Informative note regarding the processing and protection of personal data

Diginet Pro SRL (cod fiscal 1019600052341)

last update: 08.09.2022

Privacy Policy and Data Protection Notice

Through this Information Note, we would like to inform you: who we are and who is responsible in relation to the managed information, what are the purposes, legal grounds and categories of personal data that we could process with the provision of our services, which is the storage term, what rights you have, to whom we can disclose the data and what organizational and technical measures we apply to ensure an adequate level of personal data protection.

The security of your personal data is very important to Diginet Pro. You can visit our website without providing personal information. Your data is required when using certain services.

Diginet Pro Internet Services do not transfer personal data to third parties, including for marketing purposes or to generate income from the use of personal data.

These Terms and Conditions have been translated from Romanian into English and Russian. In case of discrepancies between the Romanian version and the translation (Russian or English), the Romanian version shall prevail.

1. Identity of the operator and authorized persons

1.1. “Diginet Pro” SRL, Fiscal Code 1019600052341, de facto address: municipality of Chisinau, str. Nicolae Titulescu 1, e-mail: info@diginet.md – established the purposes and methods of processing personal data within the services offered and described on the www.diginet.md page.
1.2. In view of the services offered by “Diginet Pro” SRL, which involve the provision of platforms, software applications and hardware devices to its customers (third parties), the company “Diginet Pro” SRL:

• a) Has the capacity of personal data operator – in relation to the purposes and as the case may be of the data processing means that are under the control and disposal of the “Diginet Pro” SRL company;
• b) Holds the status of authorized person by the operator – in relation to ensuring the maintenance of processes and operations of personal data processing that are carried out on behalf of its clients (natural/legal persons, under public or private law).

1.3. In this context, personal data can be processed by the company “Diginet Pro” SRL both as a personal data operator and as a person authorized by the operator, depending on the purposes pursued in relation to these data .
1.4. When processing personal data, the company “Diginet Pro” SRL, for economic and operational efficiency reasons, contracted the services of several persons authorized by the operator, as follows:

• a) Outsourcing services of the duties of the Personal Data Protection Officer – the company „Law, Privacy & Data Protection Services” SRL
• b) Servicii de hosting local – Alexhost SRL țara de reședință fiind Republica Moldova;
• c) Servicii de hosting internațional – Fozzy.com țara de reședință fiind Olanda;
• d) Other contractual partners as indicated in the cookie declarations;
• e) Sending service alerts via SMS (without advertising).
  Service providers – sending SMS notifications

1.5. Contact details of the person responsible for the protection of personal data

1.5.1. Because compliance measures (requirements of the legislation in force) and security of (organizational and technical measures) personal data are a major concern for Us, but also in order to ensure an objective and independent control of how well We fulfill our obligations in this sense, the company “Diginet Pro” SRL, in accordance with art. 37 of the General Data Protection Regulation (GDPR) and art. 25 of Law no. 133/2011 on the protection of personal data, appointed as the person responsible for the protection of personal data (Data Protection Officer – DPO) – the company “Law, Privacy & Data Protection Services” SRL, IDNO: 1018600008466, legal address: Chisinau municipality, sec. Buiucani, str. Deleanu Liviu, 7/2, (of.) 18, office@gdpr.md, in the person of the administrator – Mr. Sergiu BOZIANU.
1.5.2. In the event that You consider that We do not fulfill our obligations under the legislation on the protection of personal data, you can inform us in writing by sending a complaint, and if the answer does not resolve the complaint, you can contact the National Center for Personal Data Protection of the Republic of Moldova (NCPDP).

2. Definitions:

• “Customer” means a Customer of the Diginet Services(s) who uses the Service for commercial purposes.
• “Customer Personal Data” means personal data, reports, addresses and other files, folders or documents in electronic form that the Customer stores within the Services.
• “Customer’s Employee” means an employee, agent or representative of the Customer who uses the Website’s Personal Account to access the Services.
• “User” means the end User of the Service Client, including, but not limited to, authorized Users of the Service Client.
• “User Personal Data” means any data that relates to or may be associated with a User, such as name, telephone number, postal address or e-mail address.
• “Open Area” or “External Interface” means an area of ​​the Site that can be accessed by both Clients and Users, and Site Visitors, without the need to enter a personal account.
• “Restricted Area” or “Personal Account” means a restricted area of ​​the Site or Personal Account, which can only be accessed by Service Clients and Registered Users. Login and password are required to access the Personal Account.
• “Visitor” means a person other than the Client or User who uses the Public Area of ​​the Site but does not have access to the restricted area of ​​the Site or Service.
• “Controller” means the natural person or legal entity under public or private law which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  Diginet Pro is the Controller within the facturare.md service.
• “Processor” means a natural person or legal entity under public or private law who, on behalf of or for the benefit of the controller, processes personal data at his direction.
  Cloud CRM solutions/companies are generally considered data processors.
• “Third Party” means a natural person or legal entity under public or private law, other than the data subject, controller, processor and persons who are authorized to process personal data with the express authorization or under the direct authority of the controller or processor.
• “Recipient” means any natural person or legal entity under public or private law to whom personal data is disclosed, whether or not they are a third party. National defense, state security and public order authorities, criminal prosecution authorities and judicial authorities to which personal data are transferred within the framework of the exercise of powers established by law are not considered recipients.
  The client of the facturare.md service is the Recipient from the point of view of the law on the Protection of Personal Data.
• Law # 133/2011 – Law # 133/2011 regarding the protection of personal data;
• GDPR – General Data Protection Regulation # 679/2018 of EU;
• Law no. 48/2023 on cyber security [Ro];
• Law no. 124/2022 on electronic identification and trust services [Ro];
• Law no. 142/2018 regarding data exchange and interoperability [Ro];
• Parliament decision no. 257/2018 on the approval of the Information Security Strategy of the Republic of Moldova for the years 2019–2024 and the Action Plan for its implementation to Law [Ro];
• Law no. 241/2007 on electronic communications [Ro];
• Law no. 71/2007 regarding registers [Ro];
• Law no. 467/2003 regarding computerization and state information resources [Ro];
• Law no. 1069/2000 regarding IT [Ro];
• Order # 57/2016 – Order No. 57/2016 of the National Archival Agency on the approval of the “List of standard documents and their storage periods for public authorities, institutions, organizations and enterprises of the Republic of Moldova” and Guidelines for the application of the List [Ro].

3. Categories and list of processed personal data

3.1. Visitors to the public part of the site

If you visit the public part of the website, we only process the personal data that your browser transmits to our server.

We collect the following data, which is necessary for us to properly display the site and ensure the necessary stability and security:

• hostname and IP address of the device;
• date and time of the server request, time zone;
• client request (including file requests), http response code;
• the requested site and the amount of data transferred;
• Referrer URL – referring (previously visited) page;
• browser, operating system, interface, language, and browser software version.

4. Why we process your data

4.1. Target:

Data Processing has the following purposes (“Purposes”):

• provide and improve the SERVICE;
• managing relations with Clients (Users) of the SERVICE, including newsletters;
• security and stability of the SERVICE.

4.2. Legality of processing:

The legality of processing (according to Art. 5, Law of the Republic of Moldova No. 133 of 08.07.2011 “On the protection of personal data”) arises from:

• 4.2.1. your consent when we have requested your explicit consent (clause 1 of Article 5 of the Law of the Republic of Moldova No. 133 of 08.07.2011 “On the Protection of Personal Data”); and
• 4.2.2. the need to fulfill the contract, as your data is necessary for the satisfactory provision of the SERVICE; and
• 4.2.3. the processing is necessary for the purposes of the legitimate interests pursued by the Controller (en. Controller) or by a third party, pursuant to paragraph f), Art. 6 Lawfulness of processing, GDPR

4.3. Legitimate interests:

in accordance with 3.2.3 consist of monitoring, analyzing and improving the SERVICE, providing you with any assistance to protect the security, integrity, performance and functionality of the SERVICE.

5. Storage And Data Safety

5.1. Data retention period: We store your Data for as long as you are a registered User of the SERVICE.
In addition, we only retain Data if required to do so by law (due to warranties, terms or periods of retention) or otherwise.

5.2. Deletion of data: Data will be deleted if you (a) withdraw your consent to storage, (b) the Data is no longer necessary to fulfill a user contract for the Product, or (c) the storage is or becomes legally unacceptable. The deletion request does not affect the data if the storage is legally necessary, for example for accounting purposes.

• 5.2.1. We erase or anonymize your personal data as soon as it is no longer needed for the purposes for which we collected it or used it in accordance with the sections above. If the data needs to be stored for legal reasons, it will be blocked. This means that it will no longer be available for further processing.
• 5.2.2. If you require further information on our deletion and retention periods, please contact us as Processor referred to in Section 2 providing your relevant contact details.

5.3. Security measures: In order to avoid unauthorized access to data and in general to protect data, we apply the following security measures: encrypted transmission, encrypted storage, authorization concept, data backup concept and physical security measures for servers. These security measures are constantly reviewed in line with the latest technological developments.

6. Your rights to data protection

As a data subject, you can contact our data protection officer at any time by sending a notice to the above contact details in order to exercise your rights under national and, where applicable, European data protection law. These rights are:

• 6.1. The right to receive information about data processing and receive a copy of your processed data (the right to receive information and the right to access personal data, articles 12-13 of Law no. 133/2011 on the protection of personal data personal);
• 6.2. The right to correct inaccurate data or complete incomplete data (right to intervene, article 14 of Law no. 133/2011 on the protection of personal data);
• 6.3. The right to demand the deletion of personal data and, if personal data has been made public, forwarding information to other operators regarding the request for deletion (right to deletion, art. 16 of Law no. 133/2011 on the protection of personal data);
• 6.4. The right to withdraw your consent/consent to the termination of data processing based on your consent at any time. The revocation will not affect the lawfulness of processing based on consent prior to revocation (right to withdraw consent, art. 5 para. (2) of Law no. 133/2011 on the protection of personal data);
• 6.5. The right to file a complaint with the National Center for Personal Data Protection if you believe that the processing of data is a violation of Law no. 133/2011 on the protection of personal data (right to lodge a complaint with a supervisory authority, 27 para. (1) of Law no. 133/2011 on the protection of personal data).

7. Cookies

7.1. What are Cookies Files ‘cookies’ is small text files that are placed on the user’s computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.

7.2. Disabling of Cookies: The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari).

Your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them. These controls vary by browser, and manufacturers may change both the settings they make available and how they work at any time. As of day of the renew of this document , you may find additional information about the controls offered by popular browsers at the links below. Certain parts of the Diginet Servcies may not work properly if you have disabled browser cookie use. Please be aware that these controls may distinct from the controls that shown in provided links..

• Google Chrome
• Internet Explorer
• Firefox
• Safari
• Safari Mobile
• Opera

7.3. Cookie Policy: Please see our Cookie Policy for more information.

8. Use of web analytics

This Site uses Google Analytics and Yandex.Metrica.

8.1. Use of Google Analytics

• This system uses cookies to collect data on the Site for analysis. Google uses this data to create reports on visits to this Site, on their activity, and to assess user behavior on the Site. Google may transfer information to third parties if this is not illegal or they have an agreement with Google. Google does not associate your IP address with any other information held by Google.
• You can:
  • to prevent Google from tracking cookies that are generated when you visit this Site (including your IP address), to process these data and transmit them to Google by downloading and installing a special browser plug-in.
  • block the storage of cookies by selecting the appropriate settings in your browser.
  • You can find more information on the use and protection of data on the website or here.
• You can view the following documents from Google: Terms of Service, Privacy Policy, or get information about Google’s use of data.

8.2. Using Yandex.Metrica

• This site uses Yandex.Metrica tools to analyze statistics on the use of this website. Yandex.Metrica generates statistical and other information about the use of the website through cookies stored on users’ computers. The information generated in relation to our website is used to generate reports on website usage.
• Yandex stores and uses such information for a period of time established by the internal regulations of the services, depending on the type of cookie file. Yandex Privacy Policy.

9. Cross-border transfer of personal data

In the event of employment and if the job responsibilities will be related to customer relations, your personal data may be transferred abroad, to the operator’s working infrastructure provided by contractual partners / persons authorized by the operator, as described above.

10. Contact details of the control body on the compliance of personal data processing

10.1. As the control body on the compliance of personal data processing at the national level is – the National Center for Personal Data Protection of the, Republic of Moldova, Chisinau municipality, S. Lazo str. no. 48, email: centru@datepersonale.md.
10.2. In the event that You consider that We do not fulfill our obligations provided for by the legislation on the protection of personal data, you can complain about these actions/inactions within 30 days from the moment of detecting them, with the prior address to the company “Diginet Pro” SRL, and in case the answer does not satisfy you, you will be able to file a complaint with the National Center for the Protection of Personal Data, which is required within a general period of 30 days (a period that can be extended by another 60 days, at the reasoned decision of the authority with your prior information), to examine the request.

11. Automated processing of Personal Data

11.1. We do not use any automated processing systems to make specific decisions, including profiling.

12. Changes To This Privacy Policy

12.1. If the Company decides to change this Privacy Policy, it will post those changes directly in the Services. Should the changes be material to you, especially concerning your right to data protection, you need to confirm them.

---

ANNEX 1

Third Party Online Advertising Services We Use

Our legitimate interest in using this tool is to enable us to provide advertising based on your interests.

The legal basis for the processing of your data is provided for in Art. 5 para. (5) lit. e) from Law no. 133/2011 on the protection of personal data and in accordance with subparagraph (f) of paragraph (1) of Article 6 of the General Data Protection Regulation (GDPR).

If you require further information about such advertising, please contact us at the contact details above.

Below we have provided various options and settings for each that will prevent it from being used.

1. Google Реклама (Google Ads)

• Privacy Policy of Google products
• Google Ads – Advertising Technologies

There are several ways to opt out of using your data in Google products and Google Ads

• By making the appropriate settings in your browser; in particular, the suppression of third-party cookies means that you will not receive advertisements from third parties. For details see item 9.2.
• By disabling conversion tracking cookies by setting your browser to refuse cookies on the domain:
  see https://www.google.com/settings/ads. This setting will be canceled as soon as you delete your cookies.
• By disabling targeted advertising by providers participating in the About Advertising self-regulatory program at:
  http://www.aboutads.info/choices. This setting will be canceled as soon as you delete your cookies.
• By using a plug-in to manage advertising preferences settings without logging into your account http://www.google.com/settings/ads/plugin for browsers Firefox, Internet Explorer or Google Chrome. Please note that if you do this you may not be able to use the full functionality of this website.

2. Meta ads (Facebook Ads)

• Privacy Policy of Meta (Facebook)
• Cookie files and other technologies of data storage
• Setting advertising preferences

---

ANNEX 2

General Data Protection Regulation (GDPR) Compliance

1. If you are a resident in the European Union (EU), The EEA EFTA States or Switzerland, then our use of your personal information is governed by:

• Law of the Republic of Moldova No. 133 of July 8, 2011 “On the protection of personal data” with amendments and additions and
• the requirements of the General Data Protection Regulation (GDPR) of the EU;

1.1. These laws give you certain rights to your personal information, including the right to change, correct, obtain or delete personal information stored on Diginet websites at any time, subject to our business interests and any legal requirements. For details, see clause 6 of this Privacy and Personal Data Protection Policy.

2. This Privacy Policy has been developed in accordance with the laws of the Republic of Moldova and we have made reasonable efforts to comply with the GDPR.

3. If you need further assistance regarding your rights, please contact us at dataprotection@diginet.md and we will consider your request in accordance with the current legislation of the Republic of Moldova. In some cases, our ability to maintain these rights for you may depend on our obligations to process personal information for reasons of security, security, fraud prevention, compliance with regulatory or legal requirements, or because the processing is necessary to provide the services you have requested. In this case, we will provide you with specific details in response to your request.

4. We respond to all inquiries received from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.

5. If you rightly believe that the processing of personal data in the Diginet SERVICE violates applicable law, and you are not satisfied with our answer, then you have the right to file a complaint with the National Center for Personal Data Protection (NCPD) of the Republic of Moldova, or with your local protection authority data. The contact details of the EU and EEA data protection authorities are available here: https://edpb.europa.eu/about-edpb/board/members_en.

6. Information About Rights

Our company would like to make sure that you are fully aware of all your data protection rights.
In order to exercise the rights defined in sections 6.1 to 6.9, you can either use the possibilities of the Personal Account of the Service, or please send a request by e-mail dataprotection@diginet.md or to the postal address indicated in clause 1.5.
If you make a request, we have one month to respond to you.
Each user is entitled to the following:

6.1. Right to be informed: You have the right to be informed – confirmation that your personal data is being collected or not. If collected, who is the Controller and who is the Processor (if any), the purposes of the processing and the categories of personal data collected. As well as additional information:

• a) recipients or categories of recipients of personal data;
• b) the existence of rights to access, amend your personal data and object, including the conditions for exercising these rights;
• c) whether responses to data-collection questions are mandatory or voluntary, and the possible consequences of not responding.

6.1.1) In Section 2 of this document, we set out the Purposes of data processing and inform you what data we collect when you visit each of the services in the public and private parts of the site;
6.1.2) clause 3.2 specifies the legality of the processing of personal data;
6.1.3) in paragraphs 2.3 – 2.6 sets out the categories of personal data collected.

6.2. Right of Access: You have the right to receive from us, upon request:

• a) confirmation of whether or not the data relating to you has been processed, as well as information about the purposes of processing, the categories of data used, the recipients or categories of recipients to whom the data is disclosed;
• b) communication of personal data that is the subject of processing, as well as information about their origin and the duration of their storage;
• c) information about the principles of operation of the mechanism used in any automated processing of data relating to you as a subject of personal data;
• d) information about the legal consequences for you as the subject of personal data resulting from the processing of data;
• f) information about the procedure for making changes to your personal data.

6.3. Withdrawal of Consent: You can withdraw your consent to further processing of your personal data at any time.
6.3.1. Upon receipt of your further processing consent, we will stop processing your personal data without undue delay and will inform you of this, while continuing to store it.
6.3.2. Your withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal.

6.4. Right to Correction: You have the right to request that our company correct any information that you believe is inaccurate.
You also have the right to require Our Company to complete information that You believe is incomplete.
6.4.1. If the data processed by us is incorrect or incomplete, we will correct it without undue delay and inform you of this correction.

6.5. Right to deletion: If you decide that you do not want us to further process your data, send a request by E-mail dataprotection@diginet.md or on paper to the postal address specified in clause 1.5.
We will delete your data and inform you about this process. If mandatory legal provisions prevent such removal, we will notify you without undue delay.

6.6. Right to restriction of processing: You have the right to request that our company restrict the processing of your personal data if one of the following conditions applies:

• the accuracy of the personal data is disputed by you. The duration of the restriction of processing – for a period allowing us to check the accuracy of personal data and correct them;
• You are of the opinion that the processing is unlawful but you object to the deletion of personal data;
• Your personal data is no longer needed for the purposes of the processing, but is required by you to establish, exercise or defend legal claims;
• You objected to the processing of personal data in accordance with clause 6.8.

6.7. Right to data portability: you have the right to (i) receive your data in a structured, commonly used and machine-readable format and (ii) transfer that data to another Controller (en. Controller) or Processor (en. Processor) without any interference with our sides.

6.8. Right to object: you have the right to object to the processing of your personal data at any time, unless otherwise provided by law.
(i) If the objection is justified, the processing carried out by us can no longer affect your data.
(ii) You have the right to object at any time to the processing of personal data concerning you for direct marketing purposes.

Before disclosing your personal data to third parties, we will inform you of the right to object to such use, including how you can object or how to avoid sharing your personal data.

6.9. The right not to be affected by a private decision You have the right to demand the total or partial annulment of any private decision that gives rise to legal consequences in relation to your rights and freedoms and is based solely on automated processing of personal data intended to assess some of your personal aspects, such as professional competence, reliability, behavior, etc.
6.9.1. You may be affected by a private decision if (i) the decision is authorized by law to secure your legitimate interests (ii) the decision is made in the course of entering into or performing a contract, provided that you have expressed your consent to enter into or perform such contract.

6.10. Right to file a complaint: You have the right to file a complaint with the National Center for Personal Data Protection (NCPD) of the Republic of Moldova if you believe that the processing of personal data in the Diginet SERVICE violates applicable law, including the Law of the Republic of Moldova no. data” with amendments and additions.

6.11. If you rightly believe that you have suffered damage as a result of illegal processing of personal data, your rights or interests have been violated, then you have the right to apply to the court of the Republic of Moldova with a claim for compensation for material and moral damage.