Privacy Policy

We constantly strive to ensure the confidentiality and security of your personal data.

The legality, transparency, and fairness of any processing operation are a priority for us, so we invite you to read fully and carefully our privacy policy.

I. Information regarding the Personal Data Controller

The data controller that processes personal data through the website https://alexandrapopa.eu/ (hereinafter the Website) is the company Ap Flow Ventures S.R.L. has professional headquarters located in Str. George Bacovia 19D, apartment 6, Oraș Voluntari, 77190, Ilfov, having CUI: RO41218763, registered at ONRC under no. J23/2505/2019, (hereinafter referred to as Controller).

The Controller can be contacted at the address of the head offices or, as the case may be, at the e-mail address: hello@alexandrapopa.eu

Upon request, the Controller will provide you with information about processing your personal data. Please mention on the correspondence envelope sent or as the case may be, in the subject of the e-mail “data protection” or “personal data”.

II. Legislation applicable to data processing

This privacy policy is governed by the provisions of European Regulation (EU) 2016/679 – General Regulation on Data Protection (hereinafter GDPR), a normative act directly applicable in all states of the European Economic Area.

III. What categories of personal data does the Website process?

The website collects, based on the voluntary supply of the data subject the following:

  • name and surname
  • e-mail address
  • telephone

Note: The Controller treats the e-mail address and telephone number as data of the company (service data in relation to the representative) and which does not fall within the scope of personal data. However, given that such data may overlap with personal data, these categories of data will be treated as personal data.

The Website may also involuntarily collect the IP address and other data that do not lead to the unique identification of the data subject (time of visit, place of access, name, and version of internet browser, operating system, including other technical parameters), provided by the internet browser through which the site is accessed, but such information will not be used to identify site visitors and will not be made public, other than under the conditions described in this Privacy Policy.

IV. The purpose of data processing by the Controller

  • for the transmission of offers and the communication of news, so that the users are always connected with the events/news/materials etc. of interest to them;
  • for promoting services/various campaigns/events;
  • for the permanent improvement of the services provided and the development of partnerships;
  • for the respect and assurance of the effective exercise of all the rights and legitimate interests of the persons concerned;
  • for the management/solution/investigation of any requests/notifications/complaints received regarding the processing of personal data belonging to the data subjects as they have been identified in the content of this document;

V. The basis for data processing by the Controller

The Controller processes the personal data provided through the Website based on the following legal grounds:

  • contract execution (in case of communications/requests related to the pre-contractual and contractual phase), for the contracts related to the services promoted through the Website;
  • based on his legitimate interest to present its products and services in the online environment based on a relevant relationship with the user, to honor the requests of any kind sent by the data subjects, to keep its good reputation and image.

VI. The duration of the processing

Personal data collected through the Website processed by the Controller or the Controller collaborators (on behalf of and in the interest of the Controller based on data processing agreements) is retained for a certain period, depending on the purpose of collection:

  • the data collected involuntarily by the controller for a period of no more than 3 years from the time of collection;
  • the data collected through any communications sent by the data subjects to the contact data provided on the website, for a period of 5 years from the moment of the collection.

VII. Who has access to the data collected by the Controller?

The data that the Controller collects will be accessible to the administrator of the Website, or as the case may be, to the eventual collaborators/partners involved in the administration of the Website who through the provided services ensure the fulfillment of the legal or contractual obligations of the company.

Their access to the data processed is realized only after the prior signing of some data processing agreements, by fully assuming the company’s policies and procedures regarding the protection and confidentiality of personal data.

The access of these persons is limited to the data that interests the relations in which they are engaged towards the persons concerned on behalf of the Controller.

Any data transfer to external partners is carried out in safe technical and organizational conditions, in order to prevent any unauthorized intervention on the transmitted data.

VIII. The rights of the data subject. Means of exercising.

Any data subject has the following rights in relation to the personal data Controller:

The access right means the right of the data subject to obtain a confirmation from the Controller regarding the existence of the processed data and if so, access can be obtained to the respective data and to information on the way in which the data are processed.

The data portability right refers to the right to receive personal data in a structured, commonly used, and automatically readable format and to the right to have this data transmitted directly to another controller, but only if this is feasible from a technical point of view.

Opposition right refers to the right of the data subject to oppose the processing of personal data when the processing is necessary for the performance of a task that serves a public interest or when it considers a legitimate interest of the controller. When the processing of personal data is aimed at direct marketing, the data subject has the right to object to the processing at any time.

Correction right refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data were transmitted unless this proves impossible or involves disproportionate efforts on the part of the Controller.

Data deletion (“the right to be forgotten”) means certain persons concerned by a request for any personal data, without undue delay, in the case one of the following reasons can be applied: they are no longer important for fulfilling the purposes for which the care was collected or processed; the person concerned decides to withdraw his or her consent if there is no other legal basis for the processing; the person concerned opposes to the processing and there are no legitimate

reasons to prevail; the personal data was processed illegally; personal data must be deleted in order to comply with legal obligations.

Restricted processing rights can be exercised in case the accuracy of the data processed by the Controller is contested, for a period that allows the verification of the correctness of the data; the processing is illegal, and the person in question opposes the deletion of personal data, instead requesting the restriction; if the Controller no longer needs the personal data for the purpose of processing, but the person in question requests them for the finding, exercise or defense of a right in court; if the person has objected to the processing for the period of time in which it is verified whether the legitimate rights of the Controller prevail over those belonging to the data subject.

The right to complaint with the competent supervisory authorities. If it is considered that the rights recognized by Regulation no. 679/2016 have been violated, any data subject has the possibility to address the supervisory authority by submitting a complaint.

IX. What types of cookies do we use?

On our Website, you can find only the Necessary Cookie Modules.

Necessary cookies help us to make the site usable by activating the basic functions, such as page navigation and access to secure areas on the website. The site cannot function properly without this type of cookie.

X. Modification of the Privacy Policy

If a change to the present privacy rules is required, the Controller will publish those changes to ensure accurate and complete information about the data collected and the use of such data.

Version published on 08.02.2023

2023 Copyright Ap Flow Ventures S.R.L.