Last updated: 20-05-2026
Effective date: 20-05-2026
This page explains how Klusaro processes personal data in accordance with the General Data Protection Regulation (“GDPR”) and other applicable data protection laws.
Klusaro is committed to protecting personal data and helping businesses use the platform responsibly and lawfully.
1. GDPR Compliance
Klusaro is operated by SIA “A.U. Holding”, located in Latvia, European Union.
We process personal data in accordance with:
- The General Data Protection Regulation (EU) 2016/679 (“GDPR”)
- Applicable Latvian data protection laws
- Other applicable privacy regulations where relevant
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, misuse, disclosure, or loss.
2. Roles Under GDPR
Depending on the situation, Klusaro may act as either:
Data Controller
Klusaro acts as a data controller for data related to:
- User accounts
- Billing information
- Website usage
- Customer support requests
- Marketing communications
- Platform administration
In these situations, Klusaro determines how and why personal data is processed.
Data Processor
Klusaro also acts as a data processor when businesses use the platform to store or process their own customer and operational data.
Examples include:
- Leads
- Contacts
- Booking forms
- Customer requests
- Job information
- Invoices and quotes
- Uploaded documents
- Worker and staff information
- Customer communications
In these cases:
- The workspace owner or business acts as the data controller
- Klusaro processes data on behalf of that business
Businesses using Klusaro are responsible for ensuring they have lawful grounds to process personal data uploaded into the platform.
3. Lawful Bases for Processing
Depending on the context, personal data may be processed based on:
- Contractual necessity
- Legitimate interests
- Legal obligations
- User consent
- Protection against fraud and abuse
Examples include:
- Maintaining platform security
- Providing the Service
- Processing bookings and jobs
- Sending transactional notifications
- Managing subscriptions and billing
- Preventing unauthorized access
4. Data Subject Rights
Under GDPR, individuals may have the right to:
- Access their personal data
- Correct inaccurate data
- Request deletion of data
- Restrict processing
- Object to certain processing activities
- Receive a portable copy of their data
- Withdraw consent where applicable
- Lodge a complaint with a supervisory authority
Requests may be submitted to:
We will respond within the timeframes required by applicable law.
5. Security Measures
Klusaro implements technical and organizational measures designed to protect personal data, including:
- Password encryption
- Access controls and permissions
- Workspace isolation
- Authentication protections
- Secure infrastructure providers
- Monitoring and abuse prevention systems
- Backups and recovery systems
However, no online platform can guarantee absolute security.
6. International Data Transfers
Personal data may be processed or stored in countries outside the user’s country of residence.
Where required, we implement appropriate safeguards for international data transfers.
These safeguards may include:
- Secure hosting and infrastructure arrangements
- Standard contractual clauses
- GDPR-compliant service providers
7. Data Retention
We retain personal data only as long as reasonably necessary for:
- Providing the Service
- Legal compliance
- Security and backup purposes
- Resolving disputes
- Enforcing agreements
Workspace owners are responsible for managing the retention and deletion of customer data stored within their workspaces.
8. Subprocessors
Klusaro may use third-party providers (“subprocessors”) to help operate the Service.
These may include providers related to:
- Hosting infrastructure
- Cloud storage
- Email delivery
- Analytics
- Payment processing
- Security and monitoring
Subprocessors are required to process data according to contractual and legal requirements.
A detailed subprocessor list may be provided upon request.
9. Data Processing Agreements (DPA)
Businesses using Klusaro may request a Data Processing Agreement (“DPA”) where required by law.
The DPA defines:
- Processing responsibilities
- Security obligations
- Confidentiality obligations
- Subprocessor usage
- Data handling procedures
To request a DPA, contact:
10. Cookies & Tracking
Klusaro uses cookies and similar technologies for:
- Authentication
- Security
- Preferences
- Analytics
- Embedded forms and customer portals
For additional information, please review our Cookie Policy.
11. Contact Information
If you have questions about GDPR, data processing, or privacy-related matters, please contact:
Privacy Officer SIA “A.U. Holding” Brivibas street 312-11 Riga, LV-1006 Latvia
Email: info@klusaro.com