Arnia Software SRL (henceforth the Company) with headquarters in Europe House, 47-53 Lascar Catargiu Bvd Bucharest, Romania, (VAT) code 18719824, EUID ROONRC. J40/8840/2006, is the company name who owns the Test Urbis product.
The Site (or Website) designates the product (Test Urbis) website, available at the following web domain names:
2.1. The user can communicate any requests, notifications or claims regarding this Privacy Policy, as well as any other information published on the Site, policies or operations performed by the Company at the contact details indicated at point 1 above, or at the email address contact.
The deadline for the Company to send a response is no more than 30 (thirty) days from the receipt of the request.
3.1. The Company collects information from users in the following ways:
3.2. When the user fills in the fields associated with the registration process, will indicate name, organization, e-mail address, country, telephone number and other user related data (all being personal data). Moreover, given that the platform can be used by some of the users only for a fee, Test Urbis may also request billing data, such as invoice address ,bank details or card payment information.
3.3. This information is required by the Company in order to be able to respond to requests sent by the user, and for the Sser to properly use the platform Service.
3.4. Other personal data could be processed by the Company if included in the information/request sent by the visitor. The Company may not have requested the respective data, but insofar as the data is absolutely necessary in order to be able to respond to those transmitted by the user, the processing of personal data shall be performed at the request of the User of the Site or Service.
3.5. Also, the Company confirms that none of the personal data mentioned above shall be used for purposes other than those expressly indicated (including the provisions regarding the need to obtain a valid consent from the data subject in certain situations, the provisions regarding the justification of a legitimate interest of the operator, and the provisions regarding the right to be fully informed recognized in the benefit of the data subject).
3.6. When the Website is accessed, users automatically disclose certain information, such as the
IP address, the time of the visit, the place from where the website was accessed. The Company, like other operators, register this information.
3.7. All details on how data is processed in this context are indicated in the Cookie Policy available on the Site.
4.1. Given that the Company processes personal data of visitors/users of the Site, they hold the status of Data Person. If the information / requests transmitted by the users also concern personal data relating to other persons (those persons hence acquiring the status of data subject), the Company shall process their data strictly in order to be able to respond to that information/request.
5.1. Any information regarding an identified or identifiable natural person, respectively the data subject, can be considered as personal data.
5.2. Considering the processing purposes indicated herein, the Company tries to reduce as much as possible the personal data processed. Thus, according to the Cookie Policy, the data subject shall be able to choose the types of cookies (applicable where their use is not automatically made for the functioning of the Site) by explicitly confirm the usage of the cookies, in order to ensure a more complete and better experience when browsing the Site.
5.3. During the user registration process, the Company processes the following data:
Other additional information, as specified in the registration process forms.
For using the platform, the Company may also request the personal billing data mentioned at the point 3.2.
5.4. For the execution of its obligations under the Standard Service Terms, the Company processes the personal data of the Data subject. Additionally, the Company may use this data in an anonymized form for purposes such as research & development purposes or market reports.
5.5. Depending on the cookie settings, other data can be processed (especially those related to user preferences and the user behavior on the Site).
6.1. It represents the processing of personal data, any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means.
6.2. The Company accesses, collects, uses and performs any other actions allowed by the applicable law on the personal data provided by visitors, within the limits indicated under sections 5 and 7.
7.1. The visitor of the Site or the User is the person whose personal data is processed for different purposes upon accessing Site pages.
7.1.1. For the personal data provided directly by the Site visitor:
7.1.2. For the personal data provided directly by the Service User:
7.1.3. For the personal data provided by the traffic reports recorded by server:
7.1.4. For the personal data provided by the use of cookies:
7.2. If the Company intends to subsequently process the personal data for a purpose other than those indicated above, it shall provide the Data Subject, prior to such further processing, additional relevant information regarding the secondary purpose, by completing the necessary formalities according to the law.
8.1. The personal data shall be provided to:
8.2. The list of suppliers listed above is not exhaustive, but it does indicate the main such collaborating companies. They shall have the capacity of independent data controller, joint data controller or data processor in relation to the Company – depending on the factual situation and the contract’s clauses. However, regardless of the quality held, they are obliged to maintain the confidentiality and security of the personal data of the data subject, adopting appropriate technical and organizational measures. Upon request, the main clauses of those contracts can be communicated to the data subject.
9.1. GDPR, Article. 6 letter A – the processing is carried out based on the consent of the User. This is applicable when the processing of the data is done in the context of the cookies accepted by the User, and which are not mandatory for the functioning of the Site or Service.
9.2. GDPR Article 6 letter B – processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract. This is applicable when the data processing is done in the context of filling in personal data in the “ “Contact”, registration form and other related forms, or when processing the data provided by the Service User.
9.3. GDPR Art. 6 letter C – processing is necessary for compliance with a legal obligation to which the Company as data controller is subject. This is applicable in the context of data processing in relation to the competent authorities or legal service providers.
9.4. GDPR Art. 6 letter F – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This is applicable in the context of data processing for the normal functioning and administration of the Site.
10.1. The data processing activities performed by the Company mainly refer to:
11.1. The storage period of the personal data collected is:
11.1. Upon expiry of the aforementioned periods, all data shall be deleted from the Company’s records.
12.1. The internal regulations and policies of the Company are always available to the data subject, being posted on the Site. See in this regard the present policy, the Cookie Policy, and the Standard Service Terms.
12.2. The Company reserves the right to modify/update the content of the Site, including the policies to which references are made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on the Site). The revision of this policy in the future shall be signaled by modifying the “Last updated” date at the top of this document. After the date when the updated policy is published, accessing the Site shall represent the user’s acceptance of these updated conditions.
12.3. However, if there shall be significant changes that could affect the rights and freedoms of the users or if it shall become obligatory to obtain their consent, informing them about these changes shall be made by easily visible indications posted on the Site (pop-ups or through other meanings), or by transmitting e-mails to the addresses provided (if applicable). Such significant changes shall have effects for users within 7 (seven) days from the time of the posting the question or of sending the email (how the information shall be published being decided by the Company, on a case-by-case basis).
12.4. However, regardless of the extent of the change, the responsibility to check the content of the Site (including the Standard Service Terms, as well as the policies displayed), in order to be up to date with the latest versions, shall be entirely the responsibility of the user. Thus, STUDY OF THIS PRIVACY AND DATA PROTECTION, OF THE STANDARD SERVICE TERMS AND THE POLICY COOKIE, SHOULD BE MADE BY USERS WHENEVER THEY ACCESS THE SITE AND BEFORE MAKING ANY REGISTRATION OR PROVIDING ANY DATA, WHEREAS CHANGES CAN APPEAR.
Upon request, the data subject shall be informed about the essence of the contracts concluded with the abovementioned recipients of personal data where possible, and also of the data source.
12.5. If the data subject wishes to receive information regarding the processing of data performed by the Company, he/she can send a request to the Company, and a response shall be provided within 30 (thirty) days as of reception.
12.6. If the Data Subject wishes to rectify/amend the inaccurate/incomplete personal data concerning him or her as provided to the Company, he/she can send a request to the Company, and a response shall be provided within 30 (thirty) days as of reception.
12.7. The data subject has the right to obtain the erasure of personal data concerning them:
12.8. The exceptional cases provided in art. 17 paragraph 3 of the European Regulation no. 679/2016 are applicable.
12.9. Some data are part of the Company’s records, which it keeps in relation to its legal obligations or its legitimate interest. Therefore, not all data can be erased, according to the law. However, any refusal to delete the data shall be motivated by the Company and shall be based on a clear legal basis.
12.10. The restriction of processing can be applied if the Data Subject finds out that:
12.11. The Company may continue processing the restricted personal data if it is necessary to establish, exercise or defend a right in court, or protect/defend a person but only with the consent of the Data Subject.
12.12. The Company shall communicate to the recipients that a rectification, deletion or restriction of the personal data took place, unless it is impossible, or it involves disproportionate efforts.
12.13. The Data Subject or a third party indicated by him/her, can receive on request, the Personal Data processed by the Company. The Company assumes no responsibility for the data processing performed by that third party.
12.14. The obligation to ensure the right to portability is the responsibility of the Company only if the processing of the Personal Data is based on the consent of the Data Subject or on the conclusion and execution of the contract. The actions shall be taken within 30 (thirty) days from the receipt of the request.
12.15. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of Personal Data based on the legitimate interest of the Company (including profiling).
12.16. Regardless to the above, if the Company demonstrates well justified legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims, the processing of data can continue.
12.17. The Data Subject may submit:
12.18. However, the Company wishes any conflict/dispute to be resolved amicably and provides all availability in this regard.
12.19. The Data Subject may withdraw his/her consent at any time, without however affecting the legality of the processing before the withdrawal nor the one based on another legal grounds.
12.20. The Company does not take any decision based solely on automatic processing of personal data.
13.1. The Data Subject has the obligation to keep the confidentiality of all Personal Data with which he/she comes into contact in relation to the Company, for an unlimited period of time.
13.2. The Data Subject shall not process any confidential data or Personal Data of third parties, unless it is absolutely necessary, confidentiality is ensured, and the specific legislation is fully complied with.
13.3. In case of breach of the obligations indicated in this art. 12 by the Data Subject, the Company shall be entitled to obtain from him/her compensation for all the damages suffered.
14.1. The Company complied with the provisions of the data protection legislation and has implemented appropriate technical and organizational measures to ensure the security of the processed Personal Data and the rights of the Data Subjects. Thus, the Company has implemented measures such as:
14.2. Also, the Company shall inform the competent data protection authority in the event of a breach concerning data security, without undue delay and, if possible, within 72 hours from the moment it became aware of it, unless it is unlikely to create a risk for the rights and freedoms of individuals. If the notification to the authority shall not be made within the 72 hours, it shall be accompanied by a justified explanation for the delay.
14.3. In the event of an incident concerning the security of Personal Data, the Company shall also inform the Data Subject without undue delay, if the breach of the security of Personal Data is likely to generate a high risk for his/her rights and freedoms. However, informing the aforementioned data subject is not necessary if any of the following conditions is met:
14.4. Any statistics regarding the traffic of the users on the Site, which the Company shall provide to third party advertising networks or to other sites, shall have a data set form and shall not include any identifiable information about any individual user.
14.5. Unfortunately, no data transmission through the internet can be guaranteed to be 100% secure. Consequently, despite the Company’s efforts to protect users’ personal data, it cannot guarantee or ensure the security of information transmitted by them through the Site. Users are therefore warned that any information sent through the online environment shall be done at their own risk.
14.6. To mitigate this risk, one of the measures took by the Company is to offer all interested users the possibility to send requests/requests/addresses/messages in material form to the Company headquarters, and not necessarily through the “Contact” or other similar online data communication forms.
15.1. The Company’s liability in relation to the Data Subject shall be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, the security measures taken, the measures took to avoid incidents and the observance of the other legal obligations.
16.1. The Company does not transfer Personal Data of the Data Subjects outside the EU.
17.1. This policy applies to the Company and to the Site visitors/users (including those who submit the existing forms on the Site).
17.2. This document is part of the Company’s set of security policies. Other policies can apply to the topics addressed herein and can be reviewed according to specific needs.
