INFORMATION NOTICE 

REGARDING THE PROCESSING OF PERSONAL DATA WITHIN THE TICKETING APPLICATION

Softelligence S.R.L., having its registered office in Bucharest, Str. Gara Herastrau, nr 4 D, building C, et. 2, sector 2, registration number at the Trade Register J40/1411/2008, CUI RO19333723 ("SFTL" or "Softelligence") processes personal data as Controller in relation to you.

Softelligence provides support services to its customers. In such context, Softelligence processes your personal data to the extent that you are an employee or collaborator of the Customers (collectively referred to as "Data Subjects") and use the ticketing application provided by Softelligence ("Freshworks").

Your data will be processed strictly for the purpose of providing support services in accordance with the agreements concluded with our customers and for the fulfillment of any specific requirements related to the support services (e.g. performance indicators assessment, billing, incident resolution, etc.).

We process your personal data that you provide to us directly, e.g. when the Data Subject is acting in relation to SFTL as legal representative or, as the case may be, contact person or person designated by the Client in relation with SFTL, as well as from relevant authorities, institutions or courts, respectively from Freshworks or its own systems, if applicable.

We process the following categories of personal data (collectively "Data"):

(a) Authentication data: first name, last name, email, user, password;

(b) Freshworks Interaction Data: information on the use of Freshworks, such as frequency, date, time, type of referral, number of referrals, login errors, etc.;

We process your Data to enable you to log into the Freshworks ticketing application and use it to submit requests to Softelligence. 

Legal basis: our legitimate interest to provide support services to our Customers, the context in which we process your data as a user of the Freshworks application.

Duration: your data will be kept for a period of 3 years from the settlement of the ticket entered in the application by you, or longer, for the duration of official proceedings/investigations/litigation if applicable.

Data source: we receive your data directly when you submit tickets to us, or in certain circumstances (e.g. malfunctions) we may generate data about your use of the App.

In order to communicate with you after submitting a ticket to Freshworks, we may contact you by email to request further details or to keep you updated on the status of your ticket.

If you send us other requests/complaints related to our services, we will also process your data for the resolution and, where appropriate, investigate the issues raised.

Grounds: our legitimate interest to ensure optimal and easy communication with Freshworks users, to provide Customers with an easy communication channel; our legitimate interest to manage and resolve any requests/complaints related to our services; when there are legal provisions requiring certain processing - e.g. a request from the authorities in the context of an inspection, complaints.

Duration:

• 3 years from the opening of the ticket, for data related to communication on the ticket;
• 3 years from the resolution of your request/complaint;
• for the duration of official proceedings in relation to you, the authorities, your representatives and for 3 years after their completion
• for the duration required by law.

What happens if you do not provide us with the requested data: if you do not provide us with the requested information in order to respond to your request/complaint or related to the tickets, we may be unable to resolve or fully respond to your request/complaint.

We process your personal data in order to ensure the security of the data stored within Freshworks (both your data and the data related to the one contained within your tickets submitted by you). In this context, data may be accessed or otherwise processed in the context of internal or external security audits (including those conducted by the Clients you represent), security tests conducted by us, incident/error resolution or data security-related complaints in the Freshworks application. Any of your data may be subject to processing depending on the context.

Legal basis: (i) our legitimate interest in ensuring data security in the Freshworks App in line with our specific contractual and legal obligations regarding the processing of personal data as well as our legitimate interest in investigating and resolving any complaints/feedback/security incidents occurring in the App; (ii) our legitimate interest in complying with our contractual obligations in relation to Customers and in reporting and resolving any incidents/submissions/complaints in relation to them under the Support Services Agreements and the correlative legitimate interest of Customers to manage internally incidents/submissions/complaints relating to their data in Freshworks; (ii) our specific legal obligations i.e. the legitimate interest of Customers to comply with specific legal obligations to disclose certain data in the context of security incidents - e.g.. to ANSPDCP, ANPC at their request etc..

Duration: your data will be kept for a duration of 3 years from the resolution of the security incident/complaint/submitted complaint or longer, for the duration of official proceedings/investigations/litigation if applicable.

Data source: we receive your data directly when you submit tickets to us, or in certain situations (e.g. malfunctions, security alerts) we may generate data about your use of the application.

Considering the collaboration with our Clients on behalf of whom you submit tickets for resolution, your data may be processed to verify the quality of the support services we provide either internally or by the Clients themselves, to verify the performance of our own staff providing support services, to prove the timely resolution of tickets and to measure the volume of services provided. In this way, we can generate analytics that will usually be aggregated showing how many tickets, what types of tickets, and how quickly they were resolved. We may also receive feedback from you on ticket settlements and use it to evaluate our employees and improve the services we provide.

Legal basis: (i) our legitimate interest to ensure the quality of services provided, to prove quality in our relationship with Customers, to prove the provision of services and their volume to ensure proper settlement by Customers, respectively to improve our services and evaluate the performance of our own employees/support staff within Freshworks.

Duration: your data will be retained for a duration of 3 years from the resolution of the security incident/complaint/submitted complaint or longer, for the duration of official proceedings/investigations/litigation if applicable.

Data source: we receive your data directly when you submit tickets to us, or in certain situations (e.g. requests to measure the number of tickets resolved, type of tickets) we may generate data about your use of the application.

What types of data we use: any of the categories of data in Freshworks or submitted separately mentioned above, appropriate to the type of official procedure/investigation/litigation/audit.

Grounds: our legitimate interests to defend our rights and interests in the context of situations where Softelligence's image and interests would be exposed or affected, i.e. to preserve evidence of our rights and interests as well as our compliance with specific legal obligations (e.g. resolving complaints within the time required by law or data protection, manner of resolution, identification and proof of identification of customers/other applicants before making changes to orders/providing customer account data, etc.). ; the legitimate interests as described above of our Customers; our legal obligations and/or the legal obligations of Customers, such as to comply with requests from public authorities/bodies/other public institutions that have the power to impose certain processing operations on us; the obligation to archive certain documents/information according to the archiving rules or other applicable Marli regulations; the obligation to notify privacy/security incidents to the competent authorities, etc.

How long we keep your data (depending on the specific situation): for the duration imposed by the specific legal provisions; where there are no rules, for the duration of the procedure/audit/investigation/litigation, and for a period of 3 years from its conclusion respectively, taking into account the limitation period applicable to the specific situation; for the duration imposed by the competent authority/institution/body, according to the legal provisions; for the duration requested by you to defend your rights and interests or those of a third person who has a legitimate interest in this regard.

What happens if you do not provide us with the data: in certain situations, refusing to provide us with the data necessary for the fulfillment of this purpose may give rise to your civil liability in relation to Softelligence, the Clients you represent or other persons whose rights/interests may be affected. 

We do not use automated decision-making processes that could have a significant effect on you and we do not transfer data outside the EU for the time being.

As a rule, we only transfer personal data to countries belonging to the European Economic Area (EEA) or to countries that a decision of the European Union Commission has granted an adequate level. 

We may, however, also transfer personal data to states other than the above if:

(a) The transfer is made on the basis of appropriate safeguards (such as, through the use of Standard Contractual Clauses adopted by the competent authority);

b) The transfer is necessary for the performance of the contract concluded with the Customer;

c) Other cases permitted by law.

We store the personal data of Data Subjects for as long as necessary to fulfill the purposes for which it was collected, in compliance with the applicable legal provisions and internal data retention procedures (including the archiving rules applicable at SFTL).

Under the law, Data Subjects have the following rights in relation to the processing of personal data: 

1. Access right: the Data Subjects may obtain from SFTL confirmation that we process their personal data, as well as information on the specifics of the processing such as: purpose, categories of personal data processed, recipients of the data, period for which the data is kept, existence of the right to rectification, erasure or restriction of the processing. This right allows Data Subjects to obtain a copy of the personal data processed free of charge, as well as any additional copies for a fee;
2. Rectification right: Data Subjects may request us to amend incorrect data relating to Data Subjects or, where appropriate, to complete data that is incomplete;
3. Deletion right: Data Subjects may request the deletion of their personal data when: (i) it is no longer necessary for the purposes for which we have collected and process it; (ii) consent to the processing of personal data has been withdrawn and we can no longer process it on other legal grounds; (iii) personal data is processed unlawfully; or (iv) personal data must be deleted in accordance with the relevant legislation;
4. Restriction: Data Subjects may request the restriction of the processing of their personal data if: (i) they dispute the accuracy of the personal data for a period that allows us to verify the accuracy of the data concerned; (ii) the processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests the restriction of its use; (iii) the data is no longer needed by us for processing, but the Data Subject requests it from us for a legal claim; or (iv) if the Data Subject has objected to the processing, for the period of time during which it is verified whether the legitimate rights of SFTL as controller prevail over the rights of the Data Subject.
5. Portability right: Data Subjects may request, in accordance with the law, that we provide them with personal data in a structured, frequently used and machine-readable form. If Data Subjects request us to do so, we may transmit such data to another entity if technically feasible.
6. Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing: Data Subjects have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing if they consider that their rights have been violated:

TO EXERCISE THE RIGHTS MENTIONED WITHIN THE POINTS (a) - (e) ABOVE, THE DATA SUBJECT MAY CONTACT US USING THE CONTACT DETAILS MENTIONED WITHIN SECTION VIII (CONTACT).

For any questions regarding this Privacy Notice, or if Data Subjects wish to enforce their rights as set out above, we may be contacted at the following contact details:

Softelligence SRL

Attn: Responsabilului cu Protecția Datelor (DPO)

Corespondance Adress: 

Str. Gara Herastrau, nr 4 D, cladirea C, et. 2, sector 2, Bucureşti. 

Email: privacy@softelligence.net  

Updated: August 2023