PERSONAL DATA PROTECTION POLICY
All information contained in this policy is related to and valid in relation to your activity on the “Link” application, hereinafter referred to as the “Link” or the application.
We inform you that the personal data you make available to us are to be processed. In this regard, please read this document to ensure that the data you choose to provide to us is secure and to be informed about how it will be collected, used and protected.
1. Information about the owner of the “Link” application
The “Link” application is owned by the company MOCAPP DIGITAL SRL (hereinafter referred to as the company), with its registered office in str. Paris 2A, Tamași, Corbeanca, Ilfov county, Romania, registered at the Trade Registry Office under no. J23/1076/2018, having CUI RO 39007349, email firstname.lastname@example.org.
2. Personal data processed
In order to make it possible to create the account and use the application, we inform you that we need you to communicate your e-mail address, which represents personal data according to the legislation in force, in the situation where it contains your name, surname or any other element by which you could be identified.
When you download or use the application, we automatically collect certain information about your device, such as information about your browser, IP address, time zone and some cookies installed on your device.
In order to benefit from the services offered by us through the “Link” application, it is necessary to communicate the following personal data of your company’s customers: name, surname, email address, city and country where they live. This data will be collected directly by us from your existing database on the Shopify Platform or provided to us by you, as applicable.
We use Google Analytics to help us understand how our customers use the app, you can read more about how Google uses your personal information here: https://www.google.com/intl/ro/policies/privacy/. You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We do not collect or process sensitive data, defined as such by the GDPR.
We do not wish to collect or process data of minors under the age of 18. Please do not create an account in the application and do not provide us with any information if you are under 18 years of age. We will immediately delete any account that we discover was created by a minor.
3. Quality of Data Operator
The Quality of Data Operator with regard to the personal data processed pursuant to this Policy rests with the MOCAPP DIGITAL SRL Company or your Company, depending on the category of personal data processed, as follows:
The company MOCAPP DIGITAL SRL holds the status of personal data operator for your personal data, which you provide us directly to create the account in the application or which we collect automatically from your device following the use of the application.
Specifically, the MOCAPP DIGITAL SRL Company holds the status of personal data operator exclusively for the following data: your e-mail address (if it contains elements by which you can be identified) and information about your browser, IP address, time zone and some cookies installed on your device
Your company holds the status of personal data operator for the personal data of your customers that you provide us, respectively: name, surname, email address, city and country where they live. We inform you that with regard to these data, the MOCAPP DIGITAL SRL Company only has the capacity of authorized person.
By accepting this Policy, you expressly declare that you have the right to provide us with the personal data of your customers and that you assume full responsibility towards the persons concerned and towards the authorities regarding the processing of this data. Your company will be directly liable for any damages suffered by the MOCAPP DIGITAL SRL Company as a result of the unauthorized processing of this data, and you undertake to fully and immediately repair the said damages. In this sense, your Company will indemnify the MOCAPP DIGITAL SRL Company in full against any direct or indirect material or moral damage, image damage, loss of benefits or profit, including legal expenses and attorneys’ fees or sanctions imposed by any competent authority, as a result of the unauthorized provision of the personal data of your customers and any consequences of the use of this data by the MOCAPP DIGITAL SRL Company.
4. Purpose of processing
Prewe process the data regarding which we have the capacity of Data Controller for the following purposes:
• we make it possible to create the Customer account in the application and its operation
• providing support for registration in the application and facilitating its use
• providing answers to complaints placed
• evaluation of the services offered in the application
• administrative, media and similar purposes,
• communicating offers of goods and/or services.
We process the data regarding which we hold the status of Authorized Person for the purpose of providing the services we offer through the application, therefore for the purpose of executing the Contract between the MOCAPP DIGITAL SRL Company and your Company. We inform you that you have the possibility to communicate to us any instructions for the processing of this data.
5. Basis of processing
We have the right to process the data we hold as an Operator for the purposes outlined above:
• because data processing is necessary to enable the creation of the account, the operation of the application, the access to the services offered and the provision of answers to the complaints placed, if applicable,
• because you have given your express consent in this regard by ticking the relevant boxes,
but also because
• the processing of personal data pursues the legitimate purpose of the Operator to ensure the organization of the necessary framework for carrying out its activity, by building conventional direct marketing policies and other forms of marketing or advertising.
Regarding the basis of data processing for which we have the status of Authorized Person, we inform you that this is that of providing the services offered through the Application.
If the data processing is not necessary for the conclusion and performance of our legal relationships and does not pursue a legitimate purpose, we will not process personal data for any of the above purposes unless we have your consent to do so.
6. Duration of storage and processing of personal data
We will process personal data for the period necessary to fulfill the purposes for which the data were collected and in any case for the period imposed by the applicable legal regulations.
We aim to periodically review and update our database so that we do not store data that is no longer necessary for the purposes for which it was collected.
If you decide to stop using the application, you can ask us to either delete the data or return it to you. However, if we are required by law to retain some or all of the data, we will not be able to comply with your request. Also, if the personal data you provide to us in your capacity . of the Operator, are owned by the MOCAPP DIGITAL SRL Company from sources other than your Company, we reserve the right to keep said data.
7. Data Security Measures
The company ensures the appropriate technical and legal measures to ensure an effective protection of personal data processed under this Policy.
We are committed to keeping your personal data secure and take reasonable steps to do so, including against unauthorized access, unauthorized use of data, destruction, loss or alteration.
We systematically train our employees on the importance of protecting personal data, we have established internal procedures in this regard and, in addition, we make every effort to ensure that our partners also manage appropriate measures for the processing of personal data that may reach them within our contractual relationships.
We also undertake to notify you within a reasonable time of any security incident. In such a situation, we will take all measures and take the necessary actions to remedy or mitigate the effects of the security incident.
8. Transmission of data to other persons
It is possible to transmit the personal data you provide to us to affiliated companies and/or to other partners and collaborators with whom we have established contractual relationships in order to carry out our activities and fulfill our legal obligations, such as: IT service providers , accounting services, legal services, marketing services, courier services, internet and mobile phone services, payment processors who are authorized by us to mediate payments, specialists in the field of activity in which we operate, on who we contract to provide you with the best possible quality of our services and other such providers.
We may also transmit some of the personal data collected to the competent authorities or public institutions, when the law requires this or to the courts ofwhen we defend ourselves in court or when we are asked to do so by the court.
Prior to any transmission of data, we will ensure that our suppliers offer sufficient guarantees to implement appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR and ensures the protection of the rights of data subjects.
Transfer of personal data outside the country
In the context of the operations described above, the data provided may be transferred outside the country to countries in the European Union (“EU”) or the European Economic Area (“EEA”).
Thus, we inform you that any transfer made by the Operator to an EU or EEA member state will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR”).
The personal data mentioned in this Policy are not transferred to countries that do not provide adequate protection with regard to the processing of personal data.
9. Rights you have in relation to the personal data you provide to us
We are committed to ensuring the security of personal data by adopting appropriate technical and organizational measures, according to industry standards, the Application being aligned with GDPR requirements.
Regarding the data processed as an Operator, we ensure and respect your rights established by the legislation in force, respectively:
The right to information – you can request information and details regarding personal data processing activities. We are at your disposal at 2A Paris Street, Tamasi, Ilfov, Romania, by email at email@example.com
We are committed to ensuring your right to receive clear, transparent, easy-to-understand and accessible information about how we process your data, including details of the rights you have in this regard, which are also presented in this document.
The right to rectification – if you find that your personal data that we process are incorrect, incomplete, inaccurate, you can rectify or complete them by a simple request for rectification sent to the email address firstname.lastname@example.org.
The right to data deletion (“the right to be forgotten”) – you can obtain the deletion of data, if their processing was not legal or in other cases provided by law. Data deletion may occur in any of the following situations:
a) we no longer need the personal data to fulfill any of the purposes for which we previously processed them;
b) you withdraw your consent on the basis of which we previously processed your data and there is no other legal basis on which we can base future processing;
c) you object to data processing when we process data for direct marketing purposes (including profiling for direct marketing purposes);
d) you object to data processing based on our legitimate interest and we cannot demonstrate that we have legitimate reasons that justify the processing and that prevail over your interests, rights and freedoms;
e) personal data are processed contrary to the law;
f) personal data must be deleted to comply with our legal obligations;
We may refuse your data deletion request if:
(a) we must comply with legal obligations to retain data;
(b) the data is necessary for us to establish, exercise or defend our legal rights.
The right to restriction of processing – you can request the restriction of processing in cases where:
a) dispute the accuracy of the data for a period that allows us to verify the correctness of the data;
b) the processing is illegal, but you object to the deletion of personal data, requesting the restriction instead;
c) if the Operator no longer needs the personal data for the purpose of processing, but you request them from us for the establishment, exercise or defense of a right in court or before arbitration bodies;
d) if you have objected to the processing, for the period of time in which it is checked whether our legitimate rights prevail over your rights.
The right to object – you can object, in particular, to data processing based on our legitimate interest.
The right to data portability – you can, under certain conditions, receive the personal data you have provided to us in a machine-readable format or request that said data be transmitted to another operator.
The right to file a complaint – you can file a complaint against the manner of personal data processing with the National Authority for the Supervision of Personal Data Processing (ANSPDCP).
Contact details and information related to ANSPDCP can be found on the website http://www.dataprotection.ro/.
The right to withdraw consent – in cases where processingit is based on your consent, you can withdraw it at any time without affecting the active campaigns in which you are involved and for which the consent is valid.
The withdrawal of consent will only have effects for the future, the processing carried out prior to the withdrawal still remaining valid.
The right not to be subject to automated decisions or additional profiling related to automated decisions: you can ask for and obtain human intervention regarding that processing or you can express your own point of view regarding this type of processing.
You can exercise these rights, either individually or cumulatively, very easily, by simply sending a request to: 2A Paris Street, Tamasi, Ilfov, Romania, by email to email@example.com
In relation to the data we process as a Data Controller, we will provide you with reasonable and timely assistance to enable you to respond to: (i) any request from a data subject to exercise their rights under the Legislation on data protection (including rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, inquiries or complaints received from the data subject, regulatory authority or other third party in relation to data processing. If any such request, correspondence, inquiry or complaint is addressed to us directly, we will promptly notify you with full details thereof, unless there is a legal impediment to this
We will also notify you without delay if a Supervisory Authority contacts us directly regarding the data processing activities of which you are the Controller.
10. Contact details of the Data Protection Officer
11. Final Provisions
This document is governed by Romanian law. Any dispute arising in connection with this document will be tried to be resolved amicably, and in case of failure, the disputes will be submitted for resolution to the competent courts in Bucharest, Romania.