Privacy Policy

How we collect, use, and protect your personal data

Last Updated: December 5, 2025

1. Introduction

Welcome to DealCluster.com ("we," "our," or "us"). This Privacy Policy explains how HR Electronics OÜ collects, uses, processes, and protects your personal data when you use our website and services.

Company Name: HR Electronics OÜ

Registry Code: 14412321

Registered Address: Estonia

Email: [email protected]

Business Register: Estonian e-Business Register

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and the ePrivacy Directive.

2. Data Controller

HR Electronics OÜ is the data controller responsible for your personal data. For privacy-related inquiries, please contact us at [email protected].

3. What Data We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when using our services:

Contact Information: Email address when you subscribe to newsletters or contact us
Account Information: If you create an account (username, email, password)
Communication Data: Messages you send through our contact forms
Preference Data: Saved searches, favorite products, and personalized settings

3.2 Information Collected Automatically

When you visit DealCluster.com, we automatically collect:

Technical Data: IP address, browser type and version, device type, operating system
Usage Data: Pages visited, time spent on pages, click patterns, referral sources
Cookie Data: Information collected through cookies and similar technologies (see Cookie Policy)
Location Data: General geographic location based on IP address (country/city level)

3.3 Affiliate and Third-Party Data

As a price comparison and affiliate marketing platform:

Affiliate Tracking: When you click on product links, we may collect affiliate tracking data to attribute purchases
Merchant Data: Information about which merchants you visit through our links
Price Interaction Data: Products you view, compare, or show interest in

3.4 Analytics Data

We use privacy-focused analytics (Umami Analytics) to collect:

Page views and navigation patterns
Aggregated user behavior statistics
Website performance metrics

Note: Our analytics solution does not use personal identifiers and stores data in an anonymized format.

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

4.1 Consent (Article 6(1)(a))

Newsletter subscriptions
Non-essential cookies and tracking
Marketing communications

4.2 Contractual Necessity (Article 6(1)(b))

Providing our price comparison services
Managing your account
Processing your requests

4.3 Legitimate Interests (Article 6(1)(f))

Website security and fraud prevention
Analytics for service improvement
Affiliate commission tracking
Customer support

4.4 Legal Obligations (Article 6(1)(c))

Compliance with accounting and tax laws
Responding to legal requests
Regulatory reporting

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period	Legal Basis
Account Data	Until account deletion + 30 days	Contractual necessity
Analytics Data	12 months (anonymized)	Legitimate interest
Email Communications	Until unsubscribe + 30 days	Consent
Affiliate Transaction Data	36 months	Legal obligation (accounting)
Security Logs	12 months	Legitimate interest

After retention periods expire, we securely delete or anonymize your data.

9. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

9.1 Right of Access (Article 15)

You can request a copy of the personal data we hold about you, including information about processing activities.

9.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

It's no longer necessary for the original purpose
You withdraw consent
You object to processing
It was unlawfully processed
Legal obligations require deletion

9.4 Right to Data Portability (Article 20)

You can receive your personal data in a structured, machine-readable format (JSON, CSV) and transmit it to another controller.

9.5 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.9 Right to Lodge a Complaint

You can file a complaint with your national data protection authority:

Estonia: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Website: https://www.aki.ee/en

Email: [email protected]

10. How to Exercise Your Rights

To exercise any of the rights above, please contact us:

Email: [email protected]

Subject Line: "GDPR Data Subject Request - [Your Right]"

Include in your request:

Your full name and email address
Specific right you wish to exercise
Details of your request
Proof of identity (for security purposes)

We will respond within 30 days of receiving a valid request. Complex requests may take up to 60 days, and we will inform you of any delay.

No Fee: Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. For detailed information, please see our Cookie Policy.

Summary of Cookie Usage:

Essential Cookies (No Consent Required): Session management, security features, user preferences
Analytics Cookies (Consent Required): Umami Analytics (privacy-focused, no personal identifiers)
Affiliate Cookies (Consent Required): Affiliate link tracking, commission attribution

You can manage cookie preferences through our cookie banner or browser settings.

13. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

Encryption: HTTPS/TLS for data in transit
Secure Storage: Encrypted databases
Access Controls: Role-based access
Authentication: Secure password hashing
Monitoring: Security logging

Organizational Measures

Staff Training: Privacy and security training
Data Minimization: Collecting only necessary data
Regular Audits: Security assessments
Incident Response: Breach notification procedures
Vendor Management: GDPR-compliant contracts

Data Breach Notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate within 72 hours and inform affected individuals without undue delay.

12. Children's Privacy

DealCluster.com is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

If we discover that we have collected data from a child under 16, we will:

Delete the data immediately
Terminate any associated account
Notify the appropriate supervisory authority if required

If you believe we have collected data from a child, please contact us immediately at [email protected].

19. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

Changes in our data processing practices
New features or services
Legal or regulatory requirements
Industry best practices

Notification of Changes:

Material changes will be prominently announced on our website
You will be notified by email if you have an account
The "Last Updated" date will be revised
Continued use constitutes acceptance of the updated policy

20. Contact Information

For privacy-related questions, concerns, or requests:

HR Electronics OÜ

Email: [email protected]

Registry Code: 14412321

Business Register: Estonian e-Business Register

Data Protection Contact: [email protected]

Response Time: We aim to respond to all privacy inquiries within 5 business days, with formal GDPR requests within 30 days.

Your privacy matters to us. If you have questions or concerns about how we handle your personal data, please don't hesitate to contact us at [email protected].

Effective Date: December 5, 2025 | Version: 1.0