Privacy Policy
When you use our Services, you entrust us with your personal data and other data that can identify or are associated with you. We take seriously the responsibility to protect and maintain its confidentiality. This Privacy Policy describes how we process your personal data when you access or use our Services and forms part of the Contract between you and us. Capitalized and undefined terms have the meanings set out in our Terms.
When does this Privacy Policy apply?
This Privacy Policy applies to the personal data that InsideDocs processes when acting as a data controller. This responsibility arises when we set the objectives and methods of processing your personal data, which might be collected during instances like your use of our Services, website interactions, encounters with our ads, or communications through emails and other mediums.
What data do we process?
Data provided by you
We will process the following types of personal data provided directly by you:
- identification data, such as your name;
- your contact details, such as your phone number or email address;
- records of our communications.
One or more of the types of personal data mentioned above will be processed in the following cases:
- when you use our Services or subscribe to our newsletter;
- when you send us feedback, report a problem with the Services, or participate in forums, discussions, comment sections or other media features within the Services;
- when you participate in a competition, promotion or when you choose to take a survey;
- when you contact us via our contact form or ask for support by phone, email or through the Services.
Data collected as a result of using the Services
We process this type of data to understand which features you use most often and how we can improve the Services and protect you and us against attempts to misuse the Services. We will process the following types of personal data when you interact with our Services:
- identifiers of your device, such as geolocation, web browser, operating system or IP address;
- interactions, such as data collected through cookies and similar technologies.
Data Provided by Third Parties
We may receive personal data from third parties and others, including social media platforms, advertisers, or statistical data providers. The data we may receive from third parties is subject to agreements you already have with these. We use reasonable efforts to ensure that these entities have all the necessary rights to collect and transfer your data. We may also collect data about you from public sources, such as press articles or public registers and databases.
What is the legal basis for data processing?
We process your personal data based on a legal basis, such as:
Performance of the Contract
We process your data to provide you with the Services and to comply with our obligations under the Contract.
Legitimate interest
There are situations where we process your data to pursue our legitimate interests or those of third parties. In these cases, we will consider whether the data processing is necessary and whether the benefits of the processing do not disproportionately contravene your rights and interests.
For example, we will base our data processing on the legitimate interest to:
- maintaining and improving the security of the Services as well as preventing, detecting and remedying security incidents, acts of fraud, abuse or improper use of the Services;
- providing and improving the Services, as well as developing new services and products;
- understanding how you use the Services and customizing them to provide you with a more pleasant experience;
- carrying out research activities in the public interest.
Fulfilling legal obligations
The processing of your personal data may be required by specific statutory provisions and regulations applicable to us.
Your consent
We request your express consent regarding collecting certain categories of data and processing it for specific purposes.
For example, your personal data is processed based on consent when we ask whether you wish to receive messages for direct marketing purposes.
For what purpose do we process the data?
As a data controller, our approach to your data is not indiscriminate. We engage in data processing activities with clear, specific intentions, primarily to deliver our Services and enhance your safety, efficiency, and personalization when utilizing our Services. Below, we detail the distinct purposes that direct our data processing endeavors and the respective legal bases for these activities.
Services Delivery Processing your personal data is necessary when entering into our contractual relationship and fulfilling our associated responsibilities, ensuring that we offer you our Services effectively. This also entails processing for tasks like invoicing, account oversight, dispatching service-linked alerts, and maintaining communication. (Legal basis: Performance of a contract)
Service Improvement, Security, and Analytics We evaluate your data to discern your interactions with our Services and identify the tools you frequently employ. This information, combined with anonymized and consolidated data (ensuring your anonymity), fortifies our system's security and integrity, bolsters research, informs Service enhancements and steers the creation of new offerings or functionalities. (Legal basis: Legitimate Interest)
Customer Interaction and Communication If you contact us for assistance, share insights, or communicate in other ways (irrespective of the communication channel), we process your data to address and rectify your concerns and refine our methodologies. (Legal basis: Legitimate Interest)
Promotions and Analysis Processing data for this purpose can involve sharing commercial incentives or details about our or our associates' offerings. Remember, you can modify your preferences concerning such communications by utilizing the links embedded in all marketing materials. (Legal basis: Consent) Moreover, we might process data to fine-tune our messages, ensuring they resonate with your interests, evaluate our marketing strategies for effectiveness, deliver pertinent details, and solicit your feedback or critiques about our Services. (Legal basis: Legitimate Interest)
Legal Compliance and Enforcement We handle specific data to adhere to our statutory commitments and regulatory mandates, such as record-keeping for administrative and tax purposes. Additionally, this allows us to either initiate or counteract legal proceedings. (Legal basis: Legal obligations)
What are your rights?
The right to be informed
This Policy is intended to inform you about how we process your personal data. Feel free to ask us any questions about this Policy or how we process data.
The right of access, modification and rectification
You can always ask us for a copy of the personal data we process about you and to change or rectify it if you think it is wrong or incomplete. Note that you must prove that the new data provided is correct. Also, to allow you access to the data or to respond to a request for modification or rectification, we must verify the requester's identity.
The right to data deletion
You can request the deletion of your personal data at any time if:
- the personal data are no longer necessary to fulfill the purposes for which they were collected or processed
- you have withdrawn your consent based on which the processing takes place
- you objected to data processing
- we have processed your personal data illegally
- we have a legal obligation to delete the data
Please note that we may refuse your data deletion request if another legal basis (such as compliance with legal obligations) compels us to continue processing your data.
The right to object to the processing of personal data for marketing purposes
You can request that we stop processing your personal data for marketing purposes at any time. Note that you will still receive communications related to the Services (such as notices of changes to the Contract or emails related to the provision of the Services).
The right to object to the processing of personal data based on our legitimate interests or those of third parties
You can request that we stop processing your personal data at any time based on our legitimate interest. However, please note that we may continue to process data if another legal basis (such as compliance with legal obligations) compels us to do so.
Also, if you object to processing your personal data necessary for providing the Services, we will not be able to provide you with certain services or features.
The right to request the restriction of the processing of personal data
You can request the restriction of the processing of your personal data at any time if:
- you ask us to investigate the accuracy of the data
- the data processing is illegal, but you do not want us to delete the data
- we no longer need the personal data, but you ask us to keep it to use it in legal action
- you have objected to data processing, but we need to check whether another legal basis overrides your rights.
The right to portability of personal data
You have the right to request a transfer of your personal data that we handle. If we possess the required capabilities and provided that no legal constraints or directives from relevant authorities prevent us, we'll deliver your data in a structured, widely-accepted format.
The right to withdraw your consent to the processing of personal data
You can withdraw your consent to processing your personal data at any time. The withdrawal of consent does not affect the legality of the processing carried out beforehand.
How you can exercise your rights
You may exercise the rights described above by emailing
[email protected] or directly through the Services when this option is available.
For security reasons, we will need to verify your identity to respond to your request (for example, we may ask you to provide us with an ID document). In addition, please note that we may require you to pay the costs incurred by us due to an excessive or unfounded claim.
You may also lodge a complaint with your local data protection authority. For individuals residing in the European Economic Area, appropriate contact details may be found here. For UK residents, the Information Commissioner’s Office website may be found here.
How we share your data
We never monetize your personal data by selling it. Although we occasionally share this information with select third parties, we are committed to doing so securely, responsibly, and in compliance with relevant laws. This section elaborates on the situations and the parties with whom your personal data may be shared. We share your data in the following ways:
Service providers
We engage third-party vendors and external collaborators to enable us to provide and improve the Services. These third parties have access to your data based on your consent or another legal basis, which they process only for the purposes indicated by us. In addition, we constantly assess whether these third parties have implemented and maintained adequate technical and organizational data security and privacy measures. These include:
- companies that provide us with the technical, organizational, analytical and security infrastructure necessary to provide the Services to you, such as data storage and hosting, IT services or customer support providers;
- external collaborators that provide certain legal and accounting services.
Third-Party Integrations and Platform
Should you activate links with other services, apps, or websites, we might relay data to these entities, typically upon your express consent. Such data exchanges enhance our ability to deliver a holistic and seamless service experience. We advise that you familiarize yourself with the terms and privacy guidelines of these third-party platforms prior to initiating any integrations.
In accordance with the requests of the competent authorities and to prevent harm
In certain situations, we may be required to transfer your data to law enforcement authorities, following their express requests, as required by law.
We may also process and transfer your data when we reasonably believe this is necessary to detect, combat, remedy or respond to fraud, unauthorized use of the Services or breach of the Contract. We do this to protect ourselves, you and others during investigations by competent authorities or legal action.
If we terminate your account because you have violated our terms or policies, please be aware that we will need to continue to store your data for the period of time necessary to prevent and reduce the risk of repeated or new abuse violations.
Internal sharing and business changes
Your personal data may be shared among our group of companies—those under our ownership and control—to enhance service continuity and drive product and service improvements. Should we undergo a merger, acquisition, restructuring, asset sale, or face bankruptcy or insolvency scenarios, your personal data could be transferred to the involved third parties, always prioritizing the protection of your privacy rights.
Explicit consent for additional data-sharing circumstances
When sharing your data beyond the situations described in this policy, we will always seek your express consent. We'll fully inform you about the specific data we intend to share, why we're sharing it, and who will receive it. This sharing will always be based on your voluntary choice, and you can always decide to opt out or retract your consent whenever you wish.
International data transfer
When delivering our services, your personal data may be transferred, stored, and processed in regions outside of your home country due to the operations of our third-party service providers. To ensure compliance with privacy standards, including the General Data Protection Regulation (GDPR), we take diligent steps to verify that these providers uphold stringent data protection and security standards. We've formalized our commitment to your privacy by entering into data processing agreements with each of these third parties. These agreements mandate that they maintain robust data protection practices.
For transfers of your data outside the European Economic Area, we rely on recognized legal frameworks, utilizing instruments such as the European Commission-approved Standard Contractual Clauses and leveraging providers certified under the EU-US Data Privacy Framework.
Data Retention
We only store your data for as long as necessary to provide the Services or until we can comply with a request from you to delete your data – whichever comes first. However, we retain certain personal data even after these situations, such as when the processing is based on a legitimate interest or compliance with a legal obligation.
Modification of this Policy
If we change this policy, we will post the updated version here. We recommend that you check this page regularly. Your rights under this Privacy Policy will not be diminished without your consent.
How to contact us
The controller of your personal data is Venture Chain SRL (“us”, “we”), a company registered in Romania, with its principal office in Cluj Napoca, 8 Rapsodiei Street, Cluj.
Regarding your personal data, you can contact us by email at [email protected].