Last update: 01/04/2022
1. Identification of the data controller
1.1. Aqurate (henceforth the Company) means MACHINE LEARNING SOLUTIONS SRL, with its registered office in Romania, 2-4 Calea Circumvalatiunii, Timisoara, Timis county, Office 413, VIES (VAT) code: RO40330105, EUID ROONRC.J35/4631/2018, email firstname.lastname@example.org.
2. Contact details in the field of personal data protection
The deadline for the Company to send a response is no more than 30 days from the receipt of the request.
3. Collection of information
3.1. The Company collects information from users in the following ways:
a. from the user of the Site,
b. from the user of the Service,
c. from the traffic reports recorded by the servers hosting the Site and the Service,
d. through cookies.
Information provided directly by the Site user:
3.2. When the user fills in the fields in the “Join the waiting list”, “Get a demo”, “Contact”, or “Sign Up” boxes, he/she indicates: name, first name, e-mail address, and/or telephone number (all being personal data).
3.3. This information is required by the Company in order to be able to respond to requests sent by that visitor.
3.4. Other personal data could be processed by the Company if included in the information / request sent by the visitor. The Company did not request the respective data, but insofar as they are absolutely necessary in order to be able to respond to those transmitted by the visitor through the “Join the waiting list”, “Get a demo”, “Contact” or “Sign Up” boxes, the processing of personal data shall be performed at the request of the user of the Site.
3.5. When the user fills in the fields in the “Careers” box, he/she indicates: name, first name, e-mail address and telephone number (all being personal data).
3.6. This information is required by the Company in order to be able to respond to the contracting intention transmitted by that visitor. The Site does not allow the attachment of documents, such as the resume – they can be presented to the Company at its request.
3.7. All information received through the “Careers” section shall be collected by the Company, but a reply shall be sent only to the senders who are considered as potentially suitable collaborators/employees.
3.8. Filling in the gaps in the section “Contact” and / or those in the “Careers” section, is not obligatory neither for viewing the content of the Site, nor for concluding a future service/collaboration/employment contract with the Company. Moreover, all this information can be transmitted to the Company in another way (for example, the submission of written requests to the Company’s headquarters).
3.9. Also, the Company confirms that none of the personal data included at letters (i) and (ii) above, shall be used for purposes other than those expressly indicated, in particular they shall not be processed for marketing purposes without observing the legal provisions (including the provisions regarding the need to obtain a valid consent from the data subject in certain situations, the provisions regarding the justification of a legitimate interest of the operator, and the provisions regarding the right to be fully informed recognized in the benefit of the data subject).
Information provided by the Service user
3.10. This type information includes:
• data on the user’s sales, customers, inventory,
• data on the traffic and events recorded within the user’s website(s),
• data on the campaigns and performance thereof for the user’s ads on platforms such as Facebook or Google.
Information obtained from the traffic reports recorded by server
3.11. When a website is accessed, users automatically disclose certain information, such as the IP
address, the time of the visit, the place where the website was accessed. The Company, like other operators, registers this information.
Information obtained through cookies
4. Data subject
4.1. Given that the Company processes personal data of visitors / users of the Site, they hold the status of Data Person and declare that they are over 18 years old. If the information / requests transmitted by the users also concern personal data relating to other persons (those persons hence acquiring the status of data subject), the Company shall process their data strictly in order to be able to respond to that information / request.
5. Processed personal data
5.1. Any information regarding an identified or identifiable natural person, respectively the data subject, can be considered as personal data.
5.3. For the transmission of answers to the requests / notifications sent by users using the “Join the waiting list”, “Get a demo”, “Contact”, or “Sign Up” boxes, but also for the transmission of the collaboration intention in order to conclude a contract with the Company as a result of receiving a message through the “Careers” section, the Company processes the following data:
• Name and surname of the user
• E-mail address
• Phone number
5.4. For the execution of its obligations under the Standard Service Terms, the Company processes the personal data of the Service user’s customers. Additionally, the Company may use this data in an anonymized form for purposes such as research & development purposes or market reports.
5.5. Depending on the cookie settings, other data can be processed (especially those related to user preferences and behaviour on the Site).
5.6. Also, depending on the content of messages transmitted by the users through the “Join the waiting list”, “Get a demo”, “Contact”, “Sign Up” and / or “Careers” section, other data could be processed if indicated, although they were not requested. In relation to such data, the Company undertakes to comply with the legislation on protection of personal data, without however undertaking to obtain a consent from a third party in this regard.
6. Processing of personal data
6.1. It represents the processing of personal data, any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means.
6.2. The Company accesses, collects, uses and performs any other actions allowed by the applicable law on the personal data provided by visitors, within the limits indicated under sections 5 and 7.
7.1. The visitor of the Site or the Service is the person whose personal data are processed for different purposes upon accessing those pages. Those purposes are:
7.2. For the personal data provided directly by the Site user:
• providing answers, clarifications and remediation of problematic situations, related to the requests and notifications sent by the user through the “Contact” section;
• contacting the user who provided information and transmitted his/her intention to collaborate with the Company by completing the “Careers” section;
7.3. For the personal data provided directly by the Service user:
• providing data-driven insights into the user’s business, as per the Standard Service Terms;
• providing answers, clarifications and remediation of problematic situations, related to the requests and notifications sent by the user through the “Contact” section;
7.4. For the personal data provided by the traffic reports recorded by server:
• identification of the sections of interest of the Site and Service
• safer administration of the computer system and the Site and Service
• functioning and smooth operation of the Site and Service (needed cookie)
• depending on the settings chosen by the user, additional personal data can be used for obtaining statistical information that allows to improve the offered services, saving
7.6. If the Company intends to subsequently process the personal data for a purpose other than those indicated above, it shall provide the Data Subject prior to such further processing, additional relevant information regarding the secondary purpose, by completing the necessary formalities according to the law.
8. Recipients of the processing
8.1. The personal data shall be provided to:
• the administrators and employees of the Company that deal with the administration of the Site and who are involved in the activities regarding which the user sends questions / notifications through the “Join the waiting list”, “Get a demo”, “Contact”, “Sign Up”, and/or “Careers” sections;
• the associates of the Company and the employees who are involved in the development and maintenance of the Service;
• the associates of the Company and the employees who are involved in the process of recruiting the employees / collaborators;
• business partners of the Company in the relevant sectors (e.g., finance, operations, sales & marketing, business transactions such as mergers, acquisitions, joint ventures, or financing or sale of company assets);
• the support service providers contracted by the Company in order to fulfil its contractual or legal obligations, such as:
o the IT services’ providers - can access all the data recorded in the Company's online records, including those of the users;
o the lawyers of the Company - can access all data recorded in the Company's records, including those of the users, in case of legal issues that require their involvement;
o advertising, PR and communication companies for the marketing activity. These companies may collect anonymous data through cookies or through the registration forms for the event or feedback, and to the extent that this happens, the Company shall provide this information to the data subjects in advance and obtain their consent where needed;
• public authorities (including the labour and consumer authorities);
• courts of law.
8.2. The list of suppliers listed above is not exhaustive, but it does indicate the main such collaborating companies. They shall have the capacity of independent data controller, joint data controller or data processor in relation to the Company – depending on the factual situation and the contract’s clauses. However, regardless of the quality held, they are obliged to maintain the confidentiality and security of the personal data of the data subject, adopting appropriate
technical and organizational measures. Upon request, the main clauses of those contracts can be communicated to the data subject.
9. Legal ground for processing
9.1. GDPR, Article. 6 letter a – the processing is carried out based on the consent of the User. This is applicable when the processing of the data is done in the context of the cookies accepted by the User and which are not necessary for the functioning of the Site or Service.
9.2. GDPR Article 6 letter b – processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract. This is applicable when the data processing is done in the context of filling in personal data in the “Join the waiting list”, “Get a demo”, “Contact”, “Sign Up”, or "Careers" boxes, or when processing data provided by the Service user.
9.3. GDPR Art. 6 letter c - processing is necessary for compliance with a legal obligation to which the Company as data controller is subject. This is applicable in the context of data processing in relation to the competent authorities or legal service providers.
9.4. GDPR Article 6 letter f - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This is applicable in the context of data processing for the normal functioning and administration of the Site.
10. Type of processing
10.1. The data processing activities performed by the Company mainly refer to:
• collecting the data provided by the Service user;
• use of data for providing data-driven insights into the user’s business;
• collecting the data indicated by the user in the "Join the waiting list”, "Get a demo", "Contact", "Sign Up" and "Careers" form;
• use of data for providing feedback and answers to the messages transmitted by the user;
• use of data for the conclusion and execution of the contract;
• use of data for the purpose of each category of cookies chosen by the User;
• collecting other unsolicited data if provided by the data subject (user) in a communication, request or complaint addressed to the Company, so that it can respond and solve the request or remedy the incident;
• storing personal data according to the law and within the limits necessary to achieve the purpose, in the electronic and secure database held by the Company;
• allowing access to personal data to certain employee and external collaborator who provide support services for the Company, whose activity involves the processing of personal data under the condition of undertaking the obligation of confidentiality;
• allowing access to personal data to the competent authorities, insofar as the law obliges.
11. Processing and storing of data duration
11.1. The storage period of the personal data collected is:
• until the withdrawal of the consent or the exercise of the right to data erasure (right to be forgotten) of the user - for the processing of personal data based on the consent of the data subject;
• for 3 years after receiving the message from the "Join the waiting list”, "Get a demo", "Contact", or "Sign Up" sections, in order to be able to demonstrate the measures taken by the Company in consideration of the request/question received, considering the duration of the general limitation period for the right to action before the courts regulated by the Romanian Civil Code;
• for 1 year after receiving the message from the “Careers” section, in order to decide on the opportunity of interviewing that person immediately after receiving the message, but also at a later moment within the 1 year period (depending on the forecast of the need to hire new employees / collaborators by the Company);
• a longer period than the abovementioned, when the law regulates in such manner or when there is a well-justified ground for this action (for example, to exercise a right before the court in a litigation started before the expiry of the storage period indicated herein).
11.2. Upon expiry of the aforementioned periods, all data shall be deleted from the Company's records.
12. Rights of the data subject
The right to be informed
12.2 The Company reserves the right to modify / update the content of the Site, including the policies to which references are made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on the Site). The revision of this policy in the future shall be signalled by modifying the "Last updated" date at the top of this document. After the date the updated policy is published, accessing the Site shall represent the user's acceptance of these updated conditions.
12.3. However, if there shall be significant changes that could affect the rights and freedoms of the users or if it shall become obligatory to obtain their consent, informing them about these
changes shall be made by easily visible indications posted on the Site (pop-ups) or by transmitting e-mails to the addresses provided (if applicable). Such significant changes shall have effects for users within 7 days from the time of the posting the pop-up in question or of sending the email (how the information shall be made being decided by the Company, by on a case by case basis).
12.4. However, regardless of the extent of the change, the responsibility to check the content of the Site (including the Standard Service Terms, as well as the policies displayed), in order to be up to date with the latest versions, shall be entirely the responsibility of the user. Thus, STUDY OF THIS PRIVACY AND DATA PROTECTION, OF THE STANDARD SERVICE TERMS AND THE POLICY COOKIE, SHOULD BE MADE BY USERS WHENEVER THEY ACCESS THE SITE AND BEFORE MAKING ANY REGISTRATION OR PROVIDING ANY DATA, WHEREAS CHANGES CAN APPEAR.
Upon request, the data subject shall be informed about the essence of the contracts concluded with the abovementioned recipients of personal data where possible, and also of the data source.
The right of access the personal data processed
12.5. If the data subject wishes to receive information regarding the processing of data performed by the Company, he/she can send a request to the Company, and a response shall be provided within 30 days as of reception.
The right to data rectification
12.6. If the data subject wishes to rectify / amend the inaccurate / incomplete personal data concerning him or her as provided to the Company, he / she can send a request to the Company, and a response shall be provided within 30 days as of reception.
The right to data erasure (right to be forgotten)
12.7. The data subject has the right to obtain the erasure of personal data concerning them:
• at the expiration of the processing duration;
• if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• if the data subject withdraws his / her consent on which the processing is based and where there is no other legal ground for the processing;
• if the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
• if the processing is illegal, the personal data being unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation.
12.8. The exceptional cases provided in art. 17 paragraph 3 of the European Regulation no. 679/2016 are applicable.
12.9. Some data are part of the Company's records, which it keeps in relation to its legal obligations or its legitimate interest. Therefore, not all data can be erased, according to the law. However, any refusal to delete the data shall be motivated by the Company and shall be based on a clear legal basis.
The right to restriction of processing and the right to object
12.10. The restriction of processing can be applied if the data subject finds out that:
• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
12.11. The company may continue processing the restricted personal data if it is necessary to establish, exercise or defend a right in court, or protect / defend a person but only with the consent of the data subject.
12.12. The Company shall communicate to the recipients that a rectification, deletion or restriction of the personal data took place, unless it is impossible or it involves disproportionate efforts.
The right to data portability
12.13. The data subject or a third party indicated by him / her, can receive on request, the personal data processed by the Company. The Company assumes no responsibility for the data processing performed by that third party.
12.14. The obligation to ensure the right to portability is the responsibility of the Company only if the processing of the personal data is based on the consent of the data subject or on the conclusion and execution of the contract. The actions shall be taken within 30 days from the receipt of the request.
The right to object
12.15. The data subject shall have the right to object, on grounds relating to his / her particular situation, at any time to processing of personal data based on the legitimate interest of the Company (including profiling).
12.16. Regardless to the above, if the Company demonstrates well justified legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims, the processing of data can continue.
The right to submit a claim
12.17. The data subject may submit:
• a request / a claim using the contact data of the Company, as indicated at art. 1 above;
• an action before the competent court;
• a complaint before the Romanian National Supervisory Authority for the Processing of Personal Data (www.dataprotection.ro).
12.18. However, the Company wishes any conflict / dispute to be resolved amicably and provides all availability in this regard.
The right to withdraw the consent given
12.19. The data subject may withdraw his / her consent at any time, without however affecting the legality of the processing before the withdrawal nor the one based on another legal grounds.
The right to not be subject to an automated decision
12.20. The Company does not take any decision based solely on automatic processing of personal data.
13. Main obligations of the data subject
13.1. The data subject has the obligation to keep the confidentiality of all personal data with which he / she comes into contact in relation to the Company, for an unlimited period of time.
Complying with the data security measures
13.2. The data subject shall not process any confidential data or personal data of third parties, unless it is absolutely necessary, confidentiality is ensured and the specific legislation is fully complied with.
13.3. In case of breach of the obligations indicated in this art. 12 by the data subject, the Company shall be entitled to obtain from him / her compensation for all the damages suffered.
14. Obligations of the Company. Security measures applicable to the processed personal data
14.1. The Company complied with the provisions of the data protection legislation and has implemented appropriate technical and organizational measures to ensure the security of the processed personal data and the rights of the data subjects. Thus, the Company has implemented measures such as:
• the conclusion of contracts with collaborators which have undertook the obligation of confidentiality in relation to the personal data processed, as well as the general obligation to comply with the applicable legislation in the field of personal data protection;
• training the employees and collaborators on the importance of personal data protection, as well as limiting their access to data according to their attributions and competences;
• establishing internal procedures having the purpose of protecting personal data;
• indicating specially contact data which can be used for questions/claims regarding personal data (ie. the one indicated in art. 1 of the present police);
• implementing information security measures;
• not installing structures that allow access to the Site only if a user account is created;
• not installing cookies in addition to those necessary for the functioning of the Site and offering the users at all times the possibility to choose the additional cookies accepted.
14.2. Also, the Company shall inform the competent data protection authority in the event of an breach concerning data security, without undue delay and, if possible, within 72 hours from the moment it became aware of it, unless it is unlikely to create a risk for the rights and freedoms of individuals. If the notification to the authority shall not be made within the 72 hours, it shall be accompanied by a justified explanation for the delay.
14.3. In the event of an incident concerning the security of personal data, the Company shall also inform the data subject without undue delay, if the breach of the security of personal data is likely to generate a high risk for his / her rights and freedoms. However, informing the aforementioned data subject is not necessary if any of the following conditions is met:
• the Company has implemented adequate technical and organizational protection measures, and these measures have been applied in the case of the personal data affected by the security breach;
• the Company has taken further measures to ensure that the high risk for the rights and freedoms of the data subjects is no longer likely to occur;
• would require a disproportionate effort. In this situation, a public notification shall be conducted instead or a similar measure shall be taken, so that the data subjects are informed in an equally effective manner.
14.4. Any statistics regarding the traffic of the users on the Site, which the Company shall provide to third party advertising networks or to other sites, shall have a data set form and shall not include any identifiable information about any individual user.
14.5. Unfortunately, no data transmission through the internet can be guaranteed to be 100% secure. Consequently, despite the Company’s efforts to protect users' personal data, it cannot guarantee or ensure the security of information transmitted by them through the Site. Users are therefore warned that any information sent through the online environment shall be done at their own risk.
14.6. To mitigate this risk, one of the measures took by the Company is to offer all interested users the possibility to send requests / requests / addresses / messages in material form to the Company headquarters, and not necessarily through the “Contact” or “Careers” box.
15. Liability of the Company
15.1. The Company's liability in relation to the data subject shall be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, the security measures taken, the measures took to avoid incidents and the observance of the other legal obligations.
16. Transfer of personal data to third countries / international organizations
16.1. The Company does not transfer personal data of the data subjects outside Romania.
17. Final provisions
17.1. This policy applies to the Company and to the Site visitors/users (including those who submit the existing forms on the Site).
17.2. This document is part of the Company's set of security policies. Other policies can apply to the topics addressed herein and can be reviewed according to specific needs.