Privacy Policy

Definitions

Personal Data

Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing

Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union law or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor

A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Client as Controller

The Client — as the controller, acknowledges and accepts the responsibility of protecting personal data stored and processed on its devices, in accordance with the requirements of the General Data Protection Regulation (GDPR) and applicable Romanian legislation. This includes the obligation to ensure the integrity and confidentiality of the data through technical and organizational measures.

Provider as Processor

The Provider — Unserver Business Solutions S.R.L., as the processor, acknowledges that, for the purpose of providing the requested services, it may be necessary to access and process personal data provided by the Client. The Provider commits to accessing this data solely to fulfill contractual obligations and to provide the agreed services, fully respecting the confidentiality and integrity of this information.

The Provider undertakes to implement appropriate technical and organizational measures to prevent unauthorized access, misuse, or disclosure of personal data.

Data Retention Period

Personal data will be retained as long as necessary to fulfill contractual purposes. Upon termination of the contractual relationship, data will be deleted or anonymised in accordance with applicable legal requirements and the agreed data retention schedule.

Transfer of Data Outside the EU

If personal data is transferred outside the EU, the Provider will ensure appropriate protection measures are in place, in accordance with GDPR regulations. Such transfers will only occur where adequate safeguards — including standard contractual clauses or adequacy decisions — have been established.

Data Breach Notification Procedure

In the event of a data security breach, the Provider will notify without delay both the competent authority and the data subjects, in accordance with the procedures established by the GDPR.

By accepting this document, the controller expresses agreement with the content of this document, including the operations of accessing and processing data from devices by the processor.

Legislation

The General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, is directly applicable in all EU member states, including Romania.