Privacy Policy

1. Introduction

This Privacy Policy describes how Marotino and its affiliated entities ("Marotino," "we," "us," or "our") collect, use, disclose, and protect your personal information when you visit our website at marotino.com (the "Website") or interact with our services. Marotino operates through two legal entities to serve customers worldwide:

This Privacy Policy applies to all personal data processed through our Website, including data collected via contact forms, cookies, and automated technologies. By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Website.

2. Data Controller

The entity responsible for processing your personal data depends on your geographic location:

• Marotino CY LTD is the data controller for visitors located in the European Union, European Economic Area, the United Kingdom, Switzerland, and the Middle East. Marotino CY LTD is established in Cyprus and operates in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable local data protection laws.
• Marotino INC is the data controller for visitors located in the Americas (including the United States, Canada, and Latin America) and the Asia-Pacific region. Marotino INC complies with the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act ("CPRA"), and other applicable privacy legislation.

If you are unsure which entity is your data controller, or if you have questions about jurisdiction, please contact us at hello@marotino.com.

3. Information We Collect

3.1 Personal Data You Provide

We collect personal information that you voluntarily provide to us when you interact with our Website, including:

• Contact information: your name, email address, phone number, and company name when you submit a contact form or request a demo.
• Communication content: the subject and body of messages you send through our contact form or via email.
• Professional information: your job title, company size, and industry, if provided.

3.2 Usage Data Collected Automatically

When you visit our Website, we automatically collect certain technical information, including:

• Device information: your IP address, browser type and version, operating system, device type, and screen resolution.
• Browsing data: pages visited, time spent on pages, referring URL, click patterns, and navigation paths.
• Location data: approximate geographic location derived from your IP address (country and city level only).
• Connection data: internet service provider, connection speed, and access timestamps.

3.3 Cookies and Similar Technologies

Our Website uses cookies and similar technologies to enhance your experience. We use the following cookies:

• maro_locale (functional cookie) — stores your preferred language and locale setting. This cookie is strictly necessary for the Website to function correctly and does not require consent. Duration: 1 year.
• cc_cookie (functional cookie) — records your cookie consent preferences as selected in our cookie consent banner. This cookie is strictly necessary for managing consent and does not require consent itself. Duration: 1 year.

Analytics and marketing cookies are only deployed after you provide explicit consent through our cookie consent banner. You may modify your cookie preferences at any time by clicking the cookie settings link in our website footer.

4. How We Use Your Information

We process your personal data for the following purposes:

• Responding to inquiries: to reply to your contact form submissions, demo requests, and customer support questions.
• Providing our services: to deliver the products and services you have requested or that are necessary to fulfill our contractual obligations.
• Website improvement: to analyze usage patterns and optimize our Website's performance, functionality, and user experience.
• Analytics: to understand how visitors interact with our Website, measure the effectiveness of our content, and identify areas for improvement. Analytics data is processed only with your explicit consent where required by applicable law.
• Security and fraud prevention: to detect, prevent, and respond to security incidents, fraud, and other malicious activity.
• Legal compliance: to comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Communication: to send you service-related notices, updates about changes to our terms or policies, and, where you have opted in, marketing communications about our products and services.

5. Legal Bases for Processing (GDPR)

For visitors in the EU, EEA, UK, and other jurisdictions where GDPR or equivalent legislation applies, we rely on the following legal bases to process your personal data:

• Consent (Article 6(1)(a) GDPR): where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving marketing communications or enabling analytics cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Contractual necessity (Article 6(1)(b) GDPR): where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request.
• Legitimate interest (Article 6(1)(f) GDPR): where processing is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms.
• Legal obligation (Article 6(1)(c) GDPR): where processing is necessary to comply with a legal obligation to which we are subject.

6. Cookies and Tracking Technologies

When you first visit our Website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. Your preferences are stored in the cc_cookie cookie and are respected throughout your session and on subsequent visits.

We categorize cookies as follows:

• Strictly necessary cookies: these cookies are essential for the Website to function and cannot be switched off. They include maro_locale (language preference) and cc_cookie (consent record).
• Analytics cookies: these cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously. Analytics cookies are only set after you provide explicit consent.
• Marketing cookies: these cookies may be used to deliver relevant advertisements and track campaign performance. Marketing cookies are only set after you provide explicit consent.

You can also control cookies through your browser settings. Please note that disabling certain cookies may impact the functionality of our Website.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your personal information in the following limited circumstances:

• Hosting provider: our Website is hosted on enterprise-grade cloud infrastructure. Our hosting provider processes data on our behalf as a data processor.
• Service providers: we may engage trusted third-party service providers to assist with analytics, email delivery, customer relationship management, and other business functions. All service providers are bound by Data Processing Agreements ("DPAs").
• Legal requirements: we may disclose your information if required to do so by law, regulation, legal process, or governmental request.
• Business transfers: in the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

8. International Data Transfers

As Marotino operates globally, your personal data may be transferred to and processed in countries other than the country in which you reside. When we transfer personal data from the EU/EEA/UK to countries that have not received an adequacy decision from the European Commission, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law:

• Contact form submissions: retained for a maximum of 2 years from the date of submission.
• Cookie data: retained according to the expiry period of each cookie. Functional cookies expire after 1 year.
• Server logs: automatically purged after 90 days.
• Contractual records: retained for the duration of the business relationship plus an additional period as required by applicable tax and commercial laws (typically 5 to 7 years).

10. Your Rights

10.1 Rights Under the GDPR (EU/EEA/UK Residents)

If you are located in the EU, EEA, or UK, you have the following rights under the GDPR: right of access, right to rectification, right to erasure, right to data portability, right to restriction of processing, right to object, right to withdraw consent, and right to lodge a complaint with a supervisory authority.

10.2 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA: right to know, right to delete, right to opt-out of sale or sharing, right to correct, and right to non-discrimination.

10.3 Exercising Your Rights

To exercise any of the rights described above, please submit a request by emailing hello@marotino.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA/CPRA).

11. Children's Privacy

Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us at hello@marotino.com.

12. Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security measures include TLS encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication, regular security audits, and an incident response plan.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and provide appropriate notice. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the details below:

Data Protection Officer (DPO): for all privacy-related inquiries, data subject requests, or complaints, you may reach our Data Protection Officer directly at hello@marotino.com. We aim to respond to all inquiries within 5 business days.