Privacy policy

This privacy policy (hereinafter referred to as Policy) describes what types of personal data are processed, how they are used, what your choices are in relation to such processing, and how we will respect your rights as a data subject under personal data protection law, including Regulation (EU) 2016/679 (hereinafter referred to as GDPR).

Before using the www.bgsoft.ro website or our services, we recommend that you read this Policy carefully to understand how your personal data is processed.
The controller respects your privacy and the personal data you share with us when accessing this website. This information is intended to inform you about what personally identifiable information is collected from you, how and where we may use that information, how we intend to protect the information collected from you, who has access to the information collected from you, and how inadequacies in the information collected can be corrected over time.
The controller complies with the Romanian legislation in force, namely Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, as amended and supplemented, and Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.
Under Law No 677/2001, you have the right of access, the right to intervene on data, the right not to be subject to an individual decision and the right to take legal action. At the same time, you have the right to object to the processing of your personal data and to request the deletion of your data. To exercise these rights, you can send a written request to the email address: contact@bgsoft.ro.

1. What data do we process?

The controller collects information on natural persons carrying out legal activities which are not directly related to the business carried out, natural persons carrying out commercial or professional activities on their own behalf and natural persons representing legal persons or organisational entities which are not legal persons, to whom the law grants legal capacity, and who carry out commercial or professional activities on their own behalf (hereinafter collectively referred to as “Users).

2. Why do we process your personal data?

In the following, we will inform you about the purposes for which we collect and process your personal data, as well as the legal basis for data processing.

We process a range of personal data in order to manage relationships with website Users, for example, when they contact us with various questions or requests regarding website functionality, website malfunctions or errors.

Also, as part of our user support and relationship management services, we may be contacted and may contact Users by telephone.

We may record telephone conversations with Users. Call recording helps us manage our internal work in the relevant department. These recordings may also be used to check how Users requests have been dealt with or in the event of any disputes/disputes relating to the management of our business in relation to Users. The recording will only be made if we have the consent of the caller.

Legal basis: art. 6(1)(f) GDPR – legitimate interest to record the conversation art. 6(1)(a) GDPR – consent and art. 6(1)(f) GDPR – legitimate interest (if the recordings are subsequently necessary for defending our rights and interests in court, conducting disciplinary investigations on our employees).

We may use personal data that Users provide or that we collect in the context of their use of the services for the purpose of performing analysis and statistics on our services, including how the website operates or how the services are offered. The analytics and statistics we do help us better understand how we might improve our services or website functionality.
We also use cookies and other similar technologies in our analysis and statistics, according to the Cookies policy

Sometimes data processing is necessary for us to fulfil our legal obligations, such as paying relevant taxes and contributions, reporting to the relevant tax authorities and keeping records or archiving data in accordance with the applicable law.
For the establishment, exercise or defence of a legal right in proceedings before a court, administrative or other official procedure in which the company is involved. Legal basis: Article 6(1)(f) GDPR – legitimate interest.

3. Who do we disclose data to?

We may disclose your personal data to: (i) entities and/or processors authorised by us involved in the provision of products, including the provision of marketing communications; (ii) if we are required to disclose personal data in order to comply with any legal obligation or decision of a judicial authority, public authority or governmental body; or (iii) if we are required or otherwise permitted to do so under the applicable law.
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to internal data retention procedures, including applicable archiving rules.

Personal data will be deleted if the User requests deactivation and deletion, or after a period of 12 months from the date the User becomes inactive (i.e. from the date of the last interaction with the website).

Certain data of Users (legal entities or individuals accessing paid services) may be kept for the entire period required by law for the archiving and storage of financial-accounting documents.

Data related to cookies and similar technologies are stored according to the specific terms set for those technologies, the storage period can be between the duration of the browsing session (for session cookies) and up to 2 years (for analytics cookies).

4. What rights do you have as a data subject?

Under the law, you have the following rights as a data subject:
a) the right of access: you can obtain from us confirmation that we are processing your personal data, as well as information on the specifics of the processing;
b) the right to correct your data: you can ask us to amend your personal data that is incorrect or, where applicable, to complete data that is incomplete;
c) the right to erasure: you can request erasure of personal data when: (i) they are no longer necessary for the purposes for which we collected and process them; (ii) you have withdrawn your consent to the processing of the data and we can no longer process them on other lawful grounds; (iii) the data are processed unlawfully; or (iv) the data must be deleted in accordance with the relevant legislation;
d) the right to withdrawal of consent and the right to object: you may withdraw your consent to consent-based data processing at any time. You may also object at any time to processing for marketing purposes, including profiling carried out for this purpose, as well as to processing based on the legitimate interest of the company, for reasons relating to your specific situation.
e) restriction under certain conditions: you can request the restriction of the processing of your personal data.
f) the right to data portability: to the extent that we process data by automated means, you can ask us, under the law, to provide your data in a structured, frequently used and machine-readable form. If you request us to do so, we may transmit your data to another entity if technically possible.
g) the right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with the data processing supervisory authority if you consider that your rights have been infringed:
The National Supervisory Authority for Personal Data Processing in Romania, B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, Postal code 010336 Bucharest, Romania, anspdcp@dataprotection.ro.

The Policy is subject to change, which will be notified to Users.

Please submit your questions about the Policy to the following address: contact@bgsoft.ro