PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA BY MetricBiz
1. PURPOSE OF THIS DOCUMENT
1.1 This document is intended to inform, in accordance with Article 13 of the General Data Protection Regulation (hereinafter 'GDPR'), the data subjects (natural persons who may be website visitors and persons wishing to purchase the services provided on the site) about how their personal data is processed under national and European legislation (Law no. 190/2018, Law no. 506/2004, Regulation 2016/679/EU, Directive 2002/58/EC) in force. MetricBiz (which we may also refer to as 'we', 'the platform', or 'the website') is obligated to manage the personal data provided to it securely and solely for the specified purposes.
1.2 This privacy notice applies to our online activities. We will be present on the website https://metricbiz.ro/, its subdomains, as well as the activity generated in our social media accounts.
2. ABOUT US
2.1 MetricBiz is a platform that processes aggregated legal and economic information from public sources regarding legal entities and other professionals (PFA, II), such as various indicators like turnover, profit, losses, debts of a company, or the identity of the founders.
- 2.1.1 Name/Title: BE SMARTDEV S.R.L.
- 2.1.2 CUI: 39070192
- 2.1.3 Trade Registry No. at Suceava Court: J33/454/2018
- 2.1.4 E-mail: contact@metricbiz.ro
2.2 Regarding the data processed on the site from natural persons, we are personal data controllers, and as such, we are obliged to determine the purposes and means of processing personal data and to take all necessary diligence to process the data in compliance with technical and organizational measures.
3. WHAT PERSONAL DATA DO WE PROCESS?
3.1 MetricBiz collects personal data in the following situations:
- 3.1.1 When you browse the site, interact with content, or fill out forms.
- 3.1.2 When you contact us by email or contact form to request information or services.
- 3.1.3 When you register and use our online platform.
- 3.1.4 If you are associated with public data sources with legal entities or other professionals.
- 3.1.5 When you contact or interact with our content on platforms such as Facebook, LinkedIn, etc.
- 3.1.6 When you interact with us as a representative of a company that is our client or supplier.
3.2 Categories of data collected:
- 3.2.1 Identification data: name, surname.
- 3.2.2 Contact data: email address, home address.
- 3.2.3 Technical data: IP address, browser type, location settings, operating system.
- 3.2.4 Account information: username, password, activity history, site display preferences.
- 3.2.5 Information about the represented company: CUI, registration certificate, registered office address, registration document details, company status, etc.
- 3.2.6 Interaction information: content of messages, reviews, feedback.
- 3.2.7 Social media information: name, username, photo, message content, posts.
- 3.2.8 Information if you log in via different platforms: name, surname, email address, profile picture.
- 3.2.9 Specific data for legal entity associates/shareholders: identification information (F, EUID, CUI), registered office address, registration and authorization document details, company status, organization form, date of last registration in RC, reason for removal, name and surname, position, citizenship, marital status, date and place of birth, gender, contribution to the share capital, total paid contribution, number of shares, share in profits and losses, date of signature specimen submission, appointment date, mandate duration, organizational and operational details of the company registered in the trade register, connection with other companies where associates/shareholders hold participations, associate and administrator history (entry/exit date from the respective company).
- 3.2.10 Data for product and service promotion: Name and surname, contact details (email address), identification data of the represented legal entity, marketing preferences, data provided for participation in loyalty programs or promotional offers.
- 3.2.11 Special data categories: MetricBiz does not intentionally collect special categories of personal data (sensitive data). If, in interactions with us, you choose to disclose such data, we will treat it confidentially and use it only to provide personalized services.
4. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
4.1 Contractual basis: The collection and processing of data are necessary for the conclusion and execution of the contract. Providing the data is an essential condition for purchasing our services.
4.2 Legitimate interest: We process the data to analyze received feedback and improve the quality of services offered. This is in our company's legitimate interest to provide superior quality services. We process the data to provide our clients with the necessary information within concluded contracts. This is in our company's legitimate interest to fulfill our contractual obligations and in the legitimate interest of civil circuit participants to access relevant information about legal entities and their representatives.
4.3 Consent: We obtain your explicit consent before contacting you for marketing, promotion, or other purposes not necessary for contract execution or to fulfill a legal obligation.
Important: We will seek your consent only when necessary and will always give you the option to withdraw your consent. We will process your data only for the purposes for which it was collected and only as long as necessary to fulfill these purposes. We commit to protecting the confidentiality of your data and complying with personal data protection laws.
5. PURPOSES OF PROCESSING
5.1 Account management: We verify your identity and/or the company you represent to create and manage your account on our platform.
5.2 Contract conclusion and execution: We use the collected data to evaluate your eligibility to conclude a contract with MetricBiz. We process the data to provide the contracted services and fulfill our contractual obligations.
5.3 Communication: We contact you via email, SMS, or other means to provide important information about your account, our services, or changes to the terms and conditions.
5.4 Security and maintenance: We process the data to manage and ensure the security of our IT systems, including conducting security audits, issuing reports to authorities, and resolving system errors.
5.5 Dispute resolution: We use the data to file claims and defenses before public authorities or other entities resolving disputes.
5.6 Service improvement: We process data to analyze your complaints and suggestions to improve our services. We use analytics data to better understand our users' needs and improve the content and functionalities of our platform.
5.7 Marketing: We send newsletters and other marketing communications only if you have subscribed to them and have given your explicit consent.
Important: We will use your personal data only for the purposes listed above unless there are legitimate and compatible reasons with the initial purpose. If we want to use your data for a different purpose, we will inform you in advance and seek your consent if necessary. We commit to protecting the confidentiality of your data and complying with personal data protection laws.
6. WHO WILL WE DISCLOSE YOUR DATA TO?
6.1 Contractual partners: Individuals or companies with whom we collaborate to provide our services, such as IT service providers, accounting, online payment, lawyers, evaluators, tax consultants and accountants, or other experts, etc.
6.2 Authorized persons: Individuals or legal entities that process your data on our behalf, according to our instructions, and for the specified purposes.
6.3 Authorities and courts: Any relevant person, institution, agency, or court in Romania or another state, to the extent necessary to ascertain, exercise, or defend a right in court.
6.4 Other recipients with your consent: We may transmit data to other parties with your explicit consent or according to your instructions, e.g., in the case of exercising the right to data portability.
6.5 Marketing service providers: Services that assist us in operating and interpreting data obtained in online promotion campaigns or manage the newsletter service.
7. HOW LONG WILL WE STORE YOUR DATA?
7.1 We store your personal data only for the period necessary to achieve the purposes but no more than 7 years from the termination of the contract or the last interaction with us.
7.2 After the period ends, personal data will be destroyed or deleted from IT systems or transformed into anonymous data for scientific, historical, or statistical research purposes.
7.3 Please note that in certain expressly regulated situations, we store data for the period imposed by law.
7.4 To determine the appropriate retention period for personal data, we consider the value, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of personal data, and whether we can achieve these purposes by other means.
7.5 In certain circumstances, we may anonymize data for statistical or research purposes, in which case we may use the data for an indefinite period.
7.6 We retain the personal data we collect from and about you as long as necessary to fulfill the purpose for which we collected it and to meet any legal, accounting, or reporting requirements.
7.7 Data required for issuing invoices and those present in legal documents and related correspondence will be kept for 10 years.
7.8 Data used for marketing purposes will be processed until you unsubscribe from the newsletter service or exercise your right to object and, in any case, no more than 2 years from our last contact with you.
8. YOUR DATA SECURITY
8.1 We aim to protect the personal data of individuals from unauthorized or illegal access to the IT system, alteration of data integrity, unauthorized data transfer, or other acts incriminated by the Penal Code and other special laws.
8.2 We have implemented the following technical and organizational measures to ensure the security of personal data:
- 8.2.1 Policies and procedures implemented and reviewed annually.
- 8.2.2 Data minimization. We constantly ensure that the personal data we process is strictly limited to what is necessary, appropriate, and relevant to the purposes declared in this document.
- 8.2.3 Restricted access to data. We have implemented access control measures to strictly restrict access to personal data we process.
- 8.2.4 Implementation of safe storage measures and data backup.
- 8.2.5 Secure transmission of data to you or other recipients.
8.3 However, despite our constant efforts to ensure the security of the data entrusted to us, unfortunate events may occur, such as security incidents/breaches. In such cases, we will strictly follow the procedure for reporting and notifying security incidents and will take all necessary measures to restore the situation as soon as possible.
8.4 Although we take all reasonable measures to ensure the security of your data, we cannot guarantee the absence of any security breaches or the impossibility of system penetration.
9. YOUR RIGHTS
9.1 In summary, your rights are as follows:
- 9.1.1 Right of access to data: You have the right to obtain access to your data that we process or control or to copies of them; you also have the right to obtain from us information regarding the nature, processing, and disclosure of these data.
- 9.1.2 Right to data rectification: You have the right to obtain the rectification of inaccuracies in your data that we process or control.
- 9.1.3 Right to data erasure ('right to be forgotten'): You have the right to obtain the deletion of your data from us that we process or control, under certain circumstances, where possible.
- 9.1.4 Right to restrict data processing: You have the right to restrict the processing of your data that we process or control.
- 9.1.5 Right to object: You have the right to object to the processing of your data by us or on our behalf.
- 9.1.6 Right to data portability: You have the right to obtain the transfer of your data to another controller that we process or control.
- 9.1.7 Right to withdraw consent: In situations where we process your data based on your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you initially gave us your consent; the withdrawal of consent will not affect the lawfulness of the processing of your data that we have carried out before the withdrawal.
- 9.1.8 Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with the Data Protection Supervisory Authority regarding the processing of your data by us or on our behalf, at the email address anspdcp@dataprotection.ro or by mail at the address B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania.
10. HOW TO EXERCISE YOUR RIGHTS?
10.1 To exercise one or more of the rights mentioned above or to ask any questions about any other aspects of the processing of your data by us, please send an email to contact@metricbiz.ro.
10.2 The rights listed above are not absolute. There are exceptions, so each request received will be analyzed to decide whether it is justified or not. If the request is justified, we will facilitate the exercise of the rights. If the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and your rights to file a complaint with the Supervisory Authority and take the matter to court.
10.3 We will try to respond to the request within one month. However, the term may be extended depending on various aspects, such as the complexity of the request, the large number of requests received, or the inability to identify you in a timely manner.
10.4 If, despite all efforts, we cannot identify you, and you do not provide additional information to help us identify you, we are not obliged to comply with the request.
11. REFUSAL TO PROVIDE PERSONAL DATA
11.1 You are under no obligation to provide us with the personal data mentioned in this document. However, if you do not provide the data mentioned in this privacy notice, it will not be possible for us to provide the services you request.
12. NO AUTOMATED DECISION-MAKING
12.1 Our respect for your data includes giving them the necessary human attention through our staff. As a user of our services, you will not be subject to any decision of ours based solely on automated processing of your data (including profiling) that produces legal effects concerning you or significantly affects you in a similar way.
13. INTERNATIONAL TRANSFER
13.1 We do not transfer personal data to countries outside the EEA/EU.
14. DIRECT MARKETING
14.1 To the extent that we have obtained your prior consent or you are already one of our customers, we may use direct marketing technologies using the information collected about you.
14.2 You may object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email or by sending a request to contact@metricbiz.ro.
14.3 We may engage in marketing and remarketing activities using your personal data. Our communications aim to inform you about our activities or those of our partners, events, or other topics that may interest you.
14.4 In this regard, we may send you various types of messages, such as emails/SMS/etc., containing general and thematic information, as well as other commercial communications.
14.5 You can change your mind and withdraw your consent for marketing at any time by:
14.6 In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any situation where we use information about you for our legitimate interest, we take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may request us to stop processing your personal data for marketing purposes at any time.
15. CHANGES TO THIS PRIVACY NOTICE
15.1 We may occasionally update this Privacy Notice depending on the services and functionalities we introduce on the site.
15.2 All updates and changes to this notice are effective immediately upon publication on the site, which you agree to.
15.3 This privacy notice was prepared on 03.11.2024.