Legal

Privacy Policy

Last updated: March 19, 2026. This policy describes how personal data is processed when using the Complert.io website and platform.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is the legal entity listed in the Legal Notice. Contact details are available at /legal-notice.

2. General Information on Data Processing

Personal data is processed only insofar as necessary to provide services, operate the website, and fulfill contractual obligations. Processing is performed in accordance with the GDPR and applicable national data protection laws.

3. Categories of Data Processing

3.1 Data Processed as Controller

When using Complert.io directly, we may process:

  • account data (name, email address, login credentials)
  • billing and subscription data
  • communication data (support requests, emails)
  • technical data (IP address, device information, log files)

This processing supports platform provision, contract performance, security, and support communication.

Legal basis: Article 6(1)(b) GDPR (contract performance) and Article 6(1)(f) GDPR (legitimate interests in secure and stable operation).

3.2 Data Processed on Behalf of Customers (Processor Role)

Customers may process personal data in the platform, including participant records, training/certification data, inspection data, and operational documents.

In these scenarios, the customer is the controller and Complert.io acts as processor, processing data only on documented customer instructions. Details are governed by a Data Processing Agreement (DPA).

4. No Responsibility for Customer Data

Complert.io does not:

  • verify the accuracy of customer-provided data
  • determine legal bases for customer processing
  • assess customer compliance with regulatory requirements

Customers are solely responsible for legality of processing, data correctness, and fulfillment of data subject rights.

5. Hosting and Infrastructure

The Service is hosted through external infrastructure providers. Data may be processed within the EU/EEA and, where applicable, in third countries. Appropriate safeguards (including Standard Contractual Clauses) are used where required.

6. Log Files and System Security

Technical data such as IP addresses, timestamps, accessed resources, and system events is collected for:

  • security monitoring
  • error analysis
  • abuse prevention

Legal basis: Article 6(1)(f) GDPR (legitimate interest in system security).

7. Cookies and Tracking

Only technically necessary cookies are used unless explicitly stated otherwise. These support authentication, session handling, and security. No tracking or marketing cookies are used unless explicitly implemented and consented to.

8. Communication

When contacting us via email or support channels, contact details and message content are processed to handle inquiries and provide support.

Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

9. Data Retention

Personal data is retained only as long as required for the relevant purpose, subject to contractual and statutory retention duties. Customer data in the platform is retained according to customer instructions and deleted after termination within a reasonable period unless legal obligations require otherwise.

10. Data Subject Rights

Data subjects may exercise rights under GDPR, including access, rectification, erasure, restriction, portability, and objection.

Requests related to data processed on behalf of customers must be directed to the relevant customer as controller.

11. Security Measures

Appropriate technical and organizational measures (TOMs) are implemented, including access control, encryption where appropriate, system monitoring, and role-based access management.

No technical system can guarantee absolute security.

12. Subprocessors

Subprocessors may be engaged for parts of the Service (for example hosting or email delivery). Subprocessors are contractually bound to data protection obligations. A current subprocessor list is available upon request or through the DPA.

13. No Automated Decision-Making

Complert.io does not conduct automated decision-making within the meaning of Article 22 GDPR.

14. Changes to this Privacy Policy

This Privacy Policy may be updated to reflect legal or operational changes. The current version is always available on this website.

15. Supervisory Authority

Data subjects have the right to lodge a complaint with a supervisory authority. Competence depends on the controller's registered office.