1. Who we are
Orgo Informatics S.R.L. (hereinafter “Orgo”, “we, “us” or similar) is a Romanian limited company, whose registered office is in Strada Gheroghe Grigore Cantacuzino 14, Ploiesti, Romania, registered with the Prahova Trade Registry under number J29/2796/2019, tax code 41650396.
We collect and process several categories of personal data from you as a user of orgo.space website (hereinafter the “website”), which, in compliance with European Union data protection law, makes us a data controller for such data.
Orgo is committed to protecting your privacy. This privacy notice sets out the types of personal information we collect, why and how we collect and process that information, what we do with it, who we share it with and certain rights and options that you have in this respect.
2. How we collect your personal data
Personal Data may be collected or accessed in a number of ways, including:
directly from you (from your form input data on the Website);
observed by us when you navigate on our website (cookies, IP, website navigation, etc.);
2.1 Data provided by you directly
When you visit our website, we process the following information about you:
(a) If you wish to contact us
Our Website gives you the ability to send us a message via the contact form. This includes fields such as name, email address and message. The data that you input in the contact form is processed based in our legitimate interest to respond to your inquiry and/or to keep a record of your request, feedback and the like.
(b) When you create an account or send us your contact details
(c) When you subscribe to our newsletter
We will process your data when you chose to subscribe to our newsletter by providing your e-mail address. The legal ground on which we base such processing is your consent, expressed by subscribing.
We will make sure to provide you with a simple way to unsubscribe in any moment, either through the respective communication or by contacting us using the contact details at below. When you unsubscribe, you will stop receiving our newsletter.
Your e-mail address will be shared with the e-mail solution provider. The data is not transferred outside the European Union.
(d) What happens if you don’t give us your data
You can visit the Website without filling in any personal data. However, where you wish to create an account or subscribe to our newsletter, you cannot do that without providing the minimum amount of information we need in order to identify you and be able to contact you if needed.
2.2 Use of the orgo.space Website
2.2.1 Cookies and other technologies
Cookies are small text files placed on your computer or mobile device when you access websites. “First party” cookies are set by domains that you are visiting at the time. “Third party” cookies are set by domains other than those of the websites that you visit.
Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.
Like cookies, the local storage technology allows websites to store information on a computer or mobile device. Local storage is typically persistent and, unlike cookies, data in local storage is not automatically transferred over the internet every time when the website is visited that stored the data.
We refer to cookies, web beacons and local storage together as “cookies and similar technologies”.
Most cookies fall into one or more of the following categories:
(a) Strictly necessary: These types of cookies are essential to provide services specifically requested by website visitors. Without them, websites cannot function or deliver the requested services.
(b) Performance: These cookies collect information about how visitors use a website, such as which pages are most popular, which method of linking between pages is most effective, and if users encounter error messages from web pages. These cookies allow us to provide a high-quality user-experience, as well as measure audience of the website pages. The information collected by these cookies does not directly identify users. They are designed to help improve how our website works.
(c) Functionality: These cookies remember choices that you make so as to improve your experience.
2.2.2 Your choices regarding cookies
More details on how to delete cookies or how to manage cookies in different internet browsers can be found by accessing the links below:
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari web and iOS.
To opt out of being tracked by Google Analytics please visit http://tools.google.com/dlpage/gaoptout.
3. HOW WE SHARE INFORMATION
We will disclose your personal data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
3.1 Disclosure to third parties
We will share the strictly necessary parts of your personal data, on a need-to-know basis with the following categories of third parties:
(a) companies that provide products and services to us (processors), such as:
(i) website services: analytics;
(ii) Entities that handle the email newsletter, client support or sales activities in our name);
(iii) information technology systems suppliers and support, including email archiving, telecommunication suppliers, back-up and disaster recovery and cybersecurity services.
(b) other parties such as public authorities and institutions, accountants, auditors, lawyers and other outside professional advisors, where their activity requires such knowledge or where we are required by law to make such a disclosure.
We will also disclose your personal information to third parties:
(a) If you request or authorise so;
(b) to persons demonstrating legal authority to act on your behalf;
(c) where it is in our legitimate interests to do so to run, grow and develop our business:
(i) if we sell any business or assets related to the Website you are subscribing to, we may disclose your personal information to the prospective buyer of such business or assets, in order to ensure that the activity continues as a going concern;
(ii) if Orgo or substantially all of its assets are acquired by a third party, in which case personal information held by Orgo will automatically be one of the transferred assets;
(d) if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
(e) to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
(f) to protect the rights, property or safety of Orgo, our employees, customers, suppliers or other persons.
Some of these recipients (including our affiliates) may use your data in countries which are outside of the European Economic Area. Please see Section 4 below for more detail on this aspect.
3.2 Restrictions on use of personal information by recipients
Any third parties with whom we choose to share your personal information pursuant to the above are limited (by law and by contract) in their ability to use your personal information for the specific purposes identified by us. We will always ensure that any third parties with whom we choose to share your personal information are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws. However, for the avoidance of doubt, this cannot be applicable where the disclosure is not our decision.
Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, if applicable, obtaining your consent.
4. TRANSFERS OF INFORMATION OUTSIDE OF THE EUROPEAN UNION
The personal information may be processed by staff operating outside the EEA working for us, other members of our group or third-party data processors for the purposes mentioned above.
If we provide any personal information about you to any such non-EEA members of our group or third-party data processors, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice. These measures include:
in the case of US based service providers, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
in the case of service providers based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting us (see section 8) at any time.
5. YOUR RIGHTS
As a data subject, you have specific legal rights relating to the personal data we collect from you. We will respect your individual rights and will deal with your concerns adequately.
(a) Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment.
(b) Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. In certain situations (such as profile data in the Orgo account), we provide a self-service mechanism so that where users have the possibility to review and rectify their personal data.
(c) Right to restriction: You may obtain from us restriction of processing of your personal data, if:
(i) you contest the accuracy of your personal data, for the period we need to verify the accuracy,
(ii) the processing is unlawful, but you object to the erasure of the personal data, requesting instead the restriction of its use,
(iii) we do no longer need your personal data, but you request it for the establishment, exercise or defense of legal rights, or
(iv) you object to the processing while we verify whether our legitimate interests override yours.
(d) Right to access: You may ask us for information regarding personal data that we hold about you, including information as to which categories of data we have in our possession, what it is being used for, where we collected it if obtained indirectly, and to whom it is disclosed, if applicable.
We will provide you with a copy of your personal data upon request. If you request further copies of your personal data, then we can charge you with a reasonable fee that we base on the administrative costs.
(e) Right to portability: You have the right to receive your personal data that you have provided to us, and, where technically feasible, request that we transmit your personal data (that you have provided to us) to another organization.
You have these rights if, on a cumulative basis:
we process your personal data by automated means, and the transmission is technically feasible;
we base the processing of your personal data on your consent, or our processing of your personal data is necessary for the execution or performance of a contract to which you are a party;
your personal data is provided to us by you; and
the transmission of your personal data does not adversely affect the rights and the freedoms of other persons.
(f) Right to erasure: You have the right to request that we delete the personal data we process about you. We must comply with this request if we process your personal data, unless such data is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation that binds us;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
for the establishment, exercise or defense of legal rights.
(g) Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless (i) we can demonstrate compelling legitimate grounds and an overriding interest for the processing or (ii) if the purpose is the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data, otherwise we will only restrict it.
You may always object to the processing of your personal data for direct marketing that was based on our legitimate interest, regardless of any reason. If the marketing was based on your consent, you can withdraw consent.
Time period: We will try to fulfill your request within one month. Nevertheless, this period may be extended with up to two months due to reasons relating to the specific legal right or the complexity of your request. In all cases, if this period is extended, we will inform you about the term of extension and the reasons that led to it.
Restriction of access: In certain situations, we may not be able to give you access to all or some of your personal data due to statutory restrictions. If we deny or limit your access, we will advise you of the reason for such measure.
No identification: In some cases, we may not be able to look up your personal data due to the identifiers you provide in your request. In such cases, where we cannot identify you as a data subject, we are not able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification. We will inform you and give you the opportunity to provide such additional details.
Exercise of your rights: In order to exercise your rights please contact us in writing or electronically at the contact addresses provided for in Section 8 below.
Orgo is committed to protecting personal information from loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction and takes all reasonable precautions to safeguard the confidentiality of personal information, including through use of appropriate organizational and technical measures. Organizational measures include physical access controls to our premises, staff training and locking physical files in filing cabinets. Technical measures include use of encryption, passwords for access to our systems and use of anti-virus software.
In the course of provision of your personal data to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information between you and us over the internet is not completely secure. As such, we cannot guarantee the security of your personal information transmitted to us over the internet and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorized access to it.
7. CHANGES TO OUR PRIVACY NOTICE
We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this privacy notice at any time. For this reason, we encourage you to refer to this privacy notice on an ongoing basis. This privacy notice is current as of the date which appears at the top of the document. We will treat your personal data in a manner consistent with the privacy notice under which they were collected, unless we have your consent to treat them differently.
8. CONTACT INFORMATION; REQUESTS AND COMPLAINTS
Please direct your questions regarding the way we collect, use or store your personal data and any requests in the exercise of your legal rights to the following contact details: [email protected]
We will investigate and use all reasonable efforts to resolve any request or complaint regarding the use or disclosure of your personal information.
If you are not satisfied with our reply, you may also make a complaint to the relevant data protection supervisory authority (in Romanian: National Supervisory Authority for Processing of Personal Data or ANSPDCP). You can find further information about the process of lodging complaints with ANSPDCP at https://www.dataprotection.ro/?page=procedura_plangerilor, and you can file a complaint using the form available at https://www.dataprotection.ro/?page=Plangeri_RGPD&lang=ro or by contacting ANSPDCP directly by email at [email protected] or by post at 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania.