Last Updated: 03/10/2022
TABLE OF CONTENTS
- WHO WE ARE
- WHAT WE COLLECT
- USE OF PERSONAL INFORMATION
- DATA HANDLING (New)
- SHOWING OF PERSONAL INFORMATION
- HOW INFORMATION IS STORED AND PROCESSED
- HOW INFORMATION IS PROTECTED
- WHAT ARE YOUR DATA PROTECTION RIGHTS
- INFORMATION CHOICES AND CHANGES
- PRIVACY SHIELD NOTICE
- CHILDREN’S PRIVACY (New)
- TELEPHONE CONSUMER PROTECTION ACT (New)
- HOW TO CONTACT US
- NOTICE TO CALIFORNIA RESIDENT
- NOTICE TO RESIDENTS OF THE EU, EEA, AND UK
This Policy is effective as of March 10, 2022.
WHO WE ARE
We are Cleo Labs, Inc., a Delaware corporation, with a headquarter in California in the United States. Our mailing address is: 548 Market Street, PMB 46800, San Francisco, California 94104-5401
Our Legal Representative in the EU is:
HYAZINTH Consulting for Tech UG (haftungsbeschränkt), Potsdamer Platz 11, 10785 Berlin (Germany)
Our Legal Representative in the UK is:
Clientside Law Limited, 20-21 Jockey’s Fields, London, England, WC1R 4BW
If you believe that Cleo may have violated your privacy rights, you should contact us at the mailing address provided above or via e-mail at [email protected].
WHAT WE COLLECT
We collect information about you in a number of ways.
Information You Give to Us. We collect information that you provide to us, which may include the following categories of information depending on how you use our Services:
- Information that identifies you, such as your full name, email address, mailing address, telephone number, username, and password
- Work information such as the identity of your employer or your job title
- Family planning and other health information that you share with us when using, signing up for, or requesting more information about the Services, including, but not limited to demographic information, such as gender and birth date
By providing us with an email address, you consent to receiving information from us by email to that address.
Information We Get From Your Cleo Benefit Sponsor. We may receive information from your Cleo Benefit Sponsor (typically your employer or health plan) to enable us to confirm you, your dependents, or your household member(s)’ eligibility for Cleo, to contact you in order to inform you of the availability of the Cleo benefit, and to help us measure the effectiveness of Cleo. Your Cleo Benefit Sponsor may also partner with third-party leave administrators to manage your personal information to help determine your eligibility for certain employee benefits. We may also receive information from these third-party leave administrators to enable us to confirm you, your dependents, or your household member(s)’ eligibility for Cleo, to contact you in order to inform you of the availability of the Cleo benefit, and to help us measure the effectiveness of Cleo.
Information Automatically Collected. We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Site and Services. For example, when visiting our Site or when using the Company’s mobile applications, we log your computer or device identification, IP address, operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site or in the Company’s mobile applications. This type of information is routinely collected by virtually any web enabled application or website. How much of this information we collect depends on the type and settings of the device you use to access the Site and Services.
To enhance your online experience, we use “cookies.” Cookies are small text files placed by the Sites in your computer’s browser to make a user’s experience more efficient. Cookies, by themselves, do not tell us your e-mail address or other personal information. However, once you choose to furnish the Site with information, this information may be linked to the data stored in the cookie. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Other similar tools we may use to collect information by automated means include web server logs, web beacons and pixels.
You always have the option of setting your browser to warn you when a cookie is being accessed on your computer, to delete cookies that are currently on your computer or to decline cookies altogether. However, to take full advantage of the Site and the Services, your browser will need to accept cookies.
Cleo stores cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. Cleo uses different types of cookies which are listed in the below table. Some cookies are placed by third parties.
We use the following categories on our websites and other web-based online services:
Strictly Necessary Cookies:
These cookies are necessary to enable you to browse around our website and use its features.
These cookies collect information about how you use our website. This data may be used in helping our teams optimize our websites and make them easier for you to navigate.
These cookies allow our website to remember the choices you make while browsing. They may also be used to keep track of what featured pages or videos have been viewed to avoid repetition.
These cookies allow us to know if you viewed relevant Cleo content on third party sites and/or if you then visited the Cleo website based on that advertisement. These cookies may also be used to determine how an ad performed or provide us with information about how you interact with our ads
California Do Not Track Disclosure. We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit http://www.allaboutdnt.com.
If you choose to interact on the Site or through the Services (such as by registering, using our Services, completing questionnaires, surveys, service contacts, or requests for information) Cleo will collect the personal information that you provide. We may collect personal information about you that you provide through telephone, email, or other communications. If you provide us with personal information regarding another individual, we will assume that you have that person’s consent to give us their personal information. Providing personal information about another individual without their consent could be viewed as a data privacy violation and could subject you to sanctions.
USE OF PERSONAL INFORMATION
Recipients. We have service providers in the United States and other countries. Your personal information may be collected, used and stored in the United States or other locations outside of your home country. Data protection laws in the locations where we handle your personal information may not be as protective as the data protection laws in your home country.
At times, we may work with a contracted third party to support delivery of our Services or to deliver Services to you directly.
Please keep in mind that certain features on the Services may give you an opportunity to interact with us and others. These may include forums, message boards, chats, creating community profiles, and rating, tagging and commenting on articles. When you use these features, you should be aware that any information you submit, including your name, location, health issues, and email address, may be publicly available to others. We do not protect the privacy of and are not responsible for your disclosure of any information through these interactive features, including, but not limited to information that you might post related to a minor.
Whenever you voluntarily disclose anyone’s personal information on publicly viewable web pages, that information can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your post or what other users may do with the information that you voluntarily post, so we encourage you to exercise discretion and caution with respect to information you choose to disclose through these interactive features. When an individual chooses to post information that will be publicly disclosed, he or she is responsible for all legal consequences. We are not responsible under any data protection laws for information that you voluntarily post on a site that can be accessed by others including non-Cleo personnel.
- To provide the Services and personalize your experience. We use information about you to provide the Services to you, including to:
- help establish and verify the identity and eligibility of users, including verifying your eligibility through your Cleo Benefit Sponsor (usually your employer);
- for the purposes for which you specifically provided it including, without limitation, to enable us to process and fulfill your Account, provide the Services or other requests;
- to communicate with experts (Cleo Specialists);
- to send you information about your relationship or transactions with us;
- to otherwise contact you with information that we believe will be of interest to you, including marketing and promotional communications;
- to enhance or develop features, products, and Services;
- to allow us to personalize the content that you and others see on the Services;
- to create aggregated and other anonymous data by removing information that makes the data personally identifiable, which we may provide to advertisers and other third parties or use for other lawful business purposes; and/or
- to allow other select companies to send you promotional materials about their products and services.
- For research and development: We are always looking for ways to make our Services smarter, secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services; to analyze and improve our Site and/or Services (including developing new products and services); improving safety; managing our communications; analyzing our products; performing market research; for peer-reviewed and non-peer-reviewed clinical research; and performing data analytics. For example, we use information collected about how users engage with our micro-sites to design a better, more user-friendly user experience. In some cases, we may apply these learnings across all our Services to improve and develop similar features or to better integrate the Services you use. We also test and analyze certain new products, workflows, and user experiences with some users before rolling them out to all users.
- To communicate with you about the Services:
- We use your contact information to send transactional communications via email, SMS text messages, and within the Services, including sending you reminders, responding to your comments, questions and requests, providing customer support, soliciting outcomes and feedback, and sending you technical notices, updates, security alerts, and administrative messages.
- Depending on your settings, we may send you email notifications when you or others interact on the Services, for example, when you are sent a message from your Cleo Guide through our Services.
- We may also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services. These communications are part of the Services and in most cases you cannot opt out of them as they are an integral part of our Services. If an opt out is available, you will find that option within the communication itself or in your account settings.
- To market, promote, and drive engagement with the Services: We may use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, products and services offered by us or our selected partners, survey and beta testing requests, and articles we think may be of interest to you. You can control whether you receive these communications within the communication itself or in your account settings.
- For customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
- To coordinate with a Cleo Expert/Specialist: Where you give us permission to do so, we share your information with a Cleo Specialist for the purpose of responding to support-related requests.
- For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity, identify violations of Service policies, authenticate, protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.
- To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, accounting, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
- With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above.
We may combine all of the information that we collect with data obtained from third parties or through our products and Services. We may also collect and store information locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Cleo will take reasonable precautions to protect your information from loss, misuse or alteration. Please be aware, however, that any text, email or other transmission you send in an unencrypted manner cannot be completely protected against unauthorized interception. In particular, we want to make you aware that personal email may not be secure, and Cleo is not responsible for any unauthorized access to information when information is sent to your personal email. You are not required to authorize the use of email for this purpose, a decision not to consent or to opt out of receiving these emails will not restrict your ability to access the Services, and you can continue to receive other emails from Cleo, using our secure electronic communication system instead of your personal email.
We may also use aggregated or anonymous information (for example, statistics regarding use and metrics) for research purposes, for marketing and promotional purposes, and to develop new learning tools and solutions and we may share such information with third parties, including researchers and/or advertisers. We may also use IP addresses to analyze trends, administer the Services, track a Site visitor’s movement, and gather demographic information which we may combine with other aggregated or anonymous data for the uses described above.
SHARING OF PERSONAL INFORMATION
Personally Identifiable Information: We will not rent or sell your personally identifiable information to others without your consent, although we may share it with business partners for the purposes described above under “Use of Personal Information”, such as the provision and personalization of Services.
With your consent, we may share your information as follows:
- With Affiliates: We may share your personal information with affiliated companies and businesses;
- With Service Providers: We may use other companies to perform services including, without limitation, facilitating some aspects of our Services such as sending emails, text messages, and push notifications, providing scheduling functionality and updates, and fulfilling data reporting and/or requests. These other companies may be supplied with or have access to your personal information solely for the purpose of providing these services to you on our behalf. Such service providers shall be bound by appropriate confidentiality and security obligations, which may include, as applicable, business associate contract obligations;
- With Business Partners: When you make purchases or engage in promotions offered through our Services, we may share personal information with the businesses with which we partner to offer you those products, services, and promotions. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner;
- With your Cleo Family Benefit Sponsor (employer or health plan): We may share your enrollment status as a user of the Services, including your name, employee ID, and enrollment date, with your Cleo Family Benefit Sponsor for the purposes of administering our contractual obligations and/or your Sponsor’s tax or other administrative reporting purposes;
- With Cleo’s Specialists: Subject to receipt of your express consent, we may share your personal information with Cleo’s Specialists and coaches enlisted to provide the Services.
- Special Circumstances: We also may disclose your Personal Information:
- In response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency where required by applicable law;
- When disclosure is required or allowed by law in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Terms or other agreements or policies;
Any personally identifiable information you elect to make publicly available on our Sites or through the Services will be available to others. If you remove information that you have made public on our Sites or through the Services, copies may remain viewable in cached and archived pages of our Sites or through the Services, or if other users have copied or saved that information.
Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns for certain Services and those of our partners. Non-personally identifiable information may be stored indefinitely.
HOW INFORMATION IS STORED AND PROCESSED
Your information is stored in databases maintained by the Company or third parties that are located within North America.
You should be aware that when you are on the Site or using our Services, you can be directed to other websites that are beyond our control, and we are not responsible for the privacy practices of third parties or the content of linked websites.
HOW INFORMATION IS PROTECTED
We are committed to protecting your privacy and data. We encrypt sensitive information (e.g. your login credentials, PII) during transmission and storage using industry standards. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you, other involved parties, and any applicable regulator(s) of a breach as soon as reasonably possible, in accordance with applicable laws.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our Services, you can contact us at [email protected].
What are your data protection rights?
Our Company would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
The right to access. You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service if there is more than one request per year.
The right to rectification. You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.
The right to erasure. You have the right to request that our Company erase your personal data, under certain conditions.
The right to restrict processing. You have the right to request that our Company restrict the processing of your personal data, under certain conditions.
THE RIGHT TO OBJECT TO PROCESSING. YOU HAVE THE RIGHT TO OBJECT TO OUR COMPANY’S PROCESSING OF YOUR PERSONAL DATA, UNDER CERTAIN CONDITIONS.
The right to data portability. You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: [email protected] or write to us at Cleo Labs, Inc., 548 Market Street, PMB 46800, San Francisco, California 94104-5401.
If you are a citizen of the European Economic Area, you may also choose to contact our European Union Representative, as per Article 27 of the GDPR:
HYAZINTH Consulting for Tech UG (haftungsbeschränkt), Potsdamer Platz 11, 10785 Berlin (Germany)
If you are a citizen of the United Kingdom, you may also choose to contact our UK Representative, as per Article 27 of the UK GDPR:
Clientside Law Limited, 20-21 Jockey’s Fields, London, England, WC1R 4BW
INFORMATION CHOICES AND CHANGES
Our emails may have an option to “opt-out.” If you choose to do so, you will not receive future promotional emails unless you open a new account or sign up to receive newsletters or emails. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You may send requests about personal information to our Contact Information below or to [email protected]. You can request to change contact choices, opt out of our sharing with others, and update your personal information.
Privacy Shield Notice
As required under the Principles, if we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third party service provider that performs services on Cleo’s behalf, we have certain liability under the Privacy Shield if both (i) the service provider processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Cleo commits to resolve complaints about our collection or use of your personal information. If you are a resident of a European country participating in the Privacy Shield with inquiries or complaints regarding our Privacy Shield practices, you should first contact Cleo by email at [email protected], or by mail at the address listed below in the How to Contact Us section, and we will work with you to resolve your issue.
If you are a resident of a European country participating in the Privacy Shield and have an inquiry or complaint that we have not addressed to your satisfaction, you may seek further assistance, at no cost to you, from the American Arbitration Association (AAA) and the International Centre for Dispute Resolution (ICDR).
In addition to the steps described in Your Choices, above, some residents of European countries participating in the Privacy Shield may have certain legal rights to access or limit the use or disclosure of their personal information. To exercise those rights, these users may contact us at [email protected].
The services of the American Arbitration Association are provided at no cost to you. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel.
Cleo’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Cleo commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human and non-human resources data transferred from the EU.
WE DO NOT KNOWINGLY ENROLL OR COLLECT INFORMATION DIRECTLY FROM CHILDREN UNDER THE AGE OF EIGHTEEN. Children under the age of 18 may not use the Services. We support and comply with the Children’s Online Privacy Protection Act (COPPA) and we do not knowingly collect information from children under the age of 18, nor do we share such information with third parties. This Service and Website is not intended for persons under the age of 18. Cleo does not target its Service or Website to children. Cleo does not knowingly collect personally identifiable information or personal health information from children under the age of 18. If you seek Services for a minor, you will be responsible for providing information related to the minor and for paying for Services requested for the minor.
TELEPHONE CONSUMER PROTECTION ACT
We may provide you with notices, including those related to your enrollment or use of the Services, by SMS, MMS, text message, or other reasonable means now known or hereinafter developed. We will provide notice and request consent to receiving text messages at the point of collection for mobile phone numbers. By providing Cleo with your telephone number, you consent to Cleo sending you text messages regarding your requested Services, such as a reminder about an upcoming appointment or for other non-telemarketing purposes, made by an automatic SMS, MMS, text message management system.
You understand that your cellular or mobile phone provider may not guarantee encryption of SMS messages that are stored on your behalf. By using the Services you accept the risk that some PHI could be intercepted by someone else targeting your SMS communications or seen by individuals who have access to your mobile device.
By providing the telephone number(s) you provide, you represent to Cleo that such telephone number(s) is your contact number and you are permitted to receive communications to that telephone number. You understand that providing a phone number that is not your own may be a violation of law and may expose you to legal penalties.
You understand that you may be subject to charges from your cellular or mobile phone service provider to receive SMS, MMS, and text messages from us, and all such charges will be solely your responsibility. You may opt out of receiving text messages from us at any time by texting “STOP” to an automated text you have received from us; however, you may receive future texts from us for account and identity verification purposes.
HOW TO CONTACT US
NOTICE TO CALIFORNIA RESIDENTS
This privacy notice describes the personal information we collect or process about California residents in connection with the Site or the Services, how we use, share, and protect that personal information, and what your rights are concerning personal information that we collect or process.
In this section, “personal information” has the same meaning as under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.83: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include information that has been de-identified or aggregated or information that is considered “PHI” under HIPAA or medical information protected under California’s Medical Information Act.
Personal Information We Collect and Share, and For What Purpose: In the past 12 months, we have collected and shared personal information from visitors in the following circumstances when they interact with the Site or the Services, as described in detail above:
- Information You Give to Us
- Information We Get From Your Cleo Benefit Sponsor
- Information We Get From Others
- Information Automatically Collected
As described in detail above, we use your personal information for a variety of purposes to operate, assess activity on, and improve the performance of the Site, including the following:
- To provide the Services and personalize your experience
- For research and development
- To communicate with you about the Services
- To market, promote, and drive engagement with the Services
- For Customer support
- For safety and security
- To protect our legitimate business interests and legal rights
Except as described in detail above, we will not share with third parties information about you without your consent.
We do not share your personal information with third parties for third party marketing purposes.
Your Rights as a California Resident: Under California law, users who are California residents have specific rights regarding their personal information. These rights are subject to certain exceptions described below. When required, we will respond to most requests within 45 days unless it is reasonably necessary to extend the response time.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction:
- The categories of personal information we have collected about you in the last 12 months.
- The categories of sources for the personal information we have collected about you in the last 12 months.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- If we disclosed your personal information to a third party for a business purpose, a list of the personal information types that each category of recipient received.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information collected from you and retained, subject to certain exceptions. Upon receiving a verified request to delete your personal information, we will do so unless otherwise authorized by law.
How to Exercise these Rights: You may submit a verifiable consumer request to us for disclosure or deletion of personal information by emailing us. We will respond to verifiable requests for disclosure or deletion of personal information free of charge, within 10 days of receipt.
In order to protect your privacy and the security of your information, we verify consumer requests by matching personal information that you provide with information in our possession, in order to confirm your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney under Probate Code sections 4000-4465 may submit a request on your behalf.
Right to Opt Out of Sale of Your Personal Information: We do not sell your personal information.
Right to Non-Discrimination: You have the right not to be discriminated against for the exercise of your California privacy rights described above.
NOTICE TO RESIDENTS OF THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM
The data controller is Cleo Labs, Inc., 548 Market Street, PMB 46800, San Francisco, California 94104-5401.
Our Legal Representative in the EEA is HYAZINTH Consulting for Tech UG (haftungsbeschränkt), Potsdamer Platz 11, 10785 Berlin, Germany.
Our Legal Representative in the UK is Clientside Law Limited, 20-21 Jockey’s Fields, London, England, WC1R 4BW
Purposes and Legal Basis. When processing your Personal Data, we rely on the EU General Data Protection Regulation in the EEA, and the UK General Data Protection Regulation in the UK (both referred to herein as “GDPR”), a legal framework in the EEA and the UK for the standardization of data protection. Cleo primarily processes data as a controller, for the purposes of providing our Services to you, or to improve our Services and protect our interests as described above in accordance with Article 6 of the GDPR. When we process special categories of personal data, such as data concerning health or sex life or sexual orientation we do so only based on your explicit consent in accordance with Article 9 of the GDPR, and only for the purposes described above. This may include sharing your Personal Data with one of our experts and coaches, upon your request. In addition, we are legally obliged to provide certain information to criminal prosecution or tax authorities in individual cases upon request. In these cases, the legal basis for the processing is either legal requirements or reasons of public interest in accordance with Article 6 of the GDPR.
We are handling certain data on behalf of our customers (your employer or health plan), as described above. In this case Cleo is a data processor and relies on the legal basis of your employer.
Retention Periods. We generally process and store your personal data to the extent necessary to fulfill our legitimate interests, contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as legally required. If data is no longer required to fulfill legal obligations (e.g. under tax or commercial laws), it will be deleted unless further processing is necessary to preserve evidence or defend against legal claims against us. If the processing is based on your explicit consent, we process your personal data to the extent necessary or until you have withdrawn your consent.
Processing Data outside the UK and the EEA. Cleo is a US company with servers in the US and other countries, that are considered “Third Countries” under the GDPR, which do not offer the same level of protection to your personal data as in the EU or the UK. When personal data is transferred outside of the UK or EEA to the US or is processed in the U.S., there is a particular risk that U.S. authorities may gain access to your personal data and you may not be granted effective legal protection against any such access in the U.S.. Cleo may also share your personal data with our employees, partners, contractors, experts or coaches who may be based outside of the UK and/or the EEA, and so their processing of your personal data will involve a transfer of data outside the UK and/or the EEA, and such transfers will rely on adequacy determinations and/or be based on the UK or European Commission’s approved Standard Contractual Clauses.