This document is created on the basis and in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( ”GDPR”) and Law no. 190/2018 regarding the measures to apply GDPR with the purpose to inform you regarding your rights under GDPR legislation.
This document applies to you, in your quality of user of Epic Visits Platform, available on www.epicvisits.com (”the Platform”) and its intention is to inform you in accordance with the GDPR provisions regarding the processing of your personal data by Epic Visits.
In accordance with article 13 of the GDPR Regulation, we inform you:
1. Who is collecting your personal data?
Your personal data is collected by Epic Visits S.R.L., a Romanian Company, headquartered in Sat Ucea de Jos, Comuna Ucea, nr. 125A, Jud. Brașov, Romania, having registration number J8/814/2020and sole registration number 42509647, represented by Jianu Raluca-Alexandra who is entitled to provide and sell the Service (the right to use the Platform) in the conditions stipulated under the Terms of Service.
According to the Terms and Conditions of the Epic Visits Platform, Epic Visits operates the website www.epicvisits.com and facilitates the provision of services by the Hosts to Users.
As a consequence, Epic Visits processes a series of personal data that belong to you. According to the Regulation, Epic Visits is a Processor, meaning the legal person that establishes the purposes and means of processing your personal data.
2. What data is being collected?
We don’t ask you for personal information unless we truly need it. In the context of using the Platform by you as a User we will be processing your following personal data:
a) Full name, email, telephone number- the data is collected in order to create your user account on the Epic Visits Platform;
b) Billing address - this information is required to issue the invoice in the Stripe payment program.
We also collect the following personal data, for marketing purposes: name and email. We will collect such data based on your consent. You can withdraw you consent, anytime.
3. How will the information be used?
We process the data mentioned in art. 2 lit. a-b in order to be able to provide the Services of the Epic Visits Platform, respectively for you to be able to use the Platform as a User.
We do not process your personal data for marketing purposes without your prior consent. If we wish to process your data for other purposes, we will inform you and / or, as the case may be, we will obtain your consent, according to the relevant legal provisions.
4. What is the legal basis for processing the data?
We will process the data mentioned under clause 2 lett. a-b based on GDPR Regulation article 6 par. 1, letter b) and with the exclusive purpose of providing you an offer to use the Service (the right to access and use the Platform according to the Terms of Service you agreed to).
We will process the data required for invoicing (name, surname, address) based on GDPR Regulation article 6 par. 1 letter c), taking into consideration that we have a legal obligation to store your invoicing data for accounting reasons.
We will process the data mentioned under clause 2 a) based on GDPR Regulation article 6 par. 1, letter a, for marketing purposes. Therefore, based on your consent, we might send you from time to time marketing emails to promote our Service. You can withdraw your consent anytime.
If you do not agree to provide us the personal data mentioned in art. 2, which are mandatory, we will not be able to facilitate the Services offered by the Epic Visits Platform, namely you will not be able to use the sections of the Platform for which the provision of this information is mandatory.
5. How long will the data be stored for?
We will store the data mentioned under Clause no. 2 as long as we will provide you Services in accordance with the Terms of Service, namely as long as you have an Account to use the Apps. For the avoidance of any doubt, you are allowed to delete any data attached to your Account, except name and email (taking into consideration that we cannot keep your user account active without this information). If you delete any data attached to your Account, such data will be deleted from all our evidences, unless we must keep such data based on other legal grounds.
We will store your invoicing information for the period required by the applicable laws.
We will store your personal data mentioned at Clause 2 above as follows:
a) The data mentioned in art. 2 lit. a - name, surname, email - for the entire period you make them available in your user account;
b) The data mentioned in art. 2 lit. b– for the entire period in which you maintain your user account on the Epic Visits platform;
c) The data mentioned in art. 2 lit. a and b - for the entire period of collaboration with Epic Visits, as well as for the legal period of storage of accounting data according to the applicable fiscal legislation and for the settlement of possible disputes and/or litigation;
d) We process your data -email, name, surname- for marketing purposes for a period of 10 years or until the moment you withdraw your consent.
Please be advised that we decided to store you information for a period up to 10 years (unless you withdraw your consent earlier), taking into consideration that during this time we might develop some functions, features or services related to the Apps, that you might want to use. Therefore, we want to be able to announce you each time we develop a new function, feature and/or a new service that might be fit for you.
We will delete or anonymize your data at the end of the storage period.
We will store your personal data only for the time necessary in order to fulfil the specified purposes, but not for longer than 5 years since the contract is terminated and/or your last interaction with the Platform, except if the storage time requested by the law for certain personal data is longer.
6. Will the data be shared with any third parties?
Your personal data is processed by us as a Processor.
We will not disclose your personal data to third parties, with the following exceptions:
a) We will be able to transmit your data to the competent authorities if they request it, or if we have a legal obligation to do so;
b) We may transmit your data to our Partners when, by virtue of our contractual obligation with them, we have obligations in this regard (for example, when organizing an event our sponsor may request us to perform an audit, or to prove the sponsored event took place, in which case we may need to give them access to your personal data);
d) We may transmit your data to competent third parties if it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law;
e) If you use the Apps as registered Users we will be able to send your data to the billing software administrator, our accounting/law firm, the tax/judicial authorities in order to comply with our obligations and/or obtain a court sentence and to any other service provider which requires your personal data in order to provide its services.
f) We can transmit your data to third parties if we have your consent to do so.
Please note that in each situation where we transmit your data to third parties, we will ensure that we transfer only those data necessary for the purpose for which your data are transmitted, ensuring that we do not transmit more data than necessary in any situation.
Epic Visits Collaborators / Employees may have access to your personal data in order to fulfil their obligations to our company. They will be compelled to keep the data confidential and to use it strictly for the purpose of providing services to Epic Visits.
If Epic Visits decides to sell some or all of its assets, or in the unlikely event that Epic Visits goes bankrupt, user data could be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Epic Visits assets may continue to use your personal information as long as it complies with the provisions of this policy.
7. Where do we store the data?
The data is stored in the cloud, in the European Union .
If we will transfer any date outside the SEE we will do our best in order to make sure all transfers are legal, based on a solid legal ground.
8. What security measures we have implemented?
In order to protect your data, we have implemented security measures in accordance with the applicable laws and the best industry practices. We will protect your data from any security incidents, but we cannot guarantee that such incidents cannot occur.
In case of personal data breach which is likely to result in a high risk to your rights and freedoms we will communicate the personal data breach to you, without undue delay and we will take all necessary measures in order to solve and/or minimize the negative effects.
9. Automatic decision-making processes
Please note that we do not use automated decision-making processes for you and you will not be subject to decisions based solely on automated processing, including profiling.
10. What rights do you have?
a) The right of access
You have the right to obtain confirmation of the processing of your personal data and to gain access to such data. If you send us a request to gain access, we will provide you with a copy of the personal data we process about you together with all the information we are obliged to provide you, in accordance with the provisions of the GDPR Regulation.
b) The right of rectification and deletion
You have the right to request the correction of incorrect, inaccurate or incomplete personal data. You also have the right to request the deletion of personal data when they are no longer necessary in relation to the purposes for which they were processed, or if their processing is illegal.
c) The right to restrict processing
You have the right to request the restriction of the processing of your personal data in the following cases: you challenge the accuracy of the data, in which case you can request the restriction of the processing for the period of time in which we verify the accuracy of the data; the processing is illegal and you oppose deleting the data; we no longer need your personal data, but you request it to establish, exercise or defend a right in court.
d) The right to opposition
You have the right to object to the processing of your personal data for marketing purposes or for reasons related to your particular situation. In such a situation, we will no longer process your personal data, unless we demonstrate that we have legitimate and compelling reasons justifying the processing and prevailing over your interests, rights and freedoms.
e) The right to data portability
You have the right to receive personal data that you have provided to us and that concern you in a structured, commonly used format that can be read automatically. You also have the right to transmit this data to another operator.
f) Withdrawal of consent
You have the right to withdraw your consent when your data is processed under it (as in the case where we process your data for marketing purposes).
g) Automated processing
You have the right to request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to challenge the decision.
h) The right to be informed
You have the right to request and receive information about the processing of your personal data.
11. Exercising your rights
To exercise your rights, please contact us by email : email@example.com We will try to respond to your request as fast as we can, but no later than 1 month since we receive your request, except if your request is very complex and/or we are facing a large number of request when we can extent the response period by two months.
We might ask you to provide information to confirm your identity (such as, clicking a verification link, entering a username or password, id copies or others) in order to be able to respond to your request. In case we do not manage, even though we do our best, to identify you, we inform you we are entitled to not answer your request.
A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard drive. Cookies are required to use the the Service.
Like most Platform processors, Epic Visits collects non-personally-identifying information of the sort that web browsers and servers typically make available – e.g. browser type, language preference, referring site, and the date and time of each visitor request. We do this for purposes of understanding and improving our users’ experience. While we may, from time to time, make certain aggregate user information available (e.g. releasing information on our site regarding user trends and site analytics), we will never release any information identifying any individual site visitor or sell or transfer any of this information other than as described herein.
13. How can you submit a complaint?
According to the GDPR Regulation, you have the right to submit a complaint with a supervisory authority. Usually you will submit a complaint with the supervisory authority headquartered in your country or in the data controller’s country (Romania). Please find the Data Protection Authorities contact information here: https://edpb.europa.eu/about-edpb/board/members_en . The Romanian Authority is Autoritatea Naționala de Supraveghere a Prelucrării Datelor cu Caracter Personal, with registered office in B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336 Bucuresti, Romania (www.dataprotection.ro).
14. How can you contact us?
For any question or request regarding your data, please contact us at the following email address : firstname.lastname@example.org
This document is effective starting with : 21.04.2021