Data confidentiality

GENERAL PERSONAL DATA PROTECTION REGULATION

Your privacy is important forS.C. SOFTMANAGER S.R.L.. The purpose of this Privacy Policy is to explain to you what data we collect, why we collect the data and how we use, reveal, transfer and store your data.

1. Unity S.C. SOFTMANAGER S.R.L.
 If you have any questions regarding this privacy policy, you can contact us using the information below. 
 S.C. SOFTMANAGER S.R.L
 Adress: str. Zmeului, nr 21, Prahova, Ploiesti, România
 Phone: +40 743 608 751
 E-mail: contact@softmanager.ro
 CUI: RO 40699588
 Nr. Ord. Reg. Com.:  J29/1098/2019
 Our clients can send questions regarding data protection, privacy and security of personal data to the e-mail address contact@softmanager.ro.

2. What information do we collect? 

You can visit our site anonymously. 

If you choose to register on our site, four categories of data will be processed on your behalf: 

  • “Account details” 

When you register for an account on our site, basic details are collected such as:

  • Fiscal Identification Code
  • company email address
  • telephone
  • the name of your contact person (name, surname, email)
  • address of the office (city, county, street, postcode)
  • Nr. registration in the Trade Register
  • if you are or not a VAT payer
  • your login details (account name, username, password)

After completing all these data, you are kindly asked to accept the terms and conditions of use, after reading them. 

“Configuration data” 

We collect the data you enter directly into our application after you login and connect (using the user interface available through the browser or API service) such as:

  • the data related to your account, respectively your personal data (name, first name, telephone, CNP, identity card), access data (username, new password if you want to change it, e-mail), API key and details about subscription SoftManager CRM, which you can modify at any time from this section
  • the data about your company, respectively fiscal data and contact data: (name, CIF, VAT payer or not, Order No. Trade Register, EUID, registered capital, subscribed share capital, paid-up share capital, address, city, county, country, postal code, telephone, fax, e-mail, site), banking data (bank name, IBAN, SWIFT, currency), logo, work points (name, address, telephone, fax), users and rights granted to users ( personal data and their access data)
  • document configurations: default values for invoicing (currency, VAT rate, BNR rate, the due date of the invoices, daily or monthly penalties, default values for explanations / statements, which will be added to all created documents; these can be set for invoices, proforma invoices, receipts, as well as notices), the series configurations of all types of documents, the setting of templates for all types of documents, colors and fonts that will ensure the desired design of your documents

These data have a decisive influence on the operation of the application, the content and the appearance of the resulting documents that can be sent to your final customers and the eventual automatic communication with your final customers (sending due invoices, reminder messages, confirmation messages).

“ Customer and user data defined by you“ 

In our application you can define several users with different rights who will be able to use the application (they can have administrator rights, respectively to make any type of modifications, access rights, or they can be deactivated being therefore unable to use the service). 

The data that you can store in our application about the users of the account are divided into two categories: optional and mandatory. 

*Mandatory: name, first name, username, email address.

*Optional: telephone, Personal Numeric Code, type of identity document, series of identity document, number of identity document, issuer of identity document, date of issue of identity document. 

In our application you can define more clients of your company. You can also define contacts of your customers. 

Data you can store in our application about customers, which are divided into two categories, respectively optional and mandatory. 

*Mandatory: (CIF, name, client type, address, city, country) 

*Optional: VAT indicator, Nr. Order Trade Register, Bank name, account number (IBAN), postcode, county, email, fax, phone, website and  

Data that you can store in our client application, which are divided into two categories: optional and mandatory. 

*Mandatory: name, surname 

*Optional: phone, mobile, email. 

records saved by you for users, customers and contacts can be associated with various other records such as documents, products, subscriptions,  standard documents. 

“The data generated by the system” The service automatically creates and stores the methods based on the other types of data, eg:

Subscription dates, such as start and end dates.

The invoices issued to the customers of the SoftManager CRM service. 

You can create, edit, modify, and delete all the data you manage through the user interface or API. If a specific instruction regarding personal data cannot be performed through the user interface or API, you can send us specific instructions using the email address contact@softmanager.ro.

3. What we use your information for? 

Any information we collect from you may be used for one or more of the following purposes:

3.1. To personalize your experience and interface (information such as intra-Community VAT code, or VAT implies the appearance of the VAT column, if you have defined a point of work you can choose to have it appear on the invoice, if you have pre-defined the mentions for the documents, they will appear on each document issued, even if you predefine the optional user data, 

they can appear if they are selected as delegate, cashier, etc.). All of these will help to more accurately meet your individual needs;

3.2. To allow you to control the content and appearance of the resulting documents from the application SoftManager CRM (invoices, notices, orders, contracts, offers receipts, proformas, other documents) as well as the interaction with your customers (manual or automatic sending of invoices by e-mail), automatic invoicing or proformas by running defined subscriptions, displaying a public page with the data of a document and the possibility to download it in PDF format, and other personalized functions

3.3. To improve the system S.C. SOFTMANAGER S.R.L., is constantly striving to improve the offers of our site based on the information and feedback we receive from our customers);

3.4. To identify you as a contracting part;

3.5. To allow you to securely login to https://crm.softmanager.ro/

3.6. To establish a main channel of communication with you (e-mail address, telephone, address, first name, last name);;

3.7. To enable the company S.C. SOFTMANAGER S.R.L.
  

3.8. To enable automatic subscription handling;

3.9. To provide you with aggregated information regarding your customers and products, at created documents, defined subscriptions, standard documents, projects etc.

3.10. To send important messages related to the service Softmanager CRM by email (the email address you provide can be used to send you information and updates regarding our site, announcing the expiration of the promotional period, sending due invoices, sending payment reminder messages, sending messages of late payment, information about possible incidents related to your account activity) 

3.11. for debt recovery and for resolving any legal disputes related to contractual relationships.

4. Legal basis 

4.1. EU General Data Protection Regulation (GDPR) 

The processing of your data is done either on the basis of your consent, or if the processing is necessary to execute a contract to which you are a party or to take measures at your request before concluding a contract, cf. GDPR art. 6 (1) (a) - (b). 

You can at any time withdraw your consent regarding the processing of personal data, contacting us using the contact information from Art. 1 

To conclude a contract of adhesion to the service SoftManager CRM offered by S.C. SOFTMANAGER S.R.L., you must provide us with the necessary personal data.

5. How we protect your information? 

S.C. SOFTMANAGER   S.R.L. implements the following technical, physical and organizational measures to maintain the security of your personal data against accidental or unlawful destruction or accidental loss, modification, unauthorized use, unauthorized modifications, disclosure or access and against any other form of illegal processing.

5.1. Availability 

245/5000 The service uses the expanded features of the cloud environment to ensure high availability, such as full redundancy, load balancing, automatic capacity scaling, continuous data backup. 

There is no personal data stored permanently outside the cloud platforms managed by S.C. SOFTMANAGER   S.R.L.. Thus, physical security is maintained by S.C. SOFTAMANGER S.R.L.., see clause 7. The data processed are safety.The data centers where the data is physically stored are owned by RCS Lille Metropole 424 761 419 00045 (OVH.com), 2 rue Kellermann 59100 Roubaix, France, therefore located in the European Union. OVH.com and the other subcontractors comply with all GDPR requirements.

5.2. Integrity 

To ensure the integrity, all data transmissions are encrypted to align with best practices to protect data privacy and integrity. We use Secure Socket Layer (SSL) technology to transmit communications between you and the application, using the user interface or API service. 

For data in transit, the service uses industry standard transport protocols both between devices and data centers and within data centers.

5.3. Confidentiality 

All staff members are subject to full confidentiality, and subcontractors and sub-processors must sign a confidentiality agreement, if total confidentiality is not a part of the main agreement between the parties. 

Whenever personal data is accessed by authorized personnel, access is possible only through an encrypted connection.

5.4. Transparency 

S.C. SOFTMANAGER S.R.L.. will continually inform you of process changes to protect the confidentiality and security of data, including practices and policies. You can always ask for information about where and how the data is stored, secured and used.

5.5. Ability to intervene 

S.C. SOFTMANAGER S.R.L.. It allows you to access, rectify and delete the data you manage using the user interface and API service. You can also do batch actions, which means that you can delete multiple records, you can import the files with multiple records and you can also change multiple recordings (eg when changing the VAT rate). 

From a technical point of view, the staff S.C. SOFTMANAGER S.R.L.. has the possibility to use the application on behalf of a particular user through the function ‘switch user’. This action takes place after prior confirmation by the client (verbal or written). 

The overall responsibility for data security rests with the Data Protection Officer (DPO) of S.C. SOFTMANAGER S.R.L.. which educates and updates staff on data security measures.

5.6. Monitoring 

S.C. SOFTMANAGER S.R.L.. uses security reports and notifications to monitor attempts to access or fraudulent use and to proactively identify and counter potential threats. Administrative operations, including system access, are recorded to provide an audit trail if unauthorized or accidental changes are made. 

System performance and availability are monitored by both internal and external monitoring services.

5.7. Notification regarding the violation of personal data 

If your data is compromised, S.C. SOFTMANAGER S.R.L..  We will also notify you and the competent supervisory authority (ies) within 72 hours by e-mail informations about the extent of the infringement, the affected data, any impact on the service and the action plan of S.C. SOFTMANAGER S.R.L.. with measures to secure the data and to limit any possible negative effect on the data subjects. 

"Breach of personal data" means a breach of security that results in the destruction, loss, modification, unauthorized disclosure or unauthorized access of personal data transmitted, stored or processed in other way with the provision of the service.

6.How we use cookies?

See Cookie Statement of S.C. SOFTMANAGER S.R.L. at  https://www.softmanager.ro/en/AboutCookies.html about the cookies we use.

7. Do we disclose information to external parties? 

S.C. SOFTMANAGER S.R.L. does not sell, market or transfer to external parties any personally identifiable information. 

Reliable partners or subcontractors who assist us in operating our site for the purpose of running our business or in your service may have access to information:

- when we believe this is necessary to keep the law,

- when we are requested in this regard by the competent bodies of the state,

- to enforce the policies of our site,

- to protect the rights, property or safety of ourselves or other of personal identification based on the need to know and will have the contractual obligation to keep the information confidential. 

Also, we will be able to disclose information in the following situations:

7.1. Subcontractors and reliable partners 

To provide the services available through the site crm.softmanager.ro we work with various subcontractors and reliable partners. From the data provided below, it can be observed that personal data is only transferred to some of them:

RCS Lille Metropole 424 761 419 00045 (OVH.com), France - providing cloud and infrastructure services. They are stored and transferred here and transferred including personal data.

Google LLC 1600 Amphitheater Parkway, Mountain View, CA 94043, USA - offer us Google Analytics service. We do not transfer personal data to this partner. Even the visitor's IP address is anonymized before transferring. The EU-US Privacy Shield certification for this subcontractor can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

All our subcontractors that process personal data must comply with GDPR provisions. We will monitor the maintenance of standards imposed by the GDPR by subcontractors and subprocessors to ensure that data protection requirements are met. All subcontractors in the United States of America (USA) are certified under the EU-US Privacy Shield. 

Changes to the addition or replacement of subcontractors or partners handling personal data will be announced by updating this document. You have the opportunity to oppose such changes and terminate the contract with S.C. SOFTMANAGER  S.R.L.

7.2. Mandatory disclosure from a legal point of view 

S.C. SOFTMANAGER S.R.L. will disclose the client's data to law enforcement bodies if there is your acceptance or if it is a legal requirement. S.C. SOFTMANAGER S.R.L will try to limit the disclosure of data to the strictly necessary.

9. Where do we store information??

9.1. Location of personal data 

All data is stored in the data centers of the RCS Lille Metropole 424 761 419 00045 (OVH.com) in France. If we delegate data processing activities to subcontractors, these subcontractors must be certified according to the EU-US Privacy Shield. 

The data stored in relational databases are automatically replicated in real time to secondary databases or using automatic multiple replication mechanisms within multi-master database clusters with a minimum of 3 instances. 

Data stored in file systems or using compatible storage services are also available in multiple copies that are automatically made at least once a day. 

Database backups are automatically made to allow them to restore their status to pervious moments. The retention period is 7 days. Backups are stored on physical devices other than those running by database instances.

9.2. Installing software on the client's system 

No software installation is required to use the service. The service offered by S.C. SOFTMANAGER S.R.L is accessible through a standard web browser, automatically using an encrypted https connection for all communications between your browser and the server S.C. SOFTMANAGER S.R.L to protect any interception data during network transfers.

10. Access, data transfer, migration and transfer assistance 

You can get confirmation at any time  S.C. SOFTMANAGER S.R.L. about whether your personal data about you is being processed or not. 

11. Request rectification, restriction or deletion of personal data

11.1. Rectification 

You may obtain, at any time, without undue delay, the rectification of inaccurate personal data relating to you, cf. clause 5.6. 

11.2. Restrict the processing of personal data 

You can always ask S.C. SOFTMANAGER S.R.L to restrict the processing of personal data when one of the following applies:

  • if you question the accuracy of your personal data, in which case the restriction applies for a period that allows our company to verify the accuracy of your personal data,
  • if the processing is illegal and you oppose the deletion of personal data and request instead the restriction on their use,
  • if S.C. SOFTMANAGER S.R.L. no longer needs the personal data for the purpose of processing, but they are requested by you for establishing, exercising or defending legal claims.

11.3. Deletion 

You can request, without undue delay, the deletion of personal data concerning you and S.C. SOFTMANAGER S.R.L. will delete your personal data without undue delay when applying any of the following:

  • if personal data are no longer needed for the purposes for which they were collected,
  • if you withdraw your consent on which the processing is based and there is no other legal basis for processing,
  • if personal data were processed illegally,
  • whether personal data must be deleted in order to comply with a legal obligation under EU or national law.

12. Data processing agreement 

Because it is possible that by using the services of SoftManager CRM to manage personal data it is necessary to consent to the processing of personal data. 

You expressly state that you understand and accept this data processing agreement.

13. Changes to our privacy policy 

If we decide to change the Privacy Policy, we will make those changes and publish them in a new newsletter.

Get a FREE account now ⟫