Introduction
Data Initiative S.R.L., a Romanian limited liability company, with its headquarters in 21, Ciocirliei street, Busteni, Prahova, Romania, registered with the Romanian Trade Registry under no. J29/103/2020, having fiscal registration code 42136661 (“DAD”, “we”, or “us”), is the personal data controller and the entity that administers the https://againstdata.com/ website (the “Site”) and https://app.againstdata.com/ application (the “AgainstData App” or the “App”) through which your personal data is collected and processed when you use our Site and App.
We are committed to respecting your privacy, by complying with the applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
Through this privacy policy (“Policy”) we explain to you the purposes for which we collect and use your personal data, the processing grounds on which we rely, the categories of personal data we process, the duration of the processing of such data, and the entities to which we may disclose such data (where applicable).
This Policy (together with the Terms and Conditions of the Site and AgainstData App, the Cookies Policy and any other documents available in the Site and App) aims to provide you with information about the processing of personal data provided to us by you or that we collect as part of our relationship with you through Site and AgainstData App and your access to the services available on the App (“Services”).
Please read the following carefully to understand our practices regarding your personal data and how we will treat them.
Processing of personal data
In the following sections you will find information regarding the purposes of the processing of personal data, the legal ground of the processing for each applicable purpose, the categories of processed data, the duration of the processing, the source of the data collection, the recipients and the transfer of personal data.
| Purpose and categories of data | Legal basis | Duration of the processing |
|---|---|---|
| Purpose: To create a user account in AgainstData App and provide access to the App.
| Legal basis: The conclusion and execution of the contract between you and DAD to allow your use and access to the AgainstData App and implicitly to the Services provided through the App. DAD’s legitimate interest in managing users’ requests to create an account in the App and provide access. | During the use of the AgainstData App, as well as thereafter, in accordance with DAD's internal policies and legal obligations, as well as the limitation period. |
| Purpose: Provision of the mailbox scanning service and discovering the companies holding your data.
| Legal basis: The performance of the contract entered into between you and DAD to enable your use of and access to the Services provided through the App. Your express permission via Google Account. | During the use of the App, as well as thereafter, in accordance with DAD's internal policies and legal obligations, as well as the limitation period. |
| Purpose: Provision of sending the data deletion request tool.
| Legal basis: The performance of the contract entered into between you and DAD to enable your use of and access to the Services provided through the App. Your express permission via Google Account. | During the use of the App, as well as thereafter, in accordance with DAD's internal policies and legal obligations, as well as the limitation period. |
| Purpose: Provision of data deletion management tool.
| Legal basis: The performance of the contract entered into between you and DAD to enable your use of and access to the Services provided through the App. | During the use of the App, as well as thereafter, in accordance with DAD's internal policies and legal obligations, as well as the limitation period. |
| Purpose: To manage communications between you and DAD regarding the use of the App or the provision of the Services available on the App via chat, notifications, pop-up messages or email.
| Legal basis: The performance of the contract entered into between you and DAD to enable your use of and access to the Services provided through the App. DAD's legitimate interest in maintaining a good relationship with users by providing responses to any questions, suggestions, requests or complaints. | During the use of the App, as well as thereafter, in accordance with DAD's internal policies and legal obligations, as well as the limitation period. |
| Purpose: To manage, maintain and ensure the functionality of the AgainstData App.
| Legal basis: The legitimate interest of DAD in the management of its communications and IT systems. | For the duration of the contractual relationship determined by the use of the App. |
| Purpose: To monitor traffic and improve the content of the App through the implementation and use of cookies, as detailed through the Cookie Policy.
| Legal basis: For the duration of the existence of cookies, according to the Cookies Policy. |
Collection of personal data
DAD has collected your personal data from the following sources: your Google Account when you Sign-in and access the AgainstData App with your Google Account or through information stored in the App as a result of your interactions with the App and Services used by you.
Recipients of your personal data
In order to provide the AgainstData App and the Services to the best of its ability, or in order to fulfil its legal obligations or in pursuit of its legitimate interests in accordance with the processing purposes set out herein, DAD may disclose personal data to the following categories of recipients: (i) DAD's contractual partners and service providers (such as the supplier Google Cloud Platform (GCP) which provides us with the cloud hosting infrastructure); (ii) public authorities, financial auditors or institutions competent to carry out inspections and controls on the DAD's business and assets.
Such public authorities or institutions may be: The National Supervisory Authority for Personal Data Processing, the National Tax Administration Agency or other authorities with the power to check our databases; (iii) for compliance with a legal requirement or to protect the rights and assets of DAD or other entities or persons, such as courts, lawyers, notaries, bailiffs; (iv) third party acquirers, to the extent that DAD's business would be transferred (in whole or in part) in the context of a share or asset sale or any other type of business re-organization.
Transfer of personal data abroad
In the context of providing our Services and facilitating your use of the App, we may transfer certain personal data to countries located outside of the European Economic Area (“EEA”) or the United Kingdom (“UK”), whose legislation on the protection of personal data differs from that of the EEA and the UK. For example, we may transfer your personal data to the United States when engaging service providers to process personal data on our behalf. When such transfers occur we rely on the standard contractual clauses adopted by the European Commission. For more information in this regard, please contact us by using the details included in the Contact details section below.
Refusal of the processing and consequences thereof
The provision of your personal data is necessary in order to register on the AgainstData App and to receive the Services. Refusal to provide personal data, necessary to achieve the purposes mentioned above, will make it impossible for DAD to register you on the App and, implicitly, to give you access to the Services available on the App.
What happens to your personal data after the cessation of the data processing
DAD processes personal data only for the period necessary to achieve the data processing purposes explained in the above sections. If DAD establishes that it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be informed accordingly in this respect.
Once the processing period indicated above expires and DAD no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymizing or destroying them.
Automated decision making and automated profiling
The personal data referred to in this Privacy Policy are not subject to automated decision making, including profiling.
Security of the data processing
DAD constantly evaluates and upgrades the security measures implemented as to ensure a secure and safe personal data processing.
The data subject’s rights in respect of the data processing
Within the context of the processing of your personal data, you have the following rights:
a) The right of access to the processed personal data: you have the right to obtain a confirmation whether or not your personal data are being processed, and, if affirmative, to have access to the type of personal data and to the conditions of processing, by addressing a request in this respect to the data controller indicated in Contact Details section below;
b) The right to request the rectification or erasure of personal data: you have the possibility to request, by sending a request in this respect to the data controller indicated in Contact Details section below, the rectification of inaccurate personal data, the supplementation of incomplete data or the erasure of your personal data in case (i) the data are no longer needed for their original purpose (and no new lawful purpose exists), (ii) the lawful basis for the processing is the data subject’s consent, the data subject withdraws that consent, and no other lawful ground exists, (iii) the data subject exercises the right to object and the controller has no overriding grounds for continuing the processing, (iv) the data have been processed unlawfully, (v) erasure is necessary for compliance with EU law or Romanian law, or (vi) the data were collected in connection with the informational society services offered to children (if the case), where specific requirements regarding consent are applicable;
c) The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, however you don’t want us to erase your personal data, but to restrict the use of data; (iii) in case the data controller no longer needs your personal data for the above-mentioned purposes, but you are requiring the data for establishing, exercising or defending a legal claim or (iv) you have objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject;
d) The right to withdraw your consent for processing, when the processing is based on consent, without affecting the lawfulness of processing undertaken until that moment;
e) The right to object to the data processing on grounds relating to your particular situation, when the processing is based on legitimate interest and to object at any moment to the data processing for direct marketing purposes, including profiling;
f) The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner;
g) The right to data portability, meaning the right to receive your personal data, which you provided to the data controller in a structured, commonly used and machine-readable format and the right to transfer those data to another controller, if the processing is based on your consent or the performance of a contract and is undertaken by using automatic means;
h) The right to file a complaint with the Romanian Data Protection Authority (ANSPDCP) or the data protection authority in the country in which you live or work or where you think an infringement of data protection laws occurred.
The above rights may be exercised at any time. For the purpose of exercising these rights, you can always send a notice in writing, dated and signed or in electronic format, to the address indicated below.
Contact details
You may address any question using the following contact details:
Data Initiative S.R.L., postal address: 21, Ciocirliei street, Busteni, Prahova, Romania, e-mail address: data@againstdata.com.