Privacy Policy
When you use our Services, you entrust us with your personal data and other data that can identify or are associated with you. We take seriously the responsibility to protect and maintain its confidentiality.
This Privacy Policy (the “Policy”) forms part of the Contract between you and us. Capitalized and undefined terms have the meanings set out in our Terms.
This Policy describes how we process your personal data when you access or use our Services and how we use cookies and similar technologies.
What data do we process?
Data provided by you
We will process the following types of personal data provided directly by you:
- identification data, such as your name, personal ID and signature (in the case of offline agreements)
- your contact details, such as your phone number or email address
- financial data, such as your bank account, IBAN, tax residence or tax code
- records of our communications
One or more of the types of personal data mentioned above will be processed in the following cases:
- when you use our Services or enter into an offline agreement
- when you send us feedback, report a problem with the Services, or participate in forums, discussions, comment sections or other media features within the Services
- when making a payment
- when you participate in a competition, promotion or when you choose to take a survey
- when you contact us for support by phone, email or through the Services
Data collected as a result of using the Services
We process this data to understand which features you use most often and how we can improve the Services and protect you and us against attempts to misuse the Services. We will process the following types of personal data when you interact with our App or website:
- identifiers of your device, such as geolocation, web browser, operating system or IP address
- interactions, such as data collected through cookies and similar technologies
Data Provided by Third Parties
We may collect your personal data from third parties and others, including social media platforms, advertisers, statistical data providers or your employer. The data we may receive from third parties is subject to agreements you already have with these. We use reasonable efforts to ensure that these people have all the necessary rights to collect and transfer your data. We may also collect data about you from public sources, such as press articles or public registers and databases.
We will process this data and may corroborate it with data already provided by you in situations such as organizing a media campaign or verifying your identity.
What is the legal basis for data processing?
We process your personal data based on a legal basis, such as:
Execution of the Contract
We process your data to provide you with the Services and to comply with our obligations under the Contract.
Legitimate interest
There are situations where we process your data to pursue our legitimate interests or those of third parties. In these cases, we will consider whether the data processing is necessary and whether the benefits of the processing do not disproportionately contravene your rights and interests.
For example, we will base our data processing on the legitimate interest to:
- maintaining and improving the security of the Services as well as preventing, detecting and remedying security incidents, acts of fraud, abuse or improper use of the Services;
- providing and improving the Services, as well as developing new services and products;
- understanding how you use the Services and customizing them to provide you with a more pleasant experience;
- carrying out research activities in the public interest.
Fulfilling legal obligations
The processing of your personal data may be required by specific statutory provisions and regulations applicable to us.
Your consent
We request your express consent regarding collecting certain categories of data and processing it for specific purposes.
For example, your personal data is processed based on consent when we ask whether you wish to receive messages for direct marketing purposes.
For what purpose do we process the data?
Provision of Services
____
Legal basis: execution of the Contract, legitimate interest, legal obligations
____
We process your data to provide the Services such as:
- to verify your identity and to be able to establish a contractual relationship
- to decide whether we can provide you with certain services
- to comply with our contractual and legal obligations concerning the Services provided
Service development and analysis
____
Legal basis: legitimate interest
____
We process your data to understand how you use the Services and the features you use most often. We may use the data we collect in an anonymized and aggregated form (so that you are not identified) to test the integrity and security of our systems, support research, analyze, improve the Services, and develop new products, services or features.
Prevention of fraud and crime
____
Legal basis: legitimate interest, legal obligations
____
We process your personal data for purposes such as detecting, investigating and reporting irregular use that could be considered illegal activities or verifying your identity. In these situations, we may retain the data and disclose it to competent authorities to investigate the facts.
Communication with you
____
Legal basis: consent, execution of the Contract
____
We process your personal data to communicate with you in connection with the provision of the Services or to respond to you when you contact us.
Complying with legal obligations and promoting our rights and interests
____
Legal basis: legitimate interest, legal obligations
____
We process your personal data:
- to respond to any complaints or requests from you or the competent authorities
- to keep administrative and accounting records, as required by law
- to be able to defend us or file a complaint or legal action.
Marketing and promoting products and services that may be of interest to you.
____
Legal basis: consent, legitimate interest
____
The processing of personal data for this purpose may involve:
- the communication of commercial offers and information related to the products and services offered by our partners or us. If you do not wish to receive such communications, you can adjust your preferences by accessing the "unsubscribe" link included in all promotional messages.
- personalizing communications to be more relevant and of interest to you
- analyzing marketing campaigns to measure the effectiveness of our efforts, and provide you with relevant information
- requesting an opinion or review concerning our Services
What are your rights
The right to be informed
This Policy is intended to inform you about how we process your personal data. Feel free to ask us any questions about this Policy or how we process data.
The right of access, modification and rectification
You can always ask us for a copy of the personal data we process about you and to change or rectify it if you think it is wrong or incomplete. Note that you must prove that the new data provided is correct. Also, to allow you access to the data or to respond to a request for modification or rectification of the data, we have to verify the requester's identity.
The right to data deletion
You can request the deletion of your personal data at any time if:
- the personal data are no longer necessary to fulfill the purposes for which they were collected or processed
- you have withdrawn your consent based on which the processing takes place
- you objected to data processing
- we have processed your personal data illegally
- we have a legal obligation to delete the data
Please note that we may refuse your data deletion request if another legal basis (such as compliance with legal obligations) compels us to continue processing your data.
The right to object to the processing of personal data for marketing purposes
You can request that we stop processing your personal data for marketing purposes at any time. Note that you will still receive communications related to the Services (such as notices of changes to the Contract or emails related to the provision of the Services).
The right to object to the processing of personal data based on our legitimate interests or those of third parties
You can request that we stop processing your personal data at any time based on our legitimate interest. However, please note that we may continue to process data if another legal basis (such as compliance with legal obligations) compels us to do so.
Also, if you object to processing your personal data necessary for providing the Services, we will not be able to provide you with certain services or features.
The right to request the restriction of the processing of personal data
You can request the restriction of the processing of your personal data at any time if:
- you ask us to investigate the accuracy of the data
- the data processing is illegal, but you do not want us to delete the data
- we no longer need the personal data, but you ask us to keep it to use it in legal action
- you have objected to data processing, but we need to check whether another legal basis overrides your rights.
The right to portability of personal data
You can request at any time that we transfer your personal data that we process. Suppose we have the necessary means, and this is not prohibited by law or a provision of the competent authorities. In that case, we will transfer your data in a structured and commonly used format.
The right to withdraw your consent to the processing of personal data
You can withdraw your consent to processing your personal data at any time. The withdrawal of consent does not affect the legality of the processing carried out beforehand.
How you can exercise your rights
You may exercise the rights described above by contacting us by email at hi@avohq.io or directly through the Services when this option is available. You can also find full information on how to contact us by post on our contact page.
For security reasons, we will need to verify your identity to respond to your request (for example, we may ask you to provide us with an ID document). In addition, please note that we may require you to pay the costs incurred by us due to an excessive or unfounded claim.
You may also lodge a complaint with your local data protection authority. For individuals residing in the European Economic Area, appropriate contact details may be found here. For UK residents, the Information Commissioner’s Office website may be found here.
How we transfer your data
We transfer your data in the following ways:
Within the Services
We may share or make publicly available within the Services your personal data in order for you to access certain features of the Services. For example, we may share your name or other identifying information if you choose to give us a review or post a comment on our blog.
To third parties
We do not and will never sell your personal data.
We engage third-party vendors and external collaborators to enable us to provide and improve the Services. These third parties have access to your data based on your consent or another legal basis, which they process only for the purposes indicated by us. In addition, we constantly assess whether these third parties have implemented and maintained adequate technical and organizational data security and privacy measures. You can find the full list and the role of each of them on our page dedicated to Third Party Providers, External Collaborators and Affiliated Entities.
These include:
- companies that provide us with the technical, organizational, analytical and security infrastructure necessary to provide the Services to you, such as data storage and hosting, IT services or customer support providers
- external collaborators that provide certain legal and accounting services
- courts and other public authorities
In accordance with the requests of the competent authorities and to prevent harm
In certain situations, we may be required to transfer your data to law enforcement authorities, following their express requests, as required by law.
We may also process and transfer your data when we reasonably believe this is necessary to detect, combat, remedy or respond to fraud, unauthorized use of the Services or breach of the Contract. We do this to protect ourselves, you and others during investigations by competent authorities or legal action.
If we terminate your account because you have violated our terms or policies, please be aware that we will need to continue to store your data for the period of time necessary to prevent and reduce the risk of repeated or new abuse violations.
How we use cookies
Cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. You can learn more about cookies at https://www.allaboutcookies.org/
We use cookies, pixel tags, and other related technologies to provide a better experience for our users and support the development of our Services. You can always set your browser to refuse cookies, but keep in mind that some websites may not function properly if cookies are refused.
We use the following types of cookies:
Essential cookies. These cookies are necessary in order for us to be able to provide the Services.
Analytics Cookies. We and our Subprocessors use these cookies to analyze how people are using our Services and evaluate their performance.
– Google Analytics: Google Analytics is a web analysis service that helps us understand how people visit our websites. For example: from which web page you accessed our website, which pages you accessed and how long you spent on them. The information provided by Google Analytics is available to us in an anonymized form. You can learn more about how Google processes your personal data here.
– Hotjar: We use Hotjar to better understand our users’ needs and optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site. You always have the option to request that Hotjar not collect data about your activity when you visit a site that has implemented its services. You can do this by visiting the Hotjar Opt-out page and clicking the “Disable Hotjar” button or by enabling your browser's Do Not Track (DNT) feature."
Advertising. We allow certain third parties to use cookies for advertising purposes. These cookies track you across the internet in order to provide targeted, relevant ads.
If you wish to refuse cookies or remove previously-stored ones, please navigate to your browser settings. Guides for the most common web browsers can be found below:
– Manage cookies on Internet Explorer
– Manage cookies on Firefox
– Manage cookies on Chrome
– Manage cookies on Safari
International data transfer
Depending on your location and the services provided, your personal data may be transferred, stored and processed outside your country of residence in the locations where our third-party providers carry out their operations. We make reasonable efforts to ensure that they have implemented adequate data protection and security measures so that your data enjoys the level of protection required by regulations such as the General Data Protection Regulation. We have entered into data processing agreements with each of our third-party suppliers, which include, among other things, their contractual obligation to implement and maintain appropriate data protection procedures and measures.
When we transfer your data outside the European Economic Area, we do so on a legal basis and consider several legal mechanisms, such as Standard Contractual Clauses approved by the European Commission and supplier certification under the EU-US Privacy Shield.
Data Retention
In principle, we only store your data for as long as necessary to provide the Services or until we can comply with a request from you to delete your data – whichever comes first. However, we retain certain personal data even after these situations, such as when the processing is based on a legitimate interest or compliance with a legal obligation.
Modification of this Policy
If we change this policy, we will post the updated version here. We recommend that you check this page regularly. Your rights under this Privacy Policy will not be diminished without your consent.
How to contact us
The controller of your personal data is Dependev SRL (“us”, “we”), a company registered in Romania.
Regarding your personal data, you can contact us by email at hi@avohq.io