PERSONAL DATA PROCESSING POLICY

Brideabi.com Website

Effective as of May 3rd, 2023

By accepting this privacy policy, you give your consent to the processing of your personal information according to the purposes and conditions specified in this document.

This privacy policy applies to personal data collected when you access the brideabi.com website, whose provider is the company YENOVI SRL.

Contact information for YENOVI SRL:
YENOVI SRL with headquarters at Str. URUSAGULUI, No. 112J, Cluj county, Florești, Tax ID 41967212, registered with the Cluj Trade Registry, J12/4575/2019 and with IBAN: RO04BTRLRONCRT0669729101

YENOVI SRL collects, processes and stores personal data in the EU and is able to demonstrate compliance with EU legislation and the principles set forth in this document at any time.

All processing activities of personal data carried out by YENOVI SRL comply with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Terms and Definitions

  1. Personal information - any information regarding an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific elements, proper to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
  2. Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. Consent - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  4. Controller - YENOVI SRL, a company that processes personal data in the European Union, in accordance with the legislation and this policy.
  5. User - a natural person, aged 16 or over (or the minimum legal age to access or use an online service without the provider of that service being required by law to obtain the consent of one of the parents or the legal guardian), who expresses his or her consent for the use of the Application in accordance with the controller's policies and who authenticates or not in the Application by creating a profile. Registered users are individuals who have access credentials, people with whom we have contractual relationships.
  6. Supervisory authority - an independent public authority established by a Member State pursuant to Regulation (EU) 2016/679.
  7. Regulation (EU) 2016/679 - "General Data Protection Regulation" or "GDPR" - applicable data protection legislation.

Principles related to the processing of personal data

The personal data processing policy of YENOVI SRL is based on the following principles:

  1. The processing of personal data is carried out in a lawful, fair and transparent manner.
  2. Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  4. Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  5. Processing is carried out in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

The party responsible for processing personal data

The responsibility for processing personal data belongs to YENOVI SRL as the provider of the website brideabi.com. They decide which data to process, for what purpose, and how this processing takes place. Under data protection legislation, we are the controller when processing your personal data.

Legal basis for processing personal data

We use this data to allow you access to the site and to deliver the services you choose to use. The legal basis for this processing is primarily the entry into and performance of a contract to which you are a party (whenever you perform the above operations, you agree to the terms and conditions of providing those services). Personal data is processed mainly on the basis of the user's express, freely expressed, specific, and unambiguous consent to the website (registered or unregistered), in accordance with the provisions of applicable law and the terms of this policy, as well as to comply with a legal obligation. The basis for processing may be: a contract (a request from the user prior to entering into a contract), the legitimate interest of the controller or a third party, the performance of a task that serves a public interest.

What data do we collect and for what purpose?

We collect personal data from users who decide to access and create an account on our platform (registered users) as well as from unregistered users (invited users) indicated by registered users following the configuration of the account through the brideabi.com site.

  1. For registered users who agree to set up an account through the website, we collect the following personal data:
    • user's first and last name - used to set up the account on the platform, to conclude and execute the Contract and carry out the commercial relationship, to manage the account
    • user's email address - collected to set up your account, to communicate information about your account, to communicate information related to the stage of the contracted service, the situation and status of guest confirmations, to conclude and execute the Contract and, in principle, carry out the commercial relationship, to manage the account, for marketing information (from which you also have the option to unsubscribe), to provide reviews/feedback on the service used
    • user's password - collected to set up your account, to access your account, to establish contractual relationships.
    • banking information - for payment of the service, for presentation to certain institutions, authorities, accounting services, when requested
    • user images - collected depending on the user's option, to set up the account. These will appear on the confirmation page that can be accessed by any invited user.
    • information about the device used by the user - operating system, phone type (model), network through which they connect to the internet, this information being used only for statistical purposes and not directly associated with the user.
    Data such as first and last name or banking information may also be disclosed to other parties, such as public authorities and institutions, accountants, auditors, lawyers and other external consultants, whose activity requires knowledge of such data or where the law requires us to make such disclosure.
  2. For unregistered users, i.e. other data subjects communicated by the registered user (the invited user), we collect the following personal data:
    • the first and last name of other data subjects - communicated by the registered user, are collected to be highlighted in the list of invited persons to the event, a final list that will be communicated to the representative of the location where the event will take place in order to organize the tables and display the participating persons at the tables thus organized
    • the email address of other data subjects - communicated by the registered user, in order to communicate access data to the invitation link/QR code
    • the phone number of other data subjects - communicated by the user, collected in order to contact them in case they cannot be reached by email, in order to confirm their participation in the event in question and any possible options regarding companions and menus.

YENOVI SRL does not process personal data on the brideabi.com website that reveals racial or ethnic origin, political opinions, religious beliefs or philosophical convictions, trade union membership, genetic data, biometric data for the unique identification of a natural person, data on health or data on the sex life or sexual orientation of a natural person.

The registered user is responsible for the use of personal data of the unregistered-invited user, after the export of the event situation and the termination of the contractual relationship with the Company. The unregistered-invited user is expressly informed of this aspect as well as of the fact that the processing of his/her data by the Operator is carried out for the purpose stated in this Section.

How is the collection and processing of personal data carried out?

YENOVI SRL collects personal data in two ways:

  1. manually, when completing login data, creating and configuring the account by providing name, surname, email, password, images, when completing payment data, providing bank details, when completing guest data, providing name, surname, email address, phone number. The information is provided directly by the registered user.
  2. automatically, through information we obtain when the user uses our services through Google Analytics, for statistical purposes;

brideabi.com automatically collects certain information, which it stores in its traffic reports. The information we are talking about may include the IP address of the device from which you visit us, the region or general location from which you access the site, as well as the type of browser, operating system or device from which you access us. In addition, it also collects a history of the pages you access. We use this information based on our legitimate interest to observe to what extent the site's pages correspond to the display needs of your particular device, to diagnose any problems our servers may have when delivering pages to certain types of devices, to analyze trends, to observe how users can better navigate our pages.

We also inform registered users that this website uses Google Analytics, an internet traffic analysis program provided by Google, Inc. ("Google").
Statistical user data remains anonymous and is not made public.

How long do we store personal data?

The data is processed by the Operator for a period that does not exceed the duration necessary to achieve the processing purpose or the duration established by law. Users' personal data is stored for a period of up to 10 years.

The user can request at any time the modification or deletion of personal data by submitting a request to the email address: office@brideabi.com

To whom do we transfer personal data and for what purpose?

We transfer personal data to:

Google Analytics (outside the EU), where user data is stored for statistical and marketing purposes; Your personal data (registered users) may be transferred to third parties with whom we have a contractual relationship (e.g. accounting firm, audit firm, lawyers), payment processors, and banking service providers.

What security measures have we implemented?

Although we make every effort to protect the personal data you provide us, the transmission of information between you and us over the internet is not completely secure. Therefore, we cannot guarantee the security of your personal information transmitted through the internet. Understand that any such transmission is at your own risk. Once we receive personal data, we will use strict procedures and security features to prevent unauthorized access to it. We also inform you that we constantly evaluate and improve the security measures implemented to ensure the safe processing of personal data and we are constantly concerned about implementing the security measures necessary to minimize the risks of unauthorized access to data and the impact on the privacy of users.

User rights

The regulation provides the user with a series of rights, which we present succinctly below:

  1. The right to be informed and access personal data, provided for by Art. 13, 14, Art. 15 GDPR - under which confirmation can be obtained from us that we process or do not process personal data, having access to the respective data and information on the methods and purposes of processing them. It allows data subjects to know, even at the time of collection, how those data will be used, to whom they will be disclosed or transferred, what rights the data subjects have with regard to the processed data, etc.
  2. The right to rectify data provided for by Art. 16 GDPR, which can be exercised to obtain, without undue delay, the rectification of inaccurate data or the completion of personal data that is incomplete;
  3. The right to erase data ("the right to be forgotten"), provided for by Art. 17 GDPR, by which personal data can be deleted without undue delay for one of the following reasons:
    • the data are no longer necessary for the purposes for which they were collected or processed;
    • the user withdraws their consent, and there is no other legal basis for processing;
    • the user objects to the processing, and there are no legitimate grounds for the processing that override the interests, rights, and freedoms of the user;
    • the personal data have been unlawfully processed;
    • the personal data must be erased for compliance with a legal obligation;
    • the personal data have been collected in relation to the provision of information society services.
  4. The right to restrict processing provided for by Art. 18 GDPR. It is a temporary right that can be exercised in the following situations:
    • when the accuracy of the data is contested, for a period enabling us to verify the accuracy of the data;
    • the processing is unlawful, and the user opposes the erasure of the data, requesting instead the restriction of their use;
    • we no longer need the personal data for the purposes of the processing, but the user requires them for the establishment, exercise, or defense of legal claims;
    • when the user objects to processing based on their particular situation, for the time it takes to verify whether the legitimate grounds of the controller override those of the user.
  5. The right to object provided for by Art. 21 GDPR, under which the user can object to the processing of personal data, including profiling, for reasons related to their particular situation, in cases where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or in a third party. In these cases, processing will only be carried out if it is justified by compelling legitimate grounds that override the interests, rights, and freedoms of the user or for the establishment, exercise, or defense of legal claims.
    When the processing of personal data aims at direct marketing, the user has the right to object to such processing, including profiling to the extent that it is related to such direct marketing, at any time and free of charge.

Responsibility

The parties are only responsible for the processing operations carried out exclusively by them.

Modification of the personal data processing policy

This policy may be updated due to changes in relevant legislation or changes in the structure and functions of the Application and the service provided.

If changes are made to the personal data processing policy, users will be notified by email, notifications within the Application, or through the website, before the changes take effect.

We encourage users to check this page periodically to stay informed about the latest developments regarding our personal data processing practices.

How can you contact us?

Given that personal data processing operations are by no means our main activity, designating a DPO (data protection officer) is not necessary. However, for any request, complaint, suggestion, or objection, for any clarification or questions regarding the processing of personal data, you can contact YENOVI SRL by written request, at the address https://app.brideabi.com/contact or at the email address office@brideabi.com.

If you wish to make complaints regarding the processing of personal data, you can write to us at the same address, and we will respond within the legal correspondence period, in accordance with our internal policies and procedures.

In the unlikely event that you believe your rights regarding the processing of personal data have been violated and YENOVI SRL has not properly handled the complaint, you can contact the supervisory authority for the processing of personal data. The National Supervisory Authority for Personal Data Processing in Romania is located in Bucharest, bd. Gen. Gheorghe Magheru nr. 28 - 30, sector 1, postal code 010336.