Privacy Policy

General

Privacy policy ("the Policy") has been developed by AUROME SMART S.R.L. (“the Company”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("the GDPR"), and is aimed to regulate the processing and protection of personal data received by the Company from you (“you”).

Personal data controller is the Company. Contact details on data protection issues: [email protected].

The Company may use processors for processing personal data. The Company takes necessary steps to ensure that such processors process personal data under the instructions of the Company and in compliance with law and requires adequate security measures.

During the personal data processing we are guided by the principles established in the GDPR.

The Company is entitled to unilaterally amend the Policy at any time.

Legal basis and purpose for personal data processing

The Company processes the personal data as following:

on a contractual basis — for the conclusion and performance of a contract (person identification; provision of services; handling and processing of the objections, complaints; invoicing administration);

on a consent basis — for improvement of services; developing new services; satisfaction measurements;

on the legitimate interests — in order to protect your and/or the Company`s interest; to provide evidence relating to the contracts and their performance (submitted documents and other information); to prevent, limit and investigate dishonest or unlawful use of the services and products provided by the Company.

For the purpose of providing information to public authorities and subjects of operational activities, personal data processing is carried out on the basis of the fulfillment of the obligations defined by the law, in cases and to the extent established by external regulations.

Categories of personal data

Personal data categories which the Company collects and processes are:

identification data such as name, personal identification code, date of birth, data regarding the identification document;

contact data such as address, telephone number, email address;

financial data such as account number, amounts;

data obtained and/or created while performing an obligation arising from law such as data resulting from enquiries made by investigative bodies, tax administrator, courts;

communication data collected when you communicate with the Company via e-mail;

data related to the services such as the performance of the agreements or the failure thereof, executed transactions, concluded agreements, submitted applications, requests and complaints.

Personal data provision is the prerequisite to conclude the contract. If personal data is not provided, the Company will not be able to enter into a contract or to ensure the fulfillment of contractual obligations accordingly.

Recipients of personal data

Personal data is shared with other recipients, such as authorities (law enforcement authorities, tax authorities, supervision authorities and financial intelligence units etc.), auditors, legal and financial consultants, or any other processor authorized by the Company, as well as other persons related to provision of services of the Company (product suppliers, financial institutions, etc.).

Storage period

The storage period may be based on agreements with you, the legitimate interest of the Company or applicable law (such as laws related to bookkeeping, statute of limitations, civil law, etc.). After the circumstances specified before are terminated, your personal data is deleted.

Your rights

As a data subject you have the following rights regarding your personal data processing:

to require personal data to be corrected if it is inadequate, incomplete or incorrect;

to object the processing of your personal data, if the use of personal data is based on a legitimate interests;

to require the erasure of your personal data;

to restrict the processing of your personal data under applicable law;

to receive information if your personal data is being processed by the Company and if so then to access it;

to receive your personal data that is provided by yourself and is being processed based on consent or in order to perform an agreement in written or commonly used electronic format and were feasible transmit such data to another service provider (data portability);

to withdraw your consent to process your personal data;

to lodge complaints pertaining to the use of personal data to the supervisory authority, according to the article 77 of the GDPR, if you consider that processing of your personal data infringes your rights and interests under applicable law.

Upon receiving your request for the exercise of your rights, the Company will verify your identity, will evaluate the request and will execute it in accordance with regulatory enactments.