1. Who are we?
NSHOST is a company primarily focused on customer-oriented software development, founded in 2007 and identified by CIF RO22089115.
NSHOST S.R.L responsibly manages the protection of your personal data and strictly applies current legislation. Below, we present our policy on personal data processing, which allows you to understand the protection we guarantee and the purpose of collecting your personal data.
As a data processor (HOSTING) under the Regulation, we process only the personal data that you have determined, for the indicated time and for the purposes specified by you as the data controller. We ensure that your data is safe, remains your property, and is stored exclusively on servers in Romania. Our backup system is highly implemented and secured, located within the European space, and no one outside our technical department staff has access to these systems.
2. What data do we collect about you?
2.1 Data provided through direct interactions
Account registration and other account-related information
When you register to use our Services, we may collect the following information about you:
- First name, last name, email address, date of birth, residence location, Personal Numerical Code (CNP), identification details from your identity card, phone number.
Depending on the choices you make during authentication into our Services or during the process of engaging our Services, you may opt to provide additional personal data.
• Your credit card details, if you choose to provide this information, as well as your IBAN account
Communication via the chat function on our Platform
When you use the chat function to communicate with us, we collect the information you choose to provide through this feature.
2.2 Data provided through indirect interactions – use of services
2.2.1 Data we collect automatically when you use our Services
When you interact with our Platform or use our Services, we automatically collect the following information about you:
Device Information
- We collect specific device information, such as the operating system version and unique identifiers. For example, the name of the mobile network you are using. We associate device identifiers with your account.
Location Information
- Depending on your device's permissions, we automatically collect and process information about your current location. We use various technologies to determine location, including IP address, GPS, Wi-Fi access points, and mobile towers. Your location data allows you to view user-posted items nearby and helps you post items from your location.
Client and Authentication Data
- Technical details, including the Internet Protocol (IP) address of your device, time zone, and operating system. We also retain your authentication information (registration data, last password change date, last successful login date), as well as your browser type and version.
Clickstream Data
- We collect information about your activity, which includes the websites from which you accessed our Platform, the date and time of each visit, banners or content you clicked on, your interaction with advertisements, the duration of your visit, and the order in which you view content on our Platform.
Cookies
- We use cookies to manage user sessions, store language preferences, and provide relevant advertisements. Cookies are small text files transferred by a web server to your device's hard drive. Cookies can be used to collect the date and time of your visit, browsing history, preferences, and username.
- You can configure your browser to refuse all or some cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that certain parts of our Services/Platforms may become inaccessible or may not function properly.
For more information about the cookies we use, please refer to the Cookies Policy.
3. Do we collect data from children?
Our services are not intended for children under 18 years old, and we do not knowingly collect data from individuals under 18. If we discover that a person under 18 has provided us with personal data, we will immediately delete it.
4. Why do we process your personal information?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following situations:
- When we need to execute the contract that we are about to enter into or have already entered into with you.
- Where it is necessary for our legitimate interests, to improve our services and provide you with a secure and safe platform.
- When we must comply with a legal or regulatory obligation.
In certain circumstances, we may also process your personal data with your consent. If we do so, we will inform you of the purpose and category of personal data to be processed at the time we request your consent.
Below, we describe how we use your personal data and the legal bases on which we rely. We also identify our legitimate interests where applicable.
-
- To grant access and provide services through our platform
- If you log in using your email ID, we will use your first and last name, mobile phone number, and/or email address to identify you as a user and give you access to our website.
- The log data mentioned above is also used by us to deliver our services in accordance with our Terms of Use.
- We use your email address and mobile phone number (via SMS) to provide you with suggestions and recommendations about our Services that might be of interest to you.
We process the above information to ensure the proper performance of our contract with you and based on our legitimate interest in conducting marketing activities to offer you Services that may be relevant to you.
Here’s the English translation of your text:
4.2 To enhance your experience on the Platform
i. We use clickstream data to:
- Provide you with personalized content, such as offering more relevant search results when you use our Services.
- Determine how long you spend on our Platform and how you navigate through it to understand your interests and improve our Services based on this data. For example, we may suggest content for you to visit based on the content you clicked on.
- Monitor and report the effectiveness of campaign delivery to our business partners and conduct internal business analysis.
- Prevent excessive display of the same advertisements to the same user.
ii. We use your location data for the following purposes:
- Compile anonymous and aggregated information about user characteristics and behavior, including for business analysis, segmentation, and the development of anonymous profiles.
- Improve the performance of our Services and personalize the content we direct to you. For example, using location data, we display ads relevant to your area to enhance your shopping experience.
- Measure and monitor your interaction with third-party advertising banners placed on our Platform.
iii. By using your site registration data, including your email and phone number, we determine the various devices (such as personal computers, mobile phones, tablets) through which you access our Platform.
This allows us to associate your activity across different devices and helps us provide you with a seamless experience, regardless of the device you use.
We process the above information based on our legitimate interest in improving your experience on our website and properly fulfilling our contract with you.
4.3 To provide you with a safe and secure website
i. We use your mobile phone number, log data, and unique device identifiers to manage and protect our Platform (including troubleshooting, data analysis, testing, fraud prevention, system maintenance, support, reporting, and data hosting).
ii. We analyze communications made through our chat function to prevent fraud and promote security by blocking spam messages or abusive messages that may be sent.
We process the above information to ensure the proper performance of our contract with you, improve our services, and based on our legitimate interest in fraud prevention.
5. How will we inform you about changes to our privacy statement?
We may update this privacy statement from time to time. We will publish changes on this page and notify you via email or through our Platform. If you do not agree with the changes, you can close your account by accessing your account settings and selecting account deletion.
6. Your Rights
Under data protection laws, you have rights regarding your personal data in certain circumstances.
If you wish to exercise any of the rights below, go to your account/privacy settings or contact us using the contact form.
- Right to request access to your personal data (commonly known as a "data subject access request"). This allows you to receive a copy of the personal data we hold about you and check whether we are processing it lawfully.
- Right to request correction of any personal data we hold about you. This allows you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide.
- Right to request restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want to verify the accuracy of the data; (b) if we are using the data unlawfully.
(c) If you need us to retain the data, even if we no longer require it, because you need it to establish, exercise, or defend legal claims; or (d) You have objected to our use of your data, but we need to verify whether we have overriding legal grounds to continue using it.
- Right to request the deletion of your personal data. This allows you to ask us to delete or remove personal data where there is no valid reason for us to continue processing it. You also have the right to request that we delete or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have processed your information unlawfully, or if we are required to delete your personal data to comply with local legal obligations. Please note that in certain circumstances, we are legally obliged to retain your data. See Section 10 for more details.
- Right to object to the processing of your personal data when we rely on a legitimate interest (or that of a third party) and there is something about your specific situation that makes you want to object to processing based on this reason, as you feel it impacts your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds for processing your information that override your rights and freedoms.
- Right to request the transfer of your personal data to yourself or a third party. We will provide you or a third party of your choice with your personal data in a structured, commonly used, machine-readable format. Please note that this right applies only to automated information for which you initially gave consent to use or in cases where we used the information to enter into a contract with you.
- Right to withdraw consent to the processing of your personal data at any time. This does not affect the lawfulness of any processing carried out before your consent withdrawal.
All requests to exercise these rights must be made in writing, as an attached PDF file, signed, scanned, and sent via email to office@nshost.ro.
No fee is generally required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under these circumstances.
Response Deadline: We strive to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your request is particularly complex or if you have submitted multiple requests. In such cases, we will notify you and keep you updated.
Additionally, you have the right to file a complaint at any time with the data protection authority.
However, before lodging a complaint with the data protection authority, we appreciate the opportunity to address your concerns first. To do so, please contact the Data Protection Officer at dpo@dpsolutions.ro.
7. Communication and Marketing
We will communicate with you via email to confirm your registration, notify you when your listings are live/expired, and for other transactional messages related to our Services. Since it is essential for us to provide such transactional messages, you may not be able to opt out of them.
However, you may request that we stop sending you marketing communications at any time by clicking the unsubscribe link in the email or SMS sent to you, or by adjusting the communication settings in your account.
If you experience difficulties changing these settings, please contact us using the Contact Form.
You may receive marketing communications from us if:
- You have requested such information from us.
- You use our Platform or Services.
8. With whom do we share your data?
We may share personal data with the parties listed below for the purposes outlined in Section 4 above.
Affiliated Companies – We may share your data with other companies both inside and outside the European Economic Area (EEA) to help us provide business operations services, such as product improvements, customer support, and fraud detection mechanisms.
Any sharing of personal data outside the EEA will always be subject to the safeguards described in Section 9 or a data transfer agreement, which clearly defines the obligations of the parties and ensures technical and organizational measures to protect your data.
Third-party service providers
We use third-party service providers to help us deliver certain aspects of our Services. These providers may be located within or outside the European Economic Area (EEA).
We conduct security checks on third-party service providers and require them to comply with the protection of your personal data and treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.
Advertising and analytics providers
To enhance our Services, we sometimes share your non-identifiable information with analytics providers who help us analyze how users interact with our Platform/Service. We share this information in a non-identifiable format for monitoring and reporting the effectiveness of campaign delivery to our business partners and for internal business analysis.
For more details about advertising agencies and analytics providers, please review our Cookies Policy.
Law enforcement, regulatory authorities, and others
We may disclose your personal data to law enforcement agencies, regulatory authorities, government or public entities, and other relevant parties in compliance with legal or regulatory requirements.
9. International Transfers
Whenever we transfer your personal data outside the EEA, we ensure that an equivalent level of protection is provided by implementing at least one of the following safeguards:
- We transfer personal data only to countries that the European Commission has deemed to provide an adequate level of protection for personal data.
For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries. - If we use certain service providers, we may use specific contracts approved by the European Commission, which ensure the same level of protection for personal data as in Europe.
For more details, see European Commission: Model contracts for the transfer of personal data to third countries. - If we use service providers based in the United States, we may transfer data to them if they are part of the Privacy Shield framework, which requires them to provide equivalent protection for personal data shared between Europe and the USA.
For further details, see European Commission: EU-US Privacy Shield.
10. Where do we store your data and for how long?
Where do we store your data and for how long?
The data we collect about you will be stored and processed within Romania, on secure servers, to provide the best possible user experience.
For example, this helps ensure fast website and mobile application performance.
We will retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including to meet legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
- The value, nature, and sensitivity of the data.
- The potential risks associated with unauthorized use or disclosure.
- The purposes for which we process the data and whether we can achieve those purposes through alternative means.
- Applicable legal requirements.
If you have any questions regarding the data retention period, please contact us at office@nsost.ro.
11. Technical and Organizational Measures & Processing Security
All information we receive about you is stored on secure servers, and we have implemented appropriate technical and organizational measures to protect your personal data.
NSHOST continually assesses the network security and the adequacy of its internal information security program, which is designed to:
- Protect your data against loss, accidental or unlawful access, or disclosure.
- Identify foreseeable security risks.
- Minimize security risks through ongoing risk assessments and regular testing.
Additionally, we ensure that all payment data is encrypted using SSL technology.
Please note that despite the measures we have implemented, data transmission over the Internet or other open networks is never completely secure, and there is a risk that your personal data may be accessed by unauthorized third parties.
12. References to Third-Party Websites
Our platform may contain links to third-party websites or applications.
If you click on one of these links, please note that each third party will have its own privacy policy.
We do not control these websites/applications and are not responsible for their privacy practices.
When leaving our Platform, we encourage you to read the privacy notice of each website you visit.
13. Contact
For any additional information, please check your account settings or contact our Data Protection Officer at dpo@dpsolutions.ro.