Alexiana Group – Privacy Statement
We respect your privacy and are committed to protecting your personal data. This privacy statement will inform you about how we manage your personal data, your privacy rights, and how the law protects you. Please carefully read this privacy statement before using our Services.
In this privacy statement:
Services mean any products, services, content, features, technologies, or functions, and all corresponding web pages, applications, and related services that we offer.
Platform means the web pages, mobile applications, mobile web pages, or other online properties through which we provide our Services.
- Who are we?
Alexiana Group is a data controller with its registered office at Cacica Jud. Suceava, Romania, responsible for your personal data. Alexiana Group is the parent company of the legal entities within the Alexiana Group, which deliver services to you in accordance with the Terms and Conditions of Use (collectively referred to as “Alexiana Group,” “we,” “us,” or “our” in this privacy statement). The legal entities within the Alexiana Group are also considered data controllers for the local services they provide. Our contact details are provided in section 13.
- What data do we collect about you?
- 2.1.1 Data provided through direct interactions Registration and other account information
When you register to use our Services, we may collect the following information about you:
if you register using your Google account: first name, last name, and email address; if you register using your Facebook account: first name and last name as they appear on your Facebook account, and your Facebook ID. If you have provided permission to Facebook through their privacy option within their application (which appears before you can register on our platform), we may also collect information such as gender, age, or email based on the permissions you grant; and if you register using your mobile phone number: we will collect your mobile phone number. Depending on the choices you make during authentication to our Services or during the engagement process with our Services, you may also opt to provide the following additional personal data:
When you use the chat function to communicate with other users, we collect the information you choose to provide to other users through this function.
2.1.2 Data we automatically collect when you use our Services
When you interact with our Platform or use our Services, we automatically collect the following information about you:
We collect device-specific information, such as the operating system version, unique identifiers, and, for example, the name of the mobile network you use. We associate device identifiers with your account. Location Information
Depending on your device permissions, if you post an article on our Platform, we automatically collect and process information about your current location. We use various technologies to determine location, including IP address, GPS, Wi-Fi access points, and mobile towers. Your location data allows you to see user articles near you and helps you post articles from your location. Client and Authentication Data
Technical details, including the Internet Protocol (IP) address of your device, time zone, and operating system. We will also retain your authentication information (registration data, date of the last password change, date of the last successful login), your browser type, and version. Clickstream Data
We collect information about your activity on our Platform, which includes the web pages from which you accessed our Platform, the date and time of each visit, the advertisements or content you clicked on, your interaction with these types of advertisements, the duration of your visit, and the order in which you access the content on our Platform. Cookies
2.1.3 Data from third parties or publicly available sources.
We receive personal data about you from various third parties [and public sources], as follows:
Certain technical and usage information from analytics providers, such as Google, MixPanel, Cxsense; IP address, geolocation, browsing history from advertising networks such as Google, Criteo, OpenX, SATI, Cxsense;
- Do we collect data from children?
- Our Services are not intended for children under 16 years of age, and we do not knowingly collect data from individuals under 16 years of age. If we discover that a person under 16 years of age has provided us with personal data, we will delete it immediately.
- Why do we process your personal information?
- We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you. Where it is necessary for our legitimate interests (or those of a third party) to improve our Services and provide you with a secure and safe Platform. Where we need to comply with a legal or regulatory obligation. In certain circumstances, we may process your personal data with your consent. If we do so, we will inform you of the purpose and category of personal data to be processed when we seek your consent.
We have outlined below how we use your personal data [and the legal bases we rely on to do so. We have also identified our legitimate interests where applicable].
4.1 To grant access and provide the Services through our Platform
i. If you log in using your mobile phone number or email ID, we will use your first name, last name, mobile phone number, and/or email address to identify you as a user and provide you access to our Platform.
ii. If you log in using your Facebook account, we use your first and last name from your Facebook profile and your Facebook email address to identify you as a user on our platform and provide you access to our platform.
iv. We use your email address and mobile phone number (via SMS) to provide you with suggestions and recommendations about our Services that may interest you.
We process the above information for the proper performance of our contract with you and based on our legitimate interest in conducting marketing activities to offer you Services that may be of interest to you.
4.2 To enhance your experience on the Platform i. We use clickstream data to
provide you with personalized content, such as offering you more relevant search results when using our Services. determine how long you stay on our Platform and how you navigate through our platform to understand your interests and improve our Services based on this data. For example, we can provide content suggestions based on the content you clicked on. monitor and report the effectiveness of campaign delivery by our business partners and perform internal business analysis. prevent showing too many of the same advertisements to the same user or accelerate ad delivery. ii. We use your location data for the following purposes:
to compile anonymous and aggregated information about the features and behavior of Alexiana Group users, including for business analysis, segmentation, and development of anonymous profiles. to improve the performance of our Services and personalize the content we target to you. For example, using location data, we display ads that are near you to enhance your shopping experience. to measure and monitor your interaction with third-party advertisements placed on our Platform. iii. Using your registration data on the site, which includes your email and phone number, we determine the different devices (such as personal computers, mobile phones, tablets) through which you access our platform. This allows us to associate your activity on our platform across different devices and helps us provide you a consistent experience regardless of the device you use.
We process the above information based on our legitimate interest in enhancing your experience on our Platform and properly fulfilling our contract with you.
4.3 To provide you with a secure and safe Platform
i. We use your mobile phone number, log data, and unique device identifiers to administer and protect our Platform (including troubleshooting, data analysis, testing, fraud prevention, system maintenance, support, reporting, and data hosting).
ii. We analyze communications made through our chat function to prevent fraud and promote safety by blocking spam messages or abusive messages that may be sent from any other user to you.
We process the above information for the proper performance of our contract with you, to improve our services, and based on our legitimate interest in preventing fraud.
- How will we inform you of changes to our privacy statement?
- We may make changes to this privacy statement from time to time. We will post modifications on this page and will notify you by email or through our Platform. If you do not agree with the changes, you can close your account by accessing your account settings and selecting account deletion.
- Your Rights
Under certain circumstances, you have rights under data protection laws regarding your personal data.
If you wish to exercise any of the rights below, please go to your account/privacy settings or contact us using the provided contact information.
The right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
The right to request correction of any data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.
The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
The right to request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (as outlined below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons. See Section 10.
The right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
The right to request the transfer of your personal data to yourself or to a third party. We will provide you or the chosen third party with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information for which you initially gave your consent to use, or in cases where we used the information to enter into a contract with you.
The right to withdraw your consent for the processing of your personal data at any time. This does not affect the legality of any processing we have already carried out based on your prior consent.
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you updated.
Additionally, you have the right to lodge a complaint at any time with the data protection authority responsible. You can find the contact details in Section 13.
However, before lodging a complaint with the data protection authority, we appreciate the opportunity to address your issues first. In this regard, please contact the Data Protection Officer using the Contact Form.
- Communication and Marketing
We will communicate with you via email, SMS, or app notifications regarding our Services/Platform to confirm your registration, inform you when ad listings are live/expired, and for other transactional messages related to our Services. As it is imperative for us to provide such transactional messages, you may not be able to opt out of these messages.
However, you can request us to stop sending your marketing communications at any time by accessing the unsubscribe link in the email or SMS sent, or by modifying the communication settings in your account. If you encounter difficulties in changing these settings, please contact us using the Contact Form.
You may receive marketing communications from us if:
- You have requested such information from us.
- You use our Platform or services.
- You provided your details when entering a competition.
- You registered for a promotion.
- Sharing Your Data
We may share your personal data with the parties presented below for the purposes outlined in Section 4 above.
Affiliated companies – We may share your data with other companies within the Alexiana Group both within and outside the European Economic Area (EEA), which assist us in providing operational services such as product improvements, customer support, and fraud detection. Any sharing of personal data with Alexiana Group firms located outside the EEA will always be subject to the protective measures described in Section 9 or a data transfer agreement that clearly defines the parties’ obligations and ensures technical and organizational measures to protect your data.
Third-party service providers: We use third-party service providers to help us deliver certain aspects of our Services, such as cloud storage services like Amazon Web Services and Microsoft Azure. Service providers may be located within or outside the “EEA”.
We conduct checks on third-party service providers and require them to adhere to the security of your personal data and treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Law enforcement, regulatory authorities, and others: We may disclose your personal data to law enforcement authorities, regulatory authorities, governmental or public bodies, and other interested parties that comply with legal or regulatory requirements.
We may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change occurs in our company, the new owners may use your personal data in the same way as described in this privacy statement.
Publicly available information: When you post a listing for sale using our Services, you may choose to make certain personal information visible to other Alexiana Group users. This may include your name, first name, email address, location, and contact number. Note that all information you provide to other users can always be distributed by them to other individuals, so please exercise discretion in this regard.
- International Transfers
Whenever we transfer your personal data out of the EEA, we ensure a similar level of protection is afforded by ensuring the implementation of at least one of the following protective measures:
- We will transfer personal data only to countries that the European Commission has deemed to offer an adequate level of personal data protection. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- In cases where we use certain service providers, we may use specific contracts approved by the European Commission that provide personal data with the same protection it has in Europe. For more details, see European Commission: Model contracts for the transfer of personal data to third countries.
- In the case of using service providers based in the US, we may transfer data to them if they are part of the Privacy Shield framework, which requires them to provide similar protection for personal data shared between Europe and the US. For more details, see European Commission: EU-US Privacy Shield.
You can obtain a copy of the relevant and implemented protective measures by contacting us using the Contact Form.
- Where We Store Your Data and How Long We Keep It
The data we collect about you will be stored and processed both within and outside the EEA in secure servers to provide the best possible user experience. For example, for the rapid construction of web pages or mobile applications.
We will retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the value, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means and applicable legal requirements.
If you have any questions about the retention period of your data, please contact us using the Contact Form.
- Technical and Organizational Measures and Processing Security
All information we receive about you is stored on secure servers, and we have implemented appropriate and necessary technical and organizational measures to protect your personal data. Alexiana Group continuously evaluates the network security and adequacy of its internal information security program, which is intended to: (a) help secure your data against accidental or unlawful loss, access, or disclosure; (b) identify reasonably foreseeable risks to the security of the Alexiana Group; (c) minimize security risks, including through risk assessment and periodic testing. Additionally, we ensure that all payment data is encrypted using SSL technology.
Please note that despite the measures we have implemented to protect your data, data transmission over the Internet or other open networks is never completely secure, and there is a risk that your personal data may be accessed by unauthorized third parties.
- Third-Party Website References
- Contact Details
For any additional information or to exercise your rights, please check your account settings or contact our Data Protection Officer using the [Contact Form] or through the Support section of our Platform. You can also contact the Data Controller for local services:
National Authority for Personal Data Processing
President: Ms. Ancuța Gianina Opre
Address: 28-30 Magheru Blvd, Sector 1, BUCHAREST
Contact Person: Ms. Ancuța Gianina OPRE, President of the National Authority for Personal Data Processing
Alternative Contact Person: Ms. Alina SAVOIU, Head of the Legal and Communication Department
For local data protection issues, the local authority can be contacted in the Romanian language.