DECLARATION REGARDING THE PROCESSING OF PERSONAL DATA 

INOBOX EVOLUTION SRL, based in Copaceni street no. 46, Sector 3, Bucharest – Romania, as the operator, wishes to inform you about the processing of your personal data in the context of the operation related to the provision of the services of  INOBOX EVOLUTION SRL to clients, for the purposes specified below.

 The contact details of the data protection officer are INOBOX EVOLUTION SRL with headquarters based in Copaceni street no. 46, Sector 3, Bucharest – Romania.

 By the nature and procedures of the services/products provided by INOBOX EVOLUTION SRL (“products” or “INOBOX EVOLUTION SRL services”), their users (“Clients” or “Users”) transmit certain personal data used to ensure the supply and development according to legal provisions and own procedures, in optimal conditions and in the safety of the services.

 Protecting the personal data of INOBOX EVOLUTION SRL customers and keeping them safe is one of the important concerns of INOBOX EVOLUTION SRL and the agents, partners, subcontractors involved in the provision of services.

 Personal data are processed in compliance with the provisions of European Regulation no. 679/2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“the Regulation”).

 Please read the entire Privacy Policy before entering any data on this Site to understand our policies and practices regarding personal information and how we treat it. If you do not agree with this Privacy Policy, it must be said that you may not be able to use some of the functionalities of this Site.

By providing us with your personal data, you agree to the terms and conditions of this Privacy Policy.

 This Privacy Policy Statement reflects the privacy policy applied to all users of the services/products of INOBOX EVOLUTION SRL so that they are informed and can decide in good faith on how their personal data that is collected through the use of the service will be used , as well as the rights they have.

 

PERSONAL DATA

Personal data means both non-personal data and personal data – information relating to an identified or identifiable natural person. An identifiable person is that person who can be identified, directly or indirectly, in particular by reference to an identification element, including, but not limited to:

(i) name, surname, address, e-mail, telephone ( e.g. landline, mobile, fax), billing address;

(ii) financial information (eg income, etc.);

(iii) various information required or requested by authorities specific to the provision of services/products;

(iv) information resulting from video/audio monitoring if the Client visits one of the locations where the services/products of INOBOX EVOLUTION SRL are provided or contacts the support services;

(v) signature;

(vi) any other information that derives from these following the processing carried out by INOBOX EVOLUTION SRL (e.g., customer segmentation according to different criteria, the unique identifier generated at the level of INOBOX EVOLUTION SRL for each individual customer, information specific to the services/products offered by INOBOX EVOLUTION SRL, etc.) and any other information that is necessary for the development of INOBOX EVOLUTION SRL’s activities;

(vii) IP or the activities performed when you browse our website or use the applications/services of INOBOX EVOLUTION SRL).

(viii) In the case of logging in with Facebook, the public data, as entered by the user (as applicable: name, surname, date of birth, e-mail address, telephone number) from the Facebook account.

 MINORS PERSONS

People under the age of 18. as such, we do not knowingly process Personal Data of minors under the age of 18. If you are under 18 years of age and have accessed our page, please do not register on the Site, do not send us any information about yourself and contact your parents/guardians. If we become aware that we have collected, without the consent of the legal representative required by law, Personal Data belonging to a minor under the age of 18 we will delete that information, unless we have a legal obligation not to delete that data, in which case we will act according to the legal obligation. If you believe that we may hold information from or about a minor under the age of 18 please contact us at the above dates.

 The processing of personal data means any operation or set of operations performed on personal data, by automatic or non-automatic means, such as collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, disclosure to third parties by transmission, dissemination or in any other way, joining or combining, blocking, archiving, deleting, destroying, etc.

INFORMATION DATA COLLECTION

Information is collected in the process of offering services/products to users or potential users. The main sources of information are:

  1. the forms used to provide the services, data provided when using the websites or applications of INOBOX EVOLUTION SRL, other means of communication, questionnaires that the users or potential users of the services accept (without being obliged to accept) to complete, at our request, other documents that users or potential users make available to us at our request;
  2. the transactions that take place between INOBOX EVOLUTION SRL and its agents/partners and between them and the users of the service;
  3. external sources – for the fulfillment of specific obligations (competent institutions, public registers, electronic databases, information available in social media as well as on the Internet, or qualified third parties, holders of such information, such as, but not limited to to the following: the National Office of the Trade Registry, the portal of Romanian courts administered by the Ministry of Justice, other personal data providers, etc.).

We collect the following data:

Inobox.ro collects personal data from its users in three ways:

–        directly from the user;

–        traffic data, from the user’s browser;

–        through cookies.

A.Personal data collected directly.

A1. When you access Inobox.ro, we may ask for your name, surname and/or email address, as well as other data necessary for contact in order to offer our services.

         If you do not provide us with this data, we will be unable to contact you.

A2. When you access the assistance services, we may ask you for an email address or phone number. We reserve the right to record any communication made for the assistance services of the Inobox.ro services in order to improve our services. We will inform you before starting the communication that it could be recorded.

These data are used, for example, for the purpose of contacting you to solve your request. We may also request other data that may constitute personal data only to the extent that they are necessary for these purposes.

A3. Also, when you subscribe to our newsletter, please give us an email address to personalize the communication with you. For this service we use the specialized application for this type of service. 

These data are kept until the consent is revoked or until your activity it shows us that you are no longer interested in our communication.

  1. Traffic Data

When you visit a website, regardless of the device used, you reveal certain information about you, such as your IP address, the time of your visit, the place from where you entered our sites, the pages visited. Inobox.ro, like other operators, records this information for a certain period of time. Inobox.ro uses external traffic analysis services, such as Google Analytics.

These data are used exclusively by Inobox.ro to improve our website and services, but also to ensure the security of our website:

– data provided voluntarily by visitors when accessing the contact form;

– browsing data (IPs), which are automatically recorded when a user visits the site and are used for the purpose of collecting anonymous statistical information about the use of the site, so that you can observe the correct operation in full security;

– cookies – per session and fixed

The purpose of collecting your data is exclusively to respond efficiently and promptly to your request, as well as to be able to contact you in the situation where they are unclear about your requirements. 

PURPOSES OF PERSONAL DATA PROCESSING

The purposes for which INOBOX EVOLUTION SRL processes personal data are: 

  1. the purpose of collecting personal data is the sale of products and services on Inobox.ro (with all related activities such as order processing, delivery, payment, invoicing, etc.), customer relations services and marketing activities for the customer’s own needs Inobox.ro;
  2. identification of users / potential users through means of communication (e.g. telephone, e-mail, post, internet, fixed or mobile applications that the Client accesses in order to use the services provided);
  3. identification of users/potential users in order to fulfill the legal obligations incumbent on INOBOX EVOLUTION SRL to provide services;
  4. monitoring operations and running services and providing support services for users / potential users;
  5. creating or analyzing profiles to improve services and carry out surveys as well as to carry out any other types of service promotion and/or carrying out general marketing or advertising activities;
  6. analyzing the behavior of any person who accesses the INOBOX EVOLUTION SRL websites, through the use of cookies, with the aim of providing content (general and commercial) adapted to the user’s preferences;
  7. performing internal analyzes (including statistical analyses) both regarding the services and regarding the portfolio of users/potential users, for the provision, improvement and development of services, as well as conducting market studies and analyzes regarding the specific field;
  8. solving any procedural and/or legal situations related to the provision of services or the interest of the company;
  9. archiving in both physical and electronic format of documents related to the provision of services and/or correspondence with users / potential users;
  10. reporting to state institutions according to the legal regulations applicable to INOBOX EVOLUTION SRL (eg: regulatory authorities and legal authorities). 

GROUNDS FOR PERSONAL DATA PROCESSING

INOBOX EVOLUTION SRL processes personal data for the purposes mentioned above, based on the following grounds:

  1. Consent (art. 6 (1) of the GDPR) for data used for contacting people and marketing for website visitors (eg newsletter subscription, marketing cookies, etc.);
  2. The legitimate interest (art. 6 (1) f GDPR for data used for marketing for current clients/contacts (according to art. law 506/2004 art. 12 (2)) of Inobox.ro, the security of the Inobox.ro own website (consideration 49 GDPR) and the data used internally to optimize the Inobox.ro website (also anonymized or pseudonymized, as the case may be).

 

WHAT ARE THE CONSEQUENCES IN CASE OF REFUSAL OF PERSONAL DATA PROCESING?

The processing of personal data requested from users/potential users by INOBOX EVOLUTION SRL in order to provide services is considered strictly necessary for the provision of services according to the legal provisions and procedures of INOBOX EVOLUTION SRL. The refusal to provide such data makes it impossible for us to provide the services. The user can choose not to process his data for direct marketing purposes. 

RECIPIENTS OF PERSONAL DATA

In order to fulfill the purposes mentioned above, the company can transmit Customer data, where strictly necessary, to the following categories of third parties:

  • regulatory authorities and legal authorities
  •     contractual partners (e.g., agents of the company, auditors, consultants, etc.), some also having the capacity of persons authorized by the operator with the processing of personal data.

These contractual partners also carry out their commercial activity in Romania, and your personal data can be provided to them to be used within the limits of the obligations they have assumed towards the company. The personal data that we divulge to the persons empowered by us with their processing are limited to the minimum amount of personal data necessary to perform the respective services and, at the same time, we ask them not to use the personal data for any other purpose.

We make every effort to ensure that all the entities we work with store your personal data in safe and secure conditions. Also, some of them are also operators who carry out their commercial activity in Romania as well, such as providers of payment services as agents.

Some of them are third parties that do not have the role of processing personal data, but may have access to them in order to fulfill their obligations or in their interaction with the company, such as technical maintenance companies, financial auditors or service providers legal services.

The personal data mentioned above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with components in control activities regarding the company’s services, activities or assets, which request the company to provide information, based on the company’s legal obligations; (ii) to fulfill a legal requirement, including those related to the provision of services, or to protect the rights and assets of our company or other entities or persons, such as courts of law; (iii) acquiring third parties, to the extent that the company’s activity would be (totally or partially) transferred, and the personal data of the persons concerned would be part of the assets representing the object of the transaction. Also, for the processing purpose regulated above, we can provide your personal data to the companies that are part of the INOBOX EVOLUTION SRL group, companies that will be subject to the company’s instructions regarding the processing of your personal data. For more information visit: https://inobox.ro 

TRANSFER OF PERSONAL DATA OUTSIDE THE COUNTRY

In the context of the operations described above, Clients’ personal data may be transferred outside the country to countries in the European Union (“EU”) or the European Economic Area (“EEA”). Thus, we hereby inform the Clients that any transfer carried out by the company to an EU or EEA member state will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR”).

DURATION OF PROCESSING

We will store the personal data of the Customers only for the period of time necessary to achieve the purposes of the processing, as mentioned above, and in compliance with the legal regulations in force, including, but not limited to, the provisions on archiving.

WHAT HAPPENS TO USERS’ PERSONAL DATA AFTER THE PROCESSING STOPS

After the time when the processing period mentioned above expires and the company no longer has legal reasons or a legitimate interest regarding the processing of your personal data, the personal data will be deleted in accordance with company procedures, which may involve archiving, anonymization, destruction. 

AUTOMATED DECISION-MAKING PROCESS AND CREATION OF PROFILES

The personal data mentioned herein may be subject to automated decision-making processes, including the creation/deletion of profiles. 

SECURITY OF PERSONAL DATA PROCESSING

The company constantly evaluates and improves the security measures implemented in order to ensure a safe and secure processing of personal data.

Measures taken to ensure the security of personal data:

  1. Users who have access to the database of personal information, can access the database only with their own account name and password. All users are obliged to maintain the confidentiality of the data to which they have access, and at the end of each session in the database they will close the session;
  2. Users access personal data only to fulfill their job duties;
  3. Any collection and/or modification of personal data by users are permanently recorded (user, date, time and type of modification are recorded); all logins and logouts of all users to the database are also recorded;
  4. the printing of personal data is carried out only by authorized users for this operation and only for purposes required by the laws in force (invoices, notices accompanying the goods, commercial contracts).

The company headquarters is equipped with an alarm system, and personal data are stored electronically in secure, password-protected files. Information on paper is kept in special files, to which only the company’s employees have access, to whom the obligation of confidentiality rests.

THE RIGHTS OF THE DATA SUBJECT REGARDING THE PROCESSING OF PERSONAL DATA

In the context of the processing of personal data of users / potential users, the data subject has the following rights:

  1. The right to information – art. 13 and 14 GDPR. It allows the concerned persons to know, right from the moment when the collection is made, how those data will be used, to whom they will be disclosed or transferred, what rights the concerned persons have regarding the processed data, etc.;
  2. The right of access to processed personal data – art. 15 GDPR. It allows the person to obtain, from INOBOX EVOLUTION SRL, a confirmation that personal data concerning him or her is being processed or not and, if so, access to the respective data and other useful information;
  3. The right to rectify or delete data – art. 17 GDPR. It allows the person to obtain from INOBOX EVOLUTION SRL the deletion/rectification of personal data concerning him, without unjustified delays. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; the data are processed for statistical or archiving purposes; the data are processed to fulfill a legal obligation or are processed to establish or defend a right in court;
  4. The right to request the restriction of processing – 18 GDPR: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period that allows the operator to verify the accuracy of the personal data; (ii) the processing is illegal, but you do not want us to delete your personal data, but to restrict the use of this data; (iii) if the data operator no longer needs your personal data for the purposes mentioned above, but you need the data to establish, exercise or defend a right in court; or (iv) you objected to the processing, for the period of time in which we can check whether the legitimate grounds of the data operator prevail over the rights of the data subject;
  5. The right to data portability – 20 GDPR. It represents the right to receive the personal data you have provided to INOBOX EVOLUTION SRL in a structured, currently used and automatically readable form, as well as the right to transfer said data to another operator, in if the processing is based on your consent or the execution of a contract and is carried out by automatic means;
  6. The right to withdraw your consent for processing, when the processing is based on consent, without affecting the legality of the processing carried out until that moment;
  7. The right to object to the processing of personal data – art 21 GDPR – for reasons related to your particular situation, when the processing is based on legitimate interest, as well as to object, at any time, to the processing data for direct marketing purposes, including creating profiles;
  8. The right not to be the subject of a decision based exclusively on automated processing, including the creation of profiles, which produces legal effects that concern the data subject or similarly affect him to a significant extent;
  9. The right to file a complaint with the National Supervisory Authority for the Processing of Personal Data (ANSPDCP – Romania) and the right to address the competent courts.

 

The data protection policy is based on the following data protection principles:

  •     The processing of personal data will be done in a legal, fair and transparent manner;
  •     The collection of personal data will only be done for specified, explicit and legitimate purposes and the data will not be further processed in a manner incompatible with those purposes;
  •     The collection of personal data will be adequate, relevant and limited to the information necessary for the purpose of processing;
  •     Personal data will be correct, and where necessary, updated;
  •     All necessary steps will be taken to ensure that incorrect data is deleted or corrected without delay;
  •     The personal data will be kept in a form that allows the identification of the person concerned and for a period no longer than that in which the personal data are processed;
  •     All personal data will be kept confidential and stored in a manner that ensures the necessary security;
  •     Personal data will not be distributed to third parties unless it is necessary for the purpose of providing services according to the agreements;
  •     The persons concerned have the right to request access to personal data, their rectification and deletion, objection or restriction from data processing as well as from the right of data portability. 

CHANGES TO THIS STATEMENT REGARDING THE PROCESSING OF PERSONAL DATA

INOBOX EVOLUTION SRL reserves the right to modify this Statement – Privacy Policy without prior notice, in accordance with the legislation in force. To the extent that this Declaration will undergo changes, INOBOX EVOLUTION SRL will publish an updated version on the website. Please review the Declaration – Privacy Policy from time to time, either on the INOBOX EVOLUTION SRL website, or in the locations where the services are available, in order to be aware of its latest version. 

The exercise of the rights mentioned above can be done at any time. In order to exercise these rights, we recommend that you send us a notification in electronic format at the following address: contact@inobox.ro.