🛡️ Drepturile dumneavoastră sunt protejate de GDPR
Această pagină detaliază drepturile dumneavoastră conform GDPR și procedurile pentru exercitarea acestora. Pentru orice nelămurire, contactați DPO-ul nostru.
1. GDPR Introduction
IMEIGuard fully complies with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and Romanian Law 190/2018. This policy details your rights and procedures for exercising them.
2. Your GDPR Rights - Detailed
2.1. RIGHT OF ACCESS (Art. 15 GDPR)
You have the right to obtain confirmation that we process your data and to receive a copy of it.
What you can request: - Copy of all personal data - Processing purposes - Categories of data processed - Data recipients - Storage period - Data sources (if not collected directly from you) Procedure: Send an email to dpo@imeiguard.ro with subject "GDPR Data Access Request". We will respond within max. 30 days. 2.2. RIGHT TO RECTIFICATION (Art. 16 GDPR)
You have the right to correct inaccurate data or complete incomplete data.
How to proceed: - For account data: modify directly from dashboard - For other data: contact dpo@imeiguard.ro - We verify and update data within max. 5 business days 2.3. RIGHT TO ERASURE / "RIGHT TO BE FORGOTTEN" (Art. 17 GDPR)
You can request data deletion in the following situations: - Data is no longer necessary for the purposes for which it was collected - You withdraw consent (if processing is based on consent) - You object to processing and there are no overriding legitimate grounds - Data has been processed unlawfully - Data must be erased to comply with a legal obligation EXCEPTIONS - We cannot delete data if: - It is necessary for legal obligations (e.g., invoices - 10 years) - It is necessary for establishment, exercise, or defense of legal claims - There is a public interest Procedure: Send request to dpo@imeiguard.ro. We will evaluate and respond within 30 days. 2.4. RIGHT TO RESTRICTION OF PROCESSING (Art. 18 GDPR)
You can request temporary restriction of processing in the following cases: - You contest the accuracy of the data - Processing is unlawful but you do not wish erasure - We no longer need the data but you require it for legal proceedings - You have objected to processing pending verification of legitimate grounds 2.5. RIGHT TO DATA PORTABILITY (Art. 20 GDPR)
You have the right to receive data in a structured, commonly used, machine-readable format (JSON, CSV).
Data available for portability: - Account data - Verification history - Transactions - FANE BOT conversations Procedure: Request at dpo@imeiguard.ro. You will receive a download link within 30 days. 2.6. RIGHT TO OBJECT (Art. 21 GDPR)
You can object to data processing based on legitimate interest or for direct marketing.
Marketing objection: Click "Unsubscribe" link in any promotional email. Objection to other processing: Contact dpo@imeiguard.ro. 2.7. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing which produces legal effects or significantly affects you. In our case: - FANE BOT is an informative assistant, does not make automated decisions - IMEI verifications are informative, purchase decisions are yours 2.8. RIGHT TO COMPLAIN (Art. 77 GDPR)
You have the right to file a complaint with the supervisory authority:
ANSPDCP (National Supervisory Authority for Personal Data Processing)
Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, București, Romania
Phone: +40 318 059 211 / +40 318 059 212
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
You have the right to obtain confirmation that we process your data and to receive a copy of it.
What you can request: - Copy of all personal data - Processing purposes - Categories of data processed - Data recipients - Storage period - Data sources (if not collected directly from you) Procedure: Send an email to dpo@imeiguard.ro with subject "GDPR Data Access Request". We will respond within max. 30 days. 2.2. RIGHT TO RECTIFICATION (Art. 16 GDPR)
You have the right to correct inaccurate data or complete incomplete data.
How to proceed: - For account data: modify directly from dashboard - For other data: contact dpo@imeiguard.ro - We verify and update data within max. 5 business days 2.3. RIGHT TO ERASURE / "RIGHT TO BE FORGOTTEN" (Art. 17 GDPR)
You can request data deletion in the following situations: - Data is no longer necessary for the purposes for which it was collected - You withdraw consent (if processing is based on consent) - You object to processing and there are no overriding legitimate grounds - Data has been processed unlawfully - Data must be erased to comply with a legal obligation EXCEPTIONS - We cannot delete data if: - It is necessary for legal obligations (e.g., invoices - 10 years) - It is necessary for establishment, exercise, or defense of legal claims - There is a public interest Procedure: Send request to dpo@imeiguard.ro. We will evaluate and respond within 30 days. 2.4. RIGHT TO RESTRICTION OF PROCESSING (Art. 18 GDPR)
You can request temporary restriction of processing in the following cases: - You contest the accuracy of the data - Processing is unlawful but you do not wish erasure - We no longer need the data but you require it for legal proceedings - You have objected to processing pending verification of legitimate grounds 2.5. RIGHT TO DATA PORTABILITY (Art. 20 GDPR)
You have the right to receive data in a structured, commonly used, machine-readable format (JSON, CSV).
Data available for portability: - Account data - Verification history - Transactions - FANE BOT conversations Procedure: Request at dpo@imeiguard.ro. You will receive a download link within 30 days. 2.6. RIGHT TO OBJECT (Art. 21 GDPR)
You can object to data processing based on legitimate interest or for direct marketing.
Marketing objection: Click "Unsubscribe" link in any promotional email. Objection to other processing: Contact dpo@imeiguard.ro. 2.7. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing which produces legal effects or significantly affects you. In our case: - FANE BOT is an informative assistant, does not make automated decisions - IMEI verifications are informative, purchase decisions are yours 2.8. RIGHT TO COMPLAIN (Art. 77 GDPR)
You have the right to file a complaint with the supervisory authority:
ANSPDCP (National Supervisory Authority for Personal Data Processing)
Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, București, Romania
Phone: +40 318 059 211 / +40 318 059 212
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
3. Legal Bases for Processing
We process your data based on the following legal bases according to Art. 6 GDPR:
3.1. Consent (Art. 6(1)(a)) - Marketing and promotional communications - Non-essential cookies (analytics, marketing) - Newsletter 3.2. Contract Execution (Art. 6(1)(b)) - Providing IMEI verification service - Account management - Payment processing - Essential communications 3.3. Legal Obligation (Art. 6(1)(c)) - Invoice issuance - Retention of accounting documents (10 years) - Responses to authority requests - Tax compliance 3.4. Legitimate Interests (Art. 6(1)(f)) - Platform security - Fraud prevention - Service improvements - Technical analysis For each processing, we have conducted a balancing assessment between our legitimate interests and your rights.
3.1. Consent (Art. 6(1)(a)) - Marketing and promotional communications - Non-essential cookies (analytics, marketing) - Newsletter 3.2. Contract Execution (Art. 6(1)(b)) - Providing IMEI verification service - Account management - Payment processing - Essential communications 3.3. Legal Obligation (Art. 6(1)(c)) - Invoice issuance - Retention of accounting documents (10 years) - Responses to authority requests - Tax compliance 3.4. Legitimate Interests (Art. 6(1)(f)) - Platform security - Fraud prevention - Service improvements - Technical analysis For each processing, we have conducted a balancing assessment between our legitimate interests and your rights.
4. Procedures for Exercising Rights
4.1. How to Request:
To exercise any GDPR right, you can: 1. Send email to: dpo@imeiguard.ro 2. Send letter to address: Str. Exemplu nr. 1, București, Sector 1, România 3. For account deletion: from Dashboard > Settings > Delete account 4.2. Required Information in Request: - Full name - Email address associated with account - Clear description of the right you wish to exercise - Copy of ID document (for verification) 4.3. Response Times: - Initial response: within 5 business days - Complete resolution: within 30 days (can be extended by 60 days in complex cases) - You will be informed of any delays 4.4. Free of Charge: Exercising rights is free. We may charge a reasonable fee only if requests are manifestly unfounded or excessive. 4.5. Identity Verification: For your security, we will request proof of identity before processing requests involving data access or modification.
To exercise any GDPR right, you can: 1. Send email to: dpo@imeiguard.ro 2. Send letter to address: Str. Exemplu nr. 1, București, Sector 1, România 3. For account deletion: from Dashboard > Settings > Delete account 4.2. Required Information in Request: - Full name - Email address associated with account - Clear description of the right you wish to exercise - Copy of ID document (for verification) 4.3. Response Times: - Initial response: within 5 business days - Complete resolution: within 30 days (can be extended by 60 days in complex cases) - You will be informed of any delays 4.4. Free of Charge: Exercising rights is free. We may charge a reasonable fee only if requests are manifestly unfounded or excessive. 4.5. Identity Verification: For your security, we will request proof of identity before processing requests involving data access or modification.
5. International Data Transfers
5.1. Principle:
We strive to keep data within the European Economic Area (EEA). 5.2. Transfers to Third Countries:
When we transfer data outside the EEA (e.g., Stripe - USA), we ensure that: - There is an adequacy decision by the European Commission OR - We have implemented appropriate safeguards (EU standard contractual clauses) OR - An applicable derogation exists (e.g., explicit consent, contract execution) 5.3. Safeguards: - Approved EU standard contractual clauses - Supplier compliance assessment - Additional security measures
We strive to keep data within the European Economic Area (EEA). 5.2. Transfers to Third Countries:
When we transfer data outside the EEA (e.g., Stripe - USA), we ensure that: - There is an adequacy decision by the European Commission OR - We have implemented appropriate safeguards (EU standard contractual clauses) OR - An applicable derogation exists (e.g., explicit consent, contract execution) 5.3. Safeguards: - Approved EU standard contractual clauses - Supplier compliance assessment - Additional security measures
6. Profiling and Automated Decisions
6.1. Limited Use:
We do not use extensive profiling or automated decisions that produce significant legal effects. 6.2. FANE BOT:
Our AI assistant (FANE BOT) is an informative tool that: - Answers questions about verifications - Does NOT make automated decisions with legal effects - Does NOT evaluate creditworthiness or eligibility - Conversations are stored for service improvement (with your consent) 6.3. Fraud Detection: We use automated algorithms for fraud detection, but: - We do not automatically block accounts without human review - You have the right to contest any decision
We do not use extensive profiling or automated decisions that produce significant legal effects. 6.2. FANE BOT:
Our AI assistant (FANE BOT) is an informative tool that: - Answers questions about verifications - Does NOT make automated decisions with legal effects - Does NOT evaluate creditworthiness or eligibility - Conversations are stored for service improvement (with your consent) 6.3. Fraud Detection: We use automated algorithms for fraud detection, but: - We do not automatically block accounts without human review - You have the right to contest any decision
7. Breach Notification
7.1. Our Procedure:
In the event of a security breach: - We notify ANSPDCP within max. 72 hours - We notify you if there is high risk to your rights - We take immediate measures to limit impact - We document the incident according to GDPR requirements 7.2. What You Will Receive: - Description of breach nature - Contact information for further details - Likely consequences - Measures taken or proposed
In the event of a security breach: - We notify ANSPDCP within max. 72 hours - We notify you if there is high risk to your rights - We take immediate measures to limit impact - We document the incident according to GDPR requirements 7.2. What You Will Receive: - Description of breach nature - Contact information for further details - Likely consequences - Measures taken or proposed
8. DPO Contact
For any questions related to data protection or exercising GDPR rights:
Data Protection Officer:
Data Protection Officer
Email: dpo@imeiguard.ro
We respond within 5 business days for receipt confirmation and max. 30 days for complete resolution.
Data Protection Officer:
Data Protection Officer
Email: dpo@imeiguard.ro
We respond within 5 business days for receipt confirmation and max. 30 days for complete resolution.