Privacy Policy

of PIXELSOL S.R.L. (Papervee.com)

The safeguarding, security, and confidentiality of personal data are paramount concerns for us. Accordingly, the information that you furnish to us may constitute personal data, which is protected under relevant European or national legislation.

This document, henceforth referred to as the 'Privacy Policy,' 'Information Note,' or simply 'the Document,' comprehensively details the usage of personal data. It is imperative that you give this document your utmost attention. Additionally, this notice should be read in conjunction with the Terms and Conditions of use. In the event of any discrepancies between the terms set forth in this Document and those in any other contractual clauses agreed upon between our company and yourself, the stipulations of this Document shall prevail.

Our company uses cookies, so for more information about them and similar technology, please access this link that provides the Cookie Usage Policy.

The Privacy Policy aims to present, among other things, the categories of personal data we process, the legal basis for processing, how we process this data, and the rights you have as a data subject according to the General Data Protection Regulation ('GDPR') and how you can exercise these rights.

Our status towards you is that of a data controller, so by law, we are obliged to inform you about these aspects.

We inform you that you agree to this Privacy Policy as a result of visiting our website, purchasing our services/products, or in any situation where you interact with us in any form, including through communication channels (email, phone, social networks).

Definitions

1. General Data Protection Regulation referred to as 'GDPR', 'RGPD' or 'Regulation' means Regulation (EU) No 2016/679 of the European Parliament and of the Council adopted on 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. 'Personal Data' means any information about an identified or identifiable natural person ('data subject'); an identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

3. 'Processing' means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. 'Controller' - a natural or legal person, public authority or other body which alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law. As stated, our company PIXELSOL SRL, a Romanian company with its registered office at Str. Sălciilor nr. 3, Sibiu, Sibiu County, Romania, 550090, registered in the Sibiu Trade Register under no. J32/1694/2017, having fiscal code 38487613, is considered a 'controller' under the Regulation.

5. 'Data Subject' - any identified or identifiable natural person whose personal data is processed by us as a controller, such as customers, potential customers, and website visitors.

6. 'Consent' - any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data concerning them.

PIXELSOL SRL processes the personal data mentioned in this privacy policy in accordance with the principles established in the data protection legislation applicable in Romania, including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC ('GDPR'), data that we obtain directly from you or from other sources.

In terms of GDPR, you are the data subject since you can benefit from our services, being our client or potential client, a website visitor, and/or a person who can enter into any kind of relationship with us, given the services we promote.

We aim to assure you that the protection of information provided by you is of major interest to us. Therefore, you will find in this Document measures by which you can exercise the rights conferred by law.

It is certain that this policy aims to respect European and national legislation and, consequently, the principles of the GDPR, namely:

• legality, fairness, transparency - processed lawfully, fairly, and transparently;
• collected for specified, explicit, and legitimate purposes;
• adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, accurate, and, where necessary, kept up to date;
• security - processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ('integrity and confidentiality').

The Privacy Policy may undergo changes, but all these will be valid after prior notification, which we will publish on the website or communicate via email.

Purposes of Processing Personal Data and Legal Grounds

Considering that our company is a provider of software and services, we may collect and process the following personal information about you:

• Purpose: software demonstration, providing various information about our products and services, as well as making it available, we will collect first name, last name, email (preferably business), phone, the name of the company you represent, position within the company, areas of interest in the HR field, as well as contact information of your employees (name, address, phone, position within the company, attendance, salaries).

Legal Basis: contract performance or conclusion – Art. 6 (1) lit. b GDPR;

• Purpose: for billing, to comply with legislation for fraud prevention and other offenses – name, address.

Legal Basis: contract performance or conclusion – Art. 6 (1) lit. b GDPR, fulfilling a legal obligation - Art. 6 (1) lit. c GDPR – Art. 6 (1) lit. b GDPR;

• Purpose: job application, when applying for a job, you can provide us with certain personal information about you, such as those contained in a CV – name, first name, address, email, phone, as well as those from the cover letter or other similar employment-related materials, as well as any other requests that the software makes available to employees. We use this information to process and respond to your request regarding current and future career opportunities.

Legal Basis: consent – Art. 6 (1) lit. a GDPR, as well as contract performance or conclusion – Art. 6 (1) lit. b GDPR, as applicable; – Art. 6 (1) lit. b;

• Purpose: for creating an account on the site for direct marketing or subscribing to our email marketing list to receive newsletters and alerts, we will collect: email address, preferably a business one, but newsletters and alerts will always contain an unsubscribe option.

Legal Basis: consent – Art. 6 (1) lit. a GDPR;

• It is possible to collect IP addresses for the purpose of defending against cyberattacks, preventing fraud, and network operation.

Legal Basis: legitimate interest – Art. 6 (1) lit. f) GDPR;

We have tried to identify all the data collected by us, but please be aware that all the information presented above may be complemented with other data, as it is not exhaustive.

Data Collection Methods

Generally, the personal data collected is provided by you (by completing the form on the website), or it may be provided by third parties (your employer, business partners, or other platforms).

Depending on the circumstances, in addition to the information mentioned above, there is also the possibility of collecting the following information:

• how you interact with our website (such as information about how you access the website, when you do so, or what device you use to access the website). To see the necessary information on this matter, please refer to our Cookie Usage Policy.
• information obtained from form completions or questionnaires.
• content of messages sent through messaging systems and/or email.

In the case of making purchases with a credit card, certain payment information will be collected, namely the data from the card used, but it will be stored by our payment processing partners in a manner and location to which we do not have access, meaning we do not know this data.

Additionally, for the purposes listed below, there is the possibility of processing personal data:

• to provide customer support, answer questions, and respond to requests;
• to offer and improve services already provided;
• to identify or remedy technical problems;
• for marketing purposes, but only when we have your prior consent or when there is a legal exception to obtaining it;
• to prevent or defend against cyberattacks;
• to create and/or maintain accounts;
• to remain in compliance with applicable laws, such as tax regulations requiring the retention of accounting documents for a period of 10 years;
• if necessary, in the event of a dispute, for asserting or defending a right in court.

Data Retention Period

Your personal data will be stored only for the period necessary to fulfill the purposes but not for more than 5 years from the moment the contract ends or from the last interaction with us. When this period expires, this data will be destroyed/eliminated/deleted from the computer systems or transformed into anonymous data for use in scientific, historical, or statistical research purposes (if applicable). The exception to this mentioned period is provided by situations expressly stated in legal provisions, for which data will be stored for the duration required by law.

Data Transfers

In accordance with applicable law, we may disclose your data to business partners or other third parties, but every effort is made to ensure that they have implemented secure measures for the protection and security of personal data. Also, with the third parties we mentioned, we have contractual clauses in place to protect your data. In such situations, we will ensure that any data transfer is legitimate under the law. For example, providing your data to other companies/partners such as accounting or legal services. The transmission of data to other recipients with your consent is not excluded (for example: in the case of a portability request).

Upon explicit requests, we may provide your personal information to the police, public prosecutors, courts, and other authorized state authorities, in accordance with and within the limits of legal provisions.

International Transfers

The transfer of personal data to a third country can only take place if the country to which the data is transferred ensures an adequate level of protection, even if that country's legislation does not provide a level of protection at least equal to that offered by the GDPR but provides sufficient guarantees for the protection of the fundamental rights of data subjects. These guarantees will be established through contracts with providers/service providers to whom the transfer of personal data will be made. Whenever we transfer your personal data outside the European Economic Area (EEA), we will ensure that there is a similar level of protection through one of the following data protection mechanisms provided by the GDPR. Currently, we can transfer this data to countries where the European Commission has deemed that they provide an appropriate level of safety and security for personal data. For more information, click here. For certain service providers, especially those located in the United States of America, we may use contract models provided and approved by the European Commission, which ensure the same level of protection for personal data as in Europe. For other types of transfers, we will consider your consent or specific derogations for particular situations.

You can contact us at the email address gdpr@papervee.com if you want more information about how the transfer of personal data operates outside the EEA.

Personal Data Security

Personal data security is important, and we take necessary measures to protect our customers and other individuals whose data we process from unauthorized access to personal data, as well as from unauthorized modification, disclosure, or destruction of data we process in our day-to-day activities.

We have implemented the following technical and organizational security measures for personal data:

1. Adoption of internal policies. We constantly adopt and review internal practices and policies for processing personal data to protect our systems from potential unauthorized access or other security threats. These practices and policies are continuously checked to ensure compliance with legal requirements and optimal system performance.
2. Minimization of data. The personal data we process is limited to what is necessary and relevant for the purposes stated in this Policy.
3. Restriction of data access. We strive to limit access to personal data we process to the minimum necessary, including employees, collaborators, and other individuals who need to access this data for processing and service delivery. Those we partner with or collaborate with are subject to strict obligations of confidentiality and protection.
4. Adoption of specific technical measures. We employ technologies to ensure the security of personal data, striving to implement the best data protection solutions. We also perform data backups to recover data in case of an incident and have established audit procedures for equipment security. However, it should be noted that no website, application, or internet connection is completely secure and immune to breaches.
5. Ensuring the accuracy of personal data. We may ask you to confirm the accuracy of your personal data to ensure that it is consistent with reality.
6. Staff training. Our collaborators and employees are regularly trained and tested on legislation and best practices in personal data processing.
7. Pseudonymization/anonymization of data. Whenever possible, we attempt to pseudonymize or anonymize personal data we process, so that they no longer reflect the identity of the individuals they refer to.

Despite our continuous efforts to ensure the security and protection of the personal data entrusted to us, unfortunate events and security incidents may occur. In these cases, we strictly follow security incident reporting and notification procedures and take all necessary measures to rectify the situation as quickly as possible.

Direct Marketing

If you give your prior consent or are already a customer of the company, we may use direct marketing technologies using the information collected about you. Currently, we conduct this marketing through methods such as email/SMS marketing, push notifications, and postal marketing.

You can also object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions included in each email (‘unsubscribe’) or by sending a request regarding this matter to the address gdpr@papervee.com.

Profiling and Automated Decisions

We do not make automated decisions with legal effects or significant impact on you.

Your Rights

According to the GDPR, your rights are as follows:

1. The right to be informed about the processing of personal data.
2. The right to access data. You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the respective data and information as per Article 15(1) of the GDPR.
3. The right to rectify inaccurate or incomplete data. You have the right to obtain without undue delay the rectification of inaccurate or incomplete personal data concerning you.
4. The right to erasure ('right to be forgotten'). In the situations expressly provided for in Article 17 of the GDPR, you have the right to request and obtain the erasure of personal data.
5. The right to restriction of processing. Article 18 of the GDPR governs the cases in which you have the right to request and obtain the restriction of data processing.
6. The right to data portability.
7. The right to object to data processing. In accordance with the provisions of Article 21 of the GDPR, you have the right to object to data processing.
8. The right not to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or similarly significantly affects you.
9. The right to seek redress for the defense of your rights and interests.
10. The right to lodge a complaint with a Supervisory Authority, address: 28-30 G-ral. Gheorghe Magheru Blvd, Sector 1, postal code 010336, Bucharest, Romania, contact information: +40.318.059.211 or +40.318.059.212, email. anspdcp@dataprotection.ro.

Brief Conclusions

• If you no longer wish to participate in the marketing process, you can withdraw your consent at any time by unsubscribing or by sending a written request to the following email address: gdpr@papervee.com;
• The same email address can also be used to send a written request, signed and dated, to exercise your rights.
• Within the company, there is a procedure for reviewing submitted requests to determine whether they are well-founded. If the request is well-founded, we will facilitate its exercise. If the request is found to be unfounded, it will be rejected with reasons provided, and you will have the right to file a request with the Supervisory Authority and the right to follow judicial procedures.
• The usual timeframe for resolution is one month, with the possibility of extension depending on the volume of requests received, the complexity of the request, and other objective reasons that may prevent us from resolving the request promptly.

If you need additional information, you can contact us at the following email address: support@papervee.com