The document explains the personal data we collect, how and where we may use it, how we protect it, who has access to it, with whom we share it, and how you may correct it.
1. General information
S.C. EXIBIT STUDIO CODE S.R.L. (hereafter mentioned as Exibit), with its official headquarters in Bucharest, 3rd District, Vlaicu Voda 4, Bl c14 sc1, 1st floor, registered in the Bucharest Trade Register with number J40/9228/2019 , fiscal code RO41394654, e-mail [email protected] processes personal data in agreement with the European legislation on data protection (GDPR – Regulation EU 2016/679). Our Data Protection Officer can be found at the following contacts: Exibit’s Data Protection Office – [email protected], Phone: +40-766334874
Exibit offers data security products and services. Our goal is to ensure information and network security by providing quality products and services in these areas while also respecting privacy and personal data of customers, Internet users and business partners.
For this purpose, we collect only that personal data absolutely necessary for the specified purposes, on a best efforts basis.
Personal data according to the European legislation definition (GDPR – Regulation 2016/679 means:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
In this context, Exibit processes personal data for the following main purposes:
Website management and security
Responding to your queries and comments
Marketing for Exibit own needs.
Statistical analysis and market studies;
2. Personal data collected
Exibit may collect personal information from its users in four different ways:
directly provided by a user;
– indirectly provided by its websites, such as:
traffic data registered by the servers that host our websites;
cookies, that may share some personal information.
2.1. Personal data directly provided by a user
– for example, when you complete a website form or submit a comment on our blog we might ask your name, surname and/or email address so we can contact you with updates, notices, or to provide support..
All these data are being used for contacting you on your specific request or, if you subscribed for our newsletter or commercial communication, for marketing purposes. The legal basis for processing these data is consent of the data subject in receiving that respective information or subscribing to our newsletter.
The duration of processing is until the respecting information and request is being sent, plus a period of 30 days to be sure that there are no more follow-ups needed.
As regards your subscription to our newsletter or commercial communications, we will keep our communication going, until you withdraw your consent or you don’t engage with our email in the past 5 years.
We may also send you follow-up messages if you have completed your data in order to buy our products or services, but you haven’t finalized the entire acquisition process. The legal basis of this data processing is art 6 (1) b of GDPR – taking steps at the request of the data subject prior to entering into a contract. This data is kept for a maximum period of 30 days, unless you complete the acquisition process when data might be kept longer for purposes of performing the contract that you are a part of.
2.2. Traffic data
– when a user visits a website, it automatically reveals certain information, such as the IP address, date and time of the visit or the referral website that sent you to Exibit websites. Exibit, like any other website manager, may record this kind of information for a limited period of time. We also use other external services of traffic analysis, such as Google Analytics, Adobe Analytics.
All these data are used exclusively for website improvement or statistical purposes, but also for improving our web services and ensuring their security. Most of these data is being used only as aggregated data. The data is kept only as long as they are necessary for these purposes. The legal basis for this collection is legitimate interest for Improving our website for the ensuring the security of your website. Duration of processing is 1 year from the date of the visit.
For example, we use first party cookies for identification or communication purposes, such remembering your language, communication sessions or setting, other details necessary for a correct functioning of our website.
Sometimes we might use external Exibit services which may place third party cookies when navigating the Exibit websites, their purposes are for marketing, traffic analysis and social media sharing, as indicated in website.
Internet Explorer – http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies
Mozilla Firefox – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Google Chrome – https://support.google.com/chrome/answer/95647?hl=en
Safari – https://support.apple.com/kb/PH19214?locale=en_US
You may also use third party extensions on these browser that do block intrusive cookies. The following extensions seem to be the most popular on the market at this time (in alphabetical order): AdBlock Plus, Ghostery, Privacy Badger or uBlock.
The legal basis for this data collection is consent, which is being obtained the first time when you visit our website from a specific browser. Then we will also have the opportunity to opt-out to any cookies that we may use as well as reading more information on what cookies we use and their purposes. If you opt-out, please note that we record your choice in a cookie, so if you delete all of your cookies, we will ask you again on our desired choice.
Duration of processing for this data is maximum 50 months, depending on each cookie setting.
3. Protecting the Personal data
Confidentiality and data protection are of vital importance for us. Access to the collected personal data is restricted only to Exibit employees and data processors that need access to this information. All Exibit information security policies are ISO 27001 certified.
Exibit may use other IT companies to process the collected personal data. These companies are considered data processors and have strict contractual obligations to keep the confidentiality of the processed data and to offer at least the same level of security as Exibit. Data processors have the obligation not to allow third parties to process personal data on behalf of Exibit and to access, use and/or keep the data secure and confidential.
Exibit may host personal data in Romania, as well as in European Union or any other jurisdiction which offers adequate level of personal data protection according to European Union standards, including companies that are certified under the US-EU Privacy Shield program.
Due to confidentiality obligations and security requirements the specific information regarding the name and details for each processor used will be provided only to competent authorities.
The following types of data processor are being used:
- hosting services in Romania, UE and US;
- support channel communications in Romania and US;
- marketing services (including email marketing) in Romania and US.
All our data processors in US are certified in the US-EU Privacy Shield program.
Access to certain sections of Exibit websites is protected by a username and password. We recommend not to reveal this password. Exibit will never ask for your account’s password via any kind of messages or phone calls. We advise not to disclose your password to anyone asking you to do so. If possible, we also recommend to log out of your online services account after each session. We also advice to close the browser window after navigating or using Exibit services.
Unfortunately, transferring data over the Internet cannot be 100% secure. Consequently, despite our efforts to protect personal data, Exibit cannot assure or guarantee the security of the information transmitted by the user until the information is on our servers. Any information you transmit is done on your own risk.
4. Who has access to personal data
In principle, Exibit will not reveal any personal data about its users to third parties without the exceptions mentioned above.
Exceptionally, Exibit may reveal personal data to competent authorities, upon their legal request according to the applicable laws or when this is necessary to protect the rights and interests of our clients and Exibit .
5. Your personal data rights
According to European Union applicable data protection legislation, data subjects shall have the right to access to data, rectification, erasure, restriction on processing, objection to processing and right to data portability. In the case when processing is based on consent, you have the right to withdraw it at any time.
For exercising these rights, you may send a written request, dated and signed and send it to the above mentioned Exibit headquarters or via email to [email protected]
You also have the right to lodge a complaint with a competent supervisory authority.
6. Publication date