In accordance with the provisions of the General Data Protection Regulation (GDPR), applicable from May 25, 2018, S.C. OCTOCOM ANALYTICS S.R.L has the obligation to process personal data (as defined by applicable law) in a secure manner for the purposes specified in this Information Disclosure Note, in the context of providing our services and has the purpose of informing you about the personal data that we collect from users / customers of the site and how the data is processed by us.
This Information Disclosure Note explains how your personal data is processed by OCTOCOM ANALYTICS SRL and how we ensure that your personal data is processed responsibly and in accordance with the current legislation: European Regulation on EU Personal Data Protection 2016/679 GDPR (General Data Protection Regulation), Law no. 190 of 18 July 2018 on measures for the implementation of Regulation (EU) 2016/679.
www.convertcarbon.eu website belongs to S.C OCTOCOM ANALYTICS S.R.L which obliges to respect your privacy, in compliance with all data protection laws and regulations and this Policy (along with the Terms and Conditions of this website and any other documents referred to in the content of this Policy) governs the collection, processing and use of your personal data.
Identification data of the company that manages the site www.convertcarbon.eu
Legal entity OCTOCOM ANALYTICS, limited liability company with its registered office in Romania, Oradea, Street Lăpușului, no. 19, sc.B, floor 6, ap.69, Bihor county.
Personal data means any information related to an identified or identifiable person (“data subject”). An identifiable person is a person who can be identified, directly or indirectly, in particular by referring to an identifying element.
- Personal data: data that can be associated with a certain person – first and last name, social security number, one or more physical, physiological, mental, economic, cultural or social characteristics specific to the data subject, as well as any conclusions regarding the data subject that can be deduced from that data;
- Special data: personal data relating to racial origin, nationality, political opinion or party affiliation, religious or ideological beliefs, membership in organizations representing and promoting specific interests, sexual life, and personal data related to health, pathological addictions and criminal record data;
Data operator: individual or legal person or organization without legal personality, which has the task of determining, independently or jointly with others, the purpose of the data processing, making decisions on the processing of data (including decisions on the means used), and implementing such decisions independently or through a data processor with which a contract was signed.
Processing means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means
Restriction of processing means marking the personal stored data with the purpose of limiting the processing in the future.
Recipient means the individual or legal person, public authority, agency or other entity to whom the personal data is disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the course of a particular investigation in accordance with EU Regulations or national law shall not be considered as recipients; the processing of such data by the public authorities concerned shall comply with the applicable data protection rules, in accordance with the purposes of the processing.
Consent of the data subject means any manifestation of the free, specific, informed and unambiguous will of the data subject by which he / she consents, by an unequivocal statement or action, to the processing of personal data concerning him / her.
EEA – European Economic Area (Member States of the European Union)
Objection: the statement of the data subject in which one opposes the processing of his personal data and requests the termination of the management, respectively all the data to be erased.
Data management: means – regardless of the used method – any operation or set of operations performed on data, in particular the collection, recording, organization, storing, modification, use, interrogation, transmission, publication, coordination or interconnection, blocking, deletion or destruction, as well as the subsequent use, taking pictures, audio or video recordings, as well as the recording of physical features (such as fingerprints and palm prints, DNA samples, and iris photos) that makes the identification of the person possible.
Data transmission: making the data available to a specific third party;
Disclosure: making the data available to any person (disclosure);
Deletion of data: deforming the data in such a way that its restoration is no longer possible;
Blocking of data: marking the data with a distinctive sign in order to limit processing for a determined or permanent period of time;
Data Processor: is that individual or legal person or organization without legal personality, which performs data processing on the basis of a contract – including contracts concluded on the basis of legal provisions – concluded with the data operator;
Third party: is that individual or legal person or organization without legal personality, which is different from the data subject, the data operator or the data processor;
Incident: unlawful management or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage.
Principles underlying the processing of your personal data:
- We process your data in a lawful, fair and transparent manner.
- Based on the principle of integrity and confidentiality, we will ensure an adequate, honest and lawful way of processing personal data in order to prevent unauthorized disclosure or misuse of personal data and we will do our utmost to ensure that the personal data we collect is well protected. We make regular assessments on the risks associated with the processing of personal data and we will apply appropriate mitigation strategies to cover them.
- Personal data shall be collected for appropriate, relevant and limited purposes to what is necessary in relation to the purposes for which it is processed and not further processed in a manner not compatible with those purposes. We do not collect or process data that we do not need to. It also means that we never sell personal data and all transfers of personal data must have a legal and valid basis.
- We store personal data only for the period required by law or contract or data required to provide our services or are necessary to protect us against legal claims. At the end of the period, we will permanently delete your personal data or make it anonymous.
- We process your personal data in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against loss, destruction or damage by accident. We make this possible by taking appropriate technical or organizational measures.
- We make everything possible to ensure that the data processed is accurate and, if necessary, kept up to date. We will take all necessary measures to ensure that personal data which is inaccurate, for the purposes for which they are processed, are deleted or rectified as soon as possible.
1. PROCESSED DATA CATEGORIES:
We collect personal data that you are directly providing us when creating an account on the convertcarbon.eu website, when you make any operation on the convertcarbon.eu platform or you use other services provided by OCTOCOM ANALYTICS S.R.L. This can include:
- Contact information: such as first and last name, email address.
- Account information, such as your username (ID) and password.
- Identity verification information, such as photos of the identity card issued by the authorities, passport, national identity card or driving license, as well as biometric verification (a procedure that verifies a person based on his or hers unique biological characteristics) requested by the Veriff.com data processor information is collected, processed and stored only with the consent of Veriff.com prior to its provision. Please note that sending of your personal data is voluntary. However, the decision not to do so may mean that your identity cannot be verified, so you will not be able to purchase products / services sold by our partners through the convertcarbon.eu website. We also inform you that when creating your account, you will not be able to register your account without accepting the “Terms and Conditions” applicable to the convertcarbon.eu website.
- Information about computer or mobile device, including IP address, operating system, browser type.
- Information about how our website is used.
3. HOW WE USE YOUR PERSONAL DATA
We may use your personal information for:
- Processing the transactions made on Convertcatbon.eu. We will process your personal information only for the purpose(s) for which it was provided to us
- Verifying identity in accordance with the Money Laundering Regulations 2007 and the convertcarbon.eu against money laundering policy, as well as addressing other law enforcement needs, as described in detail in the “Terms and Conditions”
- Customizing your experience with convertcarbon.eu services
- Analyzing how you use convertcarbon.eu and improve our website and offers.
- Helping us respond to your customer service requests.
- Contacting you regarding convertcarbon.eu services. The email address you provide may be used to communicate information and updates regarding your use of services on our site. We may also occasionally communicate company news, updates, promotions, and related information about products and services provided by convertcarbon.eu, but only with your consent
- Conducting a contest, promotion, survey, or other feature of the website, as I will be mentioned on the website.
We may disclose your personal information to third parties, such as data processors and / or collaborators of convertcarbon.eu, and legal and regulatory authorities.
We do NOT transfer your personal information outside the EEA.
4. DISCLOSURE TO THIRD PARTIES
5. DISCLOSURE TO LEGAL AUTHORITIES
We may share your personal information with law enforcement, data protection authorities, government officials and other state authorities when:
- We are bound by a subpoena, court order or other legal procedure.
- We believe that disclosure is necessary to prevent physical harm or financial loss.
- Disclosure is required to report suspected illegal activity.
6. INTERNATIONAL PERSONAL INFORMATION TRANSFERS
Convertcarbon.eu DOES NOT transfer your personal data outside the EEA. Ocasionaly convertcarbon.eu website can provide references or links to other websites (“external websites”). We do not control these third-party websites or any content from them. Accordingly, we are in no respect responsible or liable for external sites mentioned or linked to the convertcarbon.eu website, including, but not limited to, the content of the site, policies, errors, promotions, products, services or actions and / or any damages, losses, errors or issues caused by, or related to these sites.
External websites have separate and independent Privacy Policies. We encourage you to review the policies, rules, terms, and regulations of each website you visit. We try to protect the integrity of our site and to receive any feedback on the information of the external website provided on the convertcarbon.eu website.
7. PERSONAL DATA SECURITY
We use a variety of security measures in order to ensure your personal data confidentiality and in order to protect your personal data against loss, theft, unauthorized access, abuse, alteration or destruction. These security measures include, but are not limited to:
- SHA256 encryption in the process of communicating with the Veriff.com platform and MD5 type encryption in the process of encrypting users’ passwords in the database.
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and securely sent over the Internet.
- PCI scan to actively protect our servers from hackers and other vulnerabilities.
All data collected and stored via convertcarbon.eu are protected by 2 security levels in the form of user and password, both at server and database level. All financially and / or sensitive information or credit, are transmitted via SSL technology and encrypted in our database. Only the authorized staff of convertcarbon.eu has access to your Personal Information and this staff is obliged to treat the information as confidential. Security measures will be regularly reviewed, taking into account new and relevant legal and technical developments.
8. YOUR RIGHTS REGARDING PERSONAL DATA
- the right to information and the right to receive details of the processing activities carried out by the site owner;
- the right of access to your personal data, namely the right to obtain confirmation of the processing of personal data, as well as details of the processing activities such as how the data is processed, the purpose for which the processing is carried out, the recipients or recipients categories of the data etc.;
- the right to change your personal data, respectively the right to obtain the correction, without justified delays, by the owner of the site of inaccurate / unjustified personal data, as well as the completion of incomplete data;
- the right to erase your personal data, when they are no longer necessary for the purposes for which they were collected or processed, if the consent is withdrawn and there is no other legal basis for the processing, if the data subject objects and there are no legitimate reasons prevailing, if the personal data has been processed illegally, if the personal data must be deleted in order to comply with a legal obligation;
- the right to restrict the processing of your personal data in the following cases: when the person contests the accuracy of the data, for a period that allows us to verify the correctness of the data, when the processing is illegal and the data subject opposes the deletion of personal data, when the operator no longer needs personal data for the purpose of processing, but the data subject requests it for the establishment, exercise or defense of a right in court; or the data subject has objected to the processing (other than direct marketing), for the period during which it is verified whether the legitimate rights of the operator prevail over those of the data subject;
- the right to the portability of your personal data in the following cases: the right to receive personal data in a structured, commonly used and easy-to-read format, and the right to have this data transmitted by the holder to another data operator, to the extent that the conditions provided by law are met;
- the right to object to the processing of your personal data. You may exercise the aforementioned rights, the right not to be subject to an automatic individual decision, or the right not to be subject to a decision taken solely on the basis of automated processing activities, including profiling, which has legal effects concerning the data subject or it affects it in a similar way to a significant extent;
- the right to address the National Authority for the Supervision of Personal Data Processing or the competent courts, to the extent deemed necessary.
For any further questions regarding the way in which your personal data is processed and to exercise your right mentioned above, you can send a written request at our headquarter or to the email address: firstname.lastname@example.org with a detailed and precise description of the right you want to exercise.