This GDPR Information Note - Privacy Policy ("Privacy Policy" or "Policy") explains the way in which CREDIT SKY S.A. ("CREDIT SKY", "the company" or "we") collects, stores, processes, discloses and transfers your Personal Data when you use our Services.
Our policy is construed in accordance with the requirements of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "Regulation") in force from May 25 2018, as well as with the provisions of Law no. 190/2018 on measures to implement the Regulation, with subsequent amendments and additions.
Please contact us at the email address: hey@creditsky.com if you have any questions about how we handle personal data.
Please refer to the Definitions and Abbreviations section for any clarifications regarding the terms and abbreviations used in this document.
This Privacy Policy may be revised periodically, without notice, to reflect changes to our Services or applicable laws. The revised Privacy Policy will take effect from the effective date of its publication. If the revised version includes a material change, users will be notified of that change by email or other means. If you continue to use our Services after the changes are posted, you will be deemed to have acknowledged those changes. We recommend that you read this Privacy Policy as often as possible or each time you use our Services in order to continue to stay informed about our company's personal data management practices and the choices you have at your disposal.
CREDIT SKY SA is a private company under Romanian law with headquarters in Bucharest, sector 2, str. J.L. Calderon no. 70, ground floor, registered at the Commercial Registry Office at the Bucharest Court under no. J40/3060/2018, CUI 38963865, which processes personal data in accordance with the provisions of the Regulation.
This privacy policy provides you with information about how we collect and use your personal data, why we collect that information, and how we may use and share it.
THE WEBSITE AND THE SERVICES PROVIDED BY US ARE NOT INTENDED FOR USE BY MINORS.
When you interact with us, whether you use our website or communicate with us through other communication channels, we may collect the following information about you:
2.1) information you give us: You may give us information about yourself if you complete the data form, place an order for products, complete any online forms (such as registration forms, contests and surveys), opt-in to receive our newsletters and special offers, enter a competition or promotion, participate in social media features with our website or correspond with us (via email, social media or otherwise).
Depending on what you provide, this information may include: your name, address or location, phone number and email address, date of birth, gender.
2.2) information we receive from other operators: we may receive information about you from other sources, such as from your other accounts or other websites, including our partners, data providers, advertising networks and analytics partners and payment and delivery service providers.
The specific types of information we may obtain depend on your account settings and/or our website and will be subject to their privacy policies.
CREDIT SKY does not collect or otherwise process sensitive data, included by the Regulation in special categories of personal data. We also do not collect or process data of minors.
Information our IT systems collect about you: Each time you visit the Site, certain information will be automatically created and recorded by our IT systems. This information includes:
• Cookies: You can see more details about cookies by visiting the Cookie Policy.
• Internet usage and browser data. When you access the page related to our Application, we automatically receive data from the Internet browser you use, for example, the Internet address of the page through which you reached our page, the IP address, the operating system, the type of internet browser, preferred language, country, etc., which may vary for each internet browser. Your settings will be saved in the Internet browser you use under an anonymous visitor identification (ID), but this will not be associated with your Personal Data. We will keep your Personal Data from registered requests, for security reasons, in order to allow access to the Services we offer. None of your Personal Data will be stored before you select the request registration option.
• Data regarding the transactions and activity of the legal entity/person represented by you. When you use our Application, for example, you visit certain pages, log in, access and accept certain offers, or confirm service offers or any other services offered by the platform on behalf of and for the company/legal person represented by you, etc. , we may store this and other related data (eg, date and time, duration, etc.) for the purpose of monitoring our Services for use by the company or legal entity you represent. When you log in, your login data will be associated with your Personal Data.
• Other information. We collect and store additional information we receive from you about you and the business you represent when you communicate with us, when you contact our support team or when you respond to various surveys, including third-party plug-in programs placed on the website. When you visit our Application and use our Services, we may store certain non-personal information in local data stores, cookies or other tracking technologies (collectively, cookies ) on your device in order to recognize you as a unique visitor and provide you with personalized Services exclusively for the company or legal entity you represent (e.g. selected language, country currency, etc.) when you return to our Application. If you register and log in to the account created for the legal entity you represent, this information will be associated with your Personal Data.
Our company keeps your Personal Data in an identifiable format solely for security reasons for the minimum period of time necessary to fulfill our company's legal or fiscal regulatory obligations, including for the duration of the services provided and, thereafter, for a period for a limited time (e.g. at least 7 or 10 years) in order to fulfill our obligations under the law. We may retain Personal Data for longer periods of time than those required by law, if this is in the legitimate interest of the company and is not prohibited by law.
To determine the period for which the data will be processed, we take into account the contractual duration until the expiration of the contractual obligations, the applicable laws, the EU regulations and the archiving terms provided by the archiving law, the order of the Minister of Finance or ANAF.
We process your Personal Data for a variety of purposes, such as:
• In order to carry out our commercial operations in order to fulfill our legitimate interests, such as monitoring, analyzing and improving the Services, the performance and functionality of the Application based on user behavior and the market, as well as for evidential purposes - according to art. 6 (1) letter f of the GDPR.
• In order to ensure compliance with laws and regulations, in order to fulfill our legal obligations arising from the provision of the Services, such as: keeping records of Client disputes, mandatory reporting, monitoring the activity of data subjects to prevent and combat money laundering and terrorist financing, etc. - according to art. 6 (1) letter c of the GDPR.
• For the purpose of concluding transactions, in connection with the completion and execution of operations specific to our object of activity or in connection with the legal remedies applicable to these transactions.- according to art. 6 (1) lit. of the GDPR.
Please scroll down to find out the detailed purposes for which we request your information, what specific information is collected and the legal basis that allows us to collect this data:
• For the creation and management of the Client account, for solving problems of any nature related to the purchased services, we collect: the name, e-mail, phone number and other data that you add to the account.
• To monitor the quality of our Client service, we collect: name, email address, and addresses and contact history with us. The legal basis is the legitimate interests in the conduct of our activity.
• To administer, maintain and optimize our website and services, we collect: your device information (eg: device IP address and device type), cookie identifiers and browsing information. The legal basis is the legitimate interests in the conduct of our activity.
• To send you marketing communications and personalized offers and to manage our loyalty programs, we collect names; email address; phone number; addresses; browsing history and behavior; device information; cookie identifiers; internal identifiers; the country. The legal basis is represented by the consent expressed and the legitimate interests of the direct electronic marketing of products and services similar to those you have acquired using our website provided by art 12 of Law 506/2004. You can withdraw your consent at any time by contacting us using the contact details listed in this document.
• Conducting research, analysis and inquiries regarding the use of our website, we collect: your device's IP address; Device information. The legal basis is our legitimate interests in running our business and improving our website and your experience and this processing does not affect your interests.
• Advertising and targeted advertising of our and our partners' products and services, we collect: email address, cookie identifiers and device information. The legal basis is mainly your consent, but sometimes also the legitimate interest in carrying out the activity.
Depending on the activity to which we relate, we disclose your Personal Data or other information about you in order to provide you with our Services:
A. third-party service providers for the performance of the business, respectively for the development of the contract with you. In order to function properly, we rely on a number of carefully selected third parties to provide us with services and products. We must allow these companies to use your personal information but only to the extent necessary to provide their services and benefit from their products.
Below you can find the types of third parties we use:
✓ the payment service providers we use to process your payment information. They are based in the European Union.
✓ providers of analysis and search engines, such as Google, which we use to help us improve and optimize the website. These providers are based in Europe.
✓ IT / technology providers we use to support, maintain and provide our technology and IT infrastructure that supports our website and the storage of your information. This includes Gandi.net - France and Azure - Netherlands which we use to host your information
✓ to comply with legal requests we may be required to liaise with various regulatory authorities and law enforcement agencies in a number of different countries, whether as a result of law, court order or other legal process. Although we contest requests where appropriate, in some cases we may need to share your information with regulatory authorities or law enforcement agencies. Where we believe it is appropriate and provided we are not prohibited from doing so by law or court order, we will attempt to notify you of these legal requests.
✓ insurance companies, operators from the National Registry of Mobile Advertising, lawyers, consultants, auditors, etc.
B. information aggregated with third parties: We may aggregate your information with the information of other Clients, creating a data set of information about our website usage, product purchase and other general, aggregated information about our Clients based on our legitimate interest in understanding use of our service and demand for our product. Although this data set is aggregated and anonymized, which means that it cannot identify an individual, it provides valuable information on the use of our website and we may therefore share it with selected third parties. These parties may include providers of plugins or similar technologies to help measure traffic, our partners and other providers to better serve our products and investors.
C. location: we store and process your personal data in the Netherlands.
Please see our Cookie Policy for information on how we use and manage cookies.
You have choices about the practices and communications described in this Privacy Policy. Many of these options available to you may be explained to you at the time you register with our Application and for the purpose of using it.
• Choices regarding the Personal Data we collect. It is necessary to communicate a minimum amount of data to our partners, generally banks and financial institutions, in order to obtain information regarding the offers we make to your disposition for the companies you represent. If you choose not to fill in your Personal Data, we will not be able to offer you this Service, we will not be able to undertake the steps requested by you for the company or legal entity represented by you, so no legal relationship will be able to materialize.
• Cookie Options. You may have certain options available to you to manage your cookie preferences. For example, your Internet browser or Internet device may allow you to delete, disable, or block certain cookies and other tracking technologies. You can learn more about this by consulting our current Cookie Policy or the information available on the AboutCookies.org website. You will be able to choose to enable these options, but this may prevent you from using many of the main features and functions available within our App.
• Choices regarding communications related to the Services. We will send you certain communications that are mandatory or required to be sent to Clients regarding our Services, in accordance with the terms of providing the Services, notices that contain important information about to the Services as well as other communications that you request from us for and on behalf of the company you represent. You will not be able to unsubscribe from receiving these communications; in any case, you will have the opportunity to adjust the means and format in which you will receive these notifications.
Subject to the limitations of EEA data protection laws, you have certain rights in relation to your Personal Data.
In particular, you benefit from:
a) The right to be informed.
The data subject has the right to obtain from the Company a confirmation that personal data concerning him or her is being processed or not and, if so, access to the respective data and to the information provided by the applicable legislation.
Pursuant to the obligation to process personal data fairly and transparently, the company is obliged to provide data subjects with additional information: the storage period/the criteria used to determine the data storage period, the existence of the data subject's rights of a personal nature that concern her, including the right to lodge a complaint, the possibility to withdraw her consent, the existence of a legal obligation or contractual basis when the processing is based on them, the existence of an automatic decision-making process, when such a process exists.
b) The right to rectification.
The data subject has the right to obtain from the operator, without undue delay, the rectification of inaccurate personal data concerning him. Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data that are incomplete, including by providing an additional statement.
c) The right to delete data ("the right to be forgotten")
The data subject has the right to obtain from the Company the deletion of personal data concerning him, without undue delay, if one of the reasons provided by the legislation applies.
The company has the obligation to delete its data without undue delay in cases where the data subject withdraws his consent and if there is no other legitimate basis for processing, when the data are no longer necessary, when they have been processed illegally and in any other situations provided by law.
d) The right to restrict data processing
The data subject has the right to obtain from the Company the restriction of processing if one of the cases provided for by law applies.
The company communicates to each recipient to whom personal data has been disclosed any rectification or deletion of personal data or restriction of processing carried out in accordance with legal provisions, unless this proves impossible or involves disproportionate efforts. The operator shall inform the data subject of the respective recipients if the data subject so requests.
e) The right to data portability
The data subject has the right to receive the personal data concerning him and which he has provided to the Company, in a structured format, currently used and which can be read automatically and he has the right to transmit this data to another operator, without obstacles from the operator to whom the personal data was provided.
f) The right to opposition
At any time, the data subject has the right to object to the processing of personal data concerning him, for reasons related to his particular situation.
The right to opposition may be waived if the Company demonstrates that it has legitimate and compelling reasons that justify the processing and that prevail over the interests, rights and freedoms of the data subject or that the purpose is to establish, exercise or defend a right in court. The persons concerned have the right to object at any time to the processing of their data aimed at the direct marketing carried out by the company, including the creation of profiles.
g) The right not to be subject to an individual automatic decision
The data subject has the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which similarly affects him or her to a significant extent.
If you wish or consider yourself entitled to exercise any of the rights set out above, please send CREDIT SKY a written, dated and signed request, which will be sent to the address of the registered office or by email to the address hey@creditsky.com.
Name: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod poștal 010336, București, România
Phone number: +40.318.059.211/+40.318.059.212
Fax: +40.318.059.602
Email: anspdcp@dataprotection.ro
Our company has implemented technical, physical and administrative security measures to ensure a reasonable level of protection for your Personal Data against loss, misuse, unauthorized access, disclosure and alteration. Security measures include firewall protection, password encryption and information access authorization controls.
Our users will be responsible for ensuring and maintaining the confidentiality of account creation data.
Our Application and Services are not directed at minors. Our Company does not knowingly collect information, including Personal Data, from children or other persons who are prohibited by law from using our Services. If we are effectively informed that we have collected Personal Data from minor children, this data will be deleted immediately, unless we are legally required to retain this data. Please contact us at hey@creditsky.com if you believe that we have mistakenly or unintentionally collected information from minors.
Our website may contain links to other websites operated by other companies. This Privacy Policy applies exclusively to our Application, and for this reason we recommend that you consult the privacy statements displayed by other Internet pages that you visit. Our company assumes no direct, indirect or consequential responsibility for the privacy policies and practices of other websites even if you have accessed these pages using links available on our website.
As part of the services offered to you through this website, it is possible that the information you communicate to us, including data about the company or legal entity you represent, may be transferred to countries inside and outside the EU. For example, this may happen if any of our servers will be located, in certain situations, in countries outside the EU territory or one of our service providers is located in a country outside the EU territory. Data protection laws similar to those in the EU/EEA may not apply in these countries; in any case, we will take steps to ensure that the privacy policies of our service providers comply with the provisions of the GDPR. CREDIT SKY will carry out the data transfers in accordance with the requirements set out in the GDPR and with those imposed by subsequent legislation regarding them, if applicable, in order to ensure the necessary level of security and confidentiality in terms of data protection in the context the transfer. In order to obtain an exhaustive list of all countries to which your personal data is transferred, as well as for additional information on safeguards related to transfers, please contact us at the email address hey@creditsky.com.
Personal Data - means any information regarding an identified or identifiable natural person ("data subject"), such as, but not limited to: first name, last name, email address, mailing address , phone number, signature and address registered in our Application, computer IP address, security questions used to register and access your account in the Application, history of requests and transactions in your account, voice and, where applicable, image during conversations and recordings of telephone or audio/video conversations (initiated by you or CREDIT SKY when contacting an operator of ours). In addition to what is listed here, personal data also means all the data specified in the section above What type of Personal Data we collect.
The Application – the internet page speedometer.ro, and its subdomains, mobile applications or "plugin" programs bearing the "CREDIT SKY" brand that appear on the pages third party internet.
Services – all services and functionalities of the Application, such as data registration, receiving and accepting offers, account administration, communications with the sales team and support team, etc.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the protection of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on Data Protection) in force in the European Union from May 25, 2018.
EU – the European Union.
If you have general questions or concerns about this Privacy Policy, please contact us.
Email: hey@creditsky.com
Mailing address: România, Bucuresti, sector 2, str. J.L. Calderon nr. 70, parter