Privacy Policy
Effective date: 05.12.2023
ACCESA ("we," "us," or "our") is committed to protecting the privacy and security of your personal data, as well as your rights and freedoms of data subjects, according to the European General Data Protection Regulation (GDPR). The core principles of personal data processing: lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, confidentiality, integrity, and accountability, underlie our business activities.
Why Your Privacy Matters to Us We value your privacy and want you to feel confident when using our application. This Privacy Policy is here to help you understand how we collect, use, and protect your data.
Data Controllers | We are ACCESA, a group of companies including ACCESA IT SYSTEMS SRL and ACCESA CONSULTING SRL, collectively referred to as "ACCESA". In accordance with applicable data protection laws, we operate as joint controllers when processing your personal information. This means that we share responsibility for how your data is collected and used to provide our various services, including Cloud Solutions, Process Automation Platforms, and AI Custom Software Development Operations & Support. |
Contact Details | Head Office: Constanta 12, Platinia Office, 400158 Cluj-Napoca, Romania Phone: +47 22 83 39 50 Email: hello@accesa.eu Website: https://www.accesa.eu/ |
Contact Us | If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, please contact us to dpo@accesa.eu. |
1. Website Users
This chapter of the Privacy Policy applies to our Website Users.
1.1 What Information We Collect and How
1.2 Why We Use Your Information and How We Do It Legally
1.3 Third-Party Services and Tools
1.4 How Long We Keep Your Data
1.5 Automated Decision and Profiling
1.1 What Information We Collect and How
This Website collects some Personal Data from its Users. Users are responsible for any third-party Personal Data obtained, published, or shared through this Website and confirm that they have the third party's consent to provide the Data to us.
Data Collection
When you visit and use our website, we collect certain data to enhance your experience and provide you with the right content.
The data collection methods we use may include:
Voluntary Information: Data you share with us when you interact with our site, and you choose to share some personal info by filling out forms, subscribing to our newsletters, or engaging with our content.
Automatic Information: We collect data automatically during your visit, such as your IP address, browser type, device information, and website usage patterns. This data is obtained through cookies and similar technologies.
Categories of Personal Data Processed when you visit our website may include the following types of data, collected by ourselves or through third parties:
Technical Information | We collect device, browser, and internet connection details when you access our website. |
Website Usage | We track your actions on our site, like page visits, link clicks and other actions taken, to improve and personalise your experience. Usage data represents information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment. |
Cookies Data | We use cookies and similar technologies to collect info like your IP address, browser type, and how you browse. |
Contact Information and Subscription Data | If you contact us or subscribe to newsletters, we may collect your name, email, phone, city, company, and other info for inquiries, support, and updates. You can unsubscribe anytime. |
Opt-In Data | We might request permission for non-essential cookies, storing your preferences for personalised site use. |
Demographic Information | If you choose to provide it, we might collect info about your age, gender, location, or preferences. |
Geographic Position | With consent, we collect approximate locations (country and city) for location-based services and site enhancement. |
Other necessary data | Depending on interactions, we may process additional data like name, surname, user-generated content, feedback, usage data, service logs, activity history, performance metrics, feature usage statistics, contact details, incident reports, and more for service provisioning and support. |
Data from Third Party Services | We may use third-party tools and platforms like Google Analytics, Hotjar and Intercom for website enhancement, user behaviour analysis, and service improvement. These tools collect and process personal data, detailed in the "Third Party Services" section. |
We don't collect financial, social security numbers, or sensitive personal data on our site. We only gather what's necessary for the purposes outlined in our Privacy Policy. Data processing is based on consent, legitimate interests, and legal obligations.
Providing Personal Data
You're not obliged to provide personal data. Most data collection relies on voluntary sharing and consent. Some essential cookie data may be collected automatically for security during site visits. Using the site without providing certain data may limit personalisation, resulting in more generic content.
Managing Your Cookie Preferences
We respect your cookie preferences. Choose to accept or decline cookies; your settings are saved for future visits. Adjust settings through your device or browser anytime. Learn more in our Cookie Policy. Note that essential security cookies remain active.
1.2 Why We Use Your Information and How We Do It Legally
Here, we clarify why we process your data and the legal grounds. Knowing why your data is used empowers informed privacy decisions. We process your website’s collected data for these purposes, following legal standards. No online services are provided directly on our website, and we don't engage in significant automated decision-making or profiling based on website data.
Purpose | Details on the Purpose | Legal Base | Data Processed |
|---|---|---|---|
Website Security | We process data to protect the website, prevent unauthorised access, and stop fraud. | Legitimate Interest | IP addresses, device info, browser info, website usage data, clickstream data, and session info. |
Monitoring compliance with our Terms of Service | Ensuring service users' compliance with our Terms of Service, acceptable use policies, and any other contractual obligations. | Legitimate Interest | Website usage data, IP Addresses and Device Information, User-Generated Content, and Communication metadata. |
Responding to Inquiries Contact Form | We process data from website contact forms to respond to inquiries. | Legitimate Interest | Contact info (e.g., name, email, phone), user-submitted inquiries or support requests. |
Cookie Consent Recording | We request and record your consent for non-essential cookies and manage cookie preferences to comply with legal requirements. | Legal Obligation, Legitimate Interest | Recorded consent, cookie preferences, device and browser info, and IP address. |
Data Retention Execution | We process data to meet legal obligations, like record-keeping requirements, data retention and erasure requirements. | Legal Obligation | Erasure of data after the retention period. |
Responding to Legal Requests | Data is processed to respond to legal requests like court orders. | Legal Obligation | All personal data collected through our website. |
Website Analytics and Performance | Data is used for website analysis to enhance performance and user experience. | Legitimate Interest | Website usage data, clickstream data, session info, device info, browser info, anonymised data, and preferences. |
Research and Development | We process data to improve website features. | Consent | Website usage data, user feedback, and survey responses. |
Newsletter Subscription and Mailing List | With your consent, we send news about our services or upcoming events. | Consent | Contact info (e.g., name, email), city, company, usage data. |
Location-based Interactions | Geolocation data is collected with consent to enhance the website experience. | Consent | Geographic Position |
Customising User Experience | We personalise your website experience based on your preferences. | Consent | Website usage data, page views, clickstream data, session info, device info, browser info. |
User Feedback and Surveys | User insights are gathered through feedback and surveys with consent. | Consent | User-provided feedback, survey responses, and any shared personal data. |
Cookies and Tracking Technologies | Data about browsing activities, preferences, and interactions are collected through cookies and similar tech with consent (unless strictly necessary). | Consent (Unless strictly necessary) | IP address, device information, browser information, and website usage data. |
Personalised Marketing and Advertising | Data is collected for personalised marketing and targeted advertising with consent. | Consent | Cookies, IP address, device information, browser information, website usage data, demographic information, and visitor interactions. |
Conversion tracking and remarketing | Tracking actions and behaviour for remarketing or targeted advertising purposes. | Consent | Cookies, IP addresses, device information, browser information, website usage data, conversion data, and interaction data. |
Lead generation and marketing analytics | Generating leads, assessing marketing effectiveness, and measuring campaign performance. | Consent | Website form data, contact information, interaction data, marketing analytics data and demographic information. |
Displaying content from external platforms | This service allows viewing content from external platforms. | Consent | Web traffic data may be collected even when Users do not use it. |
Monitoring and auditing | Monitoring and auditing, internal or external audits, compliance assessments, and adherence to security standards. | Legitimate interest | Identifying info, documentation, audit logs, records, and compliance data. |
You have the right to withdraw your consent in certain situations, as outlined in the "Your Rights" section, should you ever wish to do so.
1.3 Third-Party Services and Tools
To enhance your experience, we use cookies and tracking technologies from trusted sources, including Google Analytics, Hotjar and Intercom. These cookies help us understand site usage and tailor content.
Our trusted partners assist us in managing these cookies.
Google Analytics and its related products is a web service provided by Google Ireland Limited ("Google") for users of Google services based in the European Economic Area. When using Google Analytics for users located in the European Economic Area (EEA), the data collected is typically stored within the European Union (EU) or the European Economic Area. By way of exception, data may be stored in servers located in the USA. For more information about Google Analytics' privacy practices, please review Google's Privacy Policy on the Google website: Privacy Policy – Privacy & Terms – Google
Hotjar is a web analytics tool provided by Hotjar LTD incorporated in Malta – EU (“Hotjar”) that helps us analyse how users interact with our website through heatmaps, session recordings, and surveys. Hotjar may collect certain information that is generally anonymised and aggregated. User and usage data that Hotjar collects through its software is stored in Ireland, European Union (EU) on the Amazon Web Services infrastructure, eu-west-1 data centers. For more information about Hotjar's privacy practices, please review their Privacy Policy page: Hotjar - Privacy Policy
Intercom, Inc is a messaging and customer engagement service provider located in California, USA. We use Intercom on our website to provide you with real-time communication and support. Intercom services and messenger domains are provided and hosted in the USA. Intercom is a participant entity to the EU-US Data Privacy Framework Participant Detail (dataprivacyframework.gov) To understand how Intercom handles your data and their privacy practices, please review: Privacy Policy | Intercom
For detailed information about these cookies and data handling, please check our Cookie Policy. Your privacy is important, and we want you to make informed choices while using our website.
1.4 How Long We Keep Your Data
We keep your data as long as we need to for legal reasons or as long as necessary to fulfil the purposes outlined in this Privacy Policy.
Technical Information | Up to 12 months |
Website Usage Data | Up to 12 months |
Cookies Data | Usually, until you finish browsing, or up to 12 months |
Contact Information, Subscription Data | For 3 years, so we can respond to and document your requests and to establish, defend and exercise our rights in court. |
Opt-In Data | Until you unsubscribe or ask us to remove it. |
Demographic Data | Up to 12 months if you provide it. |
Geographic Position | Up to 12 months, and you can change your settings anytime. |
Other Necessary Data | Up to 3 years, depending on what data is and why we collected it. |
Data collected through third-party tools | Up to 12 months or up to 3 years, so we can respond and document your requests and to establish, defend and exercise our rights in court. |
We may be required to retain certain personal data for a longer period to comply with legal and regulatory obligations, resolve disputes, and enforce our rights. During the retention period, we will take appropriate technical and organisational measures to ensure the security and confidentiality of your personal data. Once the retention period expires, we will securely delete or anonymise your personal data.
1.5 Automated Decision and Profiling
Automated Decision-Making: We do not engage in automated decision-making processes that produce significant legal effects or similarly significant consequences for individuals based solely on automated processing.
Profiling enhances your experience by tailoring content to your interests and behaviour. It helps us provide you with relevant information and optimise our services. You have the option to manage your preferences for personalised advertising and content; more details can be found in our "Your Rights" section.
We may use profiling techniques in the following contexts:
Personalisation User Experience to customise your website experience based on your preferences and past interactions. This allows us to provide you with content and features that are most relevant to you.
Personalised Advertising and Marketing Communication involves analysing your data to deliver targeted ads and marketing messages that align with your interests and behaviour.
Website Analytics and Performance to track user behaviour, such as page views and clickstream data, to understand how users interact with the site.
Cookies and Tracking Technologies are used to collect data for personalised experiences and site improvements.
Security Profiling based on activities, access logs, and compliance to maintain security and integrity.
In summary, the profiling activities described above are implemented with the intention of enhancing your user experience and improving website performance. If you have any questions or concerns about our profiling practices, please don't hesitate to contact us using the information provided in our "Contact Us" section.
2. Email Comunication
This chapter pertains to all email exchanges with us.
2.1 What Information We Collect and How
2.2 Why We Use Your Information and How We Do It Legally
2.3 Third-Party Services and Tools
2.4 How Long We Keep Your Data
2.5 Automated Decision and Profiling
2.1 What Information We Collect and How
We gather personal data to facilitate secure and efficient email exchanges. If you share data about others, you must confirm their consent.
We collect data through Direct Collection and include Personal Data you provide during email exchanges, including names, contact details, professional information, and email content.
What categories of data are processed?
Data processed during email exchanges may vary based on the interaction and shared information and may include the following categories of data:
Identification Information | Your name, contact details (like phone and mailing addresses), and any other personal information shared during email exchanges, like employee IDs, and usernames. |
Professional Information | Job titles, company names, industry affiliations, professional qualifications, and business contact information. |
Communication Data | The content of emails exchanged, including text, attachments, documents, images, and any other information shared during our correspondence. |
Communication Metadata Logs and IT Usage Data | To investigate and document incidents, check phishing emails, and maintain security, we may collect logs and other IT usage data related to email communications. This data may include timestamps, email addresses, and subject lines related to our email communications, server logs, IP addresses, device information, email delivery logs, metadata related to email exchanges, and information for security monitoring and incident response. |
Financial and Transaction Data (if relevant) | Billing information, financial transaction records, payment details, bank account and invoices related to professional agreements, order histories, and details of products or services discussed during email exchanges. |
Other necessary data | Depending on your interactions, we might process additional personal data, such as information related to our professional agreements, project details, event information, or contractual terms and any other data relevant to our professional relationship. |
Providing Personal Data for Email Communication
Usually, you initiate email communication, providing data voluntarily. While not obligatory, omitting certain data may affect communication effectiveness and our ability to assist. We handle data in compliance with privacy laws.
2.2 Why We Use Your Information and How We Do It Legally
We use your data during email exchanges for various purposes, outlined with legal bases and data categories:
Purpose | Details on the Purpose | Legal Base |
|---|---|---|
Email Communication | To facilitate email communication and correspondence between you and our company. To communicate with you efficiently and effectively through email for business-related matters. | Contract execution Steps to enter a contract Legitimate interest |
Regulatory Compliance | To comply with legal obligations, including record-keeping, regulatory requirements, and responding to legal requests. | Legal obligation |
Responding to Inquiries | To respond to inquiries, questions, or requests made via email. | Contract execution Steps to enter a contract Legitimate interest |
Newsletters and Updates | To send newsletters, updates, or promotional materials related to our services or products. | Consent |
Customising User Experiences | To personalise and improve your user experience based on your email interactions. | Legitimate interest |
Research and Development Business Analytics and Reporting | We use aggregated data for business analytics, reporting, and performance assessment for research and development purposes to enhance our services and activity and to monitor our business operations. | Legitimate interest |
Fraud Prevention, Incident Investigation, Security Monitoring | We may process email, IT usage data and logs to prevent fraud and investigate/document incidents, unauthorised access, phishing, and security breaches. | Legal obligations Legitimate interest |
Dispute Resolution | To facilitate resolution, investigations, or legal proceedings in the event of disputes arising from our cooperation. To establish, exercise, or defend our legal rights. | Legitimate interest |
Complaints Resolution, Data Subjects Requests | To address and resolve complaints or concerns raised by you or third parties regarding our services, processes, or treatment of personal data and to respond to data subjects’ requests. To document and respond to complaints and data subjects’ requests and/or To establish, exercise, or defend our legal rights. | Legal obligations Legitimate interest |
Improving Services, Business Development | To monitor the quality of our services, identify areas for improvement, enhance the overall user experience, identify potential business opportunities, collaborations, or partnerships. | Legitimate interest |
Internal/External Audit, Compliance Monitoring | To conduct internal and external audits and ongoing compliance monitoring to ensure that our organisation adheres to regulatory requirements, policies, and internal standards. | Legal Obligation and/or Legitimate Interests |
Risk Management and Control Activities | To assess, manage, and control risks related to data security, privacy, and compliance. Ensuring proper risk management, sustainability, and compliance of our operations. | Legitimate interest |
Please note that the specific purposes and legal bases for processing may vary depending on the circumstances and your interactions with us. We process data fairly and lawfully, respecting your privacy rights.
2.3 Third-Party Services and Tools
We may utilise various third-party tools and services to optimise our email exchange process, ensuring efficient communication and security. These tools may have access to email content or metadata to provide their services. We carefully select and work with trusted third-party providers who comply with data protection standards and confidentiality requirements.
2.4 How Long We Keep Your Data
We retain data for email communication, mainly up to 3 years after email exchange completion for legal and dispute resolution purposes. Retention periods may vary based on the specific purposes and regulations. We comply with legal obligations and prioritise data security. You have rights over your data; details in "Your Rights" section.
2.5 Automated Decision and Profiling
Our primary focus is on data collection for email communication, security, and analytics, and we do not engage in any automated decision-making processes that could impact your rights and freedoms.
Profiling may occur for Security Risk Profiling to safeguard email exchange security. We process data to identify potential security threats, ensuring email communication safety. Profiling adheres to data protection laws, and you can object to it.
The processing helps us proactively respond to security incidents, investigate security breaches, and maintain the confidentiality and integrity of email communications.
The logic is to provide a safer, more transparent, and efficient environment to engage in professional relationships. The significance lies in improved security. The envisaged consequences are generally positive and aim to enhance the overall experience and outcomes for our communication.
If you have any concerns or questions about automated decision-making or profiling in our company, please do not hesitate to contact us using the contact details provided in the "Contact Us" section of this Privacy Policy.
3. B2B Clients and Business Partners
This Privacy Policy applies generally to all our B2B Clients and Business Partners, including External Partners, Vendors, Suppliers, External Advisors and generally any third party involved in a business relationship with Us.
The categories of data subjects may include legal representatives, directors, proxies, and employees or other individuals assigned to manage our business relationships.
3.1 What Information We Collect and How
3.2 Why We Use Your Information and How We Do It Legally
3.3 Third-Party Services and Tools
3.4 How Long We Keep Your Data
3.5 Automated Decision and Profiling
3.1 What Information We Collect and How
How is data collected?
We collect data for professional interactions and collaborations, prioritising security. When you are sharing data about others, please ensure third-party consent for sharing such data with us.
Direct Collection includes information you provide, like data directly shared by you during business relationships and professional interactions, such as your name, contact details, professional information, and other relevant documents or information.
Indirect Collection from Publicly Available Sources. We may collect publicly available information about you from sources like professional social media profiles, business websites, or public registers, if such information is relevant to our business relationship management.
What categories of data are processed?
During our interactions, we process diverse personal data categories aligned with our purposes. Specific data may vary but adheres to data protection laws.
Below are presented the main categories of personal data we may process:
Identification Data | Name, surname and other identification information shared during the business relationship and relevant for our cooperation. |
Business Data | Job titles, company names, industry affiliations, professional qualifications, and business contact information. |
Communication Records | Records of email correspondences, meeting minutes, call logs, and other communication-related data exchanged during our professional interactions. Records of email correspondences, meeting minutes, call logs, and other communication-related data exchanged during our professional interactions. |
Legal Information | Data from legally binding documents, such as service agreements and other relevant legal documents. |
Financial Data | Billing information, financial transaction records, including bank account details, credit ratings, payment terms, financial transactions, billing history, invoices related to professional agreements, order histories, and details of products or services and other financial data relevant to our collaborations. |
Due Diligence Data | Information related to the counterparty risk assessment, considering factors such as financial stability, reputation, and compliance history. This may also include data related to the assessment of potential conflicts of interest between our company and its Business Partners. |
Regulatory Data | Data related to regulatory requirements, certifications, licenses, permits, accreditations, and industry-specific qualifications obtained by our Business Partners. |
Intellectual Property Data | Information about intellectual property rights and agreements between you and our company, such as patents, trademarks, or copyrights. |
Performance Data | Data related to the performance and service quality, including service level agreements, performance evaluations, and feedback. |
Representatives’ Data | Data of assigned employees or legal representatives, such as names, job titles, contact details, and other relevant information for business relationship management. |
Insurance Data | Information about the insurance coverage and liability agreements. |
Marketing Preferences | Preferences for marketing communications, feedback, survey results, and other marketing-related data shared during our interactions. |
Dispute Records | Information related to any legal disputes or complaints that may arise during our cooperation. |
Audit and Compliance Data | Data related to audits, assessments, or inspections conducted by / or related to our cooperation. |
Access Rights and Permissions Data | Data about the access rights and permissions granted to our Business Partners for different systems, applications, and IT resources within our company. |
Technical Data | Technical information, such as system and application access logs, IP addresses, and the usage of corporate digital resources relevant to our collaborations. |
IT Data | Information about the hardware and software relevant for IT support purposes. |
Device Data | Data about the devices used to access our application, such as laptops, smartphones, or tablets. |
Metadata Logs and IT Usage Data | We collect metadata and IT usage data across our application, which is important for investigating incidents, verifying communications, and maintaining security. This data includes timestamps, user identifiers, system activity records, access logs, IP addresses, device details, application usage logs, server logs, cloud environment data, and metadata related to interactions. It helps in monitoring security and responding to incidents in our application and IT infrastructure. |
Other Relevant Data | Depending on your interactions, we might process additional personal data, such as information related to our professional agreements, project details, event information, or contractual terms and any other data relevant to our professional relationship. |
Sensitive Data | By exception, in the context of our relationships with our Business Partners, sensitive data is only processed in specific situations, which include the Due Diligence process, where we may collect and process sensitive data related to criminal convictions, fraudulent activities, or politically exposed person (PEP) status (if such information is disclosed in the public official lists) as part of our Due Diligence procedures to ensure compliance with regulatory requirements and mitigate potential risks associated with individuals or entities. It's important to note that the processing of sensitive data is carried out with the utmost care and in strict compliance with applicable data protection laws. Our primary aim is to safeguard the rights and freedoms of individuals while fulfilling our legal obligations and maintaining the highest ethical standards in our professional relationships. |
Obligation to Provide Personal Data
Certain data is required to enable the execution of business agreements, counterparty risk assessment, compliance checks, and cooperation. Not providing it may limit opportunities and impact the partnership.
3.2 Why We Use Your Information and How We Do It Legally
This section outlines our purposes, legal bases, and processed data during our business cooperation.
Purpose | Details on the Purpose | Legal Base |
|---|---|---|
Managing Business Relationships | Establish and maintain business relations and contractual activities. Managing contracts, including negotiations, drafting agreements, and executing contracts, as well as administering contract-related obligations, amendments, and terminations. Monitoring and enforcing compliance with contractual terms, service level agreements, and other obligations under the agreement. | Contract Execution Steps to enter a contract Legitimate Interest |
Managing B2B and Business Partners' accounts | Maintaining clients' and business partners' records, managing account details, and ensuring accurate billing and invoicing. | Contract Execution Steps to enter a contract Legitimate Interest |
Providing and delivering services | Fulfil contractual obligations and deliver the agreed-upon services. | Contract Execution |
Billing and Payments | Process financial transactions, billing, payments, and related financial activities. | Contract Execution Legal Obligation |
Facilitating Communication | Facilitate communication and correspondence for business purposes. Sending important updates, notifications, and service-related communications. Establishing channels for effective communication and information exchange between the parties involved for the execution of the service agreements. | Contract Execution Steps to enter a contract Legitimate Interest |
Recording and documenting interactions | Keeping records of communication, agreements, and any changes or modifications to the terms of the agreement. | Contract Execution Steps to enter a contract Legitimate interest. |
Responding Your Inquiries | Addressing your inquiries and requests for information and providing support. | Contract Execution Steps to enter a contract Legitimate Interest |
Newsletters and Updates | Send updates, newsletters, or promotional materials. | Consent |
Personalising services | Customising the services and experiences based on the specific preferences and needs of the clients. | Contract Execution Legitimate Interest |
Improving User Experiences | Improve user experience with our applications and services. | Legitimate Interest |
Regulatory Compliance | Comply with legal obligations, including record-keeping, regulatory requirements, and responding to legal requests. | Legal Obligation |
Financial reporting, Tax & Accounting | Fulfil legal obligations to comply with: (i) financial reporting requirements, such as generating financial statements, conducting audits, and ensuring compliance with accounting standards; (ii) tax obligations, including calculating and reporting taxes, providing tax-related documentation, and responding to tax authorities' inquiries; (iii) financial and accounting obligations, such as invoicing, payment processing, managing accounts payable and receivables. | Legal Obligation |
Due Diligence and Risk Assessment | Execute the counterparty due diligence process and assess related risks, including identification of potential conflicts of interest between our company and Business Partners to ensure transparency and ethical conduct. | Legal Obligation Legitimate Interest |
Checking Regulatory Requirements | Verify certifications, licenses, and industry qualifications. | Legal Obligation |
Intellectual Property Rights Management | Manage intellectual property rights and agreements, such as patents, trademarks, or copyrights. Establish, exercise, or defend our legal rights. | Contract Execution Legitimate Interest |
Service Performance Evaluation | Evaluate the performance and service quality, including service level agreements and feedback. | Legitimate Interest. |
Marketing and Surveys | Manage marketing preferences, feedback, survey results, and other marketing-related data shared during our interactions. | Consent |
Dispute Resolution | Facilitate dispute resolution, investigations, or legal proceedings and address any legal claims or issues that may arise during the agreement. Establish, exercise, or defend our legal rights. | Legitimate Interest |
Complaints Resolution, Data Subjects Requests | Address and resolve complaints or concerns regarding our services, processes, or treatment of personal data and respond to data subjects’ requests. Document and respond to complaints and data subjects’ requests. Establish, exercise, or defend our legal rights. | Legal Obligation Legitimate Interest |
Fraud Prevention, Incident Investigations, Security Monitoring | Prevent fraud and investigate/document incidents, unauthorised access, phishing, and security breaches. Protect our business and maintain information security. | Legal Obligation Legitimate Interest |
Research and Development | Use aggregated data for research and development to improve our offerings and activity, | Legitimate Interest |
Business Analytics, Business Reporting | Business analytics, reporting, and performance assessment. Monitoring and improving our business operations. | Legitimate Interest |
Improving Services Business Development | Monitor service quality, identify improvement areas, explore opportunities, and pursue business growth and development. | Legitimate Interest |
Internal /External Audit, Compliance Monitoring | Conduct internal / external audits and ongoing compliance monitoring to ensure adherence to regulatory requirements and standards. | Legal Obligation Legitimate Interest |
Risk Management, Control Activities | Assess, manage, and control risks related to data security, privacy, and compliance. Ensuring sustainability and compliance of our operations. | Legitimate Interest |
Data Sharing for Business Insights | Sharing aggregated and anonymised business insights and trends with clients, partners, or industry associations for research, benchmarking, or collaboration purposes on an international level. | Legitimate Interest |
Participation in Events | We may seek your consent to participate in specific events, workshops, or conferences. | Consent |
Use of Photo or Video for Marketing Campaigns | With your explicit consent, we may use your photo or video content for marketing campaigns. This may include featuring your image or video in promotional materials, advertisements, social media posts, website content, or other marketing channels. Your consent will be sought prior to using your photo or video, and you have the right to withdraw your consent at any time. | Consent |
Testimonials and Case Studies | We may request your consent to use your name, logo, or testimonials for marketing and promotional purposes. | Consent |
Social Media Engagement | With your consent, we may engage with you through social media platforms or feature your content in our company's social media channels. | Consent |
Sharing with Third Parties | We may share your personal data with specific third parties for collaborative projects, partnerships, or marketing initiatives. | Consent |
Partnership Opportunities | We may assess potential partnership opportunities, collaborations, or joint ventures based on the personal data you provide. | Consent |
Specific purposes and legal bases may vary based on interactions. We ensure data processing aligns with data protection laws and respects privacy rights.
3.3 Third-Party Services and Tools
While managing our relationships, we use various third-party tools and services to streamline operations, improve communication, and ensure secure information exchange. These tools and services are designed to streamline processes, improve business operations, service delivery, communication, and support the secure exchange of information.
Our suite of third-party tools and services may encompass a diverse array of functionalities and solutions, including Client Relationship Management Systems (CRMs), cloud solutions, email platforms, and other similar tools. These technologies enable us to collaborate efficiently while upholding data security standards.
The use of these third-party tools and services may require the sharing of certain categories of personal data related to our Business Partners. The types of data shared may vary depending on the specific tool or service in use but can include information necessary for our professional collaborations.
We carefully select and work with trusted third-party providers who comply with data protection standards and confidentiality requirements. Please note that our use of third-party tools is always aimed at enhancing the quality and security of our activity and operations.
3.4 How Long We Keep Your Data
We retain your data as long as needed for the execution and management of our contractual relationship and up to five (5) years after the contractual relationship is closed or for a longer period if other legal deadlines apply. We always ensure compliance with relevant legal obligations and adjust our retention periods accordingly to meet these requirements. Our primary goal is to maintain data for as long as necessary to fulfil the purposes outlined in this Privacy Policy and to meet any legal obligations. The time we keep it might change based on things like:
Type of Data - Some data needs to be kept longer than others.
The purposes for which we process your personal data.
Legal and regulatory requirements. Sometimes, the law says we must keep data for specific periods.
Our business needs and operational requirements affect how long we keep data.
During the retention period, we will take appropriate technical and organisational measures to ensure the security and confidentiality of your personal data. Once the retention period expires, we will securely delete or anonymise your personal data in accordance with applicable laws and regulations.
3.5 Automated Decision and Profiling
Automated Decision-Making: We do not engage in automated decision-making processes with legal or similar consequences for individuals.
We may use Profiling Techniques in the following contexts:
Security Risk Profiling where we analyse data like access logs, IP addresses, and device data to identify security threats, ensuring the safety of our application and IT systems.
Risk Assessment and Due Diligence Profiling which helps assess and manage counterparty risks.
Performance Profiling to evaluate our performance and service, using metrics and feedback.
Preferences Profiling involves tailoring interactions and communications based on your expressed preferences for a more personalised experience.
These profiling activities aim to create a safer, more transparent, and efficient environment for our professional relationships. They lead to improved security, compliance, efficiency, and personalised interactions. Rest assured, all profiling aligns with data protection laws, and you can object to it if needed. For any concerns or questions, please contact us using the details provided in the "Contact Us" section of this Privacy Policy.
4. Who We Share Your Data With
At times, it's necessary for us to share your personal data with others to fulfil our legal and contractual obligations and to pursue our legitimate interests. We may share the data with our affiliates, subsidiaries, or service providers to facilitate our business activity. We take measures to ensure the security and confidentiality of your data when shared.
The following are examples of possible categories of recipients of your data:
Service Providers | These are companies that assist us in managing our business activity, including technical support, hosting, cloud solutions, security and risk management tools, software applications, data analysis, and IT services. When we disclose the personal data to the aforementioned processors, we remain the controller and responsible for the lawfulness of the processing. These partners are contractually bound to comply with our data privacy and security requirements, ensuring the protection of your personal information. They are authorised to access personal data solely for the purposes we specify, contributing to the efficiency and security of our services. |
Professional Advisors | We might work with lawyers, accountants, auditors, or consultants who could access your data while providing their services. |
Legal and Regulatory Authorities | Occasionally, legal obligations may require us to share email data with law enforcement, regulators, or government authorities. |
Business Transfers | If we undergo a merger, asset sale, or significant organisational change, your data may be transferred to the new entity or owners. |
Third-Party Tools and Platforms | We use various third-party tools and platforms to enhance our processes. These tools may process your data on our behalf. |
Other Authorised Recipients | There might be other authorised recipients we have to share data with, depending on specific situations and laws. Employees of the company also have access to personal data. Employees have access to personal data only if this is necessary for the purposes described above. Employees are bound by an obligation of professional secrecy. |
5. International Data Transfers
We may need to transfer your data to countries outside the European Economic Area (EEA) or places with different data protection rules. We take steps to protect your data, including:
Adequacy Decisions If the European Commission says a country has good data protection, we can send data there without extra safeguards, including EU-US Data Privacy
EU-US Data Privacy Framework The European Commission has approved data transfers from the European Economic Area (EEA) to the United States under the EU-US Data Privacy Framework. Under this framework, your personal data may be transferred to participating U.S. companies without the need for additional safeguards.
Standard Contractual Clauses We might use these approved contracts to ensure your data is safe when it goes outside the EEA.
The information about the transfers can be obtained through the “Contact Us” section in this Privacy Policy.
6. How We Protect Your Data
While performing our business activity, we process the personal data in both printed and electronic form. We are dedicated to ensuring the security of your personal data. We employ a range of technical and organisational measures to maintain the integrity and confidentiality of your personal information, protecting it from unauthorised access, disclosure, loss, alteration, or destruction.
Organisational Safeguards | We have put in place various organisational measures, including policies, procedures, and guidelines that govern data protection practices across our organisation. We regularly assess data processing activities to identify and mitigate risks to your privacy, ensuring a balanced approach. |
Data Encryption | We use encryption techniques to safeguard your personal data during transmission and storage, rendering it impervious to unauthorised access or interception. |
Access Controls | Strict access controls are firmly in place to guarantee that only authorised personnel have access to your personal data. Access privileges are granted on a need-to-know basis and are routinely reviewed and updated. |
Data Minimisation | We only collect and process personal data that is necessary for the purposes outlined in this Privacy Policy. The data collected is limited to what is necessary and relevant. |
Privacy from the Start | We integrate data protection into our processes from the very beginning, using privacy-enhancing technologies and practices to uphold the highest standards of data protection and privacy. |
Employee Training | We make sure our team knows how to keep your data safe through training. |
Incident Response | In the unlikely event of a data breach or security incident, we have procedures in place to respond, investigate, and mitigate the impact promptly. We will notify you and the relevant authorities as required by applicable regulations. |
Regular Assessments | We conduct regular assessments and audits of our data protection and security measures to identify and address any vulnerabilities or risks related to personal data. This helps us maintain the effectiveness of our security controls and ensure ongoing data protection. |
Other | Other security measures required to manage the confidentiality, availability, and integrity of the data, aligned with the technology development. |
While we implement these technical and organisational measures, we are committed to continuously improving our security practices and adapting to evolving threats to safeguard your personal data. If you have any concerns about the security of your personal data or if you suspect any unauthorised access or disclosure, please contact us immediately using the contact details provided in the "Contact Us" section.
7. Your Rights
We are committed to transparency and ensuring that your data subject rights are accessible and cost-free:
Right to withdraw your consent | You can withdraw your consent for the processing of your Personal Data at any time. |
Right to be informed | You have the right to be informed about how your Personal Data is collected and processed. This includes knowing the purposes, who is processing your data, and how long it will be kept. |
Right to object to processing | When we process your Personal Data based on public or legitimate interest, you can object to it. You have the right to object to direct marketing at any time. |
Right to access your data | You can find out if we process your Personal Data, get details about the processing, and a copy of your Personal Data. |
Right to rectify your data | You have the right to ensure that your Personal Data is accurate and to request corrections if necessary. |
Right to restrict the processing of your data | You have the right, under certain circumstances, to restrict the processing of your Personal Data. In this case, we will not process the Personal Data for any purpose other than storing it. |
Right to have your data erased or otherwise removed | You have the right, under certain circumstances, to obtain the erasure of your Personal Data. |
Right to portability of Your data | You can receive your Personal Data in a structured, machine-readable format and, if possible, have it sent to another controller. This right applies when your Personal Data is processed automatically, based on your consent, a contract, or pre-contractual obligations. |
Right not to be subject to profiling and automated decision-making | You have the right not to be subjected to solely automated decision-making processes, including profiling, that significantly affect you. This means that important decisions, such as those related to your rights, benefits, or legal matters, should not be made solely by automated systems without human intervention. This right safeguards against unfair or discriminatory automated decisions. |
Right to lodge a complaint | You have the right to bring a claim before the Romanian Supervisory Authority (National Authority for the Supervision of Personal Data Processing - https://www.dataprotection.ro/) or directly to the court. |
Limitations or Exceptions to Data Subject Rights:
While we respect your rights, legal or legitimate reasons may prevent us from fulfilling some requests. For instance, if it conflicts with our legal obligations or others' rights. We'll explain why we can't fulfil your request.
Withdrawing Your Consent
You can withdraw your consent at any time. To do so:
Opt-Out: For non-essential cookies, adjust your settings in your device or browser. Essential cookies for security will still be active.
Unsubscribe: If you receive our newsletters or marketing communications, unsubscribe via the provided link.
Consent withdrawal may affect your experience:
If you withdraw consent for non-essential cookies, some website features and personalised content may not be available to you. This may affect your overall user experience on our website.
If you unsubscribe from our newsletter, you will no longer receive our news or updates about our services.
Withdrawing consent does not affect the lawfulness of any processing that occurred before your withdrawal. We are committed to respecting your choices and privacy preferences.
To request any action regarding your rights, contact us by email at dpo@accesa.eu or by postal mail to our head office.
Your request must be made in writing, and ensure that the company is able to verify your identity as the data subject. If necessary, we may ask you to prove your identity. Our Data Protection Officer (DPO) will assist you and respond as soon as possible, not later than three months.
8. Privacy Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our privacy practices or legal obligations. We will post the revised version on our website and update the "Effective Date" at the top of this policy. We encourage you to check our Privacy Policy periodically for the latest information on our privacy practices.
We are committed to keeping you informed about our data practices and any updates to our privacy policy. You can access the history of previous versions of this privacy policy by visiting the "Privacy Policy History" section on our website. This section provides a record of all previous versions, allowing you to review any changes made over time.
9. Key Legal and Technical Terms Used in the Privacy Policy
Here are several definitions for the key terms and legal notions used in our Privacy Policy to ensure clarity. These definitions aim to help you better understand the terminology used in this Privacy Policy.
If you have any further questions or need clarification on any terms or provisions, please don't hesitate to contact us. Your understanding of your data rights and our practices is essential to us.
Personal Data | Any information about you, such as your name or other identifying information that can directly or indirectly identify you. |
Data Controller | As the Data Controller, we determine how and why data is processed, and we ensure data protection compliance. Additionally, when we act as a Data Processor on behalf of our B2B clients, they become the Data Controllers, and we assist them in managing and processing the personal data of their enrolled users according to their instructions and in compliance with applicable data protection laws and regulations. |
Data Processor | Assists us as a Data Controller in managing and taking care of your personal data. They follow our instructions and make sure your data is securely processed. Additionally, when we act as a Data Processor on behalf of our B2B clients, we assist them in managing and processing the personal data of their enrolled users according to their instructions and in compliance with applicable data protection laws and regulations. |
Data Processing Agreement | A legally binding contract that outlines the terms and conditions under which we, as the data processor, handle and process personal data on behalf of our B2B clients, who act as the data controller. |
Data Processed | The specific personal data we collect, use, or otherwise process according to this Privacy Policy. |
Data Processing | The actions performed on personal data, including but not limited to collection, storage, organisation, alteration, use, disclosure, or erasure. |
Data Protection Officer (DPO) | Our appointed person responsible for overseeing data protection compliance within our company, acting as a point of contact for personal data-related inquiries. |
Data Subject | An individual whose personal data is being processed. This term often refers to you, our Website User, Client, and User. |
Data Subject Rights | Your legal rights regarding your personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. |
Consent | Your voluntary and informed agreement for us to process your data for specific purposes, obtained through clear and transparent means. |
Opt-In/Opt-Out | The act of choosing to agree (opt-in) or disagree (opt-out) with specific data processing activities, such as subscribing or unsubscribing to our newsletters, or for cookies and tracking technologies. |
Cookies | Small pieces of data stored on your device to enhance your web browsing experience, including tracking preferences and user behaviour for various purposes. |
Geographic Position | Information about the approximate location of a user, such as their country and city, often collected with user consent for location-based services. |
Purposes | Specific and transparent reasons for processing personal data, outlined in this Privacy Policy or provided to you when obtaining your consent. |
Legal Basis | The lawful justification for processing personal data, ensuring that processing aligns with applicable data protection laws. |
Legal Obligation | Processing personal data due to applicable laws, regulations, or legal obligations. |
Legitimate Interests | One of the legal bases for processing personal data indicating that we have valid reasons for data processing that don't compromise your rights or interests. |
International Data Transfers | The process of sharing data across borders outside the Economic European Area ("EEA"), which may require specific safeguards to ensure data protection. |
Adequacy Decisions | Official approvals indicating that certain countries outside the EEA provide an adequate level of data protection, allowing for data transfers without additional safeguards. |
Standard Contractual Clauses | Legally binding agreements established to ensure data protection when personal data is transferred outside the EEA to entities that may not have equivalent data protection laws. |
Retention of Your Data | Storing or using your data for specific periods during which we store or use your data for specific purposes, in compliance with legal and regulatory requirements. |
Profiling | Automated data processing for the purpose of analysing and predicting behaviour, preferences, or interests, often used to personalise user experiences, perform risk assessments, or for analytics. |
Automated Decision-Making | Decisions made solely by machines or automated systems, without human intervention, which may impact individuals' rights and freedoms. |
Due Diligence | The process of conducting research and assessments to evaluate the suitability and credibility of potential business partners, ensuring they align with our business objectives and standards. |
Security Measures | Proactive actions and safeguards taken to protect your data from unauthorised access, disclosure, alteration, loss, or destruction. |
Access Controls | Mechanisms and policies in place to manage and control who has access to specific data, limiting access to authorised individuals. |
Data Minimisation | The practice of collecting only the data that is necessary for the specified purposes of processing, minimising the amount of personal data collected. |
Data Encryption | The process of converting data into code or cipher to protect its confidentiality and integrity during transmission and storage. |
Privacy by Design and Default | Making privacy a priority during its processing. An approach that incorporates data protection and privacy considerations into the design and operation of systems and processes by default. |