We are committed to protecting your personal data and to respecting your privacy, by complying with all data protection laws and regulations applicable in Romania, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
Who we are
The data controller is LDV TECH, with its headquarters in 44 Brazda lui Novac Street, floor 1, Craiova, Dolj county, Romania, registered with the Trade Registry under no. J16 /1839/29.06.2017, having fiscal registration code 37865699 (“LDV TECH” or the “Company”), having telephone number + 40771155408, fax number + 40771155408, e-mail address [email protected], which is also the entity managing the Platform where we collect your personal data.
The processing of your personal data
During the activity carried out by LDV TECH, your personal data may be processed for different purposes. The personal data that we collect in the process of managing the Platform and offering our services to the users may be provided by the users of this Platform directly (e.g., name, surname, e-mail address, telephone number and any other data provided in the context of the interaction with the Platform) or may be collected indirectly (e.g., IP address). We will further explain below and provide you with the relevant information regarding the activities of processing personal data that we perform (including the purposes of processing personal data, the legal ground of the processing for each applicable purpose, the categories of processed data, the duration of the processing, the recipients and the transfer of personal data, where applicable), taking into consideration the nature of your relationship with the Company, namely as a user holding a personal account or as the representative of a legal entity holding a corporate account on the Platform.
When you are visiting our Platform, we are using cookies to automatically collect technical information that could identify the user, such as the IP address, the type of internet browser used for navigating our Platform, your operating system, data regarding the visits on the Platform (including the number of visits, the time spent on the Platform, the manner in which the website is accessed, the behaviour on the Platform).
Specific information regarding the personal data processing activities on the Platform
This section refers to your capacity as a user of the Platform. In general, in order to achieve the purposes below, the Company collects personal data from you directly as an individual user holding a personal account on the Platform or you are indicated as the representative of a legal entity holding a corporate account on the Platform.
The Company processes your personal data for the following purposes, based on the legal basis indicated for each of them:
|Purpose and categories of data||Legal basis||Duration of the processing|
Purpose and categories of data
Purpose: Creating and managing an
account on the Platform
Categories of data: name, surname, e- mail address, telephone number, copy of an identification document (passport or identity card), a document revealing the bank account number (IBAN) that will be used for deposits or withdrawals (bank account statement or a print screen from the bank app revealing the name and the IBAN of the user), a picture of the user holding the identification document and an individual code provided by the Company for identification purposes, type of account
|Legal basis Performance of a contract to which the user is a party, respectively the Terms of service; The legitimate interest represented by the common interest of the Company and the legal entity user holding a corporate account to have and develop a commercial relationship.||Duration of the processing For the entire period of holding the account active on the Platform, as well as for the period required by the tax, accountancy, anti- money laundering, know your customer laws and the period necessary to protect the Company’s rights, taking into account the law applicable to the agreement, including the tax statute of limitation period (generally 10 years)|
Purpose and categories of data
2. Purpose: Implementation in relation to
the users of the Platform of the internal
policies and legal obligations related to
anti-money laundering, know your
customer and identification of the
Categories of data: last name, first name, e-mail address, copy of the identification document, image of the data subject, custom identification code/text, bank account number (IBAN), video images, declaration of the source of funds for deposit exceeding EUR 10,000 or for any suspicious transaction, proof of the source of funds for deposit exceeding EUR 20,000, extended proof of the source of funds for deposit exceeding EUR 100,000 and/or any other data provided to the Company during the performance of the agreement for the fulfilment of its object, data regarding the legal representatives of the user, the shareholders and beneficial owners (according to the legal requirements regarding their identification), in accordance with the anti-money laundering provisions
|Legal basis Compliance with the legal requirements of the Company for the prevention of and fight against money laundering, know your customer and identification of the beneficial owner||Duration of the processing For the entire period of holding the account active on the Platform, as well as for the period necessary to protect the Company’s rights and the period required by the tax, accountancy, anti- money laundering, know your customer, identification of the beneficial owner laws (generally 10 years)|
Purpose and categories of data
Purpose: Provision of the services on
the Platform, such as crypto-to-fiat and
services, including through Crypto
Spots, including performing any
activities related to the provision of the
services as described under the Terms
of service (or other terms incorporated
by reference) and the applicable
Categories of data: name, surname, type of account, e-mail address, telephone number, IBAN, proof of the source of funds, when necessary, transaction data, deposit and withdrawal addressPurpose: Monitoring and managing the Platform in order to ensure maintenance, security, compliance with the Terms of service, compliance with the competent authorities’ inquiries and with the legal provisions in force
Categories of data: username, type of account, transaction data
|Legal basis Performance of a contract to which the user is a party, respectively the Terms of service The legitimate interest represented by the common interest of the Company and the legal entity user holding a corporate account to have and develop a commercial relationship. Compliance with a legal obligation incumbent to the Company Performance of a contract to which the user is a party, respectively the Terms of service Compliance with a legal obligation incumbent to the Company The legitimate interest of the Company to ensure a proper functioning of the Platform||Duration of the processing For the entire period of holding the account active on the Platform, as well as for the period required by the tax, accountancy, the prevention of and fight against money laundering, know your customer laws and the period necessary to protect the Company’s rights, taking into account the law applicable to the agreement, including the tax statute of limitation period (generally 10 years) For the entire period of holding the account active on the Platform, as well as for the period necessary to protect the Company’s rights and the period required by the applicable laws (generally 10 years)|
|Purpose and categories of data Purpose: Organization of events or webinars to which the users/ representatives of the users may join; taking photos and other recordings of such events Categories of data: username, type of account, photo, video and audio data, […]||Legal basis The Company’s legitimate interest to organize events or webinars for the users of the Platform Consent of the users to be informed on the upcoming events/webinars Consent of the users to for the Company to record and take photos at the events/webinars||Duration of the processing For the entire period of holding the account active or until the withdrawal of the consent.|
Purpose and categories of data
Purpose: Notifications (commercial
communications) to users regarding
information and updates related to the
Company’s services, Company news,
promotions, offers, campaigns
Categories of data: last name, first name, e-mail address
Purpose: Organizing and development of a contest, promotion
Categories of data: last name, first name, e-mail address, phone number, relevant information regarding your participation to the contest/promotion
|Legal basis The consent for the commercial communications sent by the Company or the legitimate interest for sending communications to the users who have previously purchased similar services of the Company, according to the applicable legal provisions. The unsubscribe option is offered in all communications sent, irrespective of their nature.Performance of an agreement to which the user is a party, respectively the terms and conditions of the contest, promotion||Duration of the processing Throughout the relationship with the user or until the withdrawal of the consent. The Company will keep evidence of the persons that subscribed / unsubscribed during the statute of limitation period (generally 3 years) but after the relation with the user ended or the user has withdrawn his/her consent, the respective user will no longer receive commercial communications.Throughout the organization and development of the contest/campaign, as well as for the period necessary to protect the Company’s rights and the period required by the applicable laws, taking into consideration the statute of limitation period (generally 3 years).|
|Purpose and categories of data Purpose: Answer your queries or requests by electronic correspondence (e-mail, contact form) or telephone. Categories of data: last name, first name, e-mail address, telephone number, transaction data, the question/request addressed and any other information provided in the request.||Legal basis The processing is based on a legitimate interest of the Company to provide answers to your queries or requests and to keep the contact with the users.||Duration of the processing For the period necessary to settle or answer your question/request, taking into account the applicable laws and the statute of limitation period (generally 3 years).|
Purpose and categories of data
Purpose: Organizing and development
of a survey through the users of the
Categories of data: last name, first name, e-mail address, information related the preferences of the user
|Legal basis The consent of the user.||Duration of the processing For the period necessary to carry on the survey and to analyse the results,moment after which personal data will be anonymized or destroyed.|
|Purpose and categories of data||Legal basis||Duration of the processing|
Recipients of your personal data
For reaching the purposes described above, the Company uses the services of several contractual partners, acting as data processors, controllers or third parties (the latter referring to parties who do not intend to process the data, but may have access to them upon fulfilling their tasks or interacting with the Company).
The following categories of recipients have access to the personal data: (i) companies providing services for hosting and maintenance of our Platform, carrying out their activity in [Romania], the providers of software through which activities for the management of contractual, financial and accounting documents are carried out, carrying out their activity in [Romania], providers of emailing services, such as SendGrid (Twilo Inc.), Sendinblue SAS, which carry out their activity in the United States of America and in France; (ii) public authorities, financial or legal auditors or institutions competent to carry out inspections and checks on the Company’s business or assets, which request the Company to provide information, by virtue of the latter’s legal obligations. Such public authorities or institutions may be the National Supervisory Authority for Personal Data Processing, ANAF or other authorities competent to perform verifications on our activity; (iii) to comply with a legal requirement or to protect the rights and assets of our Company or of other entities or people, such as courts of law; (iv) third parties acquisitors, insofar the business of the Company would be (totally or partially) transferred and the data subjects’ data would be part of the assets representing the object of the transaction and (v) affiliated companies of the same corporate group as LDV TECH.
Transfer of personal data abroad
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”) (for example, in data centres around the world, wherever the Company facilities or service providers are located), any transfer performed the Company in an EU or EEA member state will observe the legal requirements laid down by the GDPR. As regards the collaboration with the providers located outside EEA/EU, different transfer mechanisms apply in order to ensure protection of the personal data transferred, as follows: in relation to the video communications platform provider (Zoom Video Communications), the provider of emailing services (SendGrid), the cryptocurrency platforms providing exchanges services (Payward Ltd, Binance) they are headquartered outside of the EU/EEA in the USA and Cayman Islands. In such cases, the Company relies on the standard contractual clauses adopted by the European Commission (in relation with SendGrid (Twilo Inc.), Binance and Payward Ltd) or the Binding Corporate Rules adopted by Payward Ltd.
Refusal of the processing and consequences thereof
The personal data indicated above, which are processed under a legal obligation or for the performance of the contract to which you are a party represent a necessary obligation for the conclusion of a contract with the Company, and you must provide personal data for the conclusion or performance of the agreement and to enable us to comply with our legal obligations towards you and towards the public authorities. If you do not provide us with the data for the purposes mentioned above, we will not be able to conclude the agreement and we will not be able to develop the contractual relationship based on the agreement.
What happens to your personal data after the cessation of the data processing
The Company processes personal data only for the period necessary to achieve the data processing purposes explained in the above section, while complying with the legal requirements in force. If the Company establishes that it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be informed accordingly in this respect. Once the processing period indicated above expires and the Company no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymizing or destroying them.
Occasionally, the Company’s Platform may provide references or links to other websites, such as Facebook, LinkedIn, Instagram, Twitter, Pinterest, YouTube, Bitcoin talk, Telegram ("External Websites"). The Company does not control these External Websites third party sites or any of the content contained therein. You agree that the Company is in no way responsible or liable for External Websites referenced or linked from the Company’s Platform, including, but not limited to, website content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to, or arising from those sites.
External Websites have separate and independent privacy policies. The Company encourages you to review the policies, rules, terms, and regulations of each site that you visit. You may review the privacy policies of the above-mentioned websites as follows:
We seek to protect the integrity of the Company’s Platform and welcome any feedback about External Website information provided on the Company’s Platform.
The Company can only process personal data of social media users if they communicate directly with LDV TECH via such platforms (e.g., posted articles, likes, direct messages, user inquiries, comments, etc.). In such cases, the Company is also responsible for the processing of personal data gathered thereby. In addition to the data processed by us, other providers, in particular operators of social network platform, also process personal user data. The Company has no influence on this data processing and is not responsible for it - the data processing takes place exclusively in the area of responsibility of such other providers.
If you do not want the above-mentioned websites to associate the use of our online services with the user account, please do not access the respective links on the Company’s Platform. This processing activity is based on the legitimate interest to allow interaction with stakeholders through different social media platforms.
Automated decision making and automated profiling
Security of the data processing
The Company constantly evaluates and upgrades the security measures implemented as to ensure a secure and safe personal data processing. These security measures include, but are not limited to:
- Password protected directories and databases.
- Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent across the Internet securely.
- PCI Scanning to actively protect the Company’s servers from hackers and other vulnerabilities. iv. All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in the Company’s database. Only the Company’s authorized personnel are permitted access to your personal data, and these personnel are required to treat the information as highly confidential.
Data processing of data subjects over 18 years old
The Company does not want, nor intend to collect or process data related to minors. Thus, all personal data processing activities presented in this Policy refer exclusively to individuals who are at least the age of majority in the state of residence (in Romania this age is 18 years). The use of the Platform as well as the services available on the Platform is prohibited for persons who have not reached this age. If, despite our reasonable prevention endeavours, such processing still takes place, we will stop it once we notice that the users have not reached the age mentioned above.
The data subject’s rights in respect of the data processing
Within the context of the processing of your personal data, you have the following rights:
- The right of access to the processed personal data: you have the right to obtain a confirmation whether or not your personal data are being processed, and, if affirmative, to have access to the type of personal data and to the conditions of processing;
- The right to request the rectification or erasure of personal data: you have the possibility to request the rectification of inaccurate personal data, the supplementation of incomplete data or the erasure of your personal data in case (i) the data are no longer needed for their original purpose (and no new lawful purpose exists), (ii) the lawful basis for the processing is the data subject's consent, the data subject withdraws that consent, and no other lawful ground exists, (iii) the data subject exercises the right to object and the controller has no overriding grounds for continuing the processing, (iv) the data have been processed unlawfully, (v) erasure is necessary for compliance with EU law or Romanian law, or (vi) the data were collected in connection with the informational society services offered to children (if the case), where specific requirements regarding consent are applicable;
- The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, however you don’t want us to erase your personal data, but to restrict the use of data; (iii) in case the data controller no longer needs your personal data for the above-mentioned purposes, but you are requiring the data for establishing, exercising or defending a legal claim or (iv) you have objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject;
- The right to withdraw your consent for processing, at any time, when the processing is based on consent, without affecting the lawfulness of processing undertaken until that moment;
- The right to object to the data processing on grounds relating to your particular situation, when the processing is based on legitimate interest and to object at any moment to the data processing for direct marketing purposes, including profiling, if applicable;
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner;
- The right to data portability, meaning the right to receive your personal data, which you provided to the data controller in a structured, commonly used and machine-readable format and the right to transfer those data to another controller, if the processing is based on your consent or the performance of a contract and is undertaken by using automatic means;
- The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address to the competent courts of law.
The above rights may be exercised at any time. For the purpose of exercising these rights, we encourage you to send a notice in writing, dated and signed or in electronic format, to the address indicated below. Also, if you wish to withdraw your consent, you may send an e-mail to the address indicated in Section IX below or submit a written request in physical format or by mail to the Company’s headquarters.
You may address any question using the following contact details: LDV TECH, with its headquarters in 44 Brazda lui Novac Street, floor 1, Craiova, Dolj county, Romania, telephone: [Please insert], e-mail address: [email protected] .