Legal

Privacy Policy

Last updated: August 2019

This Privacy Policy sets out the way in which the personal data that DATA REVOLT collects from the representatives of its contractual partners or from natural persons within the framework of the promotional activities provided by the company will be processed by DATA REVOLT. The provisions of the Terms and Conditions document apply to and complement this Privacy Policy.

By continuing to use the site, you understand that browsing the DATA REVOLT web page(s) and interacting with the company’s services involves a request, on your part, for certain personal data, and refusing to provide us with this data may result in the inability to deliver the requested services.

We thus provide you with transparent information about the personal data we collect and how we use this personal data, and we also inform you about the rights of data subjects and how these rights can be exercised.

Before providing us with personal data by accessing the website or through other means of communication and transfer of such data, you will be asked for your consent for some of the activities of processing your personal data carried out by DATA REVOLT in accordance with article 3 of this Policy.

For any requests or questions regarding the activities of processing your personal data within S.C. DATA REVOLT AGENCY S.R.L., please contact us using the following contact information:

  • Registered office: Bucharest, Romania, Str. Budila, no. 12, apt 3A4, Sector 2.
  • E-mail: hello@datarevolt.agency
  • Phone: (+40) 752 751 051 (standard rate call)
  • Post: Str. Maria Rosetti no. 6, Sector 2, Bucharest.

Considering the activity of DATA REVOLT, the company does not justify, at this date, the appointment of a Data Protection Officer (DPO).

If you send DATA REVOLT a request for access to the activities of processing your personal data in order to receive information, please note that, due to the continuous processing of your personal data and considering the routine established in our IT systems for the deletion of information processed under the conditions of the Data Retention (Storage) Policy, we are committed to keeping your data updated and accurate at all times. Thus, this routine processing may involve the modification or deletion of the personal information we process after you have submitted a request to us. In this case, DATA REVOLT will provide the information held at the moment we send our response, even if it differs from the information that was stored at the date the request was sent. Please note that the deletion of your personal data is a procedure that DATA REVOLT would have carried out even if you had not submitted the request.

1.Contact information of the entity carrying out the processing activities described

DATA REVOLT AGENCY S.R.L.
Registered office: Bucharest, Romania, Str. Budila, no. 12, apt 3A4, Sector 2.

You can contact us through:

2.Collection, storage and processing of personal data

We store and process personal data only in cases where you have voluntarily provided this data to us, such as by phone in direct contact with one of the company’s employees, or by e-mail in the case of our legal-entity clients or our collaborators, or by completing a paper-based form. If we collect any other personal data, or if the purpose or legal basis of the processing changes, you will be informed in this Policy or within the promotional campaigns or events held, of the intended purpose of the use of this data, and if mandatory under the General Data Protection Regulation, we will request your consent for the processing of personal data prior to any processing activity.

Considering the nature of DATA REVOLT’s commercial activities and the purpose of these activities, personal data of natural persons is not processed; only personal data of the representatives of the legal entities with which DATA REVOLT enters into legal and commercial partnerships is processed.

3.DATA REVOLT collects personal data of the representatives of partner companies and consultant collaborators, in accordance with the contract concluded with these legal entities, for the following purposes:

  • each time you access our services, we process your personal data in order to conclude and execute the framework contract under which we provide the contracted services;
  • we process your personal data when we have obtained your consent for processing, such as the use of third-party cookies like Google Analytics to verify the traffic generated when you access our website;
  • maintaining contact with our partners (by SMS, e-mail or phone) regarding the fulfillment of the object of the concluded contract;
  • to respond to any requests regarding the performance of the services provided or in connection with data processing activities;
  • transmitting information to our contractual partners for the provision of the contracted services;
  • ensuring the client’s access to the platforms through which data about user activity is collected and interpreted in an aggregated format, such as Google Adwords, Facebook Business Manager, Google Analytics, Double Click, Apple Search Ads, Firebase, Jira;
  • sending offers in view of concluding a contract with DATA REVOLT;
  • transmitting the information requested by various public authorities according to legal requirements, to internal audit, external audit companies or consultants;
  • carrying out internal corporate operations of DATA REVOLT (for example: drawing up lists, generating reports, etc.);
  • participation in a contest or promotional campaign sponsored or organized by DATA REVOLT or by a third party on our behalf.

4.The personal data we use and the legal basis of processing

Identification and contact data of our clients’ representatives — first and last name, business or personal email, phone number (mobile, landline, or both), the postal address of the company you work for. The legal basis on which we carry out the processing activities of this personal data is the legitimate interest pursued by a third party, namely the legal-entity client of DATA REVOLT, as provided in art. 6 par. (1) lit. f);

Identification and contact data of our collaborators acting as consultants — first and last name, phone number, e-mail address, as well as any information necessary for the conclusion and performance of the contract concluded by the company with them, or any information requested by our client, in case the collaborator is allocated to one of their projects.

In your relationship with DATA REVOLT, we ask you to provide us with certain specific information, and you may refuse to transmit this information, because you decide what information you give us, if you consent to providing it. If the requested information is not provided by the data subjects, we may be unable to optimally deliver the requested services.

5.Personal data processing principles

We respect the data processing and protection principles, so your personal data will be:

  • processed lawfully, fairly and transparently;
  • collected only for a valid purpose that we have clearly explained, and not used in a way incompatible with that purpose;
  • relevant to the purpose we have communicated to you, and limited only to those purposes;
  • accurate and up to date;
  • not kept longer than necessary for the purposes described;
  • stored securely.

6.How we obtain this data

Automatically

  • Through the use of cookies in order to obtain information in accordance with the Cookie Policy.

Directly from you

  • Through the website, after you have sent a message by completing the predefined fields in the «Contact» section;
  • After interacting with you by phone or by electronic mail (e-mail) in order to send requests, recommendations or suggestions;
  • Through your direct contact with our employees during an organized business meeting.

7.To whom we transmit your personal data and the results of our processing activities (reports, lists, etc.)

Our consultants (legal entities)

We disclose/transmit information about the activity of our legal-entity clients, which may include personal data of the representatives of these companies, to our consultant partners, in order to deliver the contracted services, to the extent that you authorize us at the date of the contract signing or after this date, before the moment of obtaining this data from you (by granting access to certain platforms or making available certain data received by e-mail or by other means directly from you). The updated list of contractual partners, in relation to which DATA REVOLT processes your personal data, can be consulted on request, by sending an e-mail or by post, using the means of communication in art. 1 above.

Mandatory disclosure

To the extent necessary, and provided DATA REVOLT still holds the personal data, DATA REVOLT will make it available to third parties in order to comply with any laws, regulations, legal proceedings, or requests received from public authorities (for example, in accordance with certain law enforcement measures following inspections, subpoenas, or court orders) or when we believe and act in good faith (in order to enforce our internal policies and rules), including for investigating possible breaches of these or detecting, preventing, or taking action regarding illegal activities or other misconduct, suspicions of fraud, or following the occurrence of security incidents. In addition, we will share your data only to the extent that we are required to exercise our legal rights to defend ourselves against claims with legal implications or to prevent harm to the rights, property, or safety of ourselves, our partners, you, or any third party, or for the purpose of cooperating with law enforcement authorities, or where we consider it necessary to ensure compliance with the intellectual property of DATA REVOLT or other rights.

Business transfers

We may share information that includes personal data of the representatives of clients with whom we have concluded contracts, or in relation to whom we carry out commercial activities, in the case of a corporate transaction (acquisitions of the majority or full package of shares of the company, such as through a merger). In the case of the above, the affiliated companies or the acquiring company will assume the rights and obligations described in this policy.

Identifiers

We may share the identifiers we collect (through the use of cookies), in order to operate our business and improve the relevance of our website, as well as to detect potential security incidents or technical issues related to the operation of our website.

Non-personal information

We may share aggregated information or data that cannot be considered personal data (data automatically generated by our internal systems, data-generation platforms for market research purposes, or commercial information) with our business partners and other third parties, in accordance with the terms of this policy.

8.Lawfulness of personal data processing

DATA REVOLT is responsible for the activities of processing your personal data for the entire duration of the storage of this data within DATA REVOLT. We respect the processing principles established in the General Data Protection Regulation (GDPR) and integrate these principles into the company’s internal processes and our commercial practices.

9.Where we process your data

For the period during which your personal data is processed at the level of DATA REVOLT, this data is processed by e-mail in relation to Google Inc — namely the data communicated by e-mail to and received from DATA REVOLT is stored in Ireland, where Google Inc owns servers, and we store any information in accordance with the Retention Policy using the Google Drive services. In the event that our service providers process your personal data in countries that do not offer a sufficient level of protection of your rights, we carefully evaluate all the circumstances and ensure that adequate security and confidentiality safeguards have been put in place, so that your rights are not in any way infringed. We also ensure that you have the means available to exercise your rights.

10.Processing of candidates’ data for filling the job vacancies available within DATA REVOLT

Personal data means any information that identifies you or that could be used to identify you. We process the data of candidates who apply for the jobs available within the company for a legitimate and voluntary purpose, with a view to concluding an employment contract. We make sure that we process only your personal data which is strictly necessary for the declared purpose.

For the purpose of selection and recruitment, we may process the following categories of personal data:

  • Identification data — first name, last name, address, national insurance number, identification document number, photograph, etc.
  • Contact data — e-mail address, phone number, address, etc.
  • Data about professional life — employer, experience, position, salary, education, etc.
  • We specify that, for certain functions involving the management of the company’s assets (in particular money management), the company may request the presentation of a criminal record without storing the personal data from the document and without keeping this document in its archive.
  • Digital data — cookies, IP addresses, and we may view websites belonging to you or that you follow, and existing activities on social networks, as well as other publicly available data on the Internet, without storing such data in any way;
  • Special categories of data (sensitive data) — personal data revealing racial or ethnic origin, trade union membership, data concerning health for carrying out occupational medicine checks.

How we collect data

Directly from you:

  • In the selection and recruitment process or by your sending us your CV following the posting of our jobs on the company’s Facebook page, through the recruitment platforms of our contractual partners, or as a result of a recommendation.

From other sources:

  • By recommendation;
  • External company for the purpose of evaluating the candidate’s suitability during the recruitment process;
  • Occupational health and safety, or other providers of workplace security or medical services;
  • From the former employer.

How long we keep your data

As a general rule, we keep your personal data for a period necessary to achieve the purpose of its processing, namely for the duration of the recruitment and selection process, which is, in most cases, including if it does not materialize through the signing of an individual employment contract, up to 3 months. When we keep your personal data for another specific purpose, the storage period will be specified in the Personal Data Retention (Storage) Policy. Your consent will need to be requested if we consider it necessary to extend the data storage period beyond this initial period. All unsolicited CVs will be immediately destroyed or deleted.

11.The rights you have

Before exercising your rights, we must identify you in order to protect your personal data against any fraudulent attempts.

Your requests regarding the processing of personal data by DATA REVOLT will be honored as soon as possible. With regard to our internal processes, we will make efforts to deliver any response in connection with the processing activities of personal data belonging to you, within a maximum of one month, by sending an e-mail to hello@datarevolt.agency or by phone call using the phone number displayed in the “Contact” section on the Site.

  • You have the right to receive information at any time regarding the purposes of processing your personal data, the categories and sources, the recipients, the storage periods of your personal data, and your rights.
  • You have the right not to be subject to an automated decision, having the possibility to oppose automated decision-making processes. DATA REVOLT does not, at this date, carry out automated decision-making processes.
  • You have the right to access your personal data, including the right to obtain a copy of the personal data we process.
  • Regarding the right to portability (transfer) of the data you have provided to us in relation to the specific purpose for which you provided this data, and the limited term for which we store this data until the date we transfer it to our commercial partner or until the date we are asked to delete, anonymize, or destroy it, this right must be requested from our contractual partner in relation to which DATA REVOLT acts as a Processor, and thus we strictly follow our partner’s instructions regarding any processing activity we carry out.
  • We update your personal data by asking you to review it from time to time and whenever the need for updating is provided by law. However, if you discover that some data provided, or which we obtained from you in the ways presented in this policy, is incorrect or inaccurate, you may request the rectification and/or updating of the incorrect data and the completion of incomplete data.
  • You may rectify or complete your personal data by contacting us and providing the correct or additional data. You may request the restriction of the processing of your data, if the accuracy of the data is contested, for a period that allows us to verify said accuracy.
  • You have the right to restrict processing, which means we store your personal data, but do not use it for any other purpose. If you have obtained the restriction of processing, you will be informed before the lifting of the processing restriction.
  • You have the right to request the deletion of personal data. You may exercise both rights under the conditions provided by law. We will evaluate your deletion request from the perspective of the legislation and our internal procedures, taking into account, where applicable, the existence of our partner’s instructions, and we will provide a written response within the agreed timeframe, which will not exceed the term of one month from the date of receipt of the deletion request.
  • You have the right to contact us at any time, if you consider that your rights conferred by the legislation on the protection of personal data have been infringed.
  • You have the right to appeal to the data supervisory authority, namely the National Supervisory Authority for Personal Data Processing, with the address Bulevardul General Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, or to a competent court, if you consider that your rights regarding the processing of personal data have been infringed.

12.Cookies

Cookies are text files placed on your computer, smartphone, or tablet, in order to collect standard internet log information and information regarding your behavior on our website. This information is used, for example, to analyze your use of the site and to draw up statistical reports regarding the activity carried out on the website. You can set your browser not to accept cookies. However, some internal cookies are necessary to allow the User of the website to use the DATA REVOLT site.

For more information, please visit the Cookie Policy.

13.We do not process data about minors

By using the DATA REVOLT website and by interacting in any way with DATA REVOLT, you guarantee that (i) if you are in Romania, you are at least 18 years old, or if you are in any other country, you are over the age defined for “children” in accordance with the applicable laws of your jurisdiction, and (ii) you have full legal capacity to become subject to this Privacy Policy. If you are under 18, please read the terms of this Privacy Policy carefully together with your parents or legal guardians. The DATA REVOLT services are not directed or intended for children, as defined in the applicable legislation; we do not collect and do not request information from children. If we obtain actual knowledge that a user is considered a child according to the applicable law, we will take measures to immediately delete their personal information. If you become aware of, or have any reason to believe that, a child has shared any information with us, please contact us at the e-mail address previously mentioned.

14.How we protect your data

To ensure that your rights and freedoms are not endangered, and that compliance with the relevant legislation and regulations in the field of data protection is observed, we implement appropriate technical and organizational measures, in order to ensure a sufficient level of security for the processing of personal data. These measures consist of training and regularly testing employees and, where applicable, our subcontractors, of introducing relevant policies and processes which are regularly reviewed and updated under the supervision of our data protection consultant. We also make sure that we carefully evaluate our service providers, in order to provide an appropriate level of protection of your personal data, and we conclude personal data processing agreements with them, to ensure that each subcontractor that comes into contact, under our authority, with your personal data, carries out the contracted processing activities in complete safety and complies with the provisions of the legislation in force in the field of personal data processing.

15.Updates

Our privacy policy may be modified from time to time (generally, in order to comply with legislation and practices regarding data protection and processing). Updated versions will be published on our web page.

© DATA REVOLT — August 2019