Cookie Policy

PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

EASYPAY SYSTEM SRL 

WHAT THIS NOTICE COVERS

This Privacy Notice is intended to inform you about how we process your personal data and your rights in this regard, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.

We, EASYPAY SYSTEM SRL (the “Company”), want to ensure you understand how we handle your personal data in connection with certain activities conducted by our Company.

In this notice, we explain how your personal data is processed by EASYPAY SYSTEM SRL and how we ensure that it is handled responsibly and in line with the applicable data protection legislation.

This notice contains important information, so please take the time to read it carefully and thoroughly to ensure you fully understand how we use and protect your personal data.

To make it easier to navigate, we have included a glossary at the end of this notice, explaining the key terms used (e.g., “personal data,” “processing,” etc.).

HOW TO CONTACT US

The content of this notice is for informational purposes only and does not affect the rights granted to you under the law. We are committed to making it as easy as possible for you to exercise those rights.

If you have any comments, suggestions, or questions about this notice or about how we process your personal data, please do not hesitate to contactus at any time.

You can reach us through any of the following channels:

Full name: EASYPAY SYSTEM SRL

Office address: Bd. Theodor Pallady nr. 287, 4th floor, Sector 3, 032258

Phone number: (+4) 0753 999 918

Email address: office@easypaysystem.ro

This Privacy Notice has been publicly available since April 26, 2024, and applies to our website: www.easypaysystem.ro and our email communications.

CATEGORIES OF PERSONAL DATA WE PROCESS

We process your personal data, which we obtain either directly from you or from third parties authorized to share information with us. The data we process may include the following categories:

  • First and last name; gender; date of birth/age; citizenship; home/residence address; mobile/landline phone number; fax number; email address.
  • Video recordings (in our premises where CCTV cameras are installed—these areas are clearly marked with visible signs); personal identification number (CNP); other information included in your identification documents (such as issue date, expiration date, place of birth).
  • Your contact with us, such as requests for quotes, emails, or any other interactions with our company.
  • Payment-related information: billing address, bank or card account number/IBAN code, name of the account/cardholder (which may differ from your name if someone else pays a bill on your behalf); card validity date; card expiration date.
  • Professional data: employer; job title.
  • Opinions and views (which may include sensitive data), such as opinions and views you share with us directly, or those you publicly post about us on social media or other public channels.
  • Purchase and interaction data, such as records of your interactions with us and details about your purchase history with us.

We collect your personal data when, for example:

  • You purchase or use any of our products and services (including maintenance and support services).
  • You subscribe to newsletters, alerts, or other services offered by us.
  • You contact us via various channels or request information about a product.
  • You visit or browse our website.
  • You have granted permission to other companies—such as our business partners or affiliates—to share your data with us, and we share data with third-party providers or contractors when we have a legal basis to do so, for example: financial institutions, accounting service providers, public authorities or institutions, notaries, lawyers, etc.
  • Your personal data is publicly available.
  • We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, transparent image files used to track your movements on our website).

We handle your personal data with care and respect, ensuring that it receives the necessary human attention from our staff. In the current circumstances, you will not be subject to any decisions based solely on automated processing of your data (including profiling) that would produce legal effects concerning you or similarly affect you.

LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA

EASYPAY SYSTEM SRL processes your personal data on the following legal grounds:

  • Performance or conclusion of a contract with you. For example, to initiate, conduct, and finalize negotiations in order to enter into a contract with you at your request, or to perform an existing contract.
  • Your consent. For example, we process your data for marketing communications based on your explicit consent for this specific purpose.
  • Compliance with a legal obligation. For example, accounting and tax-related requirements that are subject to strict internal policies, such as record retention periods for fiscal/accounting documents. We may also process your data to comply with archiving obligations, to respond to requests from public authorities, or to fulfill other legal obligations.
  • Our legitimate interests. In some cases, we process your data to maintain network security or to improve our services.

PURPOSES FOR PROCESSING YOUR PERSONAL DATA

We process your personal data for the following purposes:

  • To provide our services. This includes delivering the products and services you have purchased from us, as well as keeping you updated about your purchase process.
  • Billing and customer relations. For billing your purchases of our products and services, contacting you if the billing details you provided are incorrect, about to expire, or if we are unable to process your payment, and responding to any questions or concerns you may have about our products and services.
  • Marketing communications. With your consent, we may keep you informed through various means (e.g., email, mobile or landline phone, SMS, mail, social media messages, or in person) about updates to our products and services, special offers, newsletter subscriptions, or other information that might interest you. You can manage your marketing permissions and the data we use to personalize these communications at any time on our website www.easypaysystem.ro or by using the contact details in the “How to contact us” section above.
  • Managing our communications and IT systems. This includes managing our communication systems, ensuring IT security, conducting IT network security audits, generating reports for authorized institutions, or fixing system errors.
  • Fulfilling our legal obligations. This includes compliance with legal obligations related to archiving, security, record-keeping, and other legally mandated requirements.
  • Improving our products and services. Identifying potential issues with our current products and services to improve them, and resolving any complaints you may have.
  • Monitoring our premises as required by law. CCTV systems installed to monitor access areas, high-value zones, or to ensure the security and efficiency of activities and the protection of property and personnel in those office areas.
  • Research and analysis. We use analysis techniques for:
    • market research and statistical analysis;
    • generating reports for third parties (these reports do not contain information that could identify you as an individual). Such reports may be shared with third parties, such as content providers and entities advertising our products and services.

We have strict rules in place to ensure that personal data is anonymized or stripped of identifying elements whenever possible.

WHO WE MAY DISCLOSE YOUR DATA TO

As a general rule, we do not disclose your data to other companies, organizations, or individuals in any country (including Romania). However, there are certain situations where we are legally required to share your data with other individuals or legal entities.
We aim to be as transparent and specific as possible. Below are the categories of such recipients:

  • When you request or authorize us to do so.
  • Individuals who can demonstrate they have the legal authority to act on your behalf.
  • Other companies within our group, for legitimate business reasons and in accordance with applicable law.
  • Public authorities, either upon their request or at our initiative, in accordance with applicable law.
  • Accountants, auditors, external lawyers, and other professional advisors, as well as our service providers and contractual partners who act as data processors or joint controllers—these recipients are either bound by law or by contract to maintain the confidentiality of your data (e.g., archiving, accounting, storage, destruction, security monitoring services).
  • Agencies, bailiffs, or courts in Romania, to the extent necessary for the establishment, exercise, or defense of a legal claim.
  • In cases where it is in our legitimate interest to do so, to manage, expand, or develop our business—such as if we sell or transfer all or part of our shares, assets, or business (including in the case of reorganization, dissolution, or liquidation). In such cases, the personal data we hold would be among the transferred assets, and potential buyers would be bound by a confidentiality obligation.

When we engage an individual or legal entity as a data processor to process your personal data on our behalf, we ensure that a Data Processing Agreement is in place. This agreement obliges the processor to (i) process the personal data only according to our written instructions provided in advance and (ii) implement effective measures to protect the confidentiality and security of the personal data. We also ensure that this contract includes at least all other obligations required by applicable data protection legislation.

HOW LONG WE WILL STORE YOUR DATA

We will store your data for as long as required by law. If there is no legal obligation, we will retain your data only as long as necessary for the purposes outlined above.

Unless otherwise provided by law, we will generally process your data for the duration of any contract or agreement between you and EASYPAY SYSTEM SRL plus an additional 3 years after its termination. For example, this retention period may apply for lifetime warranty services on products you have purchased from us.

For the electronic storage of your data, we use either our own servers or those of specialized electronic archiving companies.

SECURITY OF YOUR DATA

We have implemented the following technical and organizational measures to ensure the security of your personal data:

  • Dedicated policies. We adopt and regularly review our data processing practices and policies for clients and other individuals, including physical and electronic security measures, to protect our systems from unauthorized access and other potential security threats. We continuously monitor how we apply our personal data protection policies and how we comply with data protection legislation.
  • Data minimization. We ensure that the personal data we process is limited to what is necessary, appropriate, and relevant for the purposes set out in this notice.
  • Access restriction. We strictly limit access to the personal data we process to employees, collaborators, and other individuals who need to access it to process it on our behalf. All such companies and individuals are subject to strict confidentiality obligations, and we will not hesitate to hold them accountable and terminate our collaboration if they do not comply with our data protection policies.
  • Specific technical measures. We use technologies that protect our clients and other individuals, ensuring their data security. To help protect your data, we recommend that you do not use public (unsecured) workstations or shared workstations and that you do not share physical documents or passwords with others.
  • Back-ups and security audits. We perform daily backups, which we securely store for a minimum of six (6) months. All technical equipment we use for processing your data is secured and updated to protect your data. We also conduct periodic security audits of our IT systems used to process personal data.
  • Accuracy of your data. We may occasionally ask you to confirm the accuracy and/or currency of the personal data we process about you.
  • Staff training. We continuously train and test our employees and collaborators on data protection legislation and best practices.
  • Data anonymization. Where required by law, we anonymize or pseudonymize the personal data we process to prevent identification of individuals.
  • Control over our service providers. We include data protection clauses in contracts with those who process data on our behalf (data processors) or jointly with us (joint controllers), ensuring they comply with applicable legal requirements for data protection.

YOUR RIGHTS AND HOW TO EXERCISE THEM

We take your rights regarding the processing of your personal data seriously and are fully committed to upholding them. Your rights include:

  • Right of access. You have the right to request information about the personal data we hold about you, including the categories of data, the purposes for which we use it, the source of the data if not collected directly from you, and any recipients of this data. We will provide you with a copy of your personal data upon request.
  • Right to rectification. You have the right to have your personal data corrected if it is inaccurate.
  • Right to erasure (“right to be forgotten”). You have the right to request that we delete your personal data if:
    • The data is no longer necessary for the purposes for which it was collected;
    • You object to processing for reasons relating to your particular situation;
    • The data has been processed unlawfully;
    • The data must be deleted to comply with a legal obligation.
      However, we may continue to retain your data if it is necessary:
    • For exercising the right of freedom of expression and information;
    • To comply with a legal obligation;
    • For reasons of public interest, scientific or historical research, or statistical purposes;
    • For the establishment, exercise, or defense of legal claims.

  • Right to restrict processing. You can ask us to restrict the processing of your personal data if:

    • You contest the accuracy of the data, while we verify it;
    • The processing is unlawful, and you oppose erasure but request restriction instead;
    • We no longer need the data, but you require it for the establishment, exercise, or defense of legal claims;
    • You have objected to processing, while we verify whether there are legitimate grounds to continue processing.

  • Right to object. You have the right to object to our processing of your data when it is not based on your consent but on our legitimate interests or those of a third party, for reasons relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds or if the purpose is to establish, exercise, or defend legal claims. Please indicate whether you also want your data erased when you object to processing; otherwise, we will only restrict it.
    You can always object to the processing of your data for marketing purposes, for any reason. If our marketing communications are based on your consent, you may withdraw your consent at any time.

  • Right to data portability. You have the right to receive your personal data that you have provided to us, and if technically feasible, to request that we transfer this data to another organization. This right applies if:

    • We process your personal data by automated means;
    • The processing is based on your consent or the performance of a contract;
    • You provided the data directly;
    • The transfer does not adversely affect the rights and freedoms of others.
      You have the right to receive this data in a structured, commonly used, and machine-readable format.

  • Right to withdraw consent. Where processing is based on your consent, you have the right to withdraw that consent at any time, as easily as you gave it. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

  • Right to lodge a complaint. If you are dissatisfied with how we process your data, please contact us directly so we can address your concerns. If you remain dissatisfied, you have the right to contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):

    • Address: B-dul G-ral. Gheorghe Magheru, Bucharest, Romania
    • Phone: +40.318.059.211 / +40.318.059.212
    • Fax: +40.318.059.602
    • Email: anspdcp@dataprotection.ro

 

PLEASE NOTE

To exercise one or more of these rights, or to ask any questions about your rights or other aspects of how we process your data, please feel free to use the contact details in the “How to contact us” section above, as well as the support form available on our website www.easypaysystem.ro. Additionally, printed forms are available at our office that you can fill out to request the exercise of one or more of the above rights.

We will do our best to respond to your request within one month. However, this period may be extended by an additional two months due to specific reasons related to the particular right you are invoking or the complexity of your request. If the period is extended, we will inform you of the extension and the reasons for it.

In certain situations, we may not be able to grant you access to all or part of your personal data due to legal restrictions. If we refuse your access request, we will explain the reason for the refusal.

In some cases, we may not be able to identify your personal data based on the information provided in your request. In such cases, if we cannot identify you as the data subject, we may not be able to process your request under this section, unless you provide additional information to help us identify you. We will inform you and give you the opportunity to provide this additional information.

WHAT HAPPENS IF YOU DO NOT PROVIDE YOUR DATA

You are not obliged to provide us with the personal data mentioned in this document. However, if you choose not to, we may not be able to provide you with the services you request from us.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to modify or improve our data protection practices and to update and amend this Privacy Notice at any time, to ensure that your data remains secure. For this reason, we encourage you to review this Privacy Notice periodically.

 

DEFINITIONS OF TERMS USED IN THIS NOTICE

 

What does “processing of personal data” mean?

“Processing of personal data” refers to any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying such data. 

What does “personal data” mean?

“Personal data” means any information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

What does “data controller” mean?

A “data controller” is a natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

What does “data processor” mean?

“data processor” is a natural or legal person, public authority, or other body that processes personal data on behalf of the data controller. By law, the responsibility for ensuring compliance with data protection legislation lies primarily with the data controller. In our relationship with you, we are the data controller, and you are the data subject.

What does “data subject” mean?

The “data subject” is the natural person to whom the personal data relates. In our relationship with you, you are the data subject.

Who is the Supervisory Authority?

This is an independent public authority that, under the law, oversees compliance with personal data protection legislation. In Romania, the supervisory authority for personal data processing is the National Supervisory Authority for Personal Data Processing (ANSPDCP).