Privacy policy

1.INTRODUCTION

In accordance with articles 13 and 14 of the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”, this Privacy Policy aims to explain in a simple and transparent way what type of personal data we collect about you and how we process it.

2.WHO ARE WE?

The Data Controller is RESTART ENERGY DEMOCRACY S.R.L. (hereinafter referred to as “RED” or ”we”), a limited liability company, registered in Romania, having registration number J35/36/2018, fiscal code 38670652, with its registered office in Timisoara, 11 Gheorghe Doja Street, Timis county, phone +40356414175, e-mail: [email protected].

This privacy policy is addressed to the individuals outside RED who come into contact with us, including through the website, by becoming a user of the RED Platform, by purchasing and using our products/ services and through commercial communications. These interactions can be achieved by visitors, customers, business customers, suppliers/ manufacturers, business partners and other people with whom we interact in the course of our
activities, hereinafter collectively referred to as ‘data subjects” or ”you”.

Read this policy carefully to understand our data practices and how we treat them. If you have any questions, you can contact our data privacy representative through the communication channels below: RESTART ENERGY DEMOCRACY S.R.L, e-mail address: [email protected], phone +40356414175, contact section on website: www.redplatform.com.

3.DEFINITIONS

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purpose of this Privacy Policy, the Controller is RED.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.PRINCIPLES

The processing of personal data will be done in a legal, fairly and transparent manner;

Collection of personal data will only be done for specified, explicit and legitimate purposes, and data will not be further processed in a manner incompatible with those purposes;

The processing of personal data will be appropriate, relevant and limited to what is necessary for the purposes for which they are processed;

Personal data will be accurate and, where necessary, updated;

All necessary steps shall be taken to ensure that incorrect data is erased or corrected without delay;

Personal data will be stored for a period no longer than is necessary for the purposes for which they are processed, except for specific cases, as detailed
in Section 9 below;

Personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful
processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

5.TYPE OF PERSONAL DATA PROCESSED

We may process the following types of personal data:

6.PURPOSES OF PROCESSING

Our primary goal in collecting personal information is to provide you with a safe, efficient and personalized experience. We use personal information to
create, develop, operate, deliver and improve our services.

Also, RED considers the following purposes for which your data is processed:

The provision of services to which RED is contractually bound by way of the various Terms and Conditions available on this website, without being limited
to:

Other purposes of processing include:

To better understand our users and how they use and interact with RED’s website and services.

To provide a personalized experience and to implement the preferences you ask for.

To customize, measure and improve RED services and the content and layout of our website.

To increase security, prevent fraud, monitor and verify access, combat spam or other malware or security risks.

Based on your communication preferences, to send you promotional content and marketing communications; we can give you promotional offers based on your
communication preferences. You can always give up our marketing communications by withdrawing your consent.

To engage in marketing and promotional activities, as well as in market research and statistics.

To interact with you on third party social networks (subject to the terms of use of that network).

To communicate with you about our events.

To prevent and investigate potentially forbidden or illegal activities and / or violations of the Terms and Conditions applicable to you.

To resolve disputes, collect taxes, collect outstanding amounts from you and troubleshoot technical issues.

To ensure the administrative management of contracts, including financial and accounting aspects, billing and recovery of receivables.

To ensure RED’s legal protection.

To operate and manage our websites and the interactions through such websites.

To perform live testing of our systems on an exceptional basis, to resolve issues internally as soon as possible to enable us to deliver high standards of
service.

To manage our IT infrastructure.

To investigate any complaints and to provide customer service.

To comply with legal and regulatory requirements.

To ensure future development or reorganization operations, including via mergers with other companies or acquisitions of companies or parts of companies;

To comply with group relation policies and procedures.

7.LEGAL BASIS FOR PROCESSING

The legal basis for processing your personal information will depend on the purposes for which we process your information.

Mainly, we will process your personal information based on the legal basis of performing the contract we have with you, as long as you accepted the specific Terms and Conditions applicable to you, available on this website or other contractual agreements we may have in place. In this situation, the provision of personal data is a contractual requirement or a requirement necessary to enter into a contract. If you do not wish to provide the requested personal information, RED may not be able to offer you part or all of functionalities and services.

It is also possible to process personal information to comply with legal obligations, in areas such as fiscal, accounting, archiving etc.

Additionally, in some situations, we have a legitimate interest in processing your personal data, such as:

If you have given your consent for direct marketing through electronic means or you have a subscription to our newsletter, we will use the relevant personal
information to provide you with commercial communications about products, news, events and services that may be of interest to you. To this end, we may
periodically send you marketing materials via mail, e-mail, phone, SMS or other electronic means.

8.PROFILING

When we send or display communications or personalized content, we can use certain techniques as “profiling” (i.e. by legal definition, this any form of automatic processing of personal data that involves the use of such data to evaluate certain personal aspects relating to an individual, in particular to analyze or introduce aspects relating to the preferences, interests, economic situation, behavior, location, health, financial situation or personal movements of that individual).

This means that we can collect personal information about you in different situations (newsletters, advertisers’ retransmission of visitors who visited the RED site, grouping the website of those entering the RED website and using this information in marketing purposes). We centralize this data and analyze it to evaluate and anticipate your personal preferences and/or interests. Based on our analysis, we send communications and/or content tailored to your interests/needs.

You have the right to object to the processing of personal data for profiling activities conducted by RED, under certain circumstances. If you wish to do so, please contact us at the contact detail provided in Section ‎2 herein.

Please note that the profiling activities conducted by RED are not solely based on automated processing and involve a human intervention. We will inform you of implementation of profiling or a decision-making system producing legal effects concerning you or similarly significantly affecting you, based solely on automated processing (i.e. without human intervention), if this will be the case in the future.

9.CATEGORIES OF RECIPIENTS OF PERSONAL DATA

It is possible to share the required part of your personal data only to the extent that it is only necessary for the following third-party categories:

If you are a user of RED Platform, we will also disclose your personal data to the other users of the RED Platform, to the extent necessary to execute the
specific Terms and Conditions you are a part of and to ensure that all specific functionalities for your role on the RED Platform are available and functional.

We will also disclose your personal information to third parties:

10.STORAGE OF PERSONAL DATA

RED takes all necessary steps to ensure that your personal data is processed only for the minimum period required for the purposes set forth in this Privacy Policy. The criteria for determining how long your personal data is stored are:

(a) RED will keep copies of your personal data in a form that permits identification only as long as:

(b) In addition, if relevant legal actions are being formulated, we may continue processing your personal data for such additional time in relation to that
claim / action. Nonetheless, RED will keep the data for the period of time while legal liability could be triggered at the initiative of or against RED.

After the end of the periods in (a), (b) above, each to the extent applicable, we will (i) erase or definitively destroy the relevant personal data, or (ii) we will anonymize the relevant personal data.

Your personal data will be retained after the period referred to in (a) and (b) above only if it is ordered by applicable law and only for the period of time provided for by the law , the basis being the legal obligation.

11.MINORS

We do not request and do not knowingly collect personal data from children under the age of 18. If we find that we have unintentionally collected personal data from a child under the age of 18, we will promptly delete the child’s personal data from our records.

Persons who have not reached the age of 18 are not allowed to request services or any communications on the RED website / platform.

If a person submitting personal information is suspected of being less than 18 years old, RED will close their account and will not allow the user to continue their activities on the RED platform.

Also, any person who provides us with personal data through the website or other applications or devices covered by this Privacy Policy guarantees that they are an adult and are in fully capable under civil law.

12.DATA SUBJECT’S RIGHTS

Any person whose personal data is processed by RED has the rights set forth in GDPR, within the limits therein.

The right of access (the data subject has the right to obtain from RED a confirmation that personal
data concerning him / her are processed or not, and, if so, he / she has the right to access the data).

This right may be limited or refused because it does not have to adversely affect the rights and freedoms of others.

The right to rectification(the data subject has the right to obtain, without undue delay, the rectification of inaccurate personal
data concerning him / her). Taking into account the purposes for which the data were processed, it is entitled to obtain the completion of personal data
that is incomplete, including by providing an additional statement.

The right to erase data in situations where (1) the data are no longer necessary for the fulfillment of the purposes which they were collected or otherwise processed, (2) the consent has been withdrawn and there are no other legal basis for the processing, (3) the person objects to the
processing and there are no legitimate reasons (4) personal data have been processed unlawfully, (5) the personal data have to be erased for compliance with a legal obligation to which the controller is subject; (6) the personal data have been collected in relation to the offer of information society services.

This right may be limited or refused, the reason for the refusal or limitation being communicated to the person concerned.

The right to restriction of processing-the data subject has the right to restrict the processing in the following situations:

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects
concerning him or her or similarly significantly affects him or her. This right is not applicable if the decision:

The right to object to data processing does not apply in cases where data processing is based on a legitimate interest or on a basis consisting of a need to process for the performance of a task that serves a public interest.

The right to object does not apply either in cases where RED demonstrates that it has legitimate and imperative reasons that justify the processing and
override the interests, rights and freedoms of the data subject, or that the purpose consists of the establishment, exercise or defense of legal claims.

Right to data portability– the data subject has the right to receive the personal data concerning him/her which have been provided in a structured, commonly used and readable form and has the right to request RED to transmit this data to another operator, without obstacles from RED, if the
following conditions are met cumulatively:

The right to file a complaint with RED– the data subject may file a complaint if he / she is unhappy with the processing of his or her personal data or with the way of responding to its request.

The right to file a complaint with the relevant Supervisory Authority– the data subject has the right to file a complaint with the relevant
Supervisory Authority if he/she is dissatisfied with the processing of his/her personal data.

For Romania : National Authority for the Supervision of Personal Data Processing, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336,
Bucharest, Romania, Fax: +40.318.059.602, Email:[email protected].

The right to address the relevant court– the data subject has the right to address the relevant courts if he/she is
unhappy with the processing of his or her personal data.

The right to withdraw one’s consent – consent withdrawal does not affect the legality of a processing operation performed based on
such consent before it was withdrawn or of a processing operation performed on another basis (i.e. the legitimate interest).

13.COOKIES AND OTHER SIMILAR TECHNOLOGIES

See our Cookies Policy here to learn how to manage your cookie settings and detailed
information about the cookies we use and the purposes we use them for.

14.PERSONAL DATA TRANSFER TO THIRD COUNTRIES

Keeping and processing your personal data as described above may require the transfer of your personal data and / or storage to a destination outside your country of residence to countries within the European Union („EU”) or the European Economic Area („EEA”) (such as, for example, service providers).

Before doing so, we will take the necessary steps to ensure that your personal data will benefit from adequate protection, in accordance with the relevant privacy laws and internal policies of RED.

Your data may be transferred outside the EEA / EU, mainly due to the location of our subcontractors. In order to provide you with a quality service, we have decided to outsource certain operations to specialized service providers who have a relevant experience in their areas (for example: IT hosting). Some of these providers are established outside the EEA / EU, for example in the United States (”US”).

RED implements appropriate security and compliance measures, as the case may be, to ensure that your personal data are duly protected and that your rights
are respected, such as: ensuring an adequacy decision is in place for that country or signing standard contractual clauses. Moreover, recipients of your personal data are obliged to ensure confidentiality in a legally binding manner. For more information about these measures and your rights, please contact
us at the contact coordinates in Section ‎2 above.

In limited situations, your personal data may also be stored and processed in countries outside the EU / EEA for one of the following reasons, in accordance with article 49 of GDPR: (i) you have expressed your consent to the transfer of data; (ii) the transfer is necessary for the execution of a contract between
you and the controller; (iii) the transfer is necessary to conclude a contract or to execute a contract in your interest; (iv) the transfer is important on public interest grounds; (v) the transfer is necessary for the establishment, exercise or defense of a court law; (vi) the transfer is necessary to protect
your vital interests or other persons when you are physically or legally incapable to express your consent; (vii) the transfer is made from a register that aims to provide information to the public.

15.MISCELLANEOUS

It is important for you to play a role in maintaining the security of your personal data. When logging in to an online account, please make sure you choose an account password that will be difficult to guess by others, and you will not pass your password to any other person. You are responsible for maintaining
the confidentiality of this password and for any use of your account. If you are using a multi-user or a public computer, never choose the option to store the login / e-mail address or password. Please log out of your account every time you leave your computer.

Our site may contain links from time to time, to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible and cannot be held responsible for these
policies. Please check these policies before submitting personal data to these websites.

We also can offer you the ability to connect through social networking sites. If you do so, please be aware that you will share your profile information according to the settings of your social media platform. Go to the relevant social platform and review its privacy policy to understand how your personal data is shared and used in this context.

16.CHANGES TO THIS POLICY

If we make changes to the way we handle your personal information, we will update this Privacy Policy. We reserve the right to make changes to our practices and policies at any time. Please check our site regularly to see any updates or changes to our Privacy Policy.