We appreciate your decision to become a customer of the Eco Ville application (“the Application”) and recognize that your personal data is important to both you and us. In this regard, we would like you to know what personal data we collect, how, on what occasions, and for what purposes we collect and use this data, and to whom we may disclose it.
These are the reasons why we have decided to inform you through this Privacy Policy (“the Policy”) regarding the following aspects:
1. Who we are?
2. Who is the Application addressed to?
3. What are personal data and the processing of such data?
4. What data do we process about you?
5. How do we collect and subsequently process your personal data?
6. How long do we retain your personal data?
7. If we use automated decision-making processes, including profiling in this way.
8. Who has access to your personal data?
9. Transfers of your personal data outside the European Union and the EEA.
10. What technical and security measures do we implement to ensure the protection of your personal data?
11. What rights and obligations do you have in relation to Us regarding your personal data that we process?
This Policy describes the occasions, purposes, and methods in which we process certain categories of your personal data through the Application. Therefore, please take the necessary time to carefully read and understand the contents of this Policy. Please note that if you intend to provide us with personal data of another individual (e.g., when making a reservation for another person, etc.), you have the right to provide us with such data only after obtaining their consent for this purpose and to the extent that you have informed the respective person about the processing of their personal data for this purpose and the other purposes mentioned in this Policy (we assume that you have followed this procedure, and we do not assume responsibility in cases to the contrary).
1. Who are we?
Considering the legal obligations imposed on the entities involved in waste management (both local public administration authorities of administrative-territorial units, either directly or through intercommunity development associations based on the mandate granted by these administrative-territorial units, as well as waste management service providers), aiming, among other things, at preventing waste generation and sustainable waste management, increasing the level of separate waste collection, including through the promotion of programs to achieve the aforementioned goals, as well as improving the quality of waste management services, SC ECO SOLUTII ONLINE SRL has decided to create the Eco Ville application, which will process Your Data in accordance with the provisions set out in this Policy. SC ECO SOLUTII ONLINE SRL will communicate to you the information provided for in Article 13 and, where applicable, Article 14 of Regulation No. 679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). Thus, the processing of Data obtained through the Application will be carried out by each of the aforementioned operators in order to achieve the objectives mentioned in this article.
Therefore, you can contact us at any time at (including to exercise the rights of data subjects): Address: SC ECO SOLUTII ONLINE SRL, Bd. Nicolae Caramfil nr. 61C, Cladirea B, etaj 1, Sector 1, Bucuresti, Email: support@eco-ville.com
Also, in order to ensure enhanced protection of your personal data, we have decided to designate a data protection officer. For any questions or comments regarding this Policy, the way we process your personal data, or your rights and obligations in relation to us concerning this data, you can contact us through a specific request signed and dated either at the dedicated email address: support@eco-ville.com, or at the postal address of our headquarters located in Bd. Nicolae Caramfil nr. 61C, Cladirea B, etaj 1, Sector 1, Bucuresti, attention to the Data Protection Officer.
2. Who is our Application addressed to?
The Application provided to our Customers by Us is NOT directly addressed to individuals under the age of 18, and therefore we do not request and do not collect personal data concerning individuals of this age. In the process of creating a customer account, data subjects must confirm that they have reached the age of 18. In case we discover/are informed that we have collected personal data regarding individuals who have not reached the legal age of majority without the consent of their legal representatives, we will promptly verify and, when required by law, either (i) obtain the express consent of the legal representatives to process this data or, if it is not possible to obtain such consent, (ii) delete this information from our records and ensure its deletion from the records of our authorized persons/operators.
3. What are personal data and the processing of such data?
“Personal data” means data that identify a natural person or relate to an identifiable natural person. Some information is less obvious (such as the IP address of a person’s computer, the MAC address of a person’s computer or mobile phone, etc.), but if associated with a natural person, it helps us to identify that person and falls within the scope of “Personal data.”
“Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4. What personal data do we process about our customers?
Our policy is to collect only those personal data that are strictly necessary for the purpose for which the Application was created, as indicated in Article 1 above (in accordance with the principle of minimizing the processing of personal data).
As a general rule, in accordance with applicable legal provisions, we collect the following personal data about you:
• Full name
• Email address
• Phone number
• Username
• Password
• Company address
• Information provided by you when submitting feedback about the Application or filing a complaint regarding the waste collection operator’s activities
• Your activities during navigation in the Application
• Geo-location of the device/terminal equipment from which you authenticate and navigate in the user account created in the Application when you want to accurately identify waste collection centers in your area.
5. For what purposes and by what means do we process your personal data?
We process your personal data strictly for the purposes of (i) obtaining information about waste management process, and (ii) improving the quality of services provided.
In certain cases, we will ask you to directly provide us with your personal data, while in other cases we will have indirect access to this data. In certain cases, if you do not agree to the processing of your personal data, there is a risk that we may not be able to provide you with all the functionalities of the Application or even access to the application, as it would be impossible for us to fulfill our own legal and/or contractual obligations. Therefore, your personal data processed for the purposes set out in the table below are necessary for accessing the Application or complying with a legal obligation incumbent upon us. Refusing to allow us to process these data may result in the inability to access the Application and/or fulfill certain legal obligations that apply to us. Furthermore, except for personal data processed in accordance with this policy, we will not request or recommend that you unsolicitedly transmit or disclose any other personal data, especially those considered sensitive under the law (e.g., but not limited to, health card number, personal identification number, data regarding ethnic or racial origin, racial or ethnic origin, political opinions, religious beliefs/philosophical convictions, union membership, genetic data, biometric data for the unique identification of an individual, data concerning health/life or sexual orientation, information on administrative or criminal sanctions or ongoing criminal investigations related to you and/or other individuals). In the event that this occurs (including accidentally), we will take immediate measures to delete/destroy the respective personal data from our records.
| No. | Purpose of Processing your Personal Data | What Personal Data do we process, and in what cases, methods, and purposes? |
| 5.1. | Creating a customer account in the Application | We can create a customer account in the Application during the process of requesting the opening of a customer account, only if you voluntarily provide us with the following Data: – UsernameFirst and last name – Email address – Phone number – Password This Data is necessary for creating the customer account and for contacting you if necessary (e.g., contacting you to resolve a complaint, obtain additional information regarding your acount, details about the Application provided by you in the Feedback section). You can deactivate your customer account in the Application at any time, directly from the profile menu. You can reactivate your account at any time by re-registering the data. |
| 5.2. | Support and Assistance for Application Customers | To ensure the necessary support for your created account in the Application, it will be necessary to process the following data: – First and last name – Email address and/or phone number (if applicable) – Any other information you provide that is necessary for providing assistance and support. The processing of this data is necessary for both confirming your identity and providing assistance and support as part of the contract execution |
| 5.3. | Resolution of requests, inquiries, and/or complaints | When we receive requests, inquiries, or complaints from you through the Application (via the Complaints section) or, as applicable, by phone or email, we will collect and process the following data, as appropriate: – Full name – Email address – Phone number – Any other information you provide us when contacting us Note: The processing of this data is necessary for keeping records of these requests, inquiries, and complaints, providing evidence of them, keeping the applicants informed about the status of their resolution, and transmitting our response to them. Additionally, the processing of this data is necessary for improving the sanitation service. |
| 5.4. | Formulating legal actions/exercising legal defenses | In order to protect our legal rights and legitimate interests, we may process your personal data necessary for formulating legal actions or exercising legal defenses (including the preparation of relevant documentation and the completion of associated legal procedures/formalities) in relation to courts/authorities/institutions/other third parties. |
| 5.5. | The provision of information and documents in procedures/investigations in relation to authorities/institutions/other legally competent entities. | In case of: (i) explicit requests from authorities / institutions / other legally competent entities within Romania and European Union, formal procedures/investigations; or (ii) the need to fulfill legal obligations to provide information/reporting to authorities/institutions/other legally competent entities – we will exceptionally and in accordance with the law exclusively provide the personal data requested by these authorities or institutions, or which must be provided to these authorities/institutions/entities according to the law, and we will document these actions as evidence. |
| 5.6. | Maintenance and security of the Application | For the maintenance and security of the Application, we may process user data, including the following online identifiers: – Device/location information: The location of the device/terminal equipment used by the visitor to connect to the Internet when accessing the Website (if any geolocation application is enabled). Specifically, we process the above-mentioned data for the following purposes: – Ensuring the proper functioning of the Application. – Displaying the content of the Application correctly. – Improving the Application. – Adjusting the settings of the device/terminal equipment used to connect to the Application. – Ensuring the security of the Application and protecting you against frauds/IT security breaches related to the Application. – Identifying and resolving any malfunctions that hinder the use of the Application. |
If we decide to process your Data in other ways and for purposes other than those mentioned above in this policy, we will inform you legally to allow you to exercise your legal rights.
6. How long do we retain your personal data?
We store your Data strictly for the periods necessary to fulfill each of the purposes mentioned above in this Policy and in accordance with our internal personal data retention policy under applicable laws (including specific and general legislation on data/document archiving).
To determine the appropriate retention period for the personal data we process, we take into account the quantity, nature, and sensitivity of the data, the potential risk of harm resulting from unauthorized processing and disclosure, the purposes for which we process this data, and whether we can achieve these purposes through less intrusive means, the applicable legal requirements that impose storage for certain periods of time, the agreed best practices in their processing field, as well as how we can ensure that the processed data is accurate and up to date.
If you have provided consent for the processing of your personal data mentioned in the table above, we will process this data until the fulfillment of the aforementioned purposes or until the date of withdrawal of your consent, whichever occurs first, unless we have a legal obligation to process this data for longer periods of time.
At the end of the applicable retention periods, if and to the extent that we no longer have legal grounds, legitimate interests, or your consent to process your personal data (where applicable), this Data will be deleted from our records in accordance with our internal procedures and applicable laws (which may include archiving, anonymization, and/or destruction of such data, as the case may be).
7. Automated decision-making processes, including automatic profiling
The data processed through the Application are not subject to automated decision-making processes (including automatic profiling).
8. Who has access to your personal data?
Our goal is to ensure the best experience for you in the context of navigating the Application, and to achieve this, we may grant access (full/partial) to your Data to some of our employees who have assumed confidentiality obligations regarding the personal data to which they may have access in the performance of their duties, as well as to business partners that we have selected responsibly, and only to the extent necessary for them to fulfill their obligations to us under the contracts concluded with us.
When we outsource certain activities/services/obligations involving the processing of your personal data to our business partners, we make every reasonable effort to verify in advance whether they ensure the protection of your Data through strict technical and security measures, and we conclude contracts (separate or in the form of additional acts) for the processing of this data with each of them. Thus, the personal data we disclose to our business partners is limited to the minimum personal information they need to fulfill their obligations, and we prohibit them from using it for any other purpose without the required information and legal agreements.
Some of these business partners are third parties who do not need to process your Data but may have access to it in the performance of their tasks/activities/obligations or in their interactions with us (e.g., companies providing technical maintenance services, financial-accounting auditors, legal consultants, etc.).
Specifically, we disclose some Data to third parties (our providers and partners) to perform necessary functions and services for navigating the Application, as follows: the cloud hosting provider for the Data stored through the Application
9. Disclosure of your personal data to authorities/public institutions or judicial bodies
We may disclose some of your Personal Data to competent authorities/public institutions when required by law (e.g., for investigating fraud, preventing and combating money laundering, submitting financial-accounting statements/reports to tax authorities, identifying possible criminal acts or threats to public safety (if we suspect your involvement or impact in an incident involving criminal or potential criminal behavior, if we suspect fraud or cybercrime, if we receive threats or malicious communications addressed to us or third parties, etc.), or to courts/judicial bodies when exercising/defending our legal rights/legitimate interests in court.
10. Transfer of your personal data outside the European Union and the EEA
As a general rule, your data will not be transferred (including storage) to a country outside the European Union or the European Economic Area (“EEA”).
If we transfer your data to other third parties located in countries that do not provide an adequate level of protection under applicable laws, we commit to make all reasonable efforts to ensure that such third parties comply with the terms and conditions of this Policy and that such transfers comply with applicable legal provisions regarding the protection of personal data.
11. What technical and organizational measures have we implemented to protect your personal data?
We have implemented the necessary technical and organizational measures to ensure an adequate level of security for the collection, processing by other means, and safekeeping of your personal data, including protection against unauthorized access, unauthorized use, as well as against destruction, loss, or alteration. These measures include, but are not limited to, the use of encryption techniques, granting restricted access rights to our physical and IT systems, imposing confidentiality obligations on our employees and business partners.
Furthermore, we make every reasonable effort to ensure (including through contracts concluded with them) that our business partners who may have access to your data in the context of the services provided to us implement appropriate technical and organizational measures for processing.
In the event of a security incident involving your data, we will make all necessary notifications and take all measures required by applicable legal provisions.
12. Transmitting information to us
Communication over the Internet/other electronic means is not entirely secure, and therefore, when you send us information/personal data through these means (e.g., via email, or through any other electronic means), you assume risks.
We cannot be held responsible for any expenses, loss of profits, reputation damages, damages, debts, or any other form of loss or damage suffered by you as a result of your decision to transmit information/data (including personal data) to us through electronic means, except for our mandatory legal obligations (including in the field of personal data protection) and those assumed under the contracts concluded with you.
13. What rights do you have regarding the processing of your personal data by us?
In the context of the processing of your personal data, you have the following rights:
a) The right to access the processed personal data: you have the right to obtain confirmation of whether or not your personal data is being processed by us and, if so, to have access to this data and the conditions under which it is processed, by submitting a specific request to us as the data controller;
b) The right to request rectification or erasure of personal data (the right to be forgotten): you can request, by submitting a specific request to us as the data controller, the rectification of inaccurate personal data, the completion of incomplete data, or the erasure of your personal data in the event that (i) the data is no longer necessary for the original purpose (and there is no new legal basis), (ii) the legal basis for processing is the consent of the data subject, and the data subject withdraws consent and there is no other legal basis, (iii) the data subject exercises the right to object, and the data controller has no overriding legitimate grounds for continued processing, (iv) the data has been processed unlawfully, (v) erasure is necessary for compliance with EU or Romanian law, or (vi) the data has been collected in relation to information society services offered to children (if applicable), when specific requirements regarding consent apply. This is not an absolute right. We may reject your request for erasure of data if: (i) we are required to comply with legal obligations to retain the data; or (ii) if the data is necessary for the establishment, exercise, or defense of legal claims and/or our legitimate interests in court;
c) The right to request restriction of processing: you have the right to obtain restriction of processing in cases where: (i) you consider that the processed personal data is inaccurate, for a period that allows us as the data controller to verify the accuracy of the personal data; (ii) the processing is unlawful, but you do not want us to erase your personal data, but rather to restrict its use; (iii) we, as the data controller, no longer need your personal data for the purposes mentioned above, but you need the data to establish, exercise, or defend a legal claim; or (iv) you have objected to the processing, for the period during which we verify whether our legitimate grounds as the data controller override the rights of the data subject;
d) The right to withdraw consent to processing, when the processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal;
e) The right to object to the processing of data based on legitimate interests, as well as the right to object at any time to the processing of data for direct marketing purposes, including profiling;
f) The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject in a significant manner;
g) The right to data portability, meaning the right to receive the personal data you have provided to us as the data controller in a structured, commonly used, and machine-readable format, as well as the right to transmit that data to another controller, where the processing is based on your consent or the performance of a contract and is carried out by automated means;
h) The right to lodge a complaint with the Data Protection Authority (ANSPDCP) located at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania, telephone +40.318.059.211 / +40.318.059.212, email anspdcp@dataprotection.ro, and the right to address competent courts.
The above-mentioned rights can be exercised at any time. For this purpose, you can submit specific, dated, and signed requests either to our headquarters at Bd. Nicolae Caramfil nr. 61C, Cladirea B, etaj 1, Sector 1, Bucuresti, or by email to the dedicated address: support@eco-ville.com, attention to the Data Protection Officer.
We will respond to each of your requests within a maximum of 1 (one) month from the receipt of the request, except in situations where we need to extend this period by a maximum of 2 (two) additional months from the receipt of the initial request, taking into account the complexity and number of requests received. We will inform you of any such extension within one month of receiving the initial request, along with the reasons for the delay.
Please note that the exercise of your rights as mentioned above is free of charge. In the case of requests that are unfounded or excessive, particularly due to their repetitive nature, we may: (a) charge a reasonable fee considering the administrative costs of providing the requested information or taking the requested action, or (b) refuse to comply with the request, providing justification for our response.
If you request additional copies of your processed personal data, we may charge a reasonable fee based on the administrative costs of providing these copies.
If you are not satisfied with our response, you can file a complaint with the ANSPDCP. More information about the complaint procedure addressed to this authority is available on the ANSPDCP website by accessing the following link: http://dataprotection.ro/?page=procedura_de_solutionare_a_plangerilor.
14. Questions and requests regarding the protection of your personal data
For any comments, clarifications, or other details you may need regarding this Policy, you can contact our Data Protection Officer by submitting specific requests either to our postal address (as mentioned above) or to the dedicated email address.
15. Updates to this Policy This Policy is subject to subsequent updates (e.g., due to legislative and practice changes in the field or changes in our business operations, etc.), with the latest version being published in the Application. If you wish to be provided with a previous version of this Policy, you can send us a specific, dated, and signed request either to our headquarters or to the following dedicated email address
