Privacy policy

Contents

  1. The Preamble
  2. Third Party Services
  3. Who are we?
  4. Who are you?
  5. Relations between the parties
  6. Data Processing Principles
  7. Changes
  8. Questions and Requests
  9. Processing of Personal Data
    8.1. Your information
    8.2. What kind of information do we collect about you?
    8.3. Why do we collect this information?
    8.4. Where do we obtain the data?
    8.5. What is the legal basis for processing?
    8.6. How long do we store the data?
    8.7. How we share your information with other parties?
  10. Marketing and Advertising
    9.1. What kind of data do we collect for marketing?
    9.2. Marketing Partners
    9.3. How can you opt out of direct marketing?
  11. What are your rights?
  12. Personal Data Security
  13. No automated decision-making process
  14. Meaning of the terms used

 

  1. Introduction

We, SHARE IT SMART SRL, are deeply committed to protecting your personal data. Safeguarding the confidentiality of your data during its collection, processing, and use is a priority for us, and we ensure all legal requirements are met in our processes. We do not share your information with third parties without notifying you. Additionally, we do not make exclusive automated decisions that could significantly impact you. This information is important..

When you enter a relationship of any kind with us, you entrust us with your personal details. This information presented herein (hereinafter referred to as “Privacy policy”) is important. We recommend that you read them carefully.

The purpose of this privacy policy is to explain what data we process (collect, use, share), how we process it, why we do so, and what your rights are concerning this data. As an operator collecting this information, we are legally obligated to provide these details.

By visiting the site, purchasing a good or service or by interacting with us through any means and/or through any communication channel (e-mail, telephone, network socialization, etc.), you agree to both this privacy policy and the use of your personal data, for advertising or marketing purposes, under the conditions described below in the dedicated sections. If you do not agree with those described in this Privacy policy, we recommend avoiding the use of the platforms.

  1. Third-Party services

This privacy policy does not cover the apps and websites of third parties that you may access through links on our site. These are beyond our control. We encourage you to review the privacy policy of any site or app before providing personal data.

  1. Who are we?

SHARE IT SMART SRL, the personal data controller, is located at Str. Orhideelor, No. 4, Vladimirescu, Arad County, 317405, Romania. It is registered at the Trade Register under No. J2/2166/2018, with the tax code RO40318349.

You can contact us via e-mail at office@share-it-smart.com. We are responsible for processing your personal data, whether collected directly from you or from other sources.

For any data protection inquiries, please contact our Data Protection Officer at:
gdpr@share-it-smart.com .

  1. Who are you?

According to the legislation, you, as the natural person receiving our services or engaged in any relationship with our company, are considered a “data subject,” meaning an identified or identifiable natural person. To ensure complete transparency about data processing and to enable you to exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller, and you, the data subject.

Thus, you can be:

  • our employee;
  • a direct customer,
  • an employee or partener of our B2B customers.
  1. Relations between the parties

Depending on the nature of the commercial relations between the parties, the Operator may have several roles from a GDPR perspective.

If the person concerned is an employee of SHARE IT SMART SRL or a direct customer, SHARE IT SMART SRL has the role of personal data operator.

If the person concerned is an employee or partner of SHARE IT SMART SRL’s B2B clients, then SHARE IT SMART SRL is the person authorized by these clients to process data through the software applications it develops for them.

In this case, the B2B partners of SHARE IT SMART SRL have the obligation to inform the data subjects about the nature of the processing of their personal data in accordance with GDPR requirements.

  1. Data Processing Principles

Protection of your personal information is very important to us. That is why we are committed to respecting European and national legislation on the protection of personal data, in particular regulation (EU) 679/2016, also known as the GDPR and the following principles:

Legality, Fairness and Transparency

We process your data legally and fairly. We are always transparent about the information we use, ensuring that you are properly informed.

Your Control Belongs to You

Within the limits of the law, we provide you with the ability to review, modify, and delete the personal data you have shared with us, as well as to exercise your other rights. For more information, please refer to sections 7, 10, and 11 of this document.

Data Integrity and Purpose Limitation

We use data only for the purposes described at the time of collection or for new purposes that are compatible with the original ones. In all cases, our objectives comply with the legislation. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

Security

We have implemented reasonable security and encryption measures to protect your personal information to the best of our ability. However, it’s important to note that no website, app, or internet connection is completely secure.

  1. Changes

We reserve the right to change this privacy policy at any time. All updates and changes to this policy become effective immediately upon notification, which we will provide by displaying on the website and/or sending e-mail notifications.

  1. Questions and Requests

If you have any questions or concerns about the processing of your data, wish to exercise your legal rights regarding the data we hold, or have concerns about our handling of any privacy issues, please feel free to contact us via e-mail at: gdpr@smart-it-share.com .

  1. What Data Processing means?

“Processing” refers to any operation or series of operations performed on personal data, whether with or without automated means. These operations include collection, registration, organization, structuring, storage, adaptation, modification, extraction, consultation, use, disclosure, dissemination, provision of access, alignment, combination, restriction, deletion, or destruction of data.

8.1. What kind of information do we collect about you

When you browse our website or contact us via e-mail or any other communication channel for any purpose, you may provide us with the following personal data, which we collect directly from you or from other sources:

  • Name and surname
  • E-mail Address
  • Phone number

In addition to the information given above, we may also collect the following information, depending on certain circumstances:

  • Your interactions with our website or advertisements (e.g., information about when and how you access our site or the device you use to access it).
  • Information provided when you complete forms or questionnaires.
  • The content of messages sent through messaging and e-mail systems.
  • Interactions between you and us on social networks (e.g., likes, shares, comments).
  • Information collected about you from other companies within the group or third parties who have obtained your consent or have another legal basis to share this information with us (including publishing or advertising partners/platforms and data aggregators with the appropriate rights).

If you make online purchases, certain payment information (such as card data) will be collected. However, this information will be stored by our processor partners in a manner that prevents us from accessing or reading it. We will only be notified if the purchase was successful. It includes:

  • IP Address
  • Internet browser
  • Location
  • Web pages you visit on our website
  • Information from the use of cookies (you can read on Cookie Policy more about the usage of cookies on our site).

If you are employed (former, current or future) by us, certain information relating to the performance of the employment contract will be collected. For example, personal data of the employee will be collected:

  • Name and surname;
  • Contact details (address, phone number, e-mail address);
  • Financial data (bank account);
  • Various original or copy documents (certificates of seniority, holidays, salary, medical situations, dependents, familiar situation, work book, evaluation sheets, CVs, various requests, delegations, timecard, information notes and processes documents, employment documents), employee indicative;
  • Signature.

If you are a direct customer, an employee or partner of our customers we will process certain personal data that take into account the nature of the services offered. For example, we will be process:

  • Name and surname;
  • Contact details (address, phone number, e-mail address);
  • Employee identification number, position, status;
  • Conversational history, profile settings;
  • Device information (IP address, date and time, device fingerprint).

 

8.2. Why do we collect this information?

We collect personal information for the following purposes:

  • To conclude or execute a contract;
  • To answer your questions and requests and provide you customer support service;
  • For marketing purposes, but only if we have your consent. In advance or when there is a legal exception to obtaining consent;
  • To provide and improve the services and products we offer;
  • To diagnose or remedy technical problems;
  • To defend ourselves against cyber attacks;
  • For the creation and/or maintenance of accounts;
  • In order to comply with the legislation, such as compliance with tax legislation that obliges us to keep accounting documents for a period of 10 years, or the law of archives that compel us to keep employee documents for a period of 50 years.;
  • For the establishment or claim of a right in court;
  • For analytical and research purposes;
  • To conduct promotions and competitions;
  • To prevent crime, deception or fraud;

8.3. What is the legal basis for processing?

We can use the following legal bases, depending on the specific case:

  1. Processing is necessary to conclude or execute a contract between you and us.
  2. Processing is necessary to fulfill legal obligations, such as compliance with tax legislation that requires us to retain accounting documents for a period of 10 years or providing specific information to public authorities and institutions;
  3. Consent to the processing of personal data;

However, please note that if you are our customer, we may send promotional messages (direct marketing) of similar goods and services without the need for consent under art. 12 para. (3) of Law No. 506/20014, in certain specific situations legally regulated.

However, in all cases, you can oppose direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions (“unsubscribe”) from each e-mail or by submitting a written request to the e-mail address office@smart-it-share.com .

  • Processing is necessary for the purposes of our legitimate interests or other parties, unless your interests, rights or freedoms prevail.

When we rely on legitimate interest, we conduct a balancing test to analyze the legitimate interests involved, both ours and yours. If our interests outweigh yours, we will proceed with using the legitimate interest as the legal basis. However, if your interests outweigh ours, we will refrain from using legitimate interest. In cases where we cannot identify another appropriate legal basis, we will not engage in that particular processing activity.

  • In some situations, processing may be necessary to protect your vital interests or another natural person.

Please note that obtaining consent is not compulsory and we will proceed to obtain consent from you. Only in situations where we have failed to use another legal basis.

8.4. Where do we obtain the data?

We collect more information directly from you. (for example, by filling out a form on the site). Most of the information is described above, but there may be situations where we collect data from third parties (i.e. partners, advertising platforms), such as for example, information on purchases and interests.

SHARE IT SMART SRL also processes personal data from contracts with employees, as well as from contracts with parties and other service providers.

SHARE IT SMART SRL  will not collect or process personal data when providing information services to the company directly to children under the age of 16-or under a lower age-except in the case of parental consent, in accordance with applicable local law. If we find out about the accidental collection of a child’s personal data, we will immediately delete that data.

8.5. How long do we store the data?

We retain your personal data only for the duration necessary to fulfill the purposes outlined, but not exceeding 10 years following the termination of the contract or the last interaction with us. After this period, personal data will be securely destroyed or erased from our computer systems, or anonymized for use in scientific, historical, or statistical research purposes. It’s important to note that in specific cases regulated by law, we may retain data for the duration required by such regulations.

8.6. How we share your information with the others?

We may disclose your data to business partners or other third parties in compliance with applicable laws. We consistently make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. Through contractual clauses with these third parties, we mandate the protection of your data. In such instances, we ensure that any transfer of data is legitimate, either based on your consent or another legal basis.

For example, we could provide your data to other companies, such as IT service providers or telecommunications, accounting, legal services, transport and courier service providers and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that your data is not available. Processed only for the purposes that we indicate.

We may also share your data to our business partners as a result of a joint effort to provide a product or service.

Although unlikely, we could sell the business or part of the business in the future, which will include transferring your data.

We may transmit the data and other parties with your consent or according to your instructions, for example, if you exercise a request for portability.

We will also be able to provide your information and to the parquet, police, courts and other competent bodies of the State, on the basis and within the limits of the legal provisions and as a result of expressly formulated requests.

We will take reasonable measures to ensure that your personal data remains within the European Economic Area (EEA). However, if we transfer data to countries outside the EEA, we will ensure that such transfers are legitimate. This may involve obtaining your explicit consent or relying on another legal basis for the transfer.

  1. Marketing and Advertising

If we have obtained your consent, or if you are already a customer of the company, we may utilize direct marketing technologies and targeted advertising based on the information collected about you. This may include factors such as your interests, preferences, purchases, age, location, and more. For instance, we may send e-mails, display advertisements within our website or on social media platforms, or place ads on third-party sites, apps, or other internet-connected devices.

9.1. What kind of data do we collect for marketing?

In order to conduct direct marketing or targeted advertising, we may use the following information:

  • Information collected through cookies and similar technologies (location, device, navigator, age, etc.);
  • Your purchases, how you interacted with our services and feedback received from you;
  • Age, Country, Region, Gender;
  • Other information obtained from our third-party marketing partners, information they have obtained with your consent.

9.2. Marketing Partners

Our marketing partners, including Facebook, Google, and other agencies, assist us in delivering targeted marketing to you based on the information they collect directly from you, with your consent. In some instances, we may even share newly collected information with them. We guarantee that all such transfers are conducted lawfully, as explained in the preceding paragraph.

Our partners may place advertisements on our services and products, depending on the data previously collected from you (interests, preferences) on other sites and/or services. Our marketing partners may also use the information collected about you. To improve the services and/or algorithms (including algorithms based on artificial intelligence). This privacy policy does not include information about how your data is processed by our partners.

9.3. How can you opt out of direct marketing?

You can oppose direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each e-mail (“Unsubscribe”) or by submitting a request to this effect to your e-mail address office@share-it-smart.com .

To turn off interest-based advertising, please refer to our policy on the use of cookies in this regard.

  1. What are your rights?

According to the GDPR, your rights are:

  • Right to withdraw consent

You can withdraw your consent to the processing of your data at any time by submitting a request to this effect to the e-mail address office@share-it-smart.com. Please note, however, that in so far as we have identified another legal basis for processing your data, we will continue to process your data based on that legal basis. We have the legal possibility to use one or more grounds for processing your data.

  • The right to be informed about the processing of your data
  • Right of access to data

You have the right to obtain from us a confirmation that personal data concerning you and, if so, access to that data and the information provided for in art are not processed or not. 15 para. (1) of the GDPR.

  • The right to correct inaccurate or incomplete data

You have the right to obtain, on our part, without undue delay, the rectification of inaccurate personal data concerning you.

  • Right of deletion (“right to be forgotten”)

In the situations provided for in art. 17 from the GDPR, you have the right to request and obtain the deletion of personal data.

  • Right to restriction of processing

In the cases provided for in art. 18 from the GDPR, you have the right to request and obtain restriction of processing.

  • The right to transmit your data to another operator (“right to portability”)

In the cases provided for in art. 20 GDPR, you have the right to request and obtain data portability.

  • The right to oppose the processing of your data

In the cases provided for in art. 21 of the GDPR, you have the right to oppose the takeover of the data.

  • The right not to be subject to a decision based solely on automated processing, including the creation of profiles with legal effects or similar significant effects on you.
  • The right to address justice for the protection of your rights and interests
  • The right of a complaint before a supervisory authority

Please note that:

  • You can withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each e-mail/SMS or other electronic message.
  • If you wish to exercise your rights, you can do so by submitting a request to our e-mail address: office@ share-it-smart.com
  • The rights listed above are not absolute. There are exceptions, therefore each request received will be analysed so as to decide whether it is grounded or not. To the extent that the application is grounded, we will facilitate the exercise of your rights. If the application is unfounded, we will reject it, but we will inform you of the reasons for the refusal and the rights to lodge a complaint with the supervisory authority and to address your justice.
  • We will try to respond to your request within one month. However, the term may be extended depending on different aspects, such as the complexity of the application, the large number of requests received or the inability to identify you within a useful time limit.
  • If, while we make every effort, we are unable to identify you, and you are Do not provide us with additional information to be able to identify you, we are not obliged to comply with the request.

 

 

  1. Personal Data Security

We work diligently to protect our customers, other individuals whose data we process, and ourselves from unauthorized access, modification, disclosure, or destruction of the data we handle.

In particular, we have implemented the following technical and organisational measures to ensure the security of personal data:

Dedicated Policies

We adopt and review our data processing practices and policies for our customers and others, including physical and electronic security measures, to protect unauthorized access systems and other possible threats to their security. We constantly check how we apply our personal data protection policies and comply with data protection legislation.

Minimizing Data

We have ensured that your personal data we process is limited to those that are necessary, appropriate and relevant for the purposes stated in this note.

Restricting Access to Data

We strictly restrict access to personal data that we process to employees, collaborators and other people who need to access them so that we can process them for us. All these companies and individuals are subject to strict confidentiality obligations and we will not hesitate to take them accountable and stop working with them if they do not treat the protection of your data and other Persons of utmost seriousness.

Specific Technical Measures

SHARE IT SMART SRL  use technologies to ensure our customers and others that the security of their data is protected.

Control of our service providers. We introduce in contracts with those who process for us (empowered persons) or together with us (other operators – associated operators) clauses to ensure the protection of the data we process; This protection goes at least to the minimum required by the legislation.

While we take all reasonable steps to ensure the security of your data, SHARE IT SMART SRL  cannot guarantee the lack of any security breach or the inability to penetrate security systems. In the unfortunate and unlikely event in which such an infringement will arise, we will follow the legal procedures for limiting the effects and informing the data subjects.

  1. No automated decision-making process

We prioritize the importance of your data by ensuring that our staff provides the necessary human attention to it. As a user of our service, you will not be subject to decisions made solely through automated processing of your data, including profiling, that significantly affect you in a legal capacity.

  1. Meaning of the terms used

Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has powers concerning the supervision of compliance with the protection of personal data law. In Romania, this supervisory authority for the processing of personal data is the national supervisory Authority for the processing of personal data (ANSPDCP).

Special categories of personal data (sensitive personal data/sensitive data): Personal data which: reveals racial or ethnic origin, political opinions, religious confession or philosophical beliefs or Membership of trade unions; genetic data; Biometric data for the unique identification of a natural person; Data on the health, sexual life or sexual orientation of a natural person.

Collaborators: Natural or legal persons who have concluded a cooperation agreement with us and who provide services to our customers.

Personal data: Any information relating to an identified or identifiable natural person (‘ data subject ‘). A natural person shall be identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one/more items physical, physiological, genetic, mental, economic, cultural or social identity of that person. Thus, for example, the following are included in the notion of personal data: name and surname; home address or residence e-mail address; phone number; the personal numeric code (CNP); established diagnosis (are sensitive data); genetic data (are sensitive data); bimoetric data (are sensitive data); geolocation data. The categories of personal data about you that we process are listed above.

Operator: The natural or legal person deciding why (for what purpose) and how (by what means) personal data is processed. According to the law, liability for compliance with the legislation on personal data rests primarily with the operator. In relation to you, we are the operator, and you are the person concerned.

Person empowered: Any natural or legal person who processes personal data on behalf of the Controller, other than the operator’s employees.

Data subject: The natural person to whom he refers (to whom ‘ they belong ‘) certain personal data. In relation to us (the operator), you are the person concerned.

Processing of personal data: Any operation/set of operations performed on personal data or on personal datasets, with or without the use of automated means; For example: collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction of such personal data/sets of personal data. These are just examples. In practice, processing means any operation on personal data, whether by automated or manual means.

Third State: A state outside the European Union and the European Economic area.

Declaration of Conformity

SHARE IT SMART SRL declares on its own responsibility that it has taken all measures it has deemed necessary for the purpose of complying with the requirements of Regulation EU 2016/679 (GDPR) on the collection, use and storage of personal data in European Union member countries.

SHARE IT SMART SRL certifies that it adheres to the notification, option, transfer, security and integrity requirements of data, access and implementation of the EU regulation 2016/679 (GDPR) on the collection, use and storing personal data in the member countries of the European Union.

Date – 26.06.2024