Privacy Policy

Last updated: 16 October 2025

This Privacy Policy (the “Policy”) explains how Returna (“Returna”, “we”, “us”, or “our”) collects, uses, and protects information that identifies or can be used to identify an individual (“Personal Data”). By using our services or interacting with Returna, you agree to the practices described in this Policy. If you do not agree, please refrain from using our services.

 

1. Scope and Key Definitions

This Policy applies to everyone who uses Returna’s online platform (the “Product”) available at domains such as app.returna.com or portal.returna.com; visits our public website at returna.com (the “Website”); or otherwise interacts with Returna in connection with our services. Together, these are referred to as the “Services,” and anyone using them as a “User.”

Users who access the Product as part of a customer organization are referred to as “Subscribers.” Each customer organization that contracts with Returna is a “Customer.” The agreement between Returna and a Customer (such as a service agreement or data processing agreement) is referred to as the “Customer Agreement.”

Returna’s Product may integrate with third-party platforms like Certus Software, DHL, or ServiceNow (collectively “Third-Party Services”). These integrations allow Customers to make certain data (for example, shipment details or erasure certificates) available inside their Returna account (“Customer Data”).

For such Customer Data, the Customer is the data controller, and Returna acts as a processor. This Policy does not govern the Customer’s handling of Customer Data—Subscribers should direct questions about that data to their organization. This Policy also does not apply to Third-Party Services themselves, which operate under their own privacy policies.

 

2. Who Controls Your Data

Unless otherwise stated in a Customer Agreement, Returna is the data controller responsible for the processing of Personal Data described in this Policy.

For any questions, please contact: [email protected]

 

3. Data We Collect and Why

(a) Information about Customers and Subscribers
We collect and process:

  • Account and contact information: name, email, role, and organization.

  • Contract details: information about Customer Agreements, service usage, and billing data.

  • Usage metadata: logs of actions taken in the Product, such as searches, feature usage, and timestamps.

  • Customer communication: feedback, support requests, and meeting records.

(b) Information about All Website Visitors and Users

  • Log data: IP address, browser type, access time, and configuration settings.

  • Device information: type, operating system, identifiers, and crash reports.

  • Marketing data: information from emails, forms, meetings, and social media.

  • Cookies and tracking data: used to understand and improve how our Website and Product are used.

(c) Information about Prospects and Other Contacts
Returna may process limited Personal Data about “Persons of Interest” (such as potential customers), including name, company, title, and email address. This data may come from public sources, referrals, or reputable providers of business contact information.

 

4. How and Why We Use Personal Data

We process Personal Data only when we have a lawful basis under the EU General Data Protection Regulation (GDPR). Our primary purposes are:

  1. To provide and manage our Services
    Delivering access to the Product and supporting Customers during their relationship with Returna. Maintaining security, functionality, and account management. This processing is necessary to perform our contractual obligations.

  2. For marketing and communication
    Sharing updates, invitations, and relevant information about our Services. Our legal basis is legitimate interest, but individuals can object or unsubscribe at any time by emailing [email protected].

  3. To develop and secure our Services
    Improving performance and reliability, analyzing usage patterns, and preventing misuse. Based on our legitimate interest in maintaining and enhancing our platform.

We do not use Personal Data to train generalized AI or machine learning models.

 

5. Sharing and Transfers of Personal Data

We may share Personal Data only when:

  • Required by law or governmental authorities.

  • Necessary for trusted service providers (e.g., hosting, billing, legal, or IT security). Such partners act either as processors bound by our instructions or as independent controllers (e.g., accountants).

  • Returna is involved in a merger, acquisition, or asset transfer.

  • We believe disclosure is necessary to protect Returna’s rights, safety, or property.

All Personal Data is stored within the European Economic Area (EEA) on secure servers hosted by providers such as Google Cloud and Amazon Web Services. If data must be transferred outside the EEA, Returna applies appropriate legal safeguards such as EU Standard Contractual Clauses.

 

6. Data Retention

We keep Personal Data only as long as necessary for the purposes described:

  • During the active Customer Relationship and for a short grace period after termination to handle billing and support.

  • Certain information (e.g., accounting records) may be retained longer to comply with legal obligations.

  • Marketing data is typically deleted two years after the last contact or upon request to unsubscribe.

 

7. Your Rights

You have the following rights regarding your Personal Data:

  • Access – request a copy of the data we hold about you.

  • Correction or deletion – ask us to update or erase inaccurate data.

  • Restriction or objection – limit or stop certain processing based on legitimate interest or marketing purposes.

  • Withdrawal of consent – where processing is based on consent, you can withdraw it at any time.

  • Data portability – receive your data in a machine-readable format.

Requests can be made at [email protected]. If you believe we have mishandled your Personal Data, you may lodge a complaint with your national data protection authority in the EU/EEA.

 

8. Security

We use appropriate technical and organizational measures—including encryption, access control, and network monitoring—to protect Personal Data from loss, misuse, or unauthorized disclosure. However, no system is completely secure, and Returna cannot guarantee absolute protection.

 

9. Cookies and Similar Technologies

Cookies are small files placed on your device that help us recognize your browser and improve your experience. We use:

  • Session cookies (deleted when you close your browser), and

  • Persistent cookies (stored for up to 2 years unless deleted sooner).

Cookies may be placed by Returna (first-party) or by analytics and marketing providers such as Google Analytics, LinkedIn, or Meta (third-party cookies).

You can withdraw consent or disable cookies anytime by adjusting browser settings or contacting us at [email protected]. Some features may not function properly without cookies.

 

10. Updates to This Policy

We may update this Policy periodically to reflect legal or operational changes. When changes occur, we will update the “Last updated” date and notify Users through appropriate channels.

Contact Us
If you have any questions or concerns about this Policy or your data, please contact: [email protected]