This Privacy Policy explains how Clonbru ("we", "us", "our") collects, uses, stores and protects your personal data when you visit clonbru.ie or engage with our services. We are fully committed to compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988–2018.
1. Who We Are
Clonbru is a digital marketing agency based in Dublin, Ireland, founded by Felipe Gomes. We specialise in Google Business Profile Optimisation, Local SEO, Google Ads management, and website creation for local businesses across Ireland.
For the purposes of GDPR, Clonbru is the Data Controller of the personal information you provide to us.
2. Data We Collect
We only collect data that is necessary to provide our services and communicate with you effectively. The categories of personal data we may collect include:
2.1 Data You Provide Directly
- Contact details: your name, email address, phone number and business name when you submit our contact or audit request form.
- Business information: your website URL, Google Business Profile details, location and any other information you voluntarily share when requesting a consultation or audit.
- Communications: the content of emails, messages or other correspondence you send to us.
2.2 Data Collected Automatically
- Usage data: pages visited, time on site, referring URLs, and general interaction patterns.
- Device and technical data: browser type, operating system, screen resolution, and IP address (anonymised where possible).
- Cookie data: see Section 5 for full details on our cookie usage.
We do not collect sensitive personal data (as defined under GDPR Article 9) such as health data, religious beliefs, or political opinions.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Respond to enquiries and audit requests | Name, email, business info | Legitimate interest / Contract |
| Deliver agreed services | Name, email, business data | Contract performance |
| Send service updates or proposals | Name, email | Legitimate interest |
| Improve website performance and UX | Usage and device data | Legitimate interest |
| Comply with legal obligations | Any relevant data | Legal obligation |
| Marketing communications (with consent) | Name, email | Consent |
We will never sell your personal data to third parties, and we will never use it for purposes incompatible with those listed above.
4. Legal Basis for Processing
Under GDPR, we rely on the following legal bases to process your personal data:
- Consent (Art. 6(1)(a)): where you have given clear consent, for example opting in to receive marketing emails.
- Contract performance (Art. 6(1)(b)): where processing is necessary to fulfil a contract or take pre-contractual steps at your request.
- Legal obligation (Art. 6(1)(c)): where we are required to process data to comply with Irish or EU law.
- Legitimate interests (Art. 6(1)(f)): where we have a legitimate business interest that does not override your rights — such as improving our services and responding to enquiries.
5. Cookies
Our website uses cookies to enhance your experience and help us understand how visitors use the site. A cookie is a small text file stored on your device by your browser.
5.1 Types of Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Core website functionality. Cannot be disabled. | Session |
| Analytics | Understand traffic patterns (e.g. Google Analytics, anonymised). | Up to 2 years |
| Preference | Remember your settings and choices. | Up to 1 year |
You can manage or withdraw cookie consent at any time through your browser settings. Disabling certain cookies may affect some website functionality. For more information on managing cookies visit aboutcookies.org.
6. Data Sharing & Third Parties
We do not sell, trade, or rent your personal data. We may share data only in the following limited circumstances:
- Service providers: trusted third parties who assist in running our business (e.g. web hosting, email delivery, analytics). These parties are contractually bound to process data only on our instructions.
- Google services: we use Google Analytics and Google Ads. Data collected through these services is governed by Google's Privacy Policy.
- Legal requirements: if required by law, court order, or government authority, we may disclose your information.
- Business transfer: in the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify you before data becomes subject to a different privacy policy.
All third-party processors are EU/EEA-based or operate under appropriate Standard Contractual Clauses (SCCs) where data is transferred outside the EEA.
7. Data Retention
We keep your personal data only for as long as necessary for the purpose it was collected, or as required by law.
- Enquiry and contact form data: retained for up to 24 months from the date of last contact.
- Client project data: retained for the duration of the engagement plus 7 years for legal and accounting purposes.
- Analytics data: retained in anonymised form for up to 26 months.
- Marketing consent records: retained for 3 years or until consent is withdrawn.
When data is no longer required, it is securely deleted or anonymised.
8. Your Rights Under GDPR
Under the GDPR and Irish Data Protection Act 2018, you have the following rights regarding your personal data:
- Right of access (Art. 15): request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): request deletion of your data where there is no compelling reason for us to keep it ("right to be forgotten").
- Right to restrict processing (Art. 18): request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): receive your data in a machine-readable format and transfer it to another controller.
- Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@clonbru.com. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (DPC) Ireland at any time.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- HTTPS/SSL encryption across our entire website.
- Restricted access to personal data on a need-to-know basis.
- Regular review and updating of our security practices.
- Use of reputable, security-audited third-party services.
While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the DPC as required under GDPR.
10. Third-Party Links
Our website may contain links to third-party websites, tools, or services (such as Google, LinkedIn, or client websites). These external sites operate under their own privacy policies. We have no control over and accept no responsibility for the content or privacy practices of any third-party site. We encourage you to review the privacy policy of any site you visit.
11. Children's Privacy
Our website and services are directed exclusively at business owners and professionals aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@clonbru.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this page periodically. Your continued use of our website following any changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please do not hesitate to get in touch: