Privacy Policy

Last updated: November 17, 2024

1. Introduction

TDACRM Solutions SRL ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our ROSMS application ("Service") integrated with Bitrix24.

This policy complies with the General Data Protection Regulation (GDPR - Regulation EU 2016/679) and other applicable data protection laws in Romania and the European Union.

2. Data Controller Information

TDACRM Solutions SRL
CUI: RO45930062
Reg. Com.: J2022006628406
Str. Ion Câmpineanu nr. 23, Sector 1, București, România

Contact email: rosms@tdacrm.ro
DPO (Data Protection Officer): Available upon request

3. Information We Collect

3.1. Information You Provide

  • Account Information: Name, email address, company name, Bitrix24 portal URL
  • Billing Information: Company fiscal data (CUI/CIF, company name, billing address)
  • Contact Information: Phone numbers, email addresses when you contact our support

3.2. Information Automatically Collected

  • Usage Data: Number of SMS sent, delivery status, dates and times of use
  • Technical Data: IP address, browser type, operating system, Bitrix24 version
  • SMS Content: Message content and recipient phone numbers (processed, not stored long-term)
  • Integration Data: OAuth tokens for Bitrix24 authentication (encrypted)

3.3. Information from Third Parties

  • Bitrix24: User profile data, CRM contact information necessary for integration
  • Payment Processors: Payment confirmation and transaction data
  • SMS Providers: Delivery status and technical information about sent messages

4. How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: To enable SMS sending functionality through Bitrix24
  • Authentication: To verify your identity and maintain secure access
  • Billing: To process payments and generate invoices
  • Support: To respond to your inquiries and provide technical assistance
  • Service Improvement: To analyze usage patterns and enhance our service
  • Legal Compliance: To comply with legal obligations and prevent fraud
  • Communication: To send service updates, security alerts, and promotional content (with consent)

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with accounting, tax, and other legal requirements
  • Consent: For marketing communications and optional features (withdrawable at any time)

6. Data Sharing and Disclosure

We may share your information with:

  • SMS Service Providers: Romanian SMS providers (NetGSM, Twilio) to deliver your messages
  • Payment Processors: Stripe, PayPal for secure payment processing
  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting
  • Analytics Services: Microsoft Clarity for anonymized usage analytics
  • Legal Authorities: When required by law or to protect our rights

We ensure all third parties comply with GDPR through Data Processing Agreements (DPAs).

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. We ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • EU-US Data Privacy Framework certification (where applicable)

8. Data Retention

We retain your personal data only as long as necessary:

  • Account Data: Duration of your subscription plus 30 days after termination
  • SMS Logs: 90 days for delivery tracking and troubleshooting
  • Billing Records: 10 years as required by Romanian accounting law
  • Support Communications: 3 years for quality assurance
  • Marketing Consent: Until consent is withdrawn

9. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Obtain a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
  • Right to Lodge a Complaint: File a complaint with the Romanian Data Protection Authority (ANSPDCP)

To exercise these rights, contact us at: rosms@tdacrm.ro

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: TLS/SSL encryption for data in transit, AES-256 for data at rest
  • Access Controls: Multi-factor authentication and role-based access
  • Regular Audits: Security assessments and vulnerability testing
  • Data Minimization: We collect only necessary data
  • Staff Training: Regular data protection training for our team
  • Incident Response: Documented breach notification procedures (within 72 hours as required by GDPR)

11. Cookies and Tracking Technologies

Our website and service use cookies and similar technologies:

  • Essential Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Microsoft Clarity for usage statistics (anonymized)
  • Third-Party Cookies: Cloudflare Turnstile for spam protection

You can manage cookie preferences through your browser settings or our cookie consent banner.

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or through a prominent notice in the Service at least 30 days before taking effect. Continued use after changes constitutes acceptance of the updated policy.

14. Supervisory Authority

If you have concerns about our data processing practices, you may contact the Romanian Data Protection Authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, România
Phone: +40.318.059.211 / +40.318.059.212
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro

15. Contact Us

For questions, concerns, or to exercise your data protection rights, please contact us:

TDACRM Solutions SRL
Email: rosms@tdacrm.ro
General Contact: rosms@tdacrm.ro
Address: Str. Ion Câmpineanu nr. 23, Sector 1, București, România

We will respond to your request within 30 days as required by GDPR.

This Privacy Policy is effective as of November 17, 2024, and applies to all users of the ROSMS Service.