacy Policy

Effective date: 12 September 2025
Controller: Prosit Poland Sp. z o. o. (“we”, “us”, “our”)
Registered address: Prosit Poland, ul. Pojdy 14d, 44-213 Rybnik, Poland
Organisation number: 6423189108
Website: https://prosit.no
Privacy contact: [email protected]

Your privacy matters to us. This Privacy Policy explains how Prosit Poland collects, uses, shares, and safeguards personal data when you visit our website or interact with us online. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Norwegian Personal Data Act.

1. Who We Are

Prosit Poland is established in Poland and operates within the European Economic Area (EEA). For the purposes of the GDPR, we are the data controller for personal data collected via our website and related online touch points.

2. What Personal Data We Collect

We may collect and process the following categories of personal data when you use our site or contact us:

  • Contact data (e.g., name, email address, phone number).

  • Technical & usage data (e.g., IP address, device type, operating system, browser type, pages viewed, time spent, referral source).

  • Communication data (messages submitted via forms, support inquiries, emails).

We collect data directly from you (e.g., forms).

3. How We Use Your Data

We process personal data for the following purposes:

1. Operating and securing the website

  • Purpose: Operating and securing the website.

  • Legal basis (GDPR): Legitimate interests (Art. 6(1)(f)) – ensuring availability, security, and performance.

  • Data categories: Contact, Technical/Usage, Communication.

  • Typical retention: As long as necessary for the stated purpose; see Section 6.

2. Responding to inquiries and providing support

  • Purpose: Responding to inquiries and providing support.

  • Legal basis (GDPR): Performance of a contract or pre-contractual steps (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)).

  • Data categories: Contact, Technical/Usage, Communication.

  • Typical retention: As long as necessary for the stated purpose; see Section 6.

3. Improving our website and services (analytics, troubleshooting)

  • Purpose: Improving our website and services (analytics, troubleshooting).

  • Legal basis (GDPR): Legitimate interests (Art. 6(1)(f)).

  • Data categories: Contact, Technical/Usage, Communication.

  • Typical retention: As long as necessary for the stated purpose; see Section 6.

4. Marketing communications (e.g., newsletters)

  • Purpose: Marketing communications (e.g., newsletters).

  • Legal basis (GDPR): Consent (Art. 6(1)(a)); or legitimate interests where permitted (Art. 6(1)(f)).

  • Data categories: Contact, Technical/Usage, Communication.

  • Typical retention: As long as necessary for the stated purpose; see Section 6.

5. Complying with legal obligations

  • Purpose: Complying with legal obligations.

  • Legal basis (GDPR): Legal obligation (Art. 6(1)(c)).

  • Data categories: Contact, Technical/Usage, Communication.

  • Typical retention: As long as necessary for the stated purpose; see Section 6.

4. Our Legal Bases for Processing

Depending on the context, we rely on one or more of the following legal bases under Article 6 GDPR:

  • Consent (Art. 6(1)(a)) – marketing where required.

  • Contract (Art. 6(1)(b)) – to take steps at your request or perform a contract with you.

  • Legal obligation (Art. 6(1)(c)) – to comply with applicable laws and regulations.

  • Legitimate interests (Art. 6(1)(f)) – to operate, secure, and improve our services, balanced against your rights and freedoms.

5. Data Sharing and International Transfers

We do not sell or rent personal data. We may share personal data with:

  • Service providers/processors (e.g., hosting, analytics, customer support) under GDPR-compliant data processing agreements.

  • Professional advisors (legal, accounting) under confidentiality obligations.

  • Public authorities where required by law or to protect rights.

If data is transferred outside the EU/EEA, we implement appropriate safeguards such as Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, supplementary measures.

6. Data Retention

We keep personal data only as long as necessary for the purposes described or as required by law. Typical retention periods include:

  • Contact form inquiries and support emails – up to 24 months after resolution

  • Web server and security logs – up to 12 months, unless needed to investigate incidents

  • Analytics data – per your consent settings and provider defaults

  • Marketing subscriptions and consent records – not collected

  • Contractual and invoicing records – as required by accounting/tax laws (typically 5–10 years)

When data is no longer needed, we delete or irreversibly anonymise it.

7. Your Rights

Subject to conditions and exceptions under the GDPR, you have the right to request:

  • Access to your personal data (Art. 15)

  • Rectification of inaccurate data (Art. 16)

  • Erasure (‘right to be forgotten’) (Art. 17)

  • Restriction of processing (Art. 18)

  • Data portability (Art. 20)

  • Objection to processing based on legitimate interests (Art. 21)

  • Withdrawal of consent at any time where processing is based on consent (Art. 7(3))

To exercise your rights, contact us at [email protected]. We may need to verify your identity. We aim to respond within one month (extendable by two months for complex requests).

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

8. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit and at rest (where applicable)

  • Access controls, role-based permissions, and multi‑factor authentication for administrative accounts

  • Principle of least privilege and regular access reviews

  • Network and application monitoring, logging, and backup procedures

  • Vulnerability management and regular patching

  • GDPR‑compliant processor contracts and confidentiality obligations

  • Staff awareness and training on data protection and security

9. Children’s Data

Our website is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted here with a new effective date. We encourage you to review this page periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Prosit Poland – Privacy Team
Email: [email protected]
Postal address: Prosit Poland, ul. Pojdy 14d, 44-213 Rybnik, Poland

© RegArmor 2025 All Rights Reserved.

© RegArmor 2025 All Rights Reserved.

© RegArmor 2025 All Rights Reserved.