MailFlow collects and processes personal data in accordance with the provisions of Law 677 of 21/11/2001 and, starting on 05/03/2022, with the provisions of Regulation no. 679 of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The purpose of this document is your specific and unambiguous information about the purposes of the processing, the legal basis of the processing, the duration of the processing, the recipients of the collected personal data, the ways in which you can exercise your individual rights, as well as provide information about the secondary purpose of the processing and whether the data is processed for a purpose other than that for which it was collected by the associated operators.
Within the data processing operation, MailFlow takes into account the legal regulations in force in this field, observes and applies the principles underlying the protection of personal data and ensures the confidentiality and security of the data through adequate organisational and technical measures, which translate to internal procedures, rules of conduct and continuous awareness and accountability training sessions for its employees.
THE PRINCIPLES OF PERSONAL DATA PROCESSING
The collected personal data will be:
• processed legally, fairly and transparently, observing the principles of legality, fairness, and transparency;
• collected for determined, explicit, and legitimate purposes and will not be further processed in a manner that is incompatible with these purposes; further processing for public interest archiving purposes, for scientific or historical research purposes or for statistical purposes is not deemed incompatible with the original purposes;
• adequate, relevant and limited to what is required in relation to the purposes for which it is processed.
• accurate and, if necessary, up-to-date; we will take all necessary measures to ensure that personal data that is inaccurate, considering the purposes for which it is processed, is erased or rectified without delay;
• kept in a form that allows for the identification of the data subjects for a period that does not exceed the period required for the fulfilment of the purposes for which the data is processed;
• processed in a way that ensures the adequate security of personal data, including the protection against unauthorised or unlawful processing, loss, destruction or accidental damage, by taking the appropriate technical or organisational measures.
It is important to pay attention to this information to be aware of all the aspects outlined in its contents, so that you are properly informed. This document does not constitute consent to further data processing and does not affect the legality of previous processing operations.
THE PURPOSES OF PERSONAL DATA COLLECTION
Your personal data and the data of the persons for whom the insurance contract is requested may be collected exclusively for the purpose of providing the services offered by our company, namely to create a user account and to purchase a license.
The collection and processing of personal data for the purposes mentioned above is based on:
• The signature (including the pre-contract stages), execution, and management of a contract; the purchase of a license to use the application represents a valid contract between you and MailFlow.
• The legitimate interest of our company, namely to verify the validity of the purchased license and to prevent the use of the application without purchasing a license.
• MailFlow uses the email that you provided as a means to identify the customer, so that no substitution may occur, to limit errors when performing operations, and to maintain an expedited communication with you during the current check-up.
PERSONAL DATA THAT IS COLLECTED:
• the first and last names of the persons who will purchase the license to use the application;
• IP address, when you visit our website without disabling cookies;
MailFlow collects the information mentioned above directly from its potential customers.
The refusal to provide personal data to MailFlow results in its impossibility to provide you with the license, given that this information is absolutely necessary.
The duration of the personal data processing:
The duration of the personal data processing in relation to the use of the application is specific to each type of processing, taking into account the above-mentioned considerations, as well as for the fulfilment of legal obligations (tax-related, archiving, etc.).
In order to limit processing, MailFlow will periodically review the need for data processing to limit as much as possible the scope of your data that are subject to processing.
The recipients of the personal data:
Personal data will be disclosed to our employees for the performance of their activity only in connection with the performance of the contract and for the periodic verification of the license to use the application, except in the following situations:
• if, according to the laws in force, MailFlow has the obligation to disclose this data to public authorities;
• when this disclosure is made under the law to protect the rights and interests of MailFlow ;
• when the data transmission is expressly requested by the data subject.
Depending on the type of processing, personal data may be processed by:
• Parties who provide security services and other types of protection for the systems of MailFlow ;
• Parties who ensure the quality level required to meet the customer’s requirements or who provide or broker the offer of products and services of MailFlow ;
In case surrendering and processing your personal data in a state outside of the European Union is required, MailFlow will ensure that the personal data processing complies with the security requirements applicable to such processing in the European Community, one of the components being the compliance with the EU standards on personal data processing, ensuring the fulfilment of the objectives set out in the legislation on the protection of personal data.
For atypical cases, MailFlow will request the permission of the National Supervisory Authority for Personal Data Processing to transmit the personal data to countries whose legislation does not provide a level of protection that is at least similar to that provided by Romanian law.
Your rights with respect to the data that we are processing are as follows:
A) The right to access the data
In exercising this right, you will be able to obtain from MailFlow, free of charge, a confirmation that your personal data is or is not processed by MailFlow. Your request will be sent without any particular justification, but you have to specify the physical or email address where you want to receive the information requested.
B) The right to rectify the data
The right to rectify the data may be exercised if you notice or if you have legitimate reasons to believe that your personal data has been processed by MailFlow in violation of the obligations incumbent on the operators in this regard.
In order to meet legal requirements, the personal data processing operation should meet the following requirements:
– must be made in good faith, considering the stated purpose and the legal provisions;
– must concern data collected for specified, explicit and legitimate purposes;
– must be made solely regarding adequate, relevant, accurate and updated data;
– must concern data stored in a form which allows for the identification of the persons strictly concerned for the duration required to attain the purposes for which they are collected and further processed. If MailFlow is in violation of any of its obligations under Law 677/2001, as subsequently amended and supplemented, you will be entitled to request the rectification, update, blocking, deletion or anonymisation of all data whose processing does not comply with the provisions of the above-mentioned law.
C) The right to object
You are the rightful owner of all your personal data and that identify you and as such you have the right to object, on reasonable and legitimate grounds, to the data concerning you be subject to any processing. However, we would like to remind you that providing incomplete or incorrect personal data belonging to you or withdrawing your consent regarding its processing by MailFlow MailFlow will make it impossible for MailFlow to provide you with any services.
D) The right to go to court and to resort to ANSPDCP [National Supervisory Authority for Personal Data Processing]
The violation, by MailFlow, of any of your rights regarding the collection and processing of personal data entitles you to resort to the National Supervisory Authority for Personal Data Processing, in order to protect your guaranteed rights.
If you suffer any damage as a result of the non-compliance with the legal provisions, you will be entitled to go to the courts having jurisdiction over your place of residence to obtain compensation for the damages suffered.
Any inquiry made by you regarding the exercise of any of the rights mentioned above will be answered by MailFlow within 15 days of the receipt of a written request, dated and signed by you, sent to the contact address provided for MailFlow.