Privacy Policy

1. General

1.1. We, Everything Data Solutions SRL (“Company” or “Controller”), email address: [email protected] (“Email Address”), process your personal data as part of your use of our products (“Products”) or platform (“Platform” and, together with the Products, the “Services”). We assure you that we process your personal data in a confidential and responsible manner. The processing of your personal data is carried out in accordance with the General Data Protection Regulation (“GDPR”) and with Romanian and European legislation on the protection of personal data.

1.2. Personal data is processed lawfully, fairly and transparently, ensuring adequate data security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. Our staff strictly complies with the legal requirements on the protection of personal data and ensures that all processing operations are performed solely in your interest.

1.3. In this Privacy Policy, we want to provide you with information about the Company, the nature, scope and purposes of the collection and use of data, to give you an overview of the processing of your personal data.

1.4. For our Products, we will process your data only in accordance with the purposes and means you determine. In such cases, we will provide separate personal data processing agreements.

1.5. The controller for the processing of your personal data within the meaning of the GDPR is the Company. You can contact us at the correspondence address below or by email using the Email Address.

2. About us

Controller: Everything Data Solutions SRL
Registered office: 143 Barbu Vacarescu, Sector 2, et. 1, ap. 2, București, 020581
Trade Registry number (Bucharest Tribunal): J40/7878/2020
Tax Identification Code: RO42763857
Email: [email protected]

Data Protection Officer (DPO) contact details:
Correspondence address: Str. Stănilești nr. 56, sector 1, București
Email: [email protected]

3. Principles for processing personal data

3.1. For any processing of personal data we ensure that your data are:

• processed lawfully, fairly and transparently;
• collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving in the public interest, scientific or historical research or statistical purposes is not considered incompatible with the initial purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date; we will take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• kept in a form which permits your identification for no longer than is necessary for the purposes for which the data are processed; personal data may be stored for longer periods insofar as they will be processed solely for archiving in the public interest, scientific or historical research or statistical purposes;
• processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organisational measures.

3.2. Your personal data will be kept in a form which permits your identification for no longer than is necessary for the purposes for which the data are processed. After this period, your personal data will be deleted unless storage is permitted under the law.

4. Data we process

4.1. Identification data: We process personal data that you, as a user of the Services, provide to us, for example during registration or when using the Services (“Data”). Identification data may include: first and last name, home address, date of birth, place of birth, citizenship, Personal Numerical Code (CNP), information from the identity document, signature, nationality, gender, and data regarding family members. Contact data: phone number, email address, home or residence address.

4.2. Website usage: If you visit our website, we process only the personal data that your browser communicates to our server. We collect the following data, which we need to display the website correctly and to guarantee stability and security:

• IP address;
• date and time stamp; time-zone difference from GMT;
• requested page/URL, referrer page, amount of data transferred;
• access status/HTTP status code;
• browser, operating system, interface, language and version of the browser software.

4.3. Registration data: Upon registration we collect and process the following information:

• registration details: registration date, password;
• personal information: full name; email address; address, postal code, city, region, country;
• company information (optional): company name, website, tax code;
• payment information;
• credit card type, last four digits, expiry date;
• PayPal email address;
• payment date, invoice code, currency, amount;
• monthly or annual payment.

4.4. Product usage data: Data processed during the use of the Services are processed by us only as a processor, not as a controller.

5. Why we process your data

5.1. Purpose: Personal data are processed for the following purposes (“Purposes”):

• Provision of services: processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract;
• Compliance with legal obligations: processing is necessary for compliance with a legal obligation (e.g., accounting, financial records and archiving);
• Customer relationship management, including newsletters;
• Security and stability of the Services.

5.2. Lawfulness of processing: the legal bases (Art. 6 GDPR) derive from:

5.2.1. your consent, where we have requested your explicit consent (Art. 6(1)(a) GDPR);

5.2.2. necessity for the performance of the contract, since your data are required for satisfactory use of the Services (Art. 6(1)(b) GDPR);

5.2.3. processing necessary for compliance with a legal obligation to which the Company is subject (Art. 6(1)(c) GDPR);

5.2.4. the legitimate interests pursued by the Company or by a third party (Art. 6(1)(f) GDPR).

5.3. Legitimate interests: The Company’s legitimate interests are to monitor, analyse and improve the Services, to support you, to protect the security, integrity, performance and functionality of the Services, and to provide you with personalised products and services.

6. Categories of recipients of personal data

6.1. Use: We use the Data you, as a user of the product, have provided to us only for the purposes described. In certain specific situations we will use external partners. The processing of personal data by our external partners will take place only if they provide sufficient guarantees for implementing appropriate technical and organisational measures so that the processing complies with the requirements of the GDPR and ensures the protection of the data subject’s rights.

• Public institutions and public authorities: Processing of personal data in these cases will be carried out for the performance of a task carried out in the public interest or in the exercise of official authority and on the basis of special legal provisions.
• Lawyers, auditors or other external consultants: Processing by these professional categories will be carried out strictly in compliance with professional secrecy and the confidentiality of personal data.

6.2. Transfer: We transmit Data to third parties only if this is (i) necessary for the Purposes for which they were collected, e.g., when we use service providers, (ii) to respond to a request from a national authority, (iii) due to a court order, or (iv) if you have given prior consent.

6.3. Service providers:

6.3.1. For some parts of our Services, we use third‑party providers to process data for us, such as Stripe Payments Limited;

6.3.2. When using certain service providers, data are transferred to recipients in third countries, namely the United States.

7. Refusal to provide data

We will process personal data only under lawful conditions, strictly observing the principles of personal data processing established by national and European legislation. You are not obliged to provide your personal data; however, refusal to do so will make it impossible to access our services.

8. Absence of automated decision‑making

Personal data and any processing operations within our Services do not include a decision‑making process based solely on the automated processing of data, including profiling.

9. Deletion and data security

9.1. Deletion: Data will be deleted if (a) you revoke your consent and there is no other lawful basis for processing or a legal obligation on our part to store the data; (b) the Data are no longer necessary to perform the user contract regarding the Product; or (c) storage is or becomes unlawful. A deletion request does not affect Data if storage is legally required, e.g., for accounting purposes.

9.2. Security measures: To prevent unauthorised access to Data and to secure Data in general, we apply the following security measures: encrypted transmission, encrypted storage, an authorisation concept, a data backup concept and physical security measures for servers. These security measures are constantly reviewed to comply with the latest technological developments.

10. Personal data retention period

10.1. The Company ensures the confidentiality of personal data processed in accordance with your expressed consent and with legal provisions. Access to information treated as confidential will be limited to those persons who, by the nature of their activity, need to know this information in order to achieve the purpose of the legal relations established with the Controller. These persons are required to respect the confidential nature of such information, undertaking to ensure and maintain the confidentiality of these data and information and to process them in accordance with legal requirements.

• Data necessary for the services provided will be stored for the duration of the service agreement, i.e., for the period necessary to fulfil legal obligations;
• Payment/billing data will be stored for 10 years, in accordance with Accounting Law no. 82/1991;
• Processing of data for marketing purposes will take place during the contractual relationship with the Controller and after its termination. If you withdraw your consent for direct marketing, the data will no longer be processed for this purpose from the moment of withdrawal.
• Your data may also be processed for as long as there is a legal obligation to retain the data, or for as long as another lawful basis exists, in accordance with Article 6 GDPR.

11. Information about your rights

• Right of access: You have the right to obtain from us confirmation as to whether the Controller processes your personal data and, where that is the case, access to the data and certain information established by the GDPR.
• Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data. Taking into account the purposes for which the data were processed, you have the right to have incomplete personal data completed, including by providing a supplementary statement.
• Right to erasure (“right to be forgotten”): Based in particular on the principle that any individual should have control over their personal data, including the right to have them erased, if there is no compelling or special reason for continued processing and storage.
• Right to restriction of processing: Restriction means marking stored personal data with the aim of limiting their future processing.
• Right to data portability: This right gives you effective control over your personal data. It applies only where: the data are processed by automated means; you have given consent for the processing; or processing is necessary for the performance of a contract.
• Right to object: You have the right to object where personal data are processed for direct marketing purposes; for profiling; by automated means; or for scientific or historical purposes.
• Right not to be subject to automated decisions, including profiling: To ensure compliance with this right, the Company will continuously identify whether any processing operation includes an automated decision‑making process and will update procedures accordingly to meet GDPR requirements.
• Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, under the conditions expressly provided by national and European legislation, as well as the right to lodge a complaint with a supervisory authority.

To exercise any of the rights mentioned above or to send any question or concern regarding this Privacy Policy, please use the contact details provided at the beginning of this document.

12. Cookies

12.1. What are cookies? The website uses “cookies” — small text files that are placed on the user’s computer or smartphone and/or stored by the browser. If the relevant server of our website is accessed again by the website/product user, the user’s browser sends the cookie it has previously received back to the server. The server can evaluate the information received in this way in various ways. Cookies can be used, for example, to manage advertising on the website or to make navigating a web page easier.

12.2. Disabling cookies: the user can disable the installation of cookies by adjusting the settings in their browser software (e.g., in Google Chrome, Mozilla Firefox, Opera or Safari). However, in this case, the user may impair the use of the full range of functions on the website.

12.3. Cookies Policy: please consult the Cookies Policy for more information.

13. Analytics services

13.1. Google Analytics:

13.1.1. General: This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies. The information generated by a cookie about your use of the website will typically be transmitted to a Google server in the USA and stored there. The website uses Google Analytics together with the “_anonymizeIP()” option. This means that your IP address will be shortened by Google in advance within EU member states or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Therefore, any link to a specific person is excluded and personal data are deleted immediately. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

13.1.2. Plug‑in: You can prevent the collection of data generated by the cookie regarding your use of the website (including your IP address), as well as the processing of these data by Google, by downloading and installing the following browser plug‑in: https://tools.google.com/dlpage/gaoptout?hl=ro.

13.1.3. Purpose: On behalf of the website operator, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide the operator with other services relating to website and internet usage. We use Google Analytics to analyse and continuously improve the use of our website. Through statistics we can improve our services and make them more interesting for users. In those special cases where personal data are transferred to the USA, Google is certified under the EU‑US Privacy Shield. The legal basis is Article 6(1)(f) GDPR.

13.1.4. Information about the third‑party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001; Terms: https://www.google.com/analytics/terms/gb.html; data protection overview: https://support.google.com/analytics/answer/6004245?hl=ro; and Privacy Policy: https://www.google.de/intl/en/policies/privacy/.

14. Changes to this Privacy Policy

Our Services are dynamic and we frequently introduce new features, which may require the collection of new information. If the Company decides to modify this Privacy Policy, it will post those changes directly in the Services.