Privacy Policy

Last update: 11 March, 2024

1. INTRODUCTION

The website of BDR Associates is presenting the company.

The protection of your privacy and personal data is one of our main concerns. This Privacy Policy will inform you about how we take care of your personal data, inform you about your privacy rights and how the law protects you when you visit our website at https://www.bdr.ro/ (“Website”).

This Privacy Policy applies to personal data belonging to one of the following categories of individuals: (i) users – meaning any person who accesses our website or platform and (ii) customers – meaning any person, business or organisation, including their employees, agents or contractors, who use the Services.”

2. WHO WE ARE

In connection with the provision of our Services, BDR Associates is the auditor and is responsible for the security of your personal data (collectively referred to as “BDR Associates”, “we”, “us”, “we” or “our” in this Privacy Policy).

If you have any questions about this Privacy Policy, including any requests to exercise the legal rights set out below, please contact us using the following details:

Headquarters: 34 Frederic Chopin Street, 020246, Bucharest – 2, Romania

Email: office@bdr.ro

3. THE PERSONAL DATA WE COLLECT

Personal data, or personal information, means any information relating to an individual that can lead to the identification of that individual.

In order to provide the Services, we may collect, use, store and transfer various types of personal data about you as follows:

Identity Data includes your first name, last name and/or other identifying information, your gender and date of birth, your image if you participate in one of our Virtual Classroom Services;

Contact Data includes your billing address, residence or business address, email address and telephone number;

Technical Data includes your Internet Protocol (IP) address, your login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technologies on the devices used to access the Website and Platform;

Usage Data includes information about how you use our Website;

Marketing and Communication Data includes your preferences about the marketing campaigns you receive from us and your communication preferences.

We do not collect special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, membership in any trade association, health information and genetic and biometric data). Nor do we collect information about criminal convictions and offences.

If you do not provide the personal data required for the contact forms, we will not be able to respond to you.

If we need to collect personal data under the law, or under the terms of a contract we have with you and you do not provide us with the data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may cancel the provision of the Services, but we will inform you if this is the case.”

4. HOW WE USE YOUR DATA

We collect, use, transfer and store your personal data in accordance with applicable laws and this Policy.

Most commonly, we will use your personal data (i) when we need to perform the relevant contract we enter into or have entered into with you, (ii) when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not infringe those interests, and (iii) when we need to comply with a legal or regulatory obligation.

In general, we do not rely on consent as a lawful basis for processing your personal data other than in relation to sending third party direct marketing communications by email. You have the right to withdraw your consent to marketing at any time by contacting us.

Your data may be used for one or more of the following purposes:

For specific purposes

If you send us your data for a specific purpose, we will use your data to achieve that purpose. For example, if you send us an email, we will use your contact details to provide you with a response to your request.

To manage the relationship with you

We will use your identity and contact details to inform you of changes to the Terms and Conditions, Privacy Policy or Services.

For internal business purposes

We may use your identity, contact, financial and technical data for our business, the provision of administration and IT services (e.g. technical troubleshooting, data analysis, support), network security (e.g. testing, system maintenance), to prevent fraud and in the context of a business reorganisation or group restructuring exercise.

To deliver relevant website content and advertisements

We may use your identity, contact, profile, technical and usage data to understand how customers and users use our services, to develop them and to communicate our marketing strategy.l

When consistent with your marketing preferences, we may use marketing and communication data to inform you about services we think may be of interest to you. See the “Unsubscribe Electronic Communications” section below to see how to opt-out of BDR Associates marketing communications.

Other purposes

We will not use your data for purposes other than those detailed above. If we intend to use your personal data in any way that does not comply with this Privacy Policy, you will be informed of that use in advance or at the time your personal data is collected or we will obtain your consent after collection but prior to use.

Aggregate data

In an ongoing effort to better understand and serve our users, we often conduct research on our customers’ demographics, interests and behaviors based on personal data and other information we have collected. This research is typically conducted only in the aggregate, which does not lead to your identification. Once personal data is in aggregate form, for the purposes of this Policy, it becomes non-personal data.”

5. HOW WE DISCLOSE AND TRANSFER YOUR PERSONAL DATA

We will not sell your data to third parties, including third party advertisers. However, there are certain circumstances in which we disclose, transfer or distribute your Personal Data with certain third parties without informing you, as set out below.

Commercial Transfers

As we grow our business, we may sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, your data may be part of the transferred assets. You acknowledge and agree that any successor or acquirer of BDR Associates (or its assets) will continue to have the right to use your data or other information in accordance with the terms of this Policy.

Parent, Subsidiary and Affiliated Companies

We may share your data with parent, subsidiary and/or affiliated companies in accordance with the purposes of this Privacy Policy. Parent companies, subsidiaries and affiliates will be required to maintain personal data in accordance with this Policy.

Agents, consultants and service providers

We may distribute your data to our subcontractors and service providers who process data on behalf of BDR Associates to perform certain business-related functions. When we authorise a third party to process your data, we remain responsible for data protection. Third parties will only have access to information about you when it is necessary for the provision of their services. The third parties we may involve are:

• Marketing service providers;
• Database service providers;
• Hosting service providers;
• Email service providers;
• Data aggregation agencies;
• Payment service providers.
• Fraud prevention

We may verify the details you provide to us with fraud prevention agencies and share your information with these agencies if we suspect fraud. It is important that you do not provide false or inaccurate information or use another person’s identity.

Legal requirements

We may disclose your data if required to do so by law (for example) to respond to a subpoena or a request for enforcement, a court or government agency (including in response to law enforcement or national security requirements), or in the belief that such action is necessary (i) to comply with a legal obligation, (ii) to protect or defend our or third parties’ rights, interests or property, (iii) to prevent or investigate possible crimes in connection with the Services, (iv) to act in urgent circumstances to protect the personal safety of Users/Customers of the Services or the public, or (v) to protect against legal liability.

International Transfers

Some of our external third party providers are based outside the European Economic Area (“EEA”). The processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data outside the EEA, we try to ensure that one of the following protections is in place:

We will only transfer your personal data to countries where the European Commission has deemed that they offer an adequate level of protection of personal data;

Where we use certain service providers, we may use certain contracts approved by the European Commission, which offer the same protection to personal data as in Europe;

When we use US-based providers, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For more details, see European Commission: EU-US Privacy Shield;

Where that data does not support one of the above protections, we will transfer that data outside the EEA only when necessary for the performance of our contract with you or when we have your full, informed, active and express consent. We will take all necessary steps to ensure that your personal data is protected when we transfer it outside the EEA.

6. HOW WE STORE YOUR PERSONAL DATA

We may store personal data or such information may be stored by third parties to whom we have transferred it in accordance with this Policy. We have taken reasonable steps to protect personal data collected through the Services against loss, misuse, unauthorized use, access, improper disclosure, alteration and destruction.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know it. They will only process your personal data on our instructions and are subject to an obligation of confidentiality.

However, please be aware that no network, server, database, Internet or email transmission is completely secure or error-free. Therefore, you should pay special attention to the decision of what information you send to us electronically. Please keep this in mind when disclosing personal data.

7. DATA RETENTION

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of fulfilling any legal, accounting or reporting requirements.

In determining the appropriate retention period for personal data, we take into account the amount, nature and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, and applicable legal requirements.

In some circumstances, we may anonymise your personal data (so that it is no longer associated with you) for research or statistical purposes, in which case we may use this information indefinitely without informing you.

We will ensure the secure deletion of your personal data as soon as the processing is no longer justified by one of the legal reasons mentioned above.”

8. YOUR OPTIONS

Cookies

Please read our Cookie Policy for more information.

Opt out of electronic communications

You can opt us or third parties out of receiving marketing messages at any time by contacting us at office@bdr.ro. You can unsubscribe from our marketing list by clicking on the “Unsubscribe” link at the end of any electronic communication.”

9. EXCLUSIONS

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or allowing those links may allow third parties to collect or distribute data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of each website you visit.

Children’s data

Our website is not designed or intended for use by children. If you are under the age of sixteen (16), please do not provide any Personal Data through the Services. If you have reason to believe that a child under the age of 16 has provided Personal Data through the Services, please contact us at office@bdr.ro and we will attempt to delete that information from our databases.

Changes to this Privacy Policy

This Policy was updated on 11 March, 2024.

Our services and activity may change from time to time. As a result, it may sometimes be necessary to make changes to this Privacy Policy. We reserve the right, at our discretion, to update or modify this Policy at any time (collectively, “Changes”). Changes to this Policy will be posted on the Website with a change to the “Last Updated” date at the top of this Policy.

In certain circumstances, BDR Associates may, but is not obligated to, provide you with additional notice of such Changes by email or by notices within the Services. Changes will be effective thirty (30) days after the “Last Updated” date or the date communicated in the notice to you.”

10. YOUR RIGHTS

In accordance with Regulation 2016/679, in certain circumstances, you have the following rights in relation to your personal data:

Access to information: you have the right to request a copy of the information that BDR Associates holds about you.

Ensuring the accuracy of information: BDR Associates wants to ensure that your personal information is accurate and up to date. You may ask BDR Associates to correct or complete information that is not accurate or complete.

Right to erasure: You have the right to erasure, which is known as the ‘right to be forgotten’. This means that in certain circumstances you can ask BDR Associates to delete personal information it holds about you.

Ability to restrict processing: You have the right to request BDR Associates to restrict BDR Associates’s use of your personal information in certain circumstances. This may apply, for example, where you have informed BDR Associates that the information it holds about you is inaccurate and you would like BDR Associates to stop using it until BDR Associates has verified that it is correct.

Right to data portability: you have the right to receive the personal data that BDR Associates holds about you in a format that allows you to transfer the information to another data controller (e.g. another service provider).

Prevention of direct marketing: BDR Associates does not sell your personal data. From time to time, BDR Associates may send emails containing information about new features and other news about us. This is considered direct marketing. BDR Associates will inform you if BDR Associates intends to use your personal data or if BDR Associates intends to disclose your information to any third party for such purposes.

Objection to other uses of your information: You also have the right to object to BDR Associates’s use of your information in other circumstances. In particular, in situations where you have given consent to BDR Associates’s use of your personal data, you have the right to withdraw your consent at any time.

Review by an independent authority: You have the right to lodge a complaint with a supervisory authority, including the National Supervisory Authority for Personal Data Processing (ANSPDCP) at 28-30 Gheorghe Magheru Boulevard, District 1, Bucharest (postal code 010336; telephone number: 0040 318.059.211).

A fee is usually not required

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge you a reasonable fee if your request is completely unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we need from you

We may request specific information from you to help you confirm your identity and to guarantee your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any other person who is not entitled to receive it. We may contact you to request further information about your request to expedite our response.

Time limit for response

We try to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if your request is complex or you have multiple requests. In this case, we will inform you and keep you informed.

If you wish to use any of the rights listed above, or if you would like more information on how to exercise these rights, please email us at office@bdr.ro. Alternatively, you can send us a written, dated and signed request by post to the address 34 Frederic Chopin Street, 020246, Bucharest – 2, Romania.