Privacy Policy

This informational note describes why and how we process personal data and provides information about your rights when the company acts as a Personal Data Controller.

Personal data means any information about a person that identifies the person or can lead to their identification.

Our policy is to collect necessary personal data for purposes determined by the company’s activities, and we ask our customers and partners to provide us with the personal data necessary for these purposes. Due to the diversity of services and/or products we offer, as described here, it is possible to process multiple categories of personal data, which vary depending on the type of product/service/activity/purpose of processing.

The main data/categories of data processed by the company may include, as appropriate and depending on the purposes associated with the processing, data such as:

– Identity data (name, surname, ID card series and number/marital status, etc.), other data from identity documents (such as date of birth, etc.)

– Contact details (email addresses, home/residence address, phone numbers)

– Data obtained by accessing the company’s online platforms (such as the online identifier of individuals who access one or more of the company’s websites or pages, identifiers processed for the purposes mentioned in the Cookie Policy related to the page/Site), potential data received/collected through social media platforms

– Preferences regarding types of services and products,

– Data necessary for risk assessment related to the representatives/guarantees of individuals in relation to corporate clients

Source of personal data and, if applicable, publicly available sources

Generally, we collect personal data directly from you. We may process personal data collected from other sources, such as: suppliers or partners, other publicly available sources (such as ORC, ANAF, media, social media sites, etc.)

What types of data processing does our company perform?

Our company processes personal data for the purposes mentioned in this informational note, and for each purpose, one or more data processing operations may be used, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion, or destruction.

Purposes for which personal data are processed

The company processes personal data for multiple purposes, and the methods of collection, legal basis for processing, use, disclosure, retention periods, etc., may differ depending on the purpose.

We may use personal data for one or more of the purposes described in this informational note. If the company will process later personal data for a purpose other than that for which you have already been informed and which is not compatible with the purposes for which the data were initially collected/brought to your attention, the company will provide information regarding that secondary purpose and any relevant additional information.

We primarily use personal data for the following purposes:

• Conducting the company’s business, providing products, and delivering services related to the company’s main activity
• Managing our relationships with customers, suppliers, professionals from various fields, etc., improving the company’s activities and services in relation to our customers and partners, correspondence, offers, negotiations, contract management
• Processing personal data to fulfill our contractual obligations and commitments to you
• Managing business risks, meaning we take security measures to protect personal data, measures that involve detecting, investigating, and resolving security threats. Personal data may be processed as part of physical security monitoring or in the IT applications we use. We may also conduct checks on individuals acting as representatives and/or guarantors of clients or partners, corporate entities.

In the case of visiting our websites or our social media pages, it is possible to process some information about the visitor’s online identifier for the purposes mentioned in the Cookie Policy (for more information, please see the Cookie Policy) or other potentially received/collected personal data through these platforms and/or from social media or other public digital sources.

• Compliance with legal and/or regulatory requirements, such as those of a fiscal nature or those required by special regulations governing our business activity or, as applicable, for archiving
• Economic-financial-administrative management
• Ascertaining the exercise or defense of a right in court
• Internal statistics

Legal basis and conditions of legality on which data processing is based

The legal bases for processing take into account the provisions of the Regulation and the normative acts regarding the processing of personal data adopted in Romania, the provisions of the applicable legislation in the company’s field of activity, the Civil Code, the Fiscal Code, and the relevant tax legislation.

Processing is based on at least one of the following conditions of legality:

• Processing may be necessary for the conclusion of a legal relationship/contract and/or for its execution
  • Processing may be necessary to fulfill a legal obligation incumbent on the Company (e.g., those related to managing fiscal supporting documents)
  • Processing may be necessary to fulfill a task that serves a public interest (e.g., those related to archiving operations)
  • Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, namely:
  • For managing our business, providing goods, and delivering services related to the Company’s main activity
  • For managing our relationships with potential clients and clients or our partners
  • For managing risks related to our activity
  • For handling complaints in relation to our services, to resolve any reported issues, and to improve our products and/or services, to ascertain, exercise, or defend a right in court

Processing can be based on your consent, only if we are in one of the cases expressly provided by the Regulation in this regard.

How long do we keep personal data?

We retain the personal data we process as long as necessary for the purpose for which they were collected (in accordance with the applicable law or regulations), such as:

• For the duration of the contract/legal relationship for the personal data necessary for execution, including the personal data the company may come into contact with during the performance of the legal relationship
  • Until the expiration of the statute of limitations, in cases where the company would have a legitimate interest in retaining certain personal data related to a potential dispute that may arise between the parties
  • For the period provided by law in situations where there are applicable regulations in this regard (e.g., in the case of mandatory accounting records and supporting documents that form the basis of financial accounting entries, etc.)
  • For the duration of managing the relationship with potential clients/clients/beneficiaries of our services/the company’s partners and their representatives, respectively until the exercise of the right of withdrawal, for sending communications containing information and offers regarding our services and/or products to other persons, as applicable, the commercial community
  • Until the withdrawal of consent for the processing of personal data based solely on consent
  • During the public interest archiving period mentioned by law or in the applicable policies of the company, as applicable, for the data contained in the documents for which the law or the company provided archiving

In any other case or in the absence of specific legal, regulatory, or contractual requirements, our reference period for retaining personal data is at least 3 years from the date of the start of the relationships/the last contract between the company and the data subject.

Any data may be retained by the company, except as provided above, where applicable, until the expiration of the statute of limitations, concerning situations where the company would have a legitimate interest in retaining certain personal data concerning a potential dispute that may arise between the parties, for example, in the context of the possible legal liability of the company or the data subject of the processing.

In any case, except in cases imposed by applicable law, we will delete your data when you request it. Applicable exceptional situations will be communicated to the applicant through the response provided by our company regarding the data deletion request.

Your rights and how to exercise them

Our company is responsible for facilitating the exercise of any of your rights listed below.

Any of these rights can be exercised by sending an email to contact@apollotech.ro.

For your data protection, to prevent misuse by malicious individuals seeking access to your data, our company may ask you to go through some identification steps beforehand to ensure you are the person exercising the rights mentioned below through a request. If we receive a request from you regarding the exercise of any of the above rights, we may ask for additional information to verify your identity before acting on your request.

If you submit an electronic request to exercise your rights, the information will be provided by our company also in electronic format where possible, unless you request another format.

We will try to respond promptly to any request from you and, in any case, within the time limits expressly specified in the applicable legal provisions (usually 30 days from the registration of the request). In certain situations, expressly provided by the applicable law, we may charge an access request fee, taking into account the administrative costs necessary to fulfill the request.

If, because of applying legal provisions, our company cannot comply, in whole or in part, with a request received from you as the data subject, applicable exceptional situations will be communicated to you through the response provided by our company regarding the request in question.

• Right of access: You have the right of access, in accordance with Article 15 of the Regulation, to obtain confirmation from the company as to whether or not it is processing personal data concerning you and, if so, the following information:
• The purposes of the processing;
• The categories of personal data in question;
• The recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients from third countries or international organizations;
• Where possible, the period for which the personal data are expected to be stored or, if not possible, the criteria used to determine that period;
• The existence of the right to request rectification or deletion of personal data or restriction of processing of personal data or the right to object to processing;
• The right to lodge a complaint with a supervisory authority;
• If personal data are not collected from you, any available information about their source;
• The existence of automated decision-making, including profiling, referred to in Article 22 paragraphs (1) and (4) of the Regulation and, at least in those cases, relevant information about the logic used and the importance and expected consequences of such processing for you. any available information about its source;
• Where personal data are transferred to a third country or international organization, you have the right to be informed of the appropriate safeguards under Article 46 of the Regulation relating to the transfer.

At your request, the company provides a copy of the personal data that is being processed.

• Right to Data Rectification: You have the right to obtain from the company, without undue delay, the rectification of inaccurate personal data concerning you, in accordance with Article 16 of the Regulation. Depending on the purposes for which the data was processed, you have the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.
• When possible or necessary, we will make corrections (as applicable) based on updated information and will inform you about this if necessary.

• Right to Data Erasure: You have the right to obtain from the company the erasure of personal data concerning you (in accordance with Article 17 of the Regulation) without undue delay, except in certain cases provided by the Regulation, if one of the following reasons applies:
• The personal data is no longer necessary for the purposes for which it was collected or processed;
• You withdraw the consent on which the processing is based to the extent that the processing is based solely on consent and there is no other legal basis for the processing;
• You object to the processing carried out in the public interest or for the legitimate interests pursued by the company or a third party, and there are no overriding legitimate grounds for the processing that prevail over your interests, rights, and fundamental freedoms, or you object to processing for direct marketing purposes;
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation of the company under Union or national law;
• Other situations provided by the Regulation to the extent that they are applicable.

• Right to Restriction of Processing: You have the right to obtain a restriction of processing (in accordance with Article 18 of the Regulation) in the following cases:
• You contest the accuracy of the data, for a period that allows the company to verify the accuracy of the data;
• The processing is unlawful, and you oppose the erasure of personal data, requesting instead the restriction of its use;
• The company no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;
• You have objected to processing in accordance with Article 21(1) of the Regulation, for the period during which it is verified whether the legitimate rights of the controller prevail over those of the data subject.
• Right to Data Portability: You have the right to receive your personal data (in accordance with Article 20 of the Regulation) that you have provided to the company, in a structured, commonly used, and machine-readable format, and to transmit it to another controller without hindrance from the company if:
• The processing is based on consent in accordance with Article 6(1)(a) or Article 9(2)(a) of the Regulation or on a contract in accordance with Article 6(1)(b) of the Regulation;
• The processing is carried out by automated means.

In case of exercising the right to data portability, the personal data can be transmitted directly from the company to another controller expressly indicated by you, if technically feasible.

• Right to Object: When the processing is carried out for the legitimate interests pursued by the company or a third party, you have the right to object at any time, for reasons related to your particular situation, to the processing carried out for the legitimate interests pursued by the company or a third party, including profiling. In this case, the company will no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
• Right to Object to Direct Marketing: When the processing is for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you, including profiling, to the extent that it is related to direct marketing.
• Right to Withdraw Consent: If the processing is based on your consent, you have the right to withdraw it at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent before its withdrawal. The presumption of withdrawal of consent is not applicable in cases where the processing basis is not consent.

Right to File a Complaint

For any complaints regarding the use of your personal data, please send an email with the details of your complaint to contact@apollotech.ro.

We will review and respond to any complaints we receive within the legal terms.

You also have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Recipients or Categories of Recipients of Personal Data:

The company may transmit/grant access/disclose personal data mainly to the following categories of entities:

• Public authorities and entities (such as tax authorities, etc.)
• Business partners

Transfers and disclosures are not generally made to entities outside the European Union. If the company transmits your personal data to a third country or an international organization, we will ensure that they are adequately protected, either by transmitting the data to a country that provides an adequate level of protection as assessed by the European Commission or, if the country is considered not to have equivalent laws to EU data protection standards, by requiring the third party to enter into a contract/agreement/legally binding instrument that reflects these standards or provides other appropriate safeguards.

Consequences of Refusal to Provide Personal Data

If personal data is collected directly from you, we inform you that you are usually not obliged to provide your personal information to the company unless the provision is a legal or contractual obligation or a requirement necessary for entering into a legal relationship/contract.

Therefore, in such situations, depending on the data you refuse to provide, it is possible that:

• Our company cannot conclude the contract or continue the contractual relationship with you;
• Our company is made unable to fulfill partially/totally its obligations towards you.

If you believe that the information contained in this document is ambiguous or contains ambiguities, you can request clarifications from us at contact@apollotech.ro.

By this Notice, I have acknowledged the information provided by Apollo Technologies under the Regulation and have been informed by Apollo Technologies of the rights conferred by the Regulation and Romanian law regarding the protection of individuals concerning the processing of personal data and the free movement of such data.