DATA PROCESSING POLICY

by https://www.cv-expertcontabil.ro/etoro/ (”Website”)

Through this data processing policy, we inform you that CV EXPERT CONTABIL SERVICES SRL having CIF RO36399965, e-mail office@cv-expertcontabil.ro, as a service provider (“Provider“), in partnership with eToro (Europe) Ltd., with registration number HE 200585, processes the personal data of the Users (as defined by the notion in T&C), for the purpose of providing the Services that are the subject of the Contract (as defined by the notion in T&C).

Policy Content

  1. Data processing in partnership with eToro.
  2. Data processing for the purpose of providing the Services
  3. Personal data
  4. Storage of personal data
  5. The legal basis of the processing
  6. Deletion of personal data
  7. Data processing in case of accessing the Services
  8. Unsolicited documents and information.
  9. Rights regarding personal data
  10. Additional Information.

1. Data processing in partnership with eToro

As members of the eToro Platform, Users benefit from preferential rates for the Provider’s Services. For this purpose, the Provider periodically transmits to the company that manages the eToro Platform the following personal data of its Users:

  1. last name,
  2. first name,
  3. username in the eToro platform,
  4. the level of the member according to the framing performed by eToro.

We do this to monitor the results of cooperation with eToro and we have taken all technical and organisational measures for the secure communication of your data.

Both the Provider and eToro have decided to grant each, separately, to the data subjects all the rights regarding the personal data provided by the applicable law.

2. Data processing for the purpose of providing the Services

The personal data that we collect through the Questionnaire on the Site we use to fulfil a legal obligation that will fall to you, as a result of your option to benefit from our services.

The personal data that we collect directly from the persons concerned in order to facilitate the payment of the price of the Services, are processed through the payment facilitator NETOPIA FINANCIAL SERVICES SRL – Bucharest headquarters, Bd. Dimitrie Pompei, no. 9-9A, IRIDE BUSINESS PARK, Building no. 24, 4th floor, Room 4A, 2nd district, registered at the Bucharest Trade Register Office under no. J40 / 12763/2020, Registration Code (CUI) no. 43131360, bank account RO49UGBI0000102032105RON.

3. Personal data

Any information related to an identified or identifiable physical person is given personally. It is considered an identifiable person if the identification can be made directly or indirectly, in particular by reference to an identification element, such as name, surname, identification number, location data, an online identifier or one or more specific elements, proper to his physical, physiological, genetic, mental, economic, cultural or social identity. Information that cannot be associated with your identity (such as the number of views of the Site or other statistical data) is not personal data.

In principle, you can consult our Services without disclosing personal data. However, the use of the Questionnaire involves the disclosure of personal data.

We generally collect personal data directly from data subjects. If your personal data has been provided to us by a third party or has reached us by mistake, you have at your disposal all the remedies provided by law for this purpose, to delete the data.

4. Storage of personal data

Your data is stored by our means, on specially protected servers. The data is protected by the technical and organisational measures we have taken to prevent unauthorised loss, destruction, access, modification and dissemination. Access to your data is only allowed to a limited number of authorised persons. Authorised persons are responsible for the technical, commercial or operational management of the servers and the Activity.

Your data that is transmitted over the internet is encrypted. We use SSL (Eng. Secure Socket Layer) certificate for data transmission.

5. The legal basis of the processing

If we obtain your consent for the processing of personal data, Article 6 para. (1) lit. a) of the GDPR serves as the legal basis for our processing.

If we process personal data because we are required to perform a contract or in a quasi-contractual framework (eg to send you the filled Unique Income Statement, according to your needs), then Article 6 para. (1) lit. b) of the GDPR serves us as a legal basis for data processing.

If we process personal data for the fulfilment of an obligation that does not belong to us, according to the law, then article 6 par. (1) lit. c) of the GDPR serves us as the legal basis for such processing.

Article 6 para. (1) point f) may serve us as a legal basis, if the processing of personal data is necessary to serve a legitimate interest of the Provider or a third party, only to the extent that your fundamental interests, rights and freedoms are not affected.

Through this Data Processing Policy, we will present to you exactly what is our legal basis for each of the categories of personal data processed.

6. Deletion of personal data

We generally delete personal data if it has been processed for a single purpose, which has been achieved. However, certain personal data may be subject to storage obligations for certain periods of time, in accordance with applicable legal provisions. The provider deletes or blocks the access to personal data, in safe conditions, until the fulfilment of the respective time periods.

7. Data processing in case of accessing the Services

At each access to our Services, we collect the following data regarding the device used for access: the device used, the IP address, the web browser used and the date and time of access. We collect information about the Service you choose, the version of the web browser, the operating system and the internet service provider. We also track the sites from which you were redirected to our Site.

We use such processing in support of our legitimate interest, to allow us to display those pages accessed, in a manner compatible with the device you use to access. Among other things, we process this data in order to detect certain errors, to quantify the interest generated by certain Services and to proceed with the adaptation or improvement of the Services. This purpose is justified by our legitimate interest, legally based on Article 6 para. (1) f) of the GDPR.

The IP address is only kept during the session and is deleted or encrypted at the end of the session. All data processed for this purpose are kept for limited periods of time.

8. Unsolicited documents and information

The provider may receive documents or information that it has not expressly or tacitly requested from the data subjects, for various purposes that are not part of our activity or that are adjacent to our activity. We reserve the right not to comply with requests that exceed the services that we promote and / or market or that we mediate. If we choose not to comply with such a request or, if a possible effort on our part were manifestly unfounded, the personal data that will come into our possession at the initiative of the data subject, without being requested by us, will be deleted from all storage media and an information regarding the resolution not to comply with the request and regarding the deletion of the respective data, will be sent to the data subject.

However, the Provider may process personal data or even special categories of personal data, at the request of the data subject and as a result of the data subject’s initiative, in direct connection with one of our Services, in order to fulfil an objective of the data subject. To this end, the Provider will ensure technical and organisational measures appropriate to the level of security imposed by the categories of data processed.

Personal data or special categories of personal data will be kept in our records for different periods of time, as appropriate:

  1. for the time necessary to resolve the request received from the data subject or
  2. for the time necessary to fulfil the steps involved in the objectives of the data subject that were disclosed to us on the date on which the respective personal data are entrusted to us and may be transmitted safely to third parties – Contractors of the Provider – who may be in the measure to solve the request received from the data subject.

In no case, the storage period of the respective data, regardless of the storage medium, will not exceed three (3) months from the date on which the respective data were entrusted to us.

The personal data that we have not requested, but that the Provider decides to use to satisfy an interest of the data subject, will be, depending on the storage medium, deleted from our records or destroyed, as follows:

  1. immediately upon receipt, if the request received from the data subject, in connection with which the respective personal data have been disclosed to us, is clearly unfounded;
  2. as soon as the request of the data subject has been resolved;
  3. within a maximum of three (3) months if the steps initiated at the request of the data subject could not achieve their purpose.

9. Rights regarding personal data

According to the GDPR, data subjects have several rights. If you wish to exercise any of these rights or to obtain additional information regarding the processing of personal data, please contact us. The main rights of data subjects are the following:

  1. The right to be informed means that you are informed about the purpose, means and duration of the processing performed by us on your personal data. Through this Policy, we appreciate that we have informed the data subjects about the processing performed. If you do not consider yourself fully informed by the publication of this policy and the information provided, we invite you to exercise one of the rights below;
  2. The right of access means that you have the right to obtain access to personal data processed by us and in connection with the purpose, means and duration of processing;
  3. The right to rectify the data allows you to intervene, under the conditions of Article 16 of the GDPR whenever your personal data processed by us are incorrect or incomplete;
  4. The right to restrict processing will allow you, under the conditions provided for in Article 18 of the GDPR, to request us to restrict processing to certain personal data concerning you;
  5. The right to oppose the processing will give you the possibility to oppose the processing, whenever the processing of your personal data by us is done having as the only legal basis for the processing of those data, your consent;
  6. The right to data porting can be exercised only in connection with personal data processed by automatic means and allows you to receive data processed by us in a structured format, currently used and which can be read automatically;
  7. The right to delete data may be exercised within the limits described by Article 17 of the GDPR and allows you to request us, under certain conditions, to delete personal data concerning you.

10. Additional Information

We are obliged to respond to any of your requests regarding the exercise of a right, within 30 days from the date of receiving the complete request. If you have not received a response from us within this period, you have the right to contact the National Authority for the Supervision of Personal Data Processing:

www.dataprotection.ro

B-dul. G-ral. Gheorghe Magheru no. 28-30, 1st district, postal code 010336, Bucharest, Romania,

e-mail: anspdcp[at]dataprotection.ro

fax: +40318.059.602.

We reserve the right to change, when we deem it appropriate or required by law, our data protection practices and to update and amend our Data Processing Policy at any time. This Data Processing Policy is updated on the date it appears at the top of the document.

0