CeriumCERIUM
Book a demo
Back
Legal document

GDPR — Your Rights

Effective from: June 1, 2026

Cerium respects your privacy. Below is a summary of your rights under GDPR. The full policy is in the Privacy Policy document.

1. Your rights

You have the right to know what data we process about you (art. 15 GDPR).

You have the right to rectification of inaccurate data (art. 16 GDPR).

You have the right to erasure — "right to be forgotten" (art. 17 GDPR).

You have the right to restrict processing (art. 18 GDPR).

You have the right to receive your data in machine-readable format and transfer it to another controller (art. 20 GDPR).

You have the right to object to processing (art. 21 GDPR).

2. Data Protection Officer (DPO)

The controller (IT Maciej Bodnar) has not appointed a Data Protection Officer (DPO). For all personal data protection matters, you can contact the controller directly.

Contact: [email protected].

The DPO answers all GDPR questions and handles user requests.

3. Data transfers outside EEA

Most data is stored in Poland, on our own server infrastructure. Some data is also stored in the EU (Hetzner Online GmbH, Germany). No transfer outside the EEA.

Stripe Inc. (USA) — payments: transferred under Standard Contractual Clauses (SCC) and Data Privacy Framework.

Cloudflare, Inc. (USA) — HTTPS proxy: SCC + DPF.

ZeptoMail (Zoho EU) — email: no transfer outside EEA.

Full processor list in Privacy Policy (section 5).

4. How to file a request

Email [email protected] with your request (e.g., "I'd like a copy of my data", "please delete my account").

Attach identity confirmation (an email from the address linked to your account is sufficient).

We respond within 30 days. In complex cases we may extend to 90 days — we'll notify you.

First request per year is free. Repeated or excessive requests may be subject to an administrative fee.

5. Complaint to the supervisory authority

If you believe processing of your data violates GDPR, you may lodge a complaint with the President of the Polish Personal Data Protection Office:

Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl

We encourage you to contact our DPO first ([email protected]) — we can often resolve issues faster.

6. For schools (data controllers)

If you use Cerium as a school (SaaS client), your school is the controller of student/parent/teacher data, and Cerium acts as a processor.

We sign a Data Processing Agreement (DPA) with you — available in the panel under Settings → Documents.

You as controller are responsible for informing your users about processing and handling their GDPR requests.

BackContact us