1.1. This document is created on the basis and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.
1.2. This document applies to you, in your quality of user of Apiary Book mobile apps and/or website (the “Platform”).
2. Who is collecting your personal data?
2.1. Your personal data is collected by Apiary Software SRL, a Romanian Company, headquartered in Str. Nicolae Titulescu Nr 33, Ploiesti, Prahova having registration number J29/1129/2018 and sole registration number 39425767, represented by Bogdan Iordache who is entitled to provide and sell the Service (the right to use the Platform) in the conditions stipulated under the Terms of Service.
3. What data is being collected?
3.1. We collect the following personal data, made available by you under the Platform: Name, email, telephone, address, social link, company name, invoicing information, biography, your activity under the Platform. The data is collected with the purpose to provide you the Service.
3.2. The minimum following data is mandatory to be provided in order to create your Account: name and email, unless we will not be able to provide the Service to you.
3.3. We also collect the following personal data, on marketing purposes: name and email. We will collect such data based on your consent. You can withdraw you consent, anytime.
4. What is the legal basis for processing the data? How will the information be used?
4.1. We will process the data mentioned under clause 3.1. based on GDPR Regulation article 6 para. 1, letter b and with the exclusive purpose of providing you the Service (the right to access and use the Platform).
4.2. We will process the data required for invoicing based on GDPR Regulation article 6 para. 1 letter c, taking into consideration that we have a legal obligation to store your invoicing data for accounting reasons;
4.3. We will process the data mentioned under clause 3.2. based on GDPR Regulation article 6 para. 1, letter a, on marketing purposes. Therefore, based on your consent, we might send you from time to time marketing emails to promote our Service. Also, from time to time we will target you in our social media marketing campaigns.
5. Will the data be shared with any third parties?
5.1. We will not share your data with third parties unless: we will have such a legal obligation; we will have your consent; it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law. We may also share your data with our service providers.
6. How long will the data be stored for?
6.1. We will store the data mentioned under clause 3.1. as long as we will provide you Services in accordance with the Terms and Conditions, namely as long as you have an Account on the Platform. For the avoidance of any doubt, you are allowed to delete any data attached to your Account, except name and email (taking into consideration that we cannot keep your user account active without this information). If you delete any data attached to your Account, such data will be deleted from all our evidences, unless we must keep such data based on other legal grounds.
6.2. We will store your invoicing information for the period required by the applicable laws.
6.3. We will store the data mentioned under clause 3.3. as long as we have your consent regarding the data processing on marketing purposes, but no more than 5 years. Therefore, we will delete your data: a) when you withdraw your consent; and/or b) at the expiration of 5 years’s period. Please be advised that we decided to store you information for a period up to 5 years (unless you withdraw your consent earlier), having into consideration that during the time we might develop some functions or services related to the Platform, that you might want to use. Therefore, we want to be able to announce you each time we develop a new function and/or a new service that might be fit to you.
6.4. We will delete your data at the end of the storage period.
7. Where do we store the data?
7.1. The data is stored in cloud, in European Union.
8. What security measures we have implemented?
8.1. In order to protect your data, we have implemented security measures in accordance with the applicable laws and the best industry practices. We will protect your data for any security incidents, but we cannot guarantee that such incidents cannot occur.
8.2. In case of personal data breach which is likely to result in a high risk to your rights and freedoms we will communicate the personal data breach to you, without undue delay.
9. What rights do you have?
9.1. According to GDPR Regulation, you have the right to:
• information about the processing of your personal data;
• obtain access to the personal data held about you;
• ask for incorrect, inaccurate or incomplete personal data to be corrected;
• request that personal data be erased when it’s no longer needed or if processing it is unlawful;
• object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
• request the restriction of the processing of your personal data in specific cases;
• receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.
9.2. To exercise your rights, please contact us by email: firstname.lastname@example.org . We will try to respond to your request as fast as we can, but no later than 1 month since we receive your request.
9.3. We might ask you to provide information to confirm your identity (such as, clicking a verification link, entering a username or password, id copies or others) in order to be able to respond to your request.
10. Do we use automated individual decision-making, including profiling?
10.1. No, you will not be subject to any decision based solely on automated processing, including profiling.
11.1. A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard drive. Cookies are required to use the the Service.
12. How can you raise a complaint?
12.1. According to GDPR Regulation, you have the right to lodge a complaint with a supervisory authority. Usually you will lodge a complaint with the supervisory authority headquartered in your country or in the data controller’s country (Romania). Please find the Data Protection Authorities contact information here: https://edpb.europa.eu/about-edpb/board/members_en
13. How can you contact us?
13.1. For any question or request regarding your data, please contact us at the following email address: email@example.com.
This document is effective starting with: 25 Feb 2020.