RebelDot Solutions SRL (hereinafter referred to as “RebelDot”) is committed to protect individual privacy and personal data. On May 25, 2018 European Regulation 2016/679 (hereinafter referred to as GDPR) on data protection and privacy for all individuals within the European Union and the European Economic Area entered into force.
- Visidot and visidotapp.com
RebelDot Solutions SRL has developed an application called Visidot. In order to promote the application, RebelDot Solutions SRL has also created a website: visidotapp.com.
The purpose of the website is to promote the application. The website displays information about how the application works and why it is useful to companies. Also, through the website, anyone interested can purchase the application mentioned above.
In accordance with the GDPR, our company is committed to act in respect with the following principles:
- The processing of personal data legally, fairly, and transparently for the person concerned.
- The collection personal data for determined, explicit and legitimate purposes.
- The processing of personal data appropriately and for the purpose of the data processing.
- The data processing is accurate and constantly updated.
- The storage of personal data will only take place for the duration necessary to achieve the purpose for which the data has been processed.
- The protection of personal data processed by RebelDot is ensured.
- The categories of processed data
RebelDot collects personal data of our employees, potential employees, clients, potential clients, business partners, suppliers and website users. When required by the law, RebelDot gives individuals appropriate notice of which data will be collected and how it will be used.
We collect only the personal data that is voluntarily provided by clients or potential clients, business partners, employees, potential employees, collaborators or online visitors of our web site so that we can offer information, provide services, carry out contractual relationships, promote our services, and offer information about employment opportunities. In addition, we need to receive certain personal data in order to be able to render the services agreed upon with clients or to comply with different legal obligations.
The categories of personal data that may be processed by RebelDot are the following: identification or contact personal data such as name, email address, telephone number and their professional field.
- Processing activities. Visitors
In order to ensure the security of our offices, we have installed security measures. We require visitors to sign in at our front desk, by using the application Visidot, so we can keep a record of visitors for a short period of time.
We use small text files, called cookies, in order to make a user’s experience more efficient. Some cookies are necessary to run our website.
However, based on your consent, we might use other cookies like:
- Preference cookies: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Statistic cookies: Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
- Legal ground
The data protection legislation only allows collecting and processing data, if there is a legal ground to do so. As mentioned above, RebelDot only processes personal data if one of the following in the following situations:
- Legitimate interests: we might process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, as long as it doesn’t outweigh your interests.
- Your consent: in some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting RebelDot at the following e-mail address: email@example.com
- Contractual necessity: A natural person or data subject is a party in a contract or has to take steps in order to enter a contract, at his or her request, and in order to enter in a contract or perform a contract, it is needed and agreed that personal data processing happens within this contractual scope
- Third parties
All third parties that provide RebelDot with personal data are responsible ensuring that such person is made aware of the information contained in this privacy statement and that the person has given them the consent for sharing the information.
RebelDot might share personal data with third parties in order comply with legal obligations (e.g. obligations regarding tax and labour law) or to fulfill contractual obligations (e.g. if in providing our services we involve subcontractors/business partners.
In relationship with third parties RebelDot is responsible to make sure that third parties handling personal data on behalf of RebelDot are providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
- Retention period
RebelDot only processes your data until the legal ground on which your data was collected subsists.
- Data subject rights
- Right to Information: You can request information on RebelDot’s data processing activities.
- Right to Rectification: You can rectify or correct inaccurate personal data.
- Right to Delete Data (the “Right to be Forgotten”): You can obtain data deletion, if the processing of your personal data was unlawful.
- Right to Restrict Data Processing: You may request the restriction of the processing of your personal data. You can also contest the accuracy of the personal data, in accordance with applicable law.
- Right to Data Portability: You can receive, under certain conditions, your personal data in a format that can be automatically read, or you can request that your personal data be transmitted to another data processor.
- Right of Withdrawal of Consent: You can withdraw your consent to the processing of your personal data, in cases where the processing of personal data is based on consent.
- Security measures
RebelDot is committed to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
Our security measures consist in:
- Limiting access to personal data strictly to employees that are involved in fulfilling the purpose of the application and the website;
- Taking all possible measures to prevent unauthorized persons in gaining access to data processing systems;
- Ensuring that persons processing personal data have access only to the data necessary data and that these data cannot be copied, modified or deleted without authorization;
- Keeping a record of people who have access to personal data and the way personal data is stored;
- Ensuring that personal data is being processed strictly in accordance with the applicable legal provisions.
- Ensuring that data is being stored under conditions that guarantee safety and confidentiality.
- Changes to this policy
- Requests and complaints
If you have any question, request or complaint regarding the way we process data, you can contact us at firstname.lastname@example.org
You may also lodge a complaint with the local Data Protection Authority at the following contact details:
The National Supervisory Authority for Personal Data Processing
28-30 G-ral Gheorghe Magheru Bld., District 1,
Post Code 010336, Bucharest, Romania
Telephone number: +40.318.059.211
VISIDOT AND DATA PROTECTION
This document regulates the measures taken in order to protect personal data. As a result of purchasing VISIDOT, our clients are Controllers and RebelDot Solutions is the Processor. The Processor shall process Personal Data on behalf of the Controller.
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘Controller’ means the entity which determines the purposes and means of the processing of personal data;
- ‘Processor’ means the entity which processes personal data on behalf of the Controller;
The following data categories will be collected, processed and used by the Processor on behalf of the Controller for visitors of the Controller:
- Visidot for Restaurants: first and last name and phone number
- Visidot for Companies: first and last name, ID details, purpose of the visit, company they are coming from and person they are visiting. ….
The Controller and the Processor commit to process any Personal Data in accordance with the principles set out in this document, as well as to minimize repetitions of data (data minimization), and not to keep any Personal Data longer than necessary for the purpose.
- Rights and Obligations of Controller
The Controller is responsible for the assessment of the legitimacy of the data processing in accordance with Data Protection Legislation.
The Controller shall inform the Processor without delay should he notice any mistakes or irregularities with respect to the Processing of Personal Data.
The Controller shall keep confidential any and all kind of proprietary business information of the Processor which is received as a result of purchasing the application. The Controller is entitled to disclose the security measures taken to Data Subjects and third parties, without disclosing proprietary business information of the Processor.
- Rights and Obligations of the Processor
The Processor shall process the Personal Data in accordance the Data Protection Legislation.
The Processor shall correct, delete or block the access to the Personal Data on instruction of the Controller.
The Processor shall inform the Controller if he comes to the conclusion that an instruction of the Controller may violate applicable Data Protection Legislation.
If the Processor receives a request for information or for any correction, deletion, blocking from the Data Subjects, he shall transfer such request to the Controller
The Processor shall promptly inform the Controller in the event of substantial disruption of the Services or of infringements of relevant Data Protection Legislation.
The Controller is primarily responsible for handling and responding to requests made by Data Subjects.
The Processor shall assist the Controller, especially through appropriate technical and organizational measures, insofar as this is possible, with the fulfilment of the Controller’s obligation to comply with the rights of the Data Subjects and respond to Data Subjects’ requests relating to their rights.
The Controller acknowledges and agrees that the Processor may engage third-party subprocessors in connection with the provision of the Services/Products.
The current subprocessors are: Firebase and Stripe.
Data will be stored in Firebase’s Cloud system. Firebase’s Cloud services offer a great degree of data security. All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process.
The Processor shall inform the Controller of any intended changes concerning the addition or replacement of subprocessors.
Processor shall promptly notify Controller if it detects or reasonably suspects that a security incident has occurred which involves unauthorized disclosure, unauthorized access, misuse, loss, theft or accidental or unlawful destruction of Personal Data. Processor shall, in collaboration with the Controller, take adequate remedial measures as soon as possible. Furthermore, Processor shall promptly provide Controller with all relevant information as requested by Controller regarding such a data security incident. Processor shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken, and make such documentation available to the Controller at any time.