DATA PROCESSING NOTICE
(Information provided pursuant to Article 13 of EU Regulation 2016/679)
Our Company, as the Data Controller of your personal data, provides you with this notice pursuant to Articles 13 and 14 of EU Regulation 2016/679.
A) Who is the data controller?
The Data Controller is Syncmoz Srl, located at Str. Dealul Tugulea nr. 77, Office 2, 1st Floor, Sector 6, Bucharest – Romania, represented by its legal representative pro tempore, VAT No. 49420708 – Email: info@yousafe.app.
B) What data do we process?
We collect and process only the data necessary, relevant, and compatible with the declared purposes. Specifically, we process data essential for the activation and functioning of the App, such as your nickname, the mobile number used to download the App, and your country of residence (solely to verify the correctness of the international prefix). None of this data allows us to identify you, as the entire registration, verification, sales, and billing process is carried out through the App store of your choice (Google Play or Apple Store) with the account you have registered, which is not disclosed or communicated to us by the gatekeeper.
Therefore, even if you complete the purchase process for the Premium version or other paid services (such as purchasing credits or other features), we do not process your financial or accounting data since the payment is made via credit card through the functionalities provided by the store itself. We process data related to incoming contacts on your mobile device, from recent calls, or those you manually input to associate them with a summary outcome/judgment or, if your subscription type permits, to review outcomes uploaded by the community. This data is processed by our applications solely to provide the App’s service but will not be disclosed or communicated to third parties outside the Community and only within the usage limits of each subscription.
We ensure that no one but you can associate your profile with the contacts linked to you. Once uploaded, they are processed in an aggregated and anonymized manner. If you agree to share your phonebook to avoid manually uploading contacts for processing, we will only acquire the contact details without sharing the associated personal information (phonebook identifiers) and without using this data for any purpose other than providing the service.
In any case, since we cannot verify the identity or origin of the contacts being qualified within the App, you assume full responsibility for their upload. We do not possess any of your data categorized as sensitive or judicial (Articles 9 and 10 of the GDPR).
C) Where do we collect your personal data?
Your personal data is collected directly from you when you fill out our forms, request our services, or agree to be contacted for informational purposes. We may also receive your data from third parties, provided that:
You have given those parties explicit consent to share your information with other companies for promotional purposes; or
Your information is publicly available. In such cases, we process it solely for permitted purposes and provided that your contact details are not listed in the Public Opposition Register.
If we have obtained your data through interactions with our website, subscription to newsletters, or participation in a survey or promotion, you would have been provided with a specific notice at that time.
D) Do we perform profiling?
According to EU Regulation 679/2016, profiling refers to “any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.”
We do not perform profiling on your data, nor do we carry out automated processing activities.
At most, we may engage in online advertising activities, but always using aggregated data.
E) On what legal basis do we process your data
According to EU Regulation 2016/679 (GDPR), the processing of personal data is permitted only if one of the following conditions is met:
The User has given consent for one or more specific purposes;
The processing is necessary for the performance of a contract with the data subject and/or for pre-contractual measures;
The processing is necessary to comply with a legal obligation to which the Data Controller is subject or to protect the vital interests of the data subject or another natural person;
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party (e.g., for monitoring IT security, fraud prevention, etc.).
In our case, the processing of your data is based on your free and informed consent, particularly when used for promotional purposes.
In the event of a purchase, an information request, or complaint management, your data will be processed to fulfill a contract or a pre- or post-contractual obligation.
Additionally, we may process web traffic data based on legitimate interest, in a manner that is strictly necessary and proportionate, to:
Ensure network and information security,
Prevent or recover from service disruptions,
Prevent fraudulent access,
as specified in Recital 49 of EU Regulation 2016/679 (GDPR).
F) Where do we process your data?
Your data is processed at our company’s headquarters and, within their respective areas of responsibility and in compliance with the principle of strict relevance, at the premises of the data processors we have appointed. These processors, like us, are legally obligated to comply with all privacy regulations.
We inform you that your data may be transferred outside Romania, but within the European Union, to countries that, like us, are subject to EU Regulation 2016/679 (GDPR).
Furthermore, data processed through electronic systems may be transferred abroad if servers are located outside the EU or if we use cloud services hosted outside the EU.
In such cases, we have ensured that the companies managing these services and IT applications transfer your data in compliance with Article 44 of the GDPR. For example, this may occur under the US-EU Adequacy Decision (Data Privacy Framework) or other equivalent safeguards ensuring an adequate level of protection for your data.
.
G) Why do we process your data?
We process your common personal data (e.g., nickname, phone number, etc.) for the following purposes:
To fulfill your requests and manage administrative activities related to the service provided. Please note that you will not make any direct payments to us, nor will we issue any invoices to you, as all payment operations and related obligations are handled by the selected store.
To comply with legal obligations: This includes fulfilling laws, regulations, EU directives, or instructions from regulatory authorities, as well as protecting our rights in judicial settings or carrying out anonymous statistical analysis.
For promotional and marketing purposes: If you have given us your explicit consent, your data may be used for:
Newsletters
Participation in trade fairs, meetings, or industry focal points
Email marketing campaigns
Other promotional activities aimed at optimizing our service offerings, including targeted and refined analysis.
In particular, regarding point 3:
If you provide us with your consent, you may:
Stay informed about new products and services: Communication may occur through automated channels (e.g., phone, SMS, MMS, fax, regular mail, email, video, web banners, internet messaging, or push notifications via apps). These communications may include:
Invitations to events
Promotional offers and discounts
Updates about our products and services
Third-party communication for commercial purposes, if explicitly authorized.
Receive personalized offers and interest-based advertising: These may be based on:
Your interests, habits, and consumption preferences
Your membership in specific family groups or segments
Participation in loyalty programs or reward campaigns.
All data processing is carried out in compliance with GDPR principles and with full respect for your rights and privacy.
H) Are you required to provide us with consent for the processing of your data?
Regarding the processing of common data referred to in point G1):
If you want us to provide our services through the App, your consent is not required. However, please note that if you do not provide your data, we will not be able to fulfill your requests or establish any relationship with you.
Regarding the processing referred to in point G2):
Your consent is not required. According to privacy regulations, this type of processing can/must be carried out by the Data Controller without the explicit consent of the data subject.
Regarding the processing referred to in point G3):
Consent is optional. If you do not wish to:
Receive newsletters
Receive calls from our call center
Be contacted through other communication channels
Interact with us on social media or our blog
Participate in any way in our promotional campaigns
You are free to deny your consent.
Your consent preferences and privacy settings can always be modified by contacting us through our official contact details and submitting an explicit request for removal from our database and deletion of your personal data.
Please note that if you withdraw your consent, the change will be immediately acknowledged but will become fully operational within a maximum of 15 days from receipt of your request, due to the technical time needed to align all the information systems we use.
I) How do we process your data and how long do we retain it?
The processing is carried out by manual, computerized and telematic means with logics strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data. We do not perform evaluations based solely on automated processing of personal data, nor are Your data processed for the issuance of judicial and administrative acts or measures. In any case, all processing and evaluations performed by computer techniques are screened by a physical person, designated for this purpose. We process Your data, without keeping it longer than necessary to achieve the purposes for which it was collected
This time may vary greatly depending on the purposes: for example, we will process the data related to the service you have requested from us or the product you have purchased until the execution of the same or for related administrative or accounting activities, but we may process some of the data acquired, aggregating or breaking them down, for marketing purposes or to evaluate our services. When processing is based on Your consent, we may retain Your personal data longer until that consent is revoked
We may retain Your data for defensive purposes within the prescriptive or forfeiture period in order to defend ourselves in a court of law or to respond to a request from the Authority. In these cases, however, Your data will no longer be accessible to our employees and will be stored separately from current use data so that it can be retrieved, only by those authorized to do so, for the aforementioned purposes. We take care, in fact, to balance mutual needs in order to limit the storage of Your data to what is strictly necessary, and in any case we ensure that Your data is accurate by taking all reasonable measures to delete or rectify inaccurate data in a timely manner. To this end, we kindly ask you to promptly notify us of any changes in Your personal data so that we can comply with Article 11(c) of EU Reg. 2016/679, which requires that the data collected is accurate and, therefore, up-to-date.
In addition, we may be obliged to retain Your data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the personal data will be deleted.
Therefore, at the expiration of this period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.
We offer you the following summary statement: Administrative, accounting and tax purposes Up to 10 years after the termination of the provision of services Purpose of investigating and prosecuting crimes 12/24/72 months, as required by specific regulatory provisions Retention purposes required by legal obligations (e.g., legal prescription of rights) Up to 10 years after the termination of the provision of service Commercial and marketing purposes For 24 months after the collection of consent or until consent is revoked, if the services you have requested from us remain active or you continue to purchase products from us limited to commercial offers similar to the products and services in which you have shown interest
J) Who do we share your data with?
Your common data come to the knowledge of the gatekeeper chosen by You (Apple Store and/or Google Play), which acts towards You as an autonomous Holder and is subject not only to the GDPR but also to the Digital Service Act and any related legislation. The data indispensable for the functionality of the App, as better specified in point B) are known by our personnel in charge of providing the services which, however, by their very nature are provided in an automated manner, according to the technical characteristics and purposes of our App. Within our Company may become aware of Your personal data, as persons in charge or responsible for their processing, employees and especially call center employees, collaborators in any capacity (e.g.: seconded, interns, parasubordinates) and external collaborators assigned to services and the sales network (agents, procacciatori, sales representatives, distributors). In the event that we have sourced Your data from List Providers or we use third parties to carry out lead generation campaigns, we assure You that we carry out a careful selection of our suppliers and a control of the entire supply chain for each activity we delegate, in compliance with the requirements of the Code of Conduct for telemarketing and teleselling activities referred to in the Guarantor’s Order no. 70 of 09.03.20223, articles 6 – 14 et seq.
In addition to those who work at the call center and/or otherwise collaborate with us in the management of promotional and telemarketing activities, we may communicate Your data to: – persons, companies, associations or professional firms, facilities, internal and external, who perform on behalf of our Company technical, support or service tasks or activities and to the Company; – consultants with particular but not exclusive reference to issues in technological, accounting, administrative, legal, tax, financial and corporate control matters; – a third party or body to whom such disclosure is required to comply with any applicable law or other legal or regulatory requirement; – business partners in case of launching joint promotions/offerings. These partners are in turn responsible for compliance with applicable privacy laws; – companies that perform on our behalf data acquisition, processing and processing services necessary for the use of the services; – companies that perform market research aimed at surveying customer satisfaction; – other telecommunications operators, for the management of interconnection and roaming relationships if necessary for the requested service. For the pursuit of the aforementioned purposes, our Company may communicate Your data to certain subjects, including foreign ones, belonging to certain categories (in addition to those identified by law and indicated by way of example and not exhaustive in the list above) so that they may carry out the related processing and communications.
We remind you, in fact, that the subjects indicated above will use the data received for their purposes as autonomous “Data Controllers”, except in the case in which they have been designated by us as “Data Processors” of the processing of their specific competence, ex art.
Under Article 28 of the GDPR, through a dedicated appointment act, we outline the processing methods and the security measures that must be adopted by these entities for the management and storage of personal data for which our company acts as the Data Controller. Alternatively, if they have appointed us as “Data Processors”, data may be exchanged in the execution of tasks assigned to us.
We do not disclose your data, meaning we do not make it accessible to an indefinite number of recipients, nor do we share it with others for their purposes.
The complete list of entities to whom your personal data has been or may be communicated is available upon request via email at info@yousafe.app.
K) Rights
We remind you that at any time you have the right to:
Obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and receive communication of such data in an intelligible format.
Receive information about the origin of the data, the purposes and methods of processing, and the logic applied in case of processing carried out with the aid of electronic tools.
Obtain a list of entities or categories of entities to whom your data is disclosed or who become aware of it in their capacity as Data Processors or Authorized Persons.
Request updates or corrections of processed data and, in the case of unlawful processing or under the provisions of Article 17 of EU Regulation 2016/679, request the erasure (right to be forgotten), anonymization, or blocking of the data.
Request restriction of processing of your data.
Request the integration of your personal data, if necessary.
Object, in whole or in part, to the processing of personal data for legitimate reasons, even if relevant to the purpose of collection.
Object to the processing of personal data for commercial or direct marketing purposes and be informed by the Data Controller, no later than the moment the data is communicated or disclosed, of the possibility of exercising this right free of charge.
Receive confirmation about the existence of automated decision-making processes, including profiling under Article 22, paragraphs 1–4 of EU Regulation 2016/679, and, at least in such cases, receive information about the logic used, as well as the significance and consequences of such processing.
Request the portability of your data to another Data Controller.
Be notified if an event occurs that may have resulted in a breach of your data, especially if the breach poses a high risk to your rights and freedoms, under the conditions of Article 34 of EU Regulation 2016/679.
Requests can be sent in writing or via email to the Data Controller’s headquarters.
We remind you that you also have the right to lodge a complaint with a Supervisory Authority.
For Romania, this authority is the National Supervisory Authority for Personal Data Processing.
L) Privacy
- Syncmoz Srl, as the Data Controller, informs you that in compliance with EU Regulation 2016/679 (GDPR), it processes personal data in accordance with the principles of fairness, lawfulness, transparency, and protection of user privacy, adopting appropriate technical and organizational security measures.
- The YouSafe App can access the contacts in the device’s address book only with the explicit consent of the User, to allow the correct functioning of the phone number identification features and the verification of contacts flagged as spam or telemarketing.
- In case of consent, the App may upload the phone numbers from the address book to its servers in an encrypted or anonymized form, solely for technical purposes related to the operation of the described services. The data processed in this way is not shared with third parties, is not used for marketing purposes, and is stored only for the time strictly necessary to provide the service.
- The User can refuse or withdraw consent to access and upload contacts at any time from the device’s or the App’s settings. In case of no consent, some app functionalities may not be available.
- All details on the processing of personal data, including purposes, storage methods, and User rights (access, rectification, erasure, objection, portability, complaint to the supervisory authority), can be found in the Privacy Policy at this link https://yousafe.app/en/privacy-policy/