Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as GDPR, Regulation or RGPD in this document) was adopted by the European Parliament and the Council of the European Union on 27 April 2016, its provisions being directly applicable from 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus replacing the provisions of Law no. 677/2001 (currently repealed).
The Regulation is directly applicable in all Member States, protecting the rights of all natural persons within the territory of the European Union. From a material perspective, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, legal entities, including the name and type of legal person and the contact details of the legal person.
Personal data is defined as any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data involves any operation or set of operations performed upon data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Considering Article 4, Point 7 of the Regulation, which defines the notion of "controller" as a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, the controller processing personal data through this website is Zapp Investment & Consulting SRL, located at Str. Aviatorilor, no. 26, Office B, 1st Floor, registered with the Trade Registry Office under no. j40/56/2021, having VAT number 43513727, legally represented by Mihail Tudoroiu, with contact details zappinvestmentconsulting@gmail.com, 0732028349.
This website's operator collects, stores, and processes the following personal data about you:
Considering that the Regulation primarily prohibits "processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation" (according to Article 9, paragraph 1), situations where such data processing is permitted are then established:
In order for the processing of personal data to be lawful, GDPR requires it to be based on a legitimate reason, such as the performance or conclusion of a contract, compliance with a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is obliged to be able to demonstrate that the person concerned has given consent for that particular processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions provided by the GDPR. Giving consent must be made through a statement or an unambiguous action that constitutes a freely given, specific, informed, and clear expression of the data subject's agreement to the processing of their personal data. If the consent of the data subject is given in the context of a declaration, electronically or in writing, which also refers to other aspects, the request for consent must be presented in a form that clearly distinguishes it from the other aspects, and it can even be done by checking a box. In order for the processing of personal data to be lawful, GDPR requires it to be based on a legitimate reason, such as the performance or conclusion of a contract, compliance with a legal obligation, or based on the valid consent previously expressed by the data subject. In the latter case, the controller is obliged to be able to demonstrate that the person concerned has given consent for that particular processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions provided by the GDPR.
This site uses cookies. They do not harm your computer and do not contain viruses; instead, they contribute to easier, more efficient, and safer use of the site. They are small text files that are stored on your computer and are saved by the browser used.
Many of the cookies used are called "session cookies", which are automatically deleted after visiting this site. Others remain in your computer's memory until you delete them, allowing the browser to recognize it on your next visit.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
Cookies that are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored in accordance with Article 6(1)(f) of the GDPR, which states that processing is lawful only if and to the extent necessary for the legitimate interests pursued by the controller or by a third party. Therefore, the operator of this website has a legitimate interest in storing certain cookies to ensure error-free technical optimization. Other cookies (such as those used to analyze your browsing behavior) are also stored and will be treated separately in this document.
The provider of this site automatically collects and stores information that your browser automatically transmits to us through server log files. These are:
The legal basis for processing such data is represented by Article 6(1)(b) of the GDPR, which allows the processing of data when it is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
If you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your questions and any further ones. We do not share this information without your permission. Therefore, we will process all the data you enter into the contact form only with your consent [in accordance with the provisions of Article 6(1)(a) of the GDPR]. You can revoke your consent at any time, with an informal email being sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until:
Any mandatory legal provisions, especially those regarding mandatory data retention periods, are not affected by the above.
If you contact us via email, phone, or fax, your request, including all personal data you provide, will be stored and processed by us for the purpose of handling your request, based on your consent.
Therefore, we will process all the data you provide based on the following legal provisions within the GDPR:
We will retain the data you provide in this manner until:
You can register on this website to access additional functions and services offered by our company. In this regard, the data entered by you will be used and processed for the purpose of using the respective service or function for which you have registered. Mandatory data requested during registration must be provided by you in full, otherwise the registration process will be rejected.
To inform you about important changes, such as those within our website or technical changes, we will use the email address specified by you at the time of registration.
The processing of personal data provided during the registration procedure is done only with your consent and in accordance with the provisions of Article 6(1)(a) GDPR. You can revoke your consent at any time, with an informal email being sufficient. We will continue to store the data collected during registration as long as you remain registered on this website, but mandatory storage periods remain valid and will be respected.
If you do not wish to register directly on this site, you can connect via Facebook (Connect). This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
To connect using Facebook, press "Login with Facebook" or "Connect with Facebook" and you will be automatically redirected to this platform, where you will be asked for your username and password details, thus connecting to this website with your Facebook profile. In this way, we will have access to all data stored on Facebook, for example (and not limited to):
This data will be used to create and personalize your account on this website.
For more information, you can access the Facebook Terms and Conditions, as well as the Privacy Policy, provided at https://www.facebook.com/privacy and https://www.facebook.com/legal/terms.
Considering the ruling of July 16, 2020 (pronounced in case C-311/18 - Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has stated that the protection provided by the EU - US Privacy Shield is not adequate.
Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the European Commission's Standard Contractual Clauses (SCC). The Commission has issued two sets of standard contractual clauses for transfers of data from data controllers in the EU to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of standard contractual clauses for transfers of data from data controllers in the EU to processors established outside the EU or EEA. For more information on these clauses, we recommend accessing https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-dataprotection/standard-contractual-clauses-scc_ro
Facebook uses Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by the GDPR.
For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum
We collect Email scope from Google, please see https://developers.google.com/identity/protocols/oauth2/scopes?hl=en for more info
Some of the data collected on this site are used for:
The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation, based on both the consent of the data subject and the reasons of contractual performance or the legitimate interests pursued by the controller (except where the interests or fundamental rights and freedoms of the data subject prevail, requiring the protection of personal data, especially when the data subject is a child).
Your rights regarding personal data and the means of exercising them are: Right to Information, Right of Access, Right to Rectification, Right to Erasure of Data, Right to Restriction of Processing, Right to Data Portability, Right to Object, Right Not to be Subject to Automated Decision-Making, Right to Lodge a Complaint and to Address Judicial Courts, Right to Withdraw Consent.
Personal data registered on this website is stored on BlueHost servers. The processing of the provided and stored data complies with the following legal provisions:
Regardless of the purpose for which personal data is processed, the principles of legality, fairness, and transparency are respected, as well as the principle that the processed personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
For more information regarding the processing of personal data by BlueHost, visit https://www.bluehost.com/hosting/info/privacypolicy
We have a contract/agreement/legal document (including the possibility of including and agreeing to the clauses from the Terms and Conditions of the website) concluded with BlueHost to ensure the processing of personal data in accordance with legal regulations. We fulfill our obligations under Article 28 of the GDPR by choosing an external service provider that provides sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing complies with the requirements set out in the regulation and ensures the protection of your rights.
This site uses SSL encryption for security reasons and to protect the transmission of confidential information. This encryption can be recognized by you through the lock icon that appears in the browser bar and by changing the address of the browser from http:// to https://. Once this type of encryption is activated, the transmitted or transferred data cannot be viewed by third parties.
According to the GDPR, in case the breach of personal data security is likely to result in a high risk to your rights and freedoms, the operator of this website will inform you promptly about this breach, unless the provisions complementary to the same Regulation become incidents (art. 34 para. 3).
As the provisions of the GDPR are not applicable (art. 37 para. 1 - according to which the Controller and the processor shall designate a data protection officer whenever:
Regarding the obligation to appoint a Data Protection Officer, for any information or clarifications regarding the functioning of this website, please contact us at the following details:
According to the GDPR Regulation, the controller or the processor should maintain records of processing activities under its responsibility for a reasonable period. These records should include all of the following information:
The detailed obligation above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.
Considering the current state of technology, the context, and the purposes of the processing, as well as the risks for the rights and freedoms of individuals, the controller implements appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing is processed.
According to Article 33(1) of the GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, within 72 hours from the time we become aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.
Informing the data subject about the personal data breach
Referring to the provisions of Article 34 of the GDPR, in the event that a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about this breach, unless:
This service uses social plugins ("plugins") managed by the social network facebook.com. The plugins can be identified by a Facebook logo (a white "f" on a blue plate or a "thumbs up" sign) or are labeled with the addition of the phrase "Facebook Social Plugin." The list and appearance of Facebook plugins can be viewed here: https://developers.facebook.com/docs/plugins/. By using the Like extension, you will appreciate our website's Facebook page without needing to leave it. By using the Share extension, you will distribute our website or specific content from it on your personal Facebook page without needing to leave the website.
Through the plugin, Facebook receives information about the pages you access on our website. If you are logged in to Facebook at the same time, Facebook can associate the actions you take on our page with your personal account. When you interact with the plugins, such as clicking the Like button or sharing specific content from the site, the corresponding information is transmitted directly from your browser to Facebook and stored there. Even if you are not a Facebook member, there is still the possibility that the social network obtains and stores your IP address.
By clicking one of these buttons, you agree to the use of this plugin and, consequently, to the transfer of personal data to Facebook. We do not have control over the nature and purpose of the data transmitted, as well as over the subsequent processing. Regarding the purpose and extent of data collection, processing, and further use by Facebook, as well as permissions and privacy settings, you can refer to Facebook's privacy policies.
If you do not want Facebook to associate your visit to this site with your Facebook account information, you have the option to log out.
This service uses social plugins ("plugins") managed by the social network Instagram, functions provided by Instagram Inc., headquartered at 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins can be identified by an Instagram logo or are labeled with the addition of the phrase "Instagram Social Plugin."
Through the plugin, Instagram is informed about the actions you take on our page. If you are logged in to your personal account on the social network at the same time, it can associate the actions taken on the page with your Instagram account and, implicitly, with you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not an Instagram member, there is still the possibility that it obtains and stores your IP address.
By clicking one of these buttons, you agree to the use of this plugin and, consequently, to the transfer of personal data to Instagram. We do not have control over the nature and purpose of the data transmitted, as well as over the subsequent processing. Regarding the purpose and extent of data collection, processing, and further use by Instagram, as well as permissions and privacy settings for users, you can consult Instagram's privacy policies at: https://help.instagram.com/155833707900388.
If you are an Instagram member and do not want it to collect your data through the plugin and link it to the data already stored on Instagram, you must log out of the social network before visiting this site.
This service uses social plugins ("plugins") managed by the social network Google+. The plugins can be identified by a Google+ logo.
Through the plugin, Google receives information about the pages you access on our website. If you are logged in to the social network at the same time, Google can associate the actions you take on the page with your Google+ account and, implicitly, with you personally. When you interact with the plugins, the corresponding information is transferred directly from your browser to Google+ and stored there. Even if you are not a Google+ member, there is still the possibility that it obtains and stores your IP address.
By clicking one of the plugin buttons, you can express your agreement to their use and, consequently, to the transfer of personal data to Google+. We do not have control over the nature and purpose of the data transmitted, as well as over the subsequent processing. Regarding the purpose and extent of data collection, processing, and further use by Google+, as well as permissions and privacy settings for users, you can consult Google+'s privacy policies at: https://policies.google.com/privacy?hl=en.
If you are a Google+ member and do not want it to collect your data through the plugin and link it to the data already stored on Google+, you must log out of the social network before visiting the site.
To receive a newsletter, it is necessary to provide a valid email address, along with specific information to identify the owner of this address. Also, your consent is required for receiving the newsletter, and therefore, we inform you that any other personal data will be collected and stored only based on your agreement. The data collected in this way is processed only for the purpose of transmitting the newsletter and will not be transmitted to third parties. Therefore, we will process any data you enter in the contact form only with your consent, in accordance with the provisions of Article 6 (1) lit. a GDPR.
Our website uses plugins from the YouTube platform, which is operated by Google. The website operator is YouTube, LLC, Cherry Ave 901, San Bruno, CA 94066, USA.
If you visit a page on our website where a YouTube plugin has been integrated, a connection to YouTube's servers will be established. As a result, the YouTube server will be notified of which pages you have visited.
In addition, YouTube may introduce various cookies, through which information about visitors to our site can be obtained. Among other things, this information will be used to generate video statistics in order to improve the usability of the site and prevent fraud attempts.
If you are logged into your YouTube account while visiting our site, you allow YouTube to directly associate your browsing patterns with your personal profile. You have the option to prevent this by logging out of your YouTube account.
The use of YouTube is based on our interest in presenting online content in an appealing manner. According to Art. 6 para. 1 lit. f) GDPR, this is a legitimate interest.
Considering the Decision of July 16, 2020 (pronounced in case C-311/18 - Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection provided by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the US and other countries outside the European Economic Area (EEA) should be based on the Standard Contractual Clauses (SCC) of the European Commission.
For more information on how YouTube handles user data, please see YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.
This site uses Google Maps, a mapping and location service, through an API. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States of America.
To ensure data protection on our website, you will find that Google Maps has been deactivated when you visit our site for the first time. A direct connection to Google's servers will not be established until Google Maps is autonomously activated, i.e., with your consent in accordance with Article 6 (1) lit. a) GDPR. This will prevent data transfer to Google during your first visit to our site. Once you have activated the service, Google Maps will store your IP address. It is usually subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.
Considering the Decision of July 16, 2020 (pronounced in case C-311/18 - Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice has ruled that the protection provided by the EU-US Privacy Shield is not adequate.
Therefore, the transfer of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for transfers of data from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of contractual clauses for transfers of data from EU data controllers to processors established outside the EU or EEA. For more information on these Clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractualclauses-scc_ro.
Google Maps uses Standard Contractual Clauses as an adequate safeguard for data protection, in accordance with the level of protection guaranteed by the GDPR. For more information, please consult Google's Privacy Policy at the following address: https://policies.google.com/privacy
This privacy policy for the processing of personal data is generated in accordance with the provisions of Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.
We reserve the right to make any additions or modifications to this policy. We recommend consulting the Policy regularly for accurate and updated information regarding the processing of personal data.
For more details regarding this GDPR Policy, as well as for exercising any of the aforementioned rights, a written notification can be sent to the contact details indicated above.