This is the Privacy and Personal Data Protection Policy (hereinafter referred to as the "Policy"), adopted by SD CREATIVE SOFTWARE SOLUTIONS S.R.L., the operator of the brand and platform DataRunix (hereinafter referred to as "DataRunix", "We" or "the Company").
DataRunix respects your privacy and is committed to protecting the personal data you have provided to us. We are committed to collecting and using personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 679/2016) and applicable national legislation.
This Policy will inform you about how we handle your personal data and will detail your rights in relation to such data, as well as how the law protects you.
This Policy concerns the personal data of visitors to our website, our customers, business partners, and any other persons who contact us, and applies to data collected through the website www.datarunix.com, through the contact form, by e-mail or through other means of distance communication.
It is important that you read this Policy together with any other personal data information notice we may provide on specific occasions, so that you are fully informed about how and why we use your data.
This website is not intended for minors and we do not knowingly collect personal data from minors.
1.1. The controller of personal data is SD CREATIVE SOFTWARE SOLUTIONS S.R.L., with its registered office at Sat Falcau, nr. 148, Județul Suceava, registered at the Trade Register under No. J33/869/2022, Unique Registration Code: 46092355, operating under the brand DataRunix.
1.2. For any questions relating to this Policy or the way in which we process your personal data, you may contact us at: office@datarunix.com or through the contact form available on our website.
1.3. It is important that the personal data we hold about you is accurate and up to date. Please inform us if your personal data changes during your relationship with us.
1.4. The purpose of this Policy is to inform you about how DataRunix collects and uses personal data as a result of your use of our website, completion of the contact form, purchase of the BackupBot product or any other form of collaboration, current or potential, with DataRunix.
2.1. Personal data or personal information means any information about a person from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
2.2. In order to provide our services, we collect or receive your personal information in different ways. You often choose what information to provide, but sometimes we need certain information from you in order to provide the services you have requested.
2.3. We may collect, use, store and process the following types of personal data about you:
2.4. We also collect, use and analyse aggregated data (for example, through Google Analytics), such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data under applicable legislation, as it does not directly or indirectly reveal your identity.
2.5. We do not collect any special categories of personal data about you, such as: data regarding race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union or political party membership, health data, biometric or genetic data. We also do not collect information about criminal convictions or offences.
2.6. If you do not provide us with the requested personal data: where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract or provide the requested services. In such cases, we will inform you accordingly.
3.1. We use different methods to collect personal data, including through:
Direct interactions. We collect your data when you voluntarily provide it to us, including when you:
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, actions and browsing patterns. We collect this data using cookies and similar technologies. Please refer to our Cookie Policy for further details.
Third parties or public sources. We may receive personal data about you from various third parties or from public sources, including from:
4.1. We will only use your personal data when the law permits us to do so. Most commonly, we will use your personal data in the following circumstances:
4.2. The table below sets out the purposes for which we use your personal data and the corresponding legal bases:
| Purpose / Activity | Data categories | Legal basis |
|---|---|---|
| Registration of a new DataRunix customer / user | Identity data, Contact data | Performance of a contract |
| Processing and execution of BackupBot subscription orders, including invoicing and payment | Identity data, Contact data, Financial data, Transaction data | Performance of a contract; Legal obligation |
| Managing our relationship with you (notifications of changes, requesting feedback, technical support) | Identity data, Contact data, Profile data, Marketing and communications data | Performance of a contract; Legal obligation; Legitimate interest |
| Administering the website and IT infrastructure (troubleshooting, analysis, testing, maintenance, security) | Technical data, Usage data, Profile data | Legitimate interest (business and IT infrastructure administration) |
| Fulfilling legal reporting obligations to competent authorities | Identity data, Contact data, Financial data | Legal obligation |
| Sending marketing communications about DataRunix products and services | Identity data, Contact data, Usage data | Legitimate interest; Consent |
| Analysing website usage and improving user experience (Google Analytics) | Technical data, Usage data (aggregated/anonymised) | Legitimate interest; Consent |
| Responding to requests submitted through the contact form | Identity data, Contact data | Legitimate interest; Consent |
5.1. We endeavour to provide you with choices regarding the use of your personal data, particularly in relation to marketing and advertising.
5.2. Promotional offers. We may use your identity, contact, technical, usage and profile data to send you communications about DataRunix products, services and offers that may be relevant to you. You will receive marketing communications from us only if you have previously requested information, purchased a product or subscribed to our communications and have not withdrawn your consent.
5.3. Opt-out option. You may ask us to stop sending you marketing messages at any time by e-mailing office@datarunix.com or, where applicable, by unsubscribing via the UNSUBSCRIBE link in our newsletter. Opting out of marketing communications will not affect the processing of your data on other legal bases.
5.4. Change of purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to process your data for other purposes, we will notify you and explain the applicable legal basis.
6.1. We may share your personal data with the categories of recipients listed below, exclusively for the purposes set out in this Policy:
6.2. We require all collaborators and partners to respect the security of your personal data and to treat it in accordance with applicable legislation. We do not allow collaborators to use your personal data for their own purposes. They may only process your personal data in accordance with our instructions and for the purposes specified by us.
7.1. Some of our service providers may be located outside the European Economic Area (EEA). Whenever we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR requirements, including through the use of standard contractual clauses approved by the European Commission or by verifying that the destination country benefits from an adequate data protection decision.
7.2. The Google Analytics service may involve the transfer of technical data (anonymised) to servers located outside the EEA. We use IP address anonymisation features wherever possible.
8.1. We have implemented appropriate technical and organisational security measures to prevent the accidental loss, unauthorised use or access, alteration or disclosure of your personal data.
8.2. We limit access to your personal data to those employees, agents, contractors and third parties who have a genuine need for such data in the course of their activities. They process your personal data in accordance with our instructions and are subject to confidentiality obligations.
8.3. We have implemented procedures to handle any suspected personal data breach and will notify you and any applicable regulatory authority where we are legally required to do so.
9.1. We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purpose of meeting any legal, accounting or reporting requirements.
9.2. To determine the appropriate retention period, we take into account the value, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means.
9.3. As a general rule:
10.1. Under applicable data protection legislation, you have the following rights in respect of your personal data:
Right of access — you have the right to request a copy of the personal data we hold about you and to verify that it is being processed lawfully.
Right to rectification — you have the right to request the correction of incomplete or inaccurate personal data we hold about you.
Right to erasure ("right to be forgotten") — you have the right to ask us to delete or remove your personal data where there is no good reason for us to continue processing it. Please note that in certain circumstances we may not be able to comply with your request for specific legal reasons, which will be communicated to you.
Right to object — you have the right to object to the processing of your personal data where we rely on legitimate interest (ours or a third party's) and you consider that the processing affects your fundamental rights and freedoms. You may also object to the processing of your data for direct marketing purposes.
Right to restriction of processing — you have the right to request the suspension of the processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data or if the processing is unlawful but you oppose erasure).
Right to data portability — you have the right to receive your personal data in a structured, commonly used and machine-readable format, or to request its transmission to another controller where technically feasible.
Right to withdraw consent — where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.
Right not to be subject to automated decision-making — you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10.2. Exercising your rights. To exercise any of the above rights, you may contact us at office@datarunix.com. We may request specific information from you to confirm your identity as a security measure.
10.3. No fees. You will not have to pay any fee to exercise your rights. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive, or alternatively we may refuse to comply with the request in such circumstances.
10.4. Response time. We endeavour to respond to all legitimate requests within 30 days. Occasionally it may take longer if your request is particularly complex or if you have made multiple requests simultaneously. In such cases, we will notify you and keep you updated.
10.5. Right to lodge a complaint. You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP), located in Bucharest, B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, website: www.dataprotection.ro. We encourage you to contact us first so that we can resolve any concerns amicably.
11.1. Our website uses cookies and similar technologies to distinguish users from one another and to improve the browsing experience. Cookies are small text files placed on your device when you access the website.
11.2. We use both strictly necessary cookies for the functioning of the website and analytical cookies (Google Analytics) and preference cookies. You can manage your cookie preferences through the consent banner displayed on your first visit to the website or through your browser settings.
11.3. For detailed information about the types of cookies used, their purpose and how you can manage or disable them, please refer to our Cookie Policy, available on our website.
12.1. Our website may contain links to third-party websites, plug-ins and applications. By clicking on those links, you may allow third parties to collect or share data about you. DataRunix does not control these third-party websites and is not responsible for their privacy statements. We recommend that you read the privacy policy of every website you visit.
13.1. DataRunix reserves the right to update or modify this Privacy Policy at any time. Any significant changes will be communicated by publishing the updated version on the website and, where applicable, by direct notification to registered users.
13.2. The updated version of the Privacy Policy is permanently available at www.datarunix.com/privacy-policy. The date of the last update is indicated in the header of the document. We recommend that you check this page periodically to stay informed of any changes.
GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Controller — the natural or legal person which determines the purposes and means of the processing of personal data. For the purposes of this Policy, the controller is SD CREATIVE SOFTWARE SOLUTIONS S.R.L. (DataRunix).
Processor — a natural or legal person which processes personal data on behalf of the controller.
Legitimate interest — our interest in conducting and managing our business so as to enable us to give you the best service and products, as well as the best and safest experience. We make sure we consider and balance any potential impact on you before we process your data on the basis of our legitimate interest.
Performance of a contract — processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Legal obligation — processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.
Consent — any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of their personal data.