GDPR Policy

  1. Preliminary aspects

 

This Privacy Policy (1) will show the type of personal data we collect, the reason why it is collected, and how we use it, and (2) will clarify how you can exercise your rights when you entrust us with the management of your personal data.

Please read this Privacy Policy carefully to familiarize yourself with its contents. If you have any questions, please contact us using the contact information provided at the end of this Privacy Policy.

Our services and applications may contain links to and from websites that may be owned by partner companies. If you access a link to any of these websites or use these third-party services, you should be aware that they have their own privacy policies that we recommend you review and for which we do not assume any responsibility regarding the processing of your personal data by these.

  1. About us

VISIDOT SRL undertakes to protect individual privacy and personal data. On May 25, 2018, the European Regulation 2016/679 (from now on referred to as GDPR) on data protection and confidentiality of all persons in the European Union and the European Economic Area entered into force.

We undertake to respect the General Regulation on data protection of the European Union and achieve this in dialogue and collaboration with our partners. Therefore, we have drawn up the following Privacy Policy to inform you about our practices regarding collecting, using, storing, and disclosing information that you may provide while interacting with us.

  1. VISIDOT application and visidotapp.com website

The Visidot application can be used so that the administrator, the owner of a building or any other person with attributions related to the management of the building has knowledge about the visitors who have been in the building in a certain period of time.

 In order to promote the application, Visidot is also using the promo website: http://visidotapp.com.

The purpose of the website is to promote the application. The website displays information about how the application works and why it is useful for companies. Any interested person can also purchase the application mentioned above in the conditions stated on the site and in the Terms and conditions section through the site.

You can find more details about our services and products by accessing our Terms and Conditions. When you purchase our applications, you agree to our Terms and Conditions and our Privacy Policy.

 

  1. Definitions
  • Personal data means any information regarding an identified or identifiable natural person (data subject);
  • The identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more physical, physiological, genetical, mental, economic, cultural or social identity-specific factors of that natural person,
  • Processing means any operation or set of operations that is performed on personal data or on personal data sets, whether or not they are by automated means, such as collection, registration, organization, structuring, storage, adaptation or modification, recovery, verification, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction,
  • Operator means the entity that determines the purposes and means of personal data processing;
  • The authorized person means the entity that processes personal data on behalf of the controller;
  1. General principles of personal data processing

Following  the legislation on the processing of personal data, VISIDOT SRL undertakes to act in compliance with the following principles:

  1. Legally, correctly and transparently process personal data 
  2. Collection of personal data for specific, explicit, and legitimate purposes.
  3. The proper processing of personal data and for the purpose of data processing.
  4. The data processing is correct and constantly updated.
  5. The storage of personal data will take place only for the time necessary to achieve the purpose for which the data were processed.
  6. The protection of personal data processed by VISIDOT  S.R.L is ensured.

 

  1. Legal grounds

Data protection legislation allows the collection and processing of data only if there is a legal ground for doing so. As mentioned above, VISIDOT  S.R.L processes personal data only in one of the following situations:

  • Legitimate interests: We may process information if the condition of the legitimate interest is respected and the legitimate interest of the data subject does not prevail
  • Consent: In some cases, we will ask you for specific permission to process some of your personal data and we will process it in this way only if you expressly agree us doing so. You can withdraw your consent at any time by contacting VISIDOT  S.R.L at the following email address: getintouch@visidotapp.com
  • Contract: A person is a part of a contract or has to go through some steps to conclude a contract, and to conclude or execute a contract it is necessary and agreed that the processing of personal data takes place for this contractual purpose.
  1. Storage period

VISIDOT  S.R.L processes your data only for the period allowed by the basis on which the processing operations are performed.

 

  1. The quality of personal data operator of the company VISIDOT  S.R.L

VISIDOT SRL collects personal data of employees, potential employees, customers, potential customers, business partners, suppliers, their representatives, users of the website and personal data provided by the contractual partners in order to execute the contracts between Visidot and them. When required by law, VISIDOT SRL duly informs the persons about what data will be collected, how it will be used and their rights in relation to the personal data processed.

In these situations, VISIDOT  S.R.L has the quality of operator or trustee within the meaning of the European Regulation 2016/679.

We only collect personal data provided voluntarily by clients or potential clients, business partners, employees, potential employees, collaborators, or online visitors of our website, to provide information, offer services, develop contractual relationships, promote our services and provide information about employment opportunities. In addition, we process personal data to provide services agreed with clients or comply with various legal obligations.

The categories of personal data that can be processed by VISIDOT  S.R.L are the following: personal identification data or contact data, such as name, e-mail address, telephone number, bank account, and professional field. The data are collected in relation to the reason why their processing is necessary and always taking into account the grounds provided by the legislation on the processing of these data.

  1. Processing activities related to the VISIDOT application in which the subscriber has the quality of the operator
  • Visitors of our offices

To ensure the security of our offices, we have installed security measures. We ask visitors to register at our reception, using the Visidot application, so that we can keep track of visitors for a short period of time.

  • Visitors of our website

We use small text files, called cookies, to make the user experience more efficient. Some cookies are required to run our website.

However, based on your consent, we may use other cookies such as:

  • Preference cookies: Preference cookies allow a website to remember information that changes the way the site behaves or looks, such as your preferred language or the region in which you are located.
  • Statistical cookies: Statistical cookies help site owners understand how visitors interact with websites by anonymously collecting and reporting information.
  • Marketing cookies: Marketing cookies are used to track visitors on websites. The intention is to display relevant and attractive ads for each user and therefore be more valuable to third-party publishers and advertisers.
  1. The quality of an authorized person of VISIDOT  S.R.L

By purchasing the VISIDOT application, our clients (application users) are operators, and VISIDOT  S.R.L is the authorized person. The authorized person processes the personal data of the data subjects on behalf of the operator.

The authorized person will process the following categories of data on behalf of the operator for the operator’s visitors:

  • Visidot HoReCa application: name, surname si, and phone number of the client’s operator 
  • Visidot Business application: name and surname, CI details the purpose of the visit, the person visiting

The Operator and the Authorized Person have the legal obligation to process any personal data following the principles established in this policy and in the applicable legislation regarding the processing of personal data, to minimize the processing of data and not to store any personal data more than necessary.

 

  • Operator’s rights and obligations

The operator is responsible for assessing the legitimacy of data processing in accordance with the personal data protection legislation.

The Operator will inform the Authorized Person without delay in case he/she notices any mistakes or irregularities regarding the processing of personal data.

The operator keeps the confidentiality of any type of exclusive commercial information of the authorized person, which is received due to purchasing the application. The operator is entitled to disclose the security measures taken to the data subjects and third parties without disclosing the authorized person’s commercial information.

  • Rights and obligations of the Authorized Person

The authorized person processes personal data following data protection legislation.

The authorized person will correct, delete or block access to the personal data at the operator’s instructions.

The authorized person will inform the controller if concluding that the controller’s instruction may violate the applicable data protection legislation.

Suppose the authorized person receives a request for information or any correction, deletion, blocking from the data subjects. In that case, he/she will transfer this request to the operator.

  • Rights of the data subjects

The operator is responsible for managing and answering the requests addressed by the data subjects.

The authorized person shall assist the operator through appropriate technical and organizational measures to the extent possible, in fulfilling the operator’s obligation to respect the rights of the data subjects and answer to the data subjects’ requests regarding their rights.

  • Subprocessors

The Operator acknowledges and agrees that the Authorized Person may employ third-party subprocessors in connection with the provision of services through the Authorized Person’s applications.

The current subprocessors are Firebase and Stripe.

The data will be stored in the Cloud Firebase system. Cloud Firebase services provide a high level of data security. All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 assessment processes, and some have completed the ISO 27017 and ISO 27018 certification processes.

The authorized person shall inform the controller of any intentional changes regarding the addition or replacement of subprocessors.

The authorized person shall promptly notify the operator if reasonably detecting or suspecting that a security incident involving unauthorized disclosure, unauthorized access, misuse, loss, theft, or accidental or unlawful personal data destruction has occurred.

In collaboration with the operator, the authorized person will take appropriate remedial measures as soon as possible. Furthermore, the authorized person shall provide the controller with all relevant information requested regarding such a data security incident. The authorized person shall document any personal data breach, including the facts relating to the personal data breach, its effects, and the remedial measures taken and shall make such documentation available to the operator at any time.

  1. Rights of the data subjects

The data subjects have the following rights:

  • Right to information: You can request information about VISIDOT  S.R.L data processing activities.
  • Right to rectification: You can rectify or correct inaccurate personal data.
  • Right to data deletion (“Right to be forgotten”): You can obtain the deletion of data if the processing of your personal data was illegal.
  • The right to restrict data processing: You can request the restriction of your personal data processing. You can also litigate the correctness of personal data, in accordance with the applicable law.
  • The right to data portability: You may, under certain conditions, receive your personal data in a format that can be read automatically or you can request the transmission of your personal data to another data processor.
  • Right of consent withdrawal: You can withdraw your consent regarding the processing of your personal data in cases where data processing is based on consent. 

The operator has the obligation to inform the data subjects of the rights they have regarding personal data processing and to inform them regarding the data processing policy.

  1. Security measures

VISIDOT  S.R.L undertakes to implement appropriate technical and organizational measures so that the processing meets the requirements of these conditions and ensures the protection of the data subject’s rights.

Our security measures consist of:

  1. Limiting access to personal data by providing strict access to the employees involved in fulfilling the purpose of the application and the website;
  2. Taking all possible measures to prevent the access of unauthorized persons to the data processing systems;
  3. Ensuring that the persons processing personal data have access only to the necessary data and that such data may not be copied, modified or deleted without authorization;
  4. Keeping a record of the persons who have access to personal data and of the way in which personal data are stored;
  5. Ensuring that personal data are processed strictly in accordance with applicable legal provisions.
  6. Ensuring the storage of data in conditions that guarantee security and confidentiality.
  1. Third parties

All third parties providing personal data to VISIDOT  S.R.L are responsible for ensuring that such person is aware of the information in this privacy statement and that the person has given his/her consent to the sharing and processing of the information.

VISIDOT  S.R.L may share personal data with third parties to comply with legal obligations (eg obligations related to tax and labor law) or fulfill contractual obligations (eg if we involve subcontractors/partners in providing our services).

In relation to third parties, VISIDOT  S.R.L is responsible for ensuring that third parties managing personal data on behalf of VISIDOT  S.R.L provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of these conditions and ensures the protection of the data subject’s rights.

  1. Special conditions regarding the processing of personal data in relation to the persons purchasing the VISIDOT application

Considering that VISIDOT  S.R.L makes the VISIDOT application available for its contractual partners and they will create a user account to use the application, a contractual relationship occurs between the parties. For clarity, we point out that these rules apply in the relationship between us and you, the beneficiary of the application’s services.  Any processing performed by your company is subject to the conditions established by your company and you are solely responsible for the processing. In addition to the above conditions, the following aspects are also applicable to the relationship between the parties:

  • From the perspective of (EU) Regulation, 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals following the processing of personal data and on the free movement of such data and, in accordance with national regulations, both VISIDOT  S.R.L and your company are personal data operators and responsible for the processing and protection of personal data. The Parties shall take all reasonable measures – technical, organizational and legal, to ensure that the personal data of data subjects are processed in a manner that adequately ensures their security and confidentiality.
  • For your company to benefit from the VISIDOT application’s services, VISIDOT  S.R.L will process the following personal data: name and surname of the contact person/employees of your company, telephone number, the e-mail address of the employees designated by you and as trustee the data completed by the visitors .Regarding the rights of the data subjects, they are the same as those set out in the previous section
  • The Parties have the following obligations:
    • Obligation to delete personal data without undue delay if the data are no longer necessary to fulfill the purpose they were processed or collected. The data subject withdraws his/her consent based on which the processing takes place. There is no other legal basis for processing; the data subject opposes the processing according to article 21 paragraph(1).and there are no legitimate reasons to prevail, regarding the processing, personal data have been processed illegally, personal data must be deleted in order to comply with a legal obligation incumbent on the operator, personal data have been collected in connection with the provision of services of the information society mentioned in article 8 paragraph (1).
    • The obligation to notify any rectification or deletion of data or restriction of data processing to each recipient to whom the personal data have been disclosed, unless it proves impossible or involves disproportionate efforts.
    • In case of occurrence/finding of a security incident, the Parties will order all legal measures to limit the consequences produced and will notify the competent national authority, as well as the affected person/persons, as the case may be.
    • The obligation to take any necessary steps in order to comply with the provisions established by Regulation 2016/679 on the protection of personal data.
    • The obligation to inform the other party of any request for disclosure of personal data from an authority in respect of which the law stipulates the obligation to disclose personal data.
  • The parties may use the other party’s personal data within the limits of the existing contractual relations, these being the legal grounds of the processing.
  • Regarding the storage period of the personal data processed, this period is limited to the period corresponding to the performance of services provided by the parties. An exceptional situation is represented by the hypothesis in which there is a legal obligation to keep the data for a period that exceeds the duration of the contractual relations between the parties.
  • The parties shall not allow access and shall not communicate the personal data to which they have access under the contract between the parties, to unauthorized third parties, except for the situations provided by law.

15.7. The parties undertake to take the following technical and organizational measures:

15.7.1. They shall limit the access to personal data strictly to the persons with attributions to execute the contract between the parties or provide the services requested by the parties.

15.7.2. They shall take all measures to prevent unauthorized persons from gaining access to data processing systems.

15.7.3. They shall ensure that the persons who process the personal data have access only to the data necessary to carry out the processing and that these data cannot be copied, modified, or deleted without authorization, during the processing use, and after storage.

15.7.4. They shall ensure that, in the case of an action for processing personal data, these are processed strictly according to the incident legal provisions to provide services by the parties.

  1. Duration

This policy takes effect throughout the contractual relationship between the parties. However, the parties are bound by law’s obligations and after the termination of the contractual relationship regarding the storage of personal data.

  1. Changes to this policy

VISIDOT  S.R.L expressly reserves the right to change this privacy policy. This policy was last updated on 27.08.2021.

  1. Requests and complaints

If you have any questions, requests or complaints about how we process data, you can contact us at getintouch@visidotapp.com

You can also submit a complaint to the Data Protection Authority at the following contact details:

Autoritatea Nationala de Supraveghere pentru prelucrarea datelor cu caracter personal

(National Supervisory Authority for the processing of personal data)

Address:
Bld. G-ral Gheorghe Magheru nr. 28-30, sector 1,

Cod postal 010336, Bucuresti, Romania

Email: anspdcp@dataprotection.ro,

Telefon: +40.318.059.211.