EUROPEAN DIGITAL EXGHANGE S.A., a Romanian legal entity, registered with Trade Registry of Bucharest under no. J40/5465/25.03.2021, Tax number CUI 43985800, having its headquarter located at Madrigalului street no 42A, Ground floor, Ap 4, Bucharest (hereinafter referred to as “Edex” or the “Controller”) is acting as controller for processing your personal data. The processing of personal data shall be done in accordance with the Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), as well as any other legal provisions applicable with respect to the protection of personal data.
Edex is the controller of personal data it collects from and about users through the platform Ronin www.weronin.com (“Platform”) and/or by any other interactions we may have with you, like those relating to the provision of Edex services or during marketing activities.
The information note on the processing of personal data (“Information Note“) describes in detail how Edex processes the personal data of its users and the rights they have in connection with this processing.
To whom is this Information Note addressed?
This Information Note details what happens to the personal data of the users that are provided as a result of the activity on the Platform. This Information Note is addressed to all users, both those who use the Platform without being registered and those who create an account on the Platform and choose to participate in the campaigns carried out through the Platform, individuals and representatives of legal entities alike (“Users“). Additionally, to the extent that the User represents a legal entity that will act through the Platform, Edex will process personal data in relation to the administrators and legal representatives of the legal entity, the direct associates / shareholders of the legal entity, who have over 25% of the shares / shares and the persons identified as the beneficial owner of the legal entity, for the purposes and on the grounds set out below.
What is the personal data that Edex processes?
Edex will collect the following types of personal data:
- Identification data: your name, surname, e-mail address, the data contained on the identity document, respectively the date of birth, the date of issue and expiry date of the identity document, the number and series of the identity document, the personal identification number or equivalent, gender, citizenship, home address;
- allegations or convictions related to crimes such as fraud, money laundering or the financing of terrorist acts or practices that contravene the requirements of international sanctions, the applicable requirements in the field of prevention of money laundering, the financing of terrorist activities and / or the prevention of tax evasion, data on political affiliation, public media sources;
- Biometrics: i.e. the information associated with analyzing your facial features in the context of opening your account.
As a rule, Edex will not process special personal data regarding health, racial or ethnic origin, religious or philosophical beliefs, trade union membership or data on life or sexual orientation. Platform.
However, as set out above, Edex will process personal data on international sanctions or data on political affiliation (all of which are used during the screening process for registration on the Platform).
For what purpose does Edex process personal data?
The personal data of the users will be processed by Edex for the following purposes:
- Creating an account on the Platform, processing transactions, providing services, making payments, managing the relationship with Users;
- Establishing a contractual relationship between Users and Edex;
- Defending business interests by entering into contractual relationships with Users that provide guarantees of financial and business integrity, in line with the legal requirements applicable to Edex, the administration and protection of the business and the Platform;
- Delivery of platform content, raise funding campaigns and interaction with Users;
- Fulfillment of legal obligations applicable to Edex;
- Protecting the rights and interests of Edex in any legal, judicial or administrative proceedings;
- To solve Users’ requests and complaints, suggestions or other recommendations in connection with Edex services;
- Transmission of marketing communications and information on investment opportunities.
What are the legal grounds for processing personal data?
For meeting the above purposes, Edex will process the personal data based on the following legal grounds:
- To take the necessary steps towards the conclusion of a contract and the performance of a contract (pursuant to Article 6 para. (1) lit. b) of GDPR), respectively to be able to provide the services of our Platform, according to the Terms and Conditions of the Platform. Thus, the main reason why Edex processes personal data is to be able to allow the use of the Platform, to facilitate and provide the services related to the Platform and to provide you with access to the campaigns carried out through Edex.
- For the fulfilment of the legitimate interest of Edex (pursuant to Article 6 para. (1) lit. f) of the GDPR). Thus, Edex will process personal data for legitimate business interests, such as carrying out the necessary research to prevent fraud, the security of the network and information systems, improving or modifying the services offered, identifying usage trends, determining the effectiveness of promotional and advertising campaigns, to resolve complaints, to audit or verify internal processes, to defend our rights such as the recovery of claims held by it and the formulation of defenses in the event of a possible dispute.
*Legitimate interests mean the interests of Edex to manage the business, in order to be able to offer users the best services, as well as to prevent any frauds that may occur on the Platform.
At the same time, we will carry out the necessary checks for knowing the customer and against money laundering, which will allow Edex to enter contractual relationships with Users who enjoy integrity, in accordance with the applicable legal provisions. At the same time, Edex will be able to provide its Users with services to the highest standards, ensuring that the activities carried out through the Platform are at all times ethical and legal.
Thus, within the framework of the customer due diligence procedures, Edex will process, in relation to the individuals Users, personal data regarding the activities registered on the lists of international crimes, the data related to the political affiliation, as well as data from public media sources that could reveal information related to fraudulent or potentially fraudulent activities.
If the user is a legal person, in addition to the personal data processed in connection with the representative of the legal person, Edex will also process personal data on the activities recorded on the lists of international crimes, data related to political affiliation, as well as data from public media sources that could reveal information on fraudulent or potentially fraudulent activities in connection with administrators and legal representatives of the legal entity, associates / shareholders of the legal entity, which hold over 25% of the shares / shares and persons identified as the beneficial owner of the legal entity
When the processing of personal data is based on the legitimate interest, Edex ensures that the impact of the processing on users (both positive and negative) and the rights they have under the legislation on the protection of personal data are considered and weighed against. The legitimate business interests of Edex do not automatically take precedence over the interests of the Users and if there is an imbalance to the detriment of the Users, then Edex will not use the personal data in those activities, unless this is expressly required by law.
You have the right to object to this processing if you wish by telling us at the email address mentioned above your option.
- For compliance with the legal obligations applicable to Edex (pursuant to Article 6 para. (1) letter f) of the GDPR), such as obligations to draw up and keep financial-accounting documents, conducting audits;
- Based on the freely expressed consent of the User, for the processing of personal data for marketing purposes (pursuant to Art. 6 para. (1) letter f) of the GDPR)
To whom is the personal data disclosed?
The personal data will be disclosed to a limited number of third parties, service providers of Edex, namely:
- Service providers: financial-accounting, providers of legal services, audit services or other special services provided by lawyers, notaries, administrators, auditors, forced-executors, entities specialized in debt recovery, appraisers, real estate agencies or other professional advisers, IT service providers, marketing providers;
- Tax, governmental, judicial and supervisory authorities
- Judicial/investigative authorities, such as: Police, Prosecutor’s Office, National Anticorruption Directorate, Directorate for Investigating Organized Crime and Terrorism, courts and arbitration/ mediation bodies
- Cyber security incident investigation and support institutions
Edex shall ensure in advance that service providers enjoy confidence in ensuring the protection of personal data and, where applicable, that providers act on the basis of the express instructions of the Controller addressed through the agreements for the processing of personal data.
Where is personal data processed?
The personal data processed by Edex are processed in electronic format on servers located in Romania. They will not be transferred to countries outside the European Union.
Should it be necessary to carry out another transfer of personal data to a third country (i.e. outside the European Union and the European Economic Area), Edex will ensure that this transfer will take place to States for which a decision of the European Commission on the adequate level of data protection has been issued. If there is no such decision, Edex will implement appropriate safeguards in accordance with the provisions of the Regulation.
How long is the personal data stored?
Personal data will not be processed for a longer period than is necessary in order to achieve the purposes set out by Edex.
Personal data processed based on the contractual relations that Users have with Edex will be stored for the entire contractual period, as well as for a subsequent period of 5 years, calculated from the termination of the contractual relationship, unless longer storage periods are required by mandatory legal provisions. We may retain your data for a period longer than 5 years in the event of a complaint or if we have grounds to believe that there is a risk of a dispute in the relationship with you.
The financial-accounting data will be processed for a period of 10 years, as provided by the financial-accounting legislation in force.
Personal data collected based on consent will be processed until the moment of its withdrawal by the User, without affecting the legality of the previous processing.
After the expiry of the above retention periods, the data will be deleted or anonymized, without the possibility of identifying the data subjects.
User’s rights regarding his/her personal data
According to the provisions of the GDPR, Users benefit from the following rights that can be exercised, individually or cumulatively, with respect to personal data processed by Edex as controller:
- Right of access to personal data
- Right to rectify of personal data
- Right to restrict the processing of personal data
- Right to erasure of personal data
- Right to object to the processing of personal data
- Right to portability of personal data
- Right to withdraw consent
- The right to file a complaint with the National Supervisory Authority for Personal Data Processing
- The right of access to personal data – The User may request confirmation that the personal data held by Edex are processed or not by Edex (as controller), and if so, access to them may be requested, as well as information about the processing activity (e.g. the purposes of the processing and the categories of data processed, the recipients or categories of recipients to whom the data have been or will be disclosed, the duration of the processing or the criteria used to determine this period, the existence of certain rights provided by law, the source of the information, etc.). At the user’s request, Edex will also provide a copy of the personal data processed. The request for additional copies may be charged according to the actual costs incurred by the Controller, under the conditions that will be communicated by him.
- The right to rectify personal data – the User can obtain the rectification of inaccurate personal data, as well as the completion of those that are incomplete.
- The right to restrict the processing of personal data – in situations expressly regulated by law (e.g. if the accuracy of personal data concerning the User is contested, for the period necessary to verify their accuracy, etc.) the User may obtain the restriction of the Controller’s processing of personal data. Restriction of processing means that the Controller will limit itself to storing personal data and will not perform other processing operations except with the user’s consent or in other cases expressly reviewed by law (mainly for the establishment, exercise or defense of a right in court or for the protection of the rights of another natural or legal person).
- The right to delete personal data (“the right to be forgotten“) – in situations expressly regulated by law (e.g. in case of withdrawal of consent if there is no other legal basis for data processing or if it is found that the personal data are no longer necessary for the purpose for which they were collected or processed, etc.), you can get that data deleted.
- The right to oppose the processing of personal data – the User may oppose at any time, for reasons related to your particular situation, the processing by the Controller of personal data in certain cases expressly provided for by law (in particular, if the processing is based on the legitimate interest of the Controller). Also, where the processing of personal data is for the purpose of direct marketing, the data subject has the right to object at any time to the processing for that purpose of personal data concerning him or her, including the creation of profiles.
- The right to portability of personal data – in situations expressly regulated by law (respectively, if the processing of personal data is carried out by the controller by automatic means and has as a legal basis either the performance of a contract or consent), the User may receive, in a structured, machine-readable format, the personal data that have been provided to the Operator and may request that those data be transmitted to another operator.
- The right to withdraw the given consent – The User may withdraw at any time his/her consent to the processing of personal data by the Controller. Withdrawal of consent will only have effect for the future, with processing carried out prior to withdrawal still remaining valid.
- Additional rights related to automated individual decision-making – Edex does not take automatic decisions as a result of the processing of personal data concerning Users.
For the exercise of any of the rights listed above you can address with a written request, dated and signed, to the address in Bucharest, Sector 1, Str. Madrigalului nr. 42A, Ground floor, Ap 4, or at the e-mail address: [email protected]
Also, Users may file a complaint about the way Edex processes their personal data with the National Supervisory Authority for Personal Data Processing (https://www.dataprotection.ro/).
Edex will resolve requests for the exercise of rights without undue delay and in any case no later than one month after receipt of the request. This period may be extended by two months where necessary. Edex will notify the User of the delay in solving the request, providing information on the deadline for response.
What cookies do we use?