PERSONAL DATA PROCESSING POLICY

The Personal Data Processing Policy describes the categories of personal data that we process, the methods and purposes for which we collect them, the situations in which we transfer personal data, as well as the rights and options available to you in this regard.

Processing is necessary both for complying with legal obligations and for concluding or performing contractual relationships. Processing is carried out based on your consent, through secure storage in a protected environment.

The data controller in relation to your personal data is COLLECT DIGITAL S.R.L., registered with the Trade Register under no. J2024045031005, having the unique registration code 50955365, hereinafter referred to as "the Controller."

The Controller complies with the legal provisions regarding personal data protection and implements technical and organizational measures to safeguard all operations that directly or indirectly involve personal data, preventing unauthorized or unlawful processing, as well as accidental or unlawful loss or destruction.

1. DEFINITIONS:

"ANSPDCP" means the National Supervisory Authority for the Processing of Personal Data;
"personal data" means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
"processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"restriction of processing" means the marking of stored personal data with the aim of limiting their future processing;
"controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for its designation may be provided for in Union or national law;
"processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"data subject" means any person who is the subject of personal data;
"recipient" means the natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be communicated in the context of a specific investigation in accordance with Union or national law shall not be considered recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules, in accordance with the purposes of the processing;
"consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear action, signifies agreement to personal data relating to him or her being processed.

2. CATEGORIES OF PERSONAL DATA PROCESSED

The personal data processed may include:

contact information, such as name, postal address, home address, telephone number, e-mail address, IP address, identity card series and number, Personal Numeric Code, date of birth/age;
additional information processed as a result of the contractual relationship or communicated voluntarily, such as instructions given, payments made, any other information regarding preferences or accessing offers;
data resulting from browsing the website collected through cookies and similar technologies, according to the Cookie Policy.

Information collected automatically about you:

information about the web browser you use;
operating system;
information about the mobile phone or tablet used (e.g. brand, model, operating system, etc.);
IP address;
content viewed;
geographical location;
date of visit and duration;
source from which you visited us (another site, application, service);

3. WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT IS THE BASIS FOR COLLECTION

It is necessary for us to collect your personal data in order to comply with legal and contractual provisions. In accordance with Regulation 679/2016 on data protection, we have identified the legal grounds on which we process your personal information.

Therefore, the refusal to provide personal data correctly and completely for the aforementioned purposes may prevent us from properly fulfilling our contractual or legal obligations and may result in the impossibility of contracting the services offered by you, the cessation or restriction of the services, as the case may be.

The personal data provided by you will be processed by the Operator, as appropriate, on the basis of:

The explicit consent of the data subject.
The necessity to execute the contract;
The necessity to fulfill a legal obligation;
Legitimate interests regarding the performance of professional activity in good faith, in accordance with the applicable legal standards and regulations regarding the quality assurance of the services provided;

Your personal data is collected for:

To provide services for your benefit.

This general purpose may include, as appropriate, the following:

providing services specific to the website https://collect-digital.com;
managing and administering the contractual relationship with our customers;
complying with legal obligations;
managing security and access to our premises, managing the use of IT systems, such as the website, data management platforms, communication systems used, including the prevention and detection of security threats, fraud or other unauthorized actions;
for the purpose of complying with court decisions and exercising and/or defending our rights and interests;
updating and improving our services and communications to you;
for any purpose related and/or ancillary to any of the above, or for any other purpose for which your personal data has been provided to us, in compliance with applicable law.
For marketing

We want to keep you informed about the products/services that interest you. In this regard, we may send you emails containing general and thematic information, information regarding certain offers or campaigns that we develop.

We always base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by unsubscribing.

In certain situations, we may base our marketing activities on our legitimate interest to develop our commercial activity. You can ask us at any time to stop the processing of your personal data for marketing purposes, and we will follow up on your request.

Personal data may be processed for marketing purposes if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Thus, if you have subscribed to the Newsletter section, you consent to your personal data being used for the purpose of sending you marketing messages, offers, news, future campaigns, etc. However, you can unsubscribe at any time via the link attached to the communications received.

To protect our legitimate interests

To protect our rights and business we take technical and organizational measures including:

Measures to protect the website from cyber attacks.
Measures to manage various other risks.

The general basis for these types of processing is our legitimate interest in defending our business.

4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

The processing of personal data will cease when it is no longer reasonably necessary for the purposes permitted by law or when you withdraw your consent and there are no longer legitimate grounds to justify the further processing and to the extent that it is no longer necessary for the establishment, exercise or defence of legal claims.

If any of the personal data you have provided to us changes or if we hold any incorrect personal data, please contact us at contact@collect-digital.com

We will not be liable for any loss arising from incorrect, unauthentic, insufficient or incomplete personal data that you provide.

5. DISCLOSURE OF YOUR PERSONAL DATA

Depending on the consent given, we may transmit or provide access to certain of your personal data to the following categories of recipients:

payment/banking service providers;
IT service providers;
marketing service providers;
data subjects/legal representatives of data subjects;
employees/collaborators;
lawyers/advisors;
contractual partners;
other central and local institutions/authorities;
courts of law for the purpose of filing claims and representing you in court;
criminal investigation bodies;
any other person to whom the data subject has authorized the disclosure of their personal data.

We ensure that access to your data/by third parties under private law is carried out in accordance with the legal provisions regarding data protection and confidentiality of information.

We will not disclose, distribute your personal data without obtaining your consent and permission. Under no circumstances will we sell your personal data.

We currently store and process your personal data on the territory of Romania.

6. RIGHTS OF THE DATA SUBJECT

Right to information means the right of the data subject to be informed, among other things, about what data is being processed, why, for what purposes, to whom it is being transmitted and what rights you have.
Right to access means the right of the data subject to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed and, if so, access to those data and information on how the data are being processed.
Right to data portability refers to the right to receive personal data in a structured, commonly used and machine-readable format and to have these data transmitted directly to another controller, where this is technically feasible.
Right to object refers to the right of the data subject to object to the processing of personal data where the processing is necessary for the performance of a task carried out for reasons of public interest or for the legitimate interests of the controller. Where the processing of personal data is for the purpose of direct marketing, the data subject shall in particular have the right to object to the processing at any time.
Right to rectification refers to the correction, without undue delay, of inaccurate personal data stored. The rectification must be communicated to each recipient to whom the data have been transmitted, unless this proves impossible or involves disproportionate (demonstrable) effort.
Right to erasure ("right to be forgotten") means the right of the data subject to request that personal data concerning him or her be erased without undue delay where one of the following reasons applies: they are no longer necessary for the purposes for which they were collected or processed; he or she withdraws his or her consent and there are no other legal grounds for the processing; he or she objects to the processing and there are no overriding legitimate grounds; the personal data have been processed unlawfully; the personal data must be erased for compliance with a legal obligation; the personal data were collected in connection with the provision of information society services.
The right to restriction of processing may be exercised if the person contests the accuracy of the data, for a period allowing the verification of the accuracy of the data; the processing is unlawful and the person opposes the erasure of the personal data, requesting restriction instead; if the controller no longer needs the personal data for the purposes of the processing, but the person requests them for the establishment, exercise or defence of legal claims; if the person has objected to the processing for the period during which it is verified whether the legitimate rights of the controller override those of the person concerned.
The right to withdraw your consent for processing carried out on the basis of consent. The withdrawal of your consent will not affect the lawfulness of processing based on consent prior to its withdrawal.

To the extent that consent is withdrawn, the Operator will no longer process your personal data and will take appropriate measures to erase your personal data.

The Operator has the right to continue to process your personal data if there is another legal basis for the respective processing.

If you wish to exercise your rights mentioned above, please contact us, using the following contact details

Collect Digital S.R.L.

Address: Galaţi, str. Galaţii Noi no. 2, block L9, staircase 2, apartment 22

E-mail address: contact@collect-digital.com

7. SECURING PERSONAL DATA

We make every effort to protect your personal data in our possession or under our control by establishing appropriate security measures, in order to prevent unauthorized access, collection, use, disclosure, copying or modification, as well as other similar risks.

The operator has assumed the responsibility of implementing appropriate technical and organizational measures regarding the protection of the confidentiality and security of personal data, respectively for the protection against unauthorized access, use, alteration or destruction of personal data according to the provisions of the GDPR, as follows:

Employees, collaborators and service providers, who come into contact with your personal data, must act in accordance with the principles of the privacy and security policies and procedures of personal data, signing confidentiality agreements regarding this data.
The computers from which the personal information database is accessed are password protected, have implemented antivirus, antispam and firewall protection solutions, updated to date.

All employees, collaborators and service providers who come into contact with personal data must act in accordance with the principles of the privacy and security policies and procedures of personal data by signing confidentiality statements and agreements regarding this data. At the same time, we have assumed the responsibility of implementing appropriate technical and organizational measures regarding the protection of the confidentiality and security of personal data.

8. PERSONAL DATA PROCESSING POLICY MAY BE CHANGED

We have the right to amend and supplement the Privacy Policy at any time.

The Operator reserves the right to amend/update the content of the site, including the policies referred to, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative changes that may affect the consequences of those published on the site). The revision will be signaled by changing the "Last updated" date. After the date on which the updated policy is published, accessing the site will represent the user's acceptance of the respective updated conditions.

9. CONTACT DETAILS IN THE FIELD OF PERSONAL DATA PROTECTION

The contact details that the visitor can use to send any requests, notifications or complaints regarding the Privacy Policy as well as any other information published on the site, policies or operations performed are as follows:

Address: Address: Galaţi, str. Galaţii Noi no. 2, block L9, staircase 2, apartment 22

E-mail address: contact@collect-digital.com

The deadline within which the company will send a response is no more than 30 days from receipt of the request. If the request is complex or if a significant number of requests are being managed, the 30-day deadline may be extended by another 60 days.

CONTACT DETAILS FOR THE NATIONAL AUTHORITY FOR THE SUPERVISION OF PERSONAL DATA PROCESSING (ANSPDCP)

Address: B-dul G-ral Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania

E-mail: anspdcp@dataprotection.ro

Tel: +0318.059.211; + 0318.059.212