Informative note regarding the processing and protection of personal data
Diginet Pro SRL (cod fiscal 1019600052341)
last update: 08.09.2022
Through this Information Note, we would like to inform you: who we are and who is responsible in relation to the managed information, what are the purposes, legal grounds and categories of personal data that we could process with the provision of our services, which is the storage term, what rights you have, to whom we can disclose the data and what organizational and technical measures we apply to ensure an adequate level of personal data protection.
The security of your personal data is very important to Diginet Pro. You can visit our website without providing personal information. Your data is required when using certain services.
Diginet Pro Internet Services do not transfer personal data to third parties, including for marketing purposes or to generate income from the use of personal data.
These Terms and Conditions have been translated from Romanian into English and Russian. In case of discrepancies between the Romanian version and the translation (Russian or English), the Romanian version shall prevail.
1. Identity of the operator and authorized persons
1.1. “Diginet Pro” SRL, Fiscal Code 1019600052341, de facto address: municipality of Chisinau, str. Nicolae Titulescu 1, e-mail: email@example.com – established the purposes and methods of processing personal data within the services offered and described on the www.diginet.md page.
1.2. In view of the services offered by “Diginet Pro” SRL, which involve the provision of platforms, software applications and hardware devices to its customers (third parties), the company “Diginet Pro” SRL:
- a) Has the capacity of personal data operator – in relation to the purposes and as the case may be of the data processing means that are under the control and disposal of the “Diginet Pro” SRL company;
- b) Holds the status of authorized person by the operator – in relation to ensuring the maintenance of processes and operations of personal data processing that are carried out on behalf of its clients (natural/legal persons, under public or private law).
1.3. In this context, personal data can be processed by the company “Diginet Pro” SRL both as a personal data operator and as a person authorized by the operator, depending on the purposes pursued in relation to these data .
1.4. When processing personal data, the company “Diginet Pro” SRL, for economic and operational efficiency reasons, contracted the services of several persons authorized by the operator, as follows:
- a) Outsourcing services of the duties of the Personal Data Protection Officer – the company „Law, Privacy & Data Protection Services” SRL
- b) Servicii de hosting local – Alexhost SRL țara de reședință fiind Republica Moldova;
- c) Servicii de hosting internațional – Fozzy.com țara de reședință fiind Olanda;
- d) Other contractual partners as indicated in the cookie declarations;
- e) Sending service alerts via SMS (without advertising).
Service providers – sending SMS notifications
1.5. Contact details of the person responsible for the protection of personal data
1.5.1. Because compliance measures (requirements of the legislation in force) and security of (organizational and technical measures) personal data are a major concern for Us, but also in order to ensure an objective and independent control of how well We fulfill our obligations in this sense, the company “Diginet Pro” SRL, in accordance with art. 37 of the General Data Protection Regulation (GDPR) and art. 25 of Law no. 133/2011 on the protection of personal data, appointed as the person responsible for the protection of personal data (Data Protection Officer – DPO) – the company “Law, Privacy & Data Protection Services” SRL, IDNO: 1018600008466, legal address: Chisinau municipality, sec. Buiucani, str. Deleanu Liviu, 7/2, (of.) 18, firstname.lastname@example.org, in the person of the administrator – Mr. Sergiu BOZIANU.
1.5.2. In the event that You consider that We do not fulfill our obligations under the legislation on the protection of personal data, you can inform us in writing by sending a complaint, and if the answer does not resolve the complaint, you can contact the National Center for Personal Data Protection of the Republic of Moldova (NCPDP).
- “Customer” means a Customer of the Diginet Services(s) who uses the Service for commercial purposes.
- “Customer Personal Data” means personal data, reports, addresses and other files, folders or documents in electronic form that the Customer stores within the Services.
- “Customer’s Employee” means an employee, agent or representative of the Customer who uses the Website’s Personal Account to access the Services.
- “User” means the end User of the Service Client, including, but not limited to, authorized Users of the Service Client.
- “User Personal Data” means any data that relates to or may be associated with a User, such as name, telephone number, postal address or e-mail address.
- “Open Area” or “External Interface” means an area of the Site that can be accessed by both Clients and Users, and Site Visitors, without the need to enter a personal account.
- “Restricted Area” or “Personal Account” means a restricted area of the Site or Personal Account, which can only be accessed by Service Clients and Registered Users. Login and password are required to access the Personal Account.
- “Visitor” means a person other than the Client or User who uses the Public Area of the Site but does not have access to the restricted area of the Site or Service.
- “Controller” means the natural person or legal entity under public or private law which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Diginet Pro is the Controller within the facturare.md service.
- “Processor” means a natural person or legal entity under public or private law who, on behalf of or for the benefit of the controller, processes personal data at his direction.
Cloud CRM solutions/companies are generally considered data processors.
- “Third Party” means a natural person or legal entity under public or private law, other than the data subject, controller, processor and persons who are authorized to process personal data with the express authorization or under the direct authority of the controller or processor.
- “Recipient” means any natural person or legal entity under public or private law to whom personal data is disclosed, whether or not they are a third party. National defense, state security and public order authorities, criminal prosecution authorities and judicial authorities to which personal data are transferred within the framework of the exercise of powers established by law are not considered recipients.
The client of the facturare.md service is the Recipient from the point of view of the law on the Protection of Personal Data.
- Law # 133/2011 – Law # 133/2011 regarding the protection of personal data;
- GDPR – General Data Protection Regulation # 679/2018 of EU;
- Law no. 48/2023 on cyber security [Ro];
- Law no. 124/2022 on electronic identification and trust services [Ro];
- Law no. 142/2018 regarding data exchange and interoperability [Ro];
- Parliament decision no. 257/2018 on the approval of the Information Security Strategy of the Republic of Moldova for the years 2019–2024 and the Action Plan for its implementation to Law [Ro];
- Law no. 241/2007 on electronic communications [Ro];
- Law no. 71/2007 regarding registers [Ro];
- Law no. 467/2003 regarding computerization and state information resources [Ro];
- Law no. 1069/2000 regarding IT [Ro];
- Order # 57/2016 – Order No. 57/2016 of the National Archival Agency on the approval of the “List of standard documents and their storage periods for public authorities, institutions, organizations and enterprises of the Republic of Moldova” and Guidelines for the application of the List [Ro].
3. Categories and list of processed personal data
3.1. Visitors to the public part of the site
If you visit the public part of the website, we only process the personal data that your browser transmits to our server.
We collect the following data, which is necessary for us to properly display the site and ensure the necessary stability and security:
- hostname and IP address of the device;
- date and time of the server request, time zone;
- client request (including file requests), http response code;
- the requested site and the amount of data transferred;
- Referrer URL – referring (previously visited) page;
- browser, operating system, interface, language, and browser software version.
4. Why we process your data
Data Processing has the following purposes (“Purposes”):
- provide and improve the SERVICE;
- managing relations with Clients (Users) of the SERVICE, including newsletters;
- security and stability of the SERVICE.
4.2. Legality of processing:
The legality of processing (according to Art. 5, Law of the Republic of Moldova No. 133 of 08.07.2011 “On the protection of personal data”) arises from:
- 4.2.1. your consent when we have requested your explicit consent (clause 1 of Article 5 of the Law of the Republic of Moldova No. 133 of 08.07.2011 “On the Protection of Personal Data”); and
- 4.2.2. the need to fulfill the contract, as your data is necessary for the satisfactory provision of the SERVICE; and
- 4.2.3. the processing is necessary for the purposes of the legitimate interests pursued by the Controller (en. Controller) or by a third party, pursuant to paragraph f), Art. 6 Lawfulness of processing, GDPR
4.3. Legitimate interests:
in accordance with 3.2.3 consist of monitoring, analyzing and improving the SERVICE, providing you with any assistance to protect the security, integrity, performance and functionality of the SERVICE.
5. Storage And Data Safety
5.1. Data retention period: We store your Data for as long as you are a registered User of the SERVICE.
In addition, we only retain Data if required to do so by law (due to warranties, terms or periods of retention) or otherwise.
5.2. Deletion of data: Data will be deleted if you (a) withdraw your consent to storage, (b) the Data is no longer necessary to fulfill a user contract for the Product, or (c) the storage is or becomes legally unacceptable. The deletion request does not affect the data if the storage is legally necessary, for example for accounting purposes.
- 5.2.1. We erase or anonymize your personal data as soon as it is no longer needed for the purposes for which we collected it or used it in accordance with the sections above. If the data needs to be stored for legal reasons, it will be blocked. This means that it will no longer be available for further processing.
- 5.2.2. If you require further information on our deletion and retention periods, please contact us as Processor referred to in Section 2 providing your relevant contact details.
5.3. Security measures: In order to avoid unauthorized access to data and in general to protect data, we apply the following security measures: encrypted transmission, encrypted storage, authorization concept, data backup concept and physical security measures for servers. These security measures are constantly reviewed in line with the latest technological developments.
6. Your rights to data protection
As a data subject, you can contact our data protection officer at any time by sending a notice to the above contact details in order to exercise your rights under national and, where applicable, European data protection law. These rights are:
- 6.1. The right to receive information about data processing and receive a copy of your processed data (the right to receive information and the right to access personal data, articles 12-13 of Law no. 133/2011 on the protection of personal data personal);
- 6.2. The right to correct inaccurate data or complete incomplete data (right to intervene, article 14 of Law no. 133/2011 on the protection of personal data);
- 6.3. The right to demand the deletion of personal data and, if personal data has been made public, forwarding information to other operators regarding the request for deletion (right to deletion, art. 16 of Law no. 133/2011 on the protection of personal data);
- 6.4. The right to withdraw your consent/consent to the termination of data processing based on your consent at any time. The revocation will not affect the lawfulness of processing based on consent prior to revocation (right to withdraw consent, art. 5 para. (2) of Law no. 133/2011 on the protection of personal data);
- 6.5. The right to file a complaint with the National Center for Personal Data Protection if you believe that the processing of data is a violation of Law no. 133/2011 on the protection of personal data (right to lodge a complaint with a supervisory authority, 27 para. (1) of Law no. 133/2011 on the protection of personal data).
7.1. What are Cookies Files ‘cookies’ is small text files that are placed on the user’s computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.
7.2. Disabling of Cookies: The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari).
Your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them. These controls vary by browser, and manufacturers may change both the settings they make available and how they work at any time. As of day of the renew of this document , you may find additional information about the controls offered by popular browsers at the links below. Certain parts of the Diginet Servcies may not work properly if you have disabled browser cookie use. Please be aware that these controls may distinct from the controls that shown in provided links..
8. Use of web analytics
This Site uses Google Analytics and Yandex.Metrica.
8.1. Use of Google Analytics
- You can:
- to prevent Google from tracking cookies that are generated when you visit this Site (including your IP address), to process these data and transmit them to Google by downloading and installing a special browser plug-in.
- block the storage of cookies by selecting the appropriate settings in your browser.
- You can find more information on the use and protection of data on the website or here.
8.2. Using Yandex.Metrica
- This site uses Yandex.Metrica tools to analyze statistics on the use of this website. Yandex.Metrica generates statistical and other information about the use of the website through cookies stored on users’ computers. The information generated in relation to our website is used to generate reports on website usage.
9. Cross-border transfer of personal data
In the event of employment and if the job responsibilities will be related to customer relations, your personal data may be transferred abroad, to the operator’s working infrastructure provided by contractual partners / persons authorized by the operator, as described above.
10. Contact details of the control body on the compliance of personal data processing
10.1. As the control body on the compliance of personal data processing at the national level is – the National Center for Personal Data Protection of the, Republic of Moldova, Chisinau municipality, S. Lazo str. no. 48, email: email@example.com.
10.2. In the event that You consider that We do not fulfill our obligations provided for by the legislation on the protection of personal data, you can complain about these actions/inactions within 30 days from the moment of detecting them, with the prior address to the company “Diginet Pro” SRL, and in case the answer does not satisfy you, you will be able to file a complaint with the National Center for the Protection of Personal Data, which is required within a general period of 30 days (a period that can be extended by another 60 days, at the reasoned decision of the authority with your prior information), to examine the request.
11. Automated processing of Personal Data
11.1. We do not use any automated processing systems to make specific decisions, including profiling.