Skip to content

Legal

Privacy policy

Updated:

Your right to privacy is a priority for us, and we are continuously committed to improving the way we protect your personal data.

Preliminary information

The confidentiality, integrity and security of your personal data are the cornerstones of the appropriate technical and organisational measures we implement so that your rights are respected.

This privacy policy (the “Privacy Policy”) gives effect to the principle of transparency and describes how your personal data is collected, used, disclosed, stored and erased by Cybershift S.R.L., with its registered office in Berceni, Ilfov county, str. Câmpului nr. 47V, EUID ROONRC J40/19412/2021, sole registration code (CUI) 45190118 (the “Company”, “Cybershift” or “we”), acting as data controller, in connection with (i) access to and use of the website available at the URL https://cybershift.dev (the “site”), as well as with (ii) the provision of our services both through and outside the site (the “Services”).

Personal data used on the site

The operation of the site is supported by information systems and software modules that generally obtain certain personal data; the transmission of this data takes place by default so that online communication protocols return optimal results when using the site.

This information is not collected in order to be associated with identified individuals, but, due to its nature, it may allow users to be identified through processing and combination with certain data held by third parties. This information includes IP addresses, the time of the request, the method used to send the request to the server, the size of the file returned in response, and other parameters relating to the user’s operating system. To the extent that this information leads to the identification of a user, the provisions of this Privacy Policy become applicable.

Purpose of processing

We use this data only to obtain anonymous statistical information about the use of the site and to verify that it operates correctly. We also process personal data to establish direct and proper communication with those interested in the services we offer.

  • For the construction and security of the site, the legal basis is the fulfilment of our legal obligations relating to the security of our systems, pursuant to Art. 6(1)(c) of EU Regulation 679/2016 and Art. 3 of Law 506/2004;
  • For the operation of the site, the legal basis is the performance of a contract to which the data subject is a party, or taking steps at the data subject’s request prior to entering into a contract, pursuant to Art. 6(1)(b) of EU Regulation 679/2016;
  • For providing news about our services, handling requests submitted through the contact form, and receiving your suggestions, the legal basis is your explicit, informed and freely given consent, pursuant to Art. 6(1)(a) and in compliance with the consent requirements set out in Art. 7 and 8 of EU Regulation 679/2016.

Contacting us

You may contact us in various ways: by e-mail, by telephone, through the contact form or via chat. In this case, we may process the following personal data: first name, last name, e-mail, telephone, and any other information you voluntarily provide when you contact us. We recommend that you provide only the information necessary for us to help resolve your request. We use this information to respond to your request, including to provide information about our services.

Our specialists contacting clients

While providing our services, we will use your e-mail address, telephone number, name and/or the company you represent to notify you of matters relating to the performance of the contract between us — for example, matters concerning the use of the site, the communication of any changes to our offers, or any technical issues.

Providing your personal data

We take care to comply with the principle of data minimisation; however, you should be aware that you may refuse to provide certain personal data (indicated above), in which case you may not be able to benefit from certain services specific to the contractual relationship described in this Privacy Policy.

Automated processing

Your personal data will not be processed to generate decisions based solely on automated processing that would produce legal effects concerning you or significantly affect you.

Retention period

As a rule, we will process your personal data for as long as the site exists, unless you ask us to erase it. In certain circumstances, we may retain personal data for longer periods — for example where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. We may also retain personal data for longer periods so that we have an accurate record of your dealings with us in the event of any complaints, or where we reasonably consider that there is a prospect of litigation relating to the processing of your personal data.

Transfer of personal data

We may transfer personal data, to the extent necessary, to the following categories of recipients:

  • contractual partners;
  • subcontractors;
  • payment processors;
  • companies providing IT services;
  • marketing companies;
  • public authorities, courts or arbitral bodies, as well as authorities competent to investigate criminal offences.

These recipients may be located within the European Union and/or the European Economic Area. Where recipients are located outside the European Union and the European Economic Area, including in countries not recognised as ensuring an adequate level of protection, the transfer of personal data takes place only where appropriate safeguards exist, in accordance with applicable law (such as the standard contractual clauses issued by the European Commission). You may obtain from us a list of recipients in third countries, as well as a copy of the agreed provisions ensuring an adequate level of protection. For any such request, please contact us using the contact details below.

Security of personal data

The security of your personal data is important to us. Your personal data will therefore be processed by applying reasonable technical and organisational measures to protect it — such as limiting access to the data, encrypting or anonymising it, and storing it on secure media. Nevertheless, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented and, therefore, cannot guarantee the security of personal data at all times.

Your rights

In accordance with applicable law, you have the following rights:

  1. Right of access — the right to obtain confirmation that your personal data is being processed by us, as well as information about the specifics of the processing: the purpose, the categories of data processed, the recipients, the retention period, any transfers abroad and how the data is protected, your rights, the right to lodge a complaint, and the source of the data.
  2. Right to rectification — the right to request the rectification of your personal data, subject to applicable legal requirements. In the event of errors, we will correct your data immediately upon notification.
  3. Right to erasure — in certain cases you may request the erasure of your personal data: (i) it is no longer necessary for the purposes for which it was collected; (ii) you have withdrawn your consent and there is no other legal basis; (iii) the data is processed unlawfully; (iv) you exercise a legal right to object. We will be unable to act on your request where processing is necessary to comply with a legal obligation, or for the establishment, exercise or defence of a legal claim.
  4. Right to restriction of processing — you may request that we restrict processing where: (i) you contest the accuracy of the data; (ii) the processing is unlawful and you oppose erasure; (iii) we no longer need the data but you require it for a legal claim; (iv) you have objected to processing, pending verification of whether our legitimate grounds override yours.
  5. Right to data portability — to the extent that data is processed based on your consent or for the performance of a contract, and by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  6. Right to object — in certain situations, such as where we process your data on the basis of a legitimate interest, you may object to the processing. You may object at any time to processing for the purpose of sending commercial messages.
  7. Withdrawal of consent — to the extent that we process your data based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  8. Right not to be subject to automated individual decisions — in certain circumstances, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  9. Right to lodge a complaint with the supervisory authority — the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (“ANSPDCP”): B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania; e-mail: anspdcp@dataprotection.ro.

Exercising your rights

The Data Protection Officer (DPO) facilitates communication between you, us and the National Supervisory Authority (ANSPDCP) in order to ensure compliance with the GDPR. You may contact the DPO at the e-mail address dpo@cybershift.dev.

Identity verification. We pay the greatest attention to the confidentiality of all personal data and reserve the right to verify your identity where you make a request concerning personal data.

Fees. As a rule, you may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee where your requests are manifestly unfounded or excessive, in particular because of their repetitive nature.

Response time. We make every effort to respond to your requests within one month of receipt. This period may be extended by two months where necessary, taking into account the complexity and number of requests, in which case we will inform you of any such extension and the reasons for the delay.

Contact

If you have any questions or concerns about this Privacy Policy or its implementation, you may contact us by e-mail at dpo@cybershift.dev.

Updates to this policy

We review and, where appropriate, periodically update this privacy policy when changes occur in the course of providing our services. If we wish to use your personal data in a way we have not previously identified, we will contact you to provide information and, where necessary, to request your consent. We will update the date of this document each time it is amended.

This policy has been in force since 09.08.2022.