funding by

Digitalization of the Written Culture Sector (PoCIDIF)

Electric UP 2

Start-Up Nation 2024

The Woman Entrepreneur 2024

IMM Invest Plus

Digitization SME

process

ONRC representation services  

What data do we process?

What is the legal basis for data processing?

For what purpose do we process the data?

What are your rights

How you can exercise your rights

How we transfer your data

International data transfer

Data Retention

Modification of this Policy

How you can contact us

privacy policy

Last update: 08 March 2024

When you use our Services, you entrust us with your personal data and other data that can identify you or that is associated with you. We take seriously the responsibility to protect and maintain its confidentiality.

This Privacy Policy forms part of the Agreement between us and you. Capitalized and undefined terms have the meanings given in the General Terms of Service.

We want to provide you with a pleasant and personalized experience within the Services. This Policy is intended to clearly and transparently explain how and why we process your personal data when providing the Services, and your choices and rights in relation to them.

When you use our Services, you entrust us with your personal data and other data that can identify you or that is associated with you. We take seriously the responsibility to protect and maintain its confidentiality.

This Privacy Policy forms part of the Agreement between us and you. Capitalized and undefined terms have the meanings given in the General Terms of Service.

We want to provide you with a pleasant and personalized experience within the Services. This Policy is intended to clearly and transparently explain how and why we process your personal data when providing the Services, and your choices and rights in relation to them.

content

  1. What data do we process?
  2. What is the legal basis for data processing?
  3. For what purpose do we process the data?
  4. What are your rights
  5. How you can exercise your rights
  6. How we transfer your data
  7. International data transfer
  8. Data Retention
  9. Modification of this Policy
  10. How you can contact us

1. What data do we process?

Data provided by you

We will process the following types of personal data provided directly by you:

  • identification data, such as those included in your identity document (e.g. name, CNP, residential address, date and place of birth, etc.) and signature
  • financial data (e.g. IBAN of your bank account, tax residence, tax code, etc.)
  • copies of identity documents (for example, identity card, passport, driving license, etc.)
  • records of our communications, regardless of who initiates the communication (this will include records of our telephone communications)
  • your captured image in photo or video format (to verify your identity)
  • the personal data of the persons who have or will have the capacity of associate or administrator with you. With regard to the data of these persons, confirm that the persons concerned have become aware
  • the content of this Policy before providing us with their data for processing.

One or more of the types of personal data mentioned above will be processed in the following cases:

  • when you use our Services
  • when you send us feedback, report a problem with the Services, or participate in forums, discussions, comment sections or other media features within the Services
  • when making a payment
  • to verify your identity
  • when you participate in a competition, promotion or when you choose to take a survey
  • when you contact us for support by phone, email or through the Services
Data collected as a result of using the Services

We process this data to understand which features you use most often and how we can improve the Services and protect you and us against attempts to misuse the Services. We will process the following types of personal data when you interact with our App or website:

identifiers of your device (eg geolocation, web browser, operating system or IP address)
interactions (eg data collected through cookies and similar technologies)

Data provided by third parties

We may collect your personal data provided by third parties and others, including social media platforms, advertisers, statistical data providers or your employer. The data we may receive from third parties is subject to agreements you already have with these. We use reasonable efforts to ensure that these people have all the necessary rights to collect and transfer your data. We may also collect data about you from public sources, such as press articles or public registers and databases.

We will process this data and may corroborate it with data already provided by you in situations such as organizing a media campaign or verifying your identity.

2. What is the legal basis for data processing?

We process your personal data based on a legal basis such as:

Execution of the Contract

We process your data to provide you with the Services and to comply with our obligations under the Agreement.

For example, we need to be able to process the personal data necessary to prepare the documents for the establishment or modification of your company.

Legitimate interest

There are situations where we process your data to pursue our legitimate interests or those of third parties. In these cases, we will consider whether the data processing is necessary and the benefits of the processing do not disproportionately contravene your rights and interests.

For example, we will base our data processing on the legitimate interest to:

  • maintain and improve the security of the Services or to prevent, detect and remedy security incidents, acts of fraud, abuse or misuse of the Services;
    providing and improving the Services, as well as developing new services and products;
    understanding how you use the Services and customizing them to provide you with a more enjoyable experience;
    carrying out research activities in the public interest.
Fulfilling legal obligations

The processing of your personal data may be required by certain statutory provisions and regulations applicable to us.

For example, we have a legal obligation to cooperate with public authorities and private entities when we have reasonable grounds to believe that their request is justified.

Your consent

We request your express consent regarding the collection of certain categories of data and their processing for specific purposes.

For example, when we ask you whether you wish to receive messages for direct marketing purposes or when you provide us with your specimen signature for submission to the Trade Register, your personal data is processed on the basis of consent.

3. For what purpose do we process the data?

Provision of Services

Legal basis: execution of the Contract, legitimate interest, legal obligations

We process your data in order to provide the Services, such as:

  • to verify your identity and to be able to establish a contractual relationship
  • to decide whether we can provide you with certain services
  • to comply with our contractual and legal obligations in relation to the Services provided

Service development and analysis

Legal basis: legitimate interest

We process your data to understand how you use the Services and the features you use most often. We may use the data we collect in an anonymized and aggregated form (so that you are not identified) to test the integrity and security of our systems, to support research, analysis, improvement of the Services, and development of new products, services or features.

Prevention of fraud and crime

Legal basis: legitimate interest, legal obligations

We process your personal data for purposes such as detecting, investigating and reporting irregularities of use that could be considered illegal activities, or to verify your identity. In these situations, we may retain the data and disclose it to competent authorities to investigate the facts .

Communication with you

Legal basis: consent, execution of the Contract

We process your personal data to communicate with you in connection with the provision of the Services or to respond to you when you contact us.

Complying with legal obligations and promoting our rights and interests

Legal basis: legitimate interest, legal obligations

We process your personal data:

  • to respond to any complaints or requests from you or the relevant authorities
    to keep administrative and accounting records, as required by law
    to be able to defend us or file a claim or legal action.
Marketing and promoting products and services that may be of interest to you.

Legal basis: consent, legitimate interest

The processing of personal data for this purpose may involve:

  • the communication of commercial offers and information related to the products and services offered by us or our partners. If you do not wish to receive such communications, you can adjust your preferences by accessing the "unsubscribe" link included in all promotional messages.
  • personalizing communications to be more relevant and of interest to you
  • analyze marketing campaigns to measure the effectiveness of our efforts and provide you with relevant information
  • requesting an opinion or review in relation to our Services

4. What are your rights

The right to be informed

This Policy is intended to inform you about how we process your personal data. Feel free to ask us any questions you may have about this Policy or how we process data.

The right of access, modification and rectification

You can always ask us for a copy of the personal data we process about you, and to change or rectify the data if you think it is wrong or incomplete. Note that you will need to prove that the new data provided is correct. Also, in order to allow you access to the data or to respond to a request to change or rectify the data, we have to verify the identity of the requester.

The right to data deletion

You can request the deletion of your personal data at any time if:

  • the personal data are no longer necessary to fulfill the purposes for which they were collected or processed
  • you have withdrawn your consent on the basis of which the processing takes place
  • you have objected to data processing
  • we have processed your personal data illegally
  • we have a legal obligation to delete the data


Please note that we may refuse your data deletion request if another legal basis (such as compliance with legal obligations) compels us to continue processing your data.

The right to object to the processing of personal data for marketing purposes

You can request at any time that we stop processing your personal data for marketing purposes. Note that you will still receive communications related to the Services (such as notices of changes to the Agreement or emails related to the provision of the Services).

The right to object to the processing of personal data based on our legitimate interests or those of third parties

You can request at any time that we stop processing your personal data based on our legitimate interest. Please note that we may continue to process data if another legal basis (such as compliance with legal obligations) compels us to do so.

Also, if you object to the processing of your personal data necessary to provide the Services, we will not be able to provide you with certain Services or their features.

The right to request the restriction of the processing of personal data

You can request the restriction of the processing of your personal data at any time if:

  • you ask us to investigate the correctness of the data
  • the data processing is illegal, but you do not want us to delete the data
  • we no longer need the personal data, but you ask us to keep it for use in legal action
  • you have objected to data processing, but we need to check whether another legal ground overrides your rights.
The right to portability of personal data

You can request at any time that we transfer your personal data that we process. If we have the necessary means and this is not prohibited by law or a provision of the competent authorities, we will transfer your data in a structured and commonly used format.

The right to withdraw your consent to the processing of personal data

You can withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the legality of the processing carried out beforehand.

5. How to exercise your rights

You can exercise your rights described above by contacting us by email at dataprotection@safirconsulting.ro or directly through the Services when this option is available. You can also find full information on how to contact us by post on our contact page.

For security reasons, we will need to verify your identity in order to respond to your request (for example, we may ask you to provide us with an ID document). Please note that we may require you to pay the costs incurred by us as a result of making an excessive or unfounded claim.

If you are still dissatisfied with the way we have handled your personal data, you can always lodge a complaint with the National Supervisory Authority for the Processing of Personal Data whose website is available here.

6. How we transfer your data.

We transfer your data in the following ways:

To our affiliated entities

We rely on our affiliated entities to provide the Services at the highest level of quality that we can sustain and to ensure their security and continued development. We will transfer your personal data to our affiliated entities depending on the services provided to you.

Within the Services

We may share or make publicly available within the Services your personal data in order for you to access certain features of the Services. For example, we may share your name or other identifying information if you choose to give us a review or post a comment on our blog.

To third parties

We do not and will never sell your personal data

Please keep in mind that registration in the Trade Register results in the publication of data such as the telephone number, e-mail address and company headquarters in publicly accessible databases. Third parties use these databases to contact you for commercial purposes or to include them in the services provided. Safir Consulting has no affiliation or commercial relationship with these entities.

We engage third-party vendors and external collaborators to enable us to provide and improve the Services. These third parties have access to your data based on your consent or another legal basis, which they process only for the purposes indicated by us. We constantly assess whether these third parties have implemented and maintain adequate technical and organizational data security and privacy measures. You can find the full list and the role of each of them on our dedicated page To third party providers, external collaborators and affiliated entities.

These include:

  • Companies that provide us with the technical, organizational, analytical and security infrastructure necessary to provide the Services to you, such as data storage and hosting, IT services or customer support providers.
  • Our external collaborators which include legal and accounting services so that you can benefit from representation before public authorities such as the Trade Register and so that we can comply with our tax obligations.
  • The public authorities involved in the procedures for setting up or changing your company, such as the National Trade Registry Office or the National Tax Administration Agency.
  • Netopia (our payment processor): Stripe acts as a data controller with respect to your payment instrument. Please see the Netopia Privacy Policy for more information on the processing of this data.
  • Google Analytics: Google Analytics is a web analytics service that helps us understand how people visit our websites. For example: from which web page you accessed our website, which pages you accessed and how long you spent on them. The information provided by Google Analytics is available to us in an anonymized form.
New owner situation

In the event that there is a total or partial change in control or ownership of the Services, we may transfer your data to the new owner. In this case, we will notify you before we transfer your data or before it becomes subject to another privacy policy.

In accordance with the requests of the competent authorities and to prevent harm

In certain situations, we may be required to transfer your data to law enforcement authorities, following their express requests, as required by law.

We may also process and transfer your data when we reasonably believe this is necessary to detect, combat, remedy or respond to fraud, unauthorized use of the Services or breach of the Agreement. We do this to protect ourselves, you and others during investigations by competent authorities or legal action.

If we terminate your account because you have violated our terms or policies, please be aware that we will need to continue to store your data for the period of time necessary to prevent and reduce the risk of repeated or new abuse violations.

7. International data transfer

You do not need to be located in the European Economic Area (EEA) to benefit from our Services. Depending on your location and the services you use, your personal data may be transferred, stored and processed outside your country of residence or even outside the European Economic Area, in the locations where our third-party providers carry out their operations . We make reasonable efforts to ensure that they have implemented adequate data protection and security measures so that your data enjoys at least the same level of protection as required by European law and the General Data Protection Regulation. We have entered into data processing agreements with each of our third party suppliers, which include, among other things, their contractual obligation to implement and maintain appropriate data protection procedures and measures.

When we transfer your data outside the European Economic Area, we do so based on a legal basis and taking into account several legal mechanisms, such as Standard Contractual Clauses approved by the European Commission and supplier certification under the EU-US Privacy Shield .

8. Data Retention

In principle, we only store your data for as long as is necessary to provide the Services or until we are able to comply with a request from you to delete your data – whichever comes first. However, we retain certain personal data even after these situations, such as when the processing is based on a legitimate interest or compliance with a legal obligation.

9. Modification of this Policy

If we change this policy, we will post the updated version here. We recommend that you check this page regularly.

Your rights under this Privacy Policy will not be diminished without your consent. Before we make material changes to this Policy, we will send you a notice via your email address or through the Services to give you an opportunity to review the revised version and to express your agreement to the changes, before to choose to continue using our Services.

10. How to contact us

The operator of your personal data is Safir Consulting SRL, a legal entity established in Romania, with headquarters in Bucharest, GHICA Apartments, Strada Baicului, no. 55, apartment 105, sector 2, CUI RO 45734740.

In relation to your personal data, you can contact us by email at datepersonale@safirconsulting.ro