Privacy Policy

Last updated: 9 June 2026

Template. This is a starting-point privacy policy, not legal advice. Have a qualified data-protection lawyer review and adapt it — replace every [bracketed] placeholder — before you publish or collect data.

CleanDesk (“CleanDesk”, “we”, “us”) helps financial firms build and validate their DORA Register of Information. This policy explains what personal data we process and your rights under the EU General Data Protection Regulation (GDPR).

1. Who we are

The data controller is [Registered company name] Ltd, [registered address], [country]. For any privacy question, contact james9819.54@gmail.com.

2. Information we collect

Account data — name, work email, company, and role, when you request a demo or create an account.
Register data you provide — the ICT-supplier information you upload to build your Register of Information. This may include business contact details of your suppliers.
Usage data — basic, privacy-respecting analytics about how the service is used, to improve it.

3. How and why we use it

We process this data to provide and improve the service, respond to your enquiries, and meet our legal obligations. Our legal bases are the performance of a contract with you, our legitimate interests in operating and improving CleanDesk, and your consent where required (e.g. marketing email).

4. Sub-processors

We use a small number of vetted providers to run the service. Your register data is processed under a data-processing agreement and is never sold. Current sub-processors:

[EU cloud hosting provider] — hosting (EU region)
[Email provider] — transactional and support email
[Analytics provider] — privacy-respecting product analytics

5. International transfers

Your data is hosted in the EU. Where any processing occurs outside the EEA, it is protected by appropriate safeguards such as Standard Contractual Clauses.

6. How long we keep it

We keep account and register data for as long as your account is active, and then for [retention period] unless a longer period is required by law. You can request deletion at any time.

7. Your rights

Under the GDPR you may access, correct, delete, restrict, or port your personal data, and object to certain processing. You can also withdraw consent and lodge a complaint with your supervisory authority (e.g. the [Data Protection Commission, Ireland]). To exercise any right, email james9819.54@gmail.com.

8. Security

Data is encrypted in transit and at rest, access is restricted on a need-to-know basis, and our in-browser validator processes data locally on your device. No method is perfectly secure, but we work to protect your data using appropriate technical and organisational measures.

9. Cookies

We use only essential cookies needed to run the site, plus optional analytics cookies you can decline. We do not use advertising trackers.

10. Children

CleanDesk is a business service and is not directed at anyone under 18.

11. Changes

We may update this policy and will post the new version here with a revised date. Material changes will be notified to account holders.

12. Contact

Questions or requests: james9819.54@gmail.com.