Privacy Policy
Table of contents
1. [Introduction and data controller details](#1-introduction-and-data-controller-details)
2. [Scope and purpose of the Privacy Policy](#2-scope-and-purpose-of-the-privacy-policy)
3. [Types of personal data processed](#3-types-of-personal-data-processed)
4. [Purposes and legal bases for processing](#4-purposes-and-legal-bases-for-processing)
5. [Recipients of data and transfers outside the EEA](#5-recipients-of-data-and-transfers-outside-the-eea)
6. [Retention period](#6-retention-period)
7. [Your rights](#7-your-rights)
8. [Right to lodge a complaint](#8-right-to-lodge-a-complaint)
9. [Transfers outside the EEA](#9-transfers-outside-the-eea)
10. [Automated decision-making and profiling](#10-automated-decision-making-and-profiling)
11. [Transfers to third countries or international organisations](#11-transfers-to-third-countries-or-international-organisations)
12. [How we protect your data](#12-how-we-protect-your-data)
13. [Changes to the Privacy Policy](#13-changes-to-the-privacy-policy)
[Contact us](#contact-us)
---
1. Introduction and data controller details
This Privacy Policy sets out the rules for processing personal data of users of the Careglo and Careglo.eu service available at careglo.eu (the "Service"). This document complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and other applicable data protection laws.
The data controller for personal data of Service users is:
**Care Connective sp. z o.o.**
Registered office: F. Chopina 8/27, 20-026 Lublin, Poland
NIP: 7123479104
REGON: 52926667100000
E-mail for data protection enquiries: **[email protected]**
You may contact us on data protection matters by e-mail at the address above.
2. Scope and purpose of the Privacy Policy
This Privacy Policy aims to:
- explain what personal data we collect,
- state the purposes and legal bases for processing,
- specify how long we retain data,
- inform you who may receive the data,
- describe the rights of data subjects,
- and set out the measures we use to protect data.
The Policy applies to the processing of personal data of:
- visitors to the Careglo Service,
- persons contacting us via forms, e-mail or other channels,
- clients using or ordering our services through the Service,
- and potential clients and business partners.
This document applies only to the service available at careglo.eu. We are not responsible for the privacy policies of other websites linked from our Service.
3. Types of personal data processed
Depending on how you use our Service and Careglo services, we may process the following categories of personal data:
**Identification data:** name and surname, company name (if applicable), NIP/tax ID (if applicable).
**Contact data:** e-mail address, phone number, postal address (if required for the service).
**Service usage data:** IP address, browser and OS data, cookies, user activity (e.g. visit duration, clicks, pages visited).
**Ratings and reputation data (if you use this feature):** account identifiers of the person submitting or being rated; numeric scores (including criteria) and any short review text you voluntarily provide; a link to the conversation context (e.g. chat id) to prevent abuse and confirm the rating relates to a real interaction on the platform. You must not include special category data (e.g. health) or third-party personal data in reviews; such content may be rejected or removed.
**Enquiry and communication data:** content of contact forms, e-mails and other correspondence.
**Service delivery data:** details of ordered services, contact and cooperation history, billing and settlement data.
**Sensitive data:** We do not process special categories of data unless you choose to provide them (e.g. in a message). In such cases they are processed only to the extent necessary and in accordance with the GDPR.
4. Purposes and legal bases for processing
Your personal data may be processed for:
**1. Provision of services and contract performance** – to enable use of Careglo, handle enquiries, fulfil orders, issue accounting documents. *Legal basis: Art. 6(1)(b) GDPR.*
**2. Contact and correspondence** – to reply to messages, chat, e-mail and phone contact. *Legal basis: Art. 6(1)(f) GDPR (legitimate interest).* Data you voluntarily enter in chat is processed only as necessary to respond and continue the conversation, with your consent.
**3. Legal obligations** – to comply with law, in particular tax and accounting. *Legal basis: Art. 6(1)(c) GDPR.*
**4. Marketing and remarketing** – to show ads and content tailored to your interests (e.g. Google Ads, Facebook Ads), including remarketing. *Legal basis: Art. 6(1)(a) GDPR (consent, e.g. via cookie consent).* You may withdraw consent at any time.
**5. Newsletter and marketing messages** – to send commercial information by e-mail. *Legal basis: Art. 6(1)(a) GDPR (consent).*
**6. Asserting or defending claims** – to protect Careglo’s interests. *Legal basis: Art. 6(1)(f) GDPR.*
**7. Statistics, analysis and service improvement** – to analyse usage (e.g. visits, clicks) to improve quality and efficiency. *Legal basis: Art. 6(1)(f) GDPR.*
**8. Ratings and reviews on the platform** – to allow users to voluntarily rate cooperation (e.g. between caregivers and companies) and to display aggregated results (averages, counts) to support transparency and trust. *Legal bases:* voluntary submission and processing of review content – **Art. 6(1)(a) GDPR (consent)**, given separately from other consents (e.g. chat contact), at the time you submit the rating form; display of aggregated ratings and statistics (without unnecessary personal data) – **Art. 6(1)(f) GDPR (legitimate interests)** in operating a trustworthy marketplace. Consent to contact or data processing in chat (including privacy notices when sharing contact details) is **separate** from consent to submit a review. You must not include health-related or other special category data in reviews; we moderate content in line with our terms. Average ratings may in the future affect sorting or recommendations in the Service; they do not constitute solely automated decisions on accepting or refusing cooperation without human involvement. Details will be given in the terms and when such features go live.
5. Recipients of data and transfers outside the EEA
Your data may be disclosed to:
**Processors** acting on our behalf: hosting and IT infrastructure providers, CRM and communication tools (chat, e-mail), accounting and settlement services, marketing and analytics partners (e.g. Google, Meta/Facebook), customer support providers. All process data under data processing agreements and our instructions.
**Transfers outside the EEA:** In some cases data may be transferred outside the European Economic Area (e.g. Google Ads, Meta/Facebook, messaging or mailing platforms). We ensure appropriate safeguards under the GDPR (e.g. EU-U.S. Data Privacy Framework, EU standard contractual clauses, or other Art. 46 mechanisms). You may request a copy of the safeguards by contacting us.
6. Retention period
We retain your data only as long as necessary for the purposes for which it was collected, and thereafter as required by law or to protect our claims.
- **Contact data from chat or forms** – until communication ends or consent is withdrawn (unless we need to retain it for evidence).
- **Client data** – for the term of the contract and then for the limitation period (typically 6 years) or as required by accounting law (5 years).
- **Marketing consent data** – until consent is withdrawn.
- **Cookies and analytics** – as per browser settings or up to 2 years, unless you delete or withdraw consent earlier.
- **Ratings and reviews** – for as long as the review is shown in the Service and as long as necessary for complaints and claims; after account deletion or withdrawal of consent, content is deleted or anonymised unless a legal retention obligation applies (e.g. evidence).
After the relevant period, data is permanently deleted or anonymised.
7. Your rights
Under the GDPR you have the right to:
- **Access** – ask what data we process and for what purpose.
- **Rectification** – request correction of inaccurate or outdated data.
- **Erasure** ("right to be forgotten") – request deletion where there is no legal obligation to retain.
- **Restriction** – request limited processing.
- **Data portability** – receive your data in a structured format and transfer it to another controller.
- **Object** – especially to marketing or processing based on legitimate interest.
- **Withdraw consent** – at any time, without affecting the lawfulness of earlier processing.
To exercise your rights, contact us at: **[email protected]**
8. Right to lodge a complaint
If you believe we process your data in breach of the GDPR or your rights, you may lodge a complaint with a supervisory authority.
In Poland:
**President of the Personal Data Protection Office (PUODO)**
ul. Stawki 2, 00-193 Warsaw
Tel.: 22 531 03 00
www.uodo.gov.pl
We encourage you to contact us first – we will try to resolve any issue without delay.
9. Transfers outside the EEA
Yes. In some cases your data may be transferred outside the European Economic Area, mainly in connection with our use of marketing and analytics tools such as Google Ads or Meta (Facebook) Ads. We ensure an adequate level of protection by using EU standard contractual clauses, additional safeguards in line with EDPB guidelines, and only partnering with providers that guarantee GDPR-compliant protection. You may request a copy of the safeguards by contacting us.
10. Automated decision-making and profiling
We do not make decisions based solely on automated processing that would have legal or similarly significant effects on you.
Average ratings and reputation statistics may in the future affect search result order or content recommendations in the Service; they do not by themselves constitute a decision on concluding or refusing an employment or cooperation contract without the possibility of human intervention on the other side of the transaction.
We may use profiling for marketing (e.g. to tailor ads to your preferences). This does not significantly affect your rights or legal situation. Profiling may be based on e.g. visit history, clicks, use of contact forms or chat, and general demographic data. You may object to marketing profiling at any time by contacting us.
11. Transfers to third countries or international organisations
Yes. Due to our use of global providers (e.g. Google, Meta), data may be transferred outside the EEA, including to the United States. We ensure compliance with the GDPR (Art. 44 et seq.) and work only with entities that guarantee an adequate level of protection (e.g. EU adequacy decisions such as EU-U.S. Data Privacy Framework, or EU standard contractual clauses). You may request a copy of these safeguards by contacting us.
12. How we protect your data
We implement appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, loss, destruction or alteration, including: SSL encryption for data in transit; access limited to authorised personnel; antivirus, firewalls and regular software updates; internal data protection procedures compliant with the GDPR; data minimisation; and staff training. In the event of a breach that poses a high risk to your rights and freedoms, we will inform you without undue delay as required by the GDPR.
13. Changes to the Privacy Policy
We may change this Privacy Policy at any time, in particular due to changes in law (including the GDPR), our services, technology or processing practices, or supervisory recommendations. We will inform you of material changes via a visible notice on our website, e-mail (where we have your address and the change concerns you), or other appropriate channels. The current version will always be available on our website with the date of the last update.
---
Contact us
If you have any questions or wish to exercise your GDPR rights, contact us:
**Care Connective – your data controller:**
Care Connective Sp. z o.o.
ul. F. Chopina 8/27
20-026 Lublin
Poland
E-mail: **[email protected]**
We will respond as soon as possible and no later than 30 days from receiving your request.
