Privacy Policy

 PRIVACY POLICY FOR THE INCTRL WEBSITE AND APPLICATION / PLATFORM

We, the INCTRL team represented by INTELLIGENCE ACT SRL, with its registered office in Bucharest, Sector 1, Str. PICTOR ION NEGULICI, No. 32, 1st Floor, registered with the Bucharest Trade Registry under no. J40/7873/2011, CUI RO28701654 (,,INCTRL” or ,,the Controller“), thank you for visiting our website, platform, or application, and for your interest in the services we offer. When using the platform available at www.inctrl.ai or the mobile application available in the App Store or Google Play Store, it is necessary for us to process certain personal data. Through this policy, we inform you that processing will take place in compliance with the principles of transparency and security of personal data. This Privacy Policy explains how INCTRL processes your personal data, the types of data that will be collected and how they are used during your visits to the INCTRL website, web platform, or mobile application, why they are collected, to whom they are transmitted, and the rights associated with them. 

Thank you for visiting us, and we suggest you read this Privacy Policy carefully. 

1. INTRODUCTORY SECTION

1. The controller of personal data in relation to you

The controller of personal data in relation to the personal data provided by you is INTELLIGENCE ACT SRL, with its registered office in Bucharest, Sector 1, Str. PICTOR ION NEGULICI, No. 32, 1st Floor, registered with the Bucharest Trade Registry under no. J40/7873/2011, CUI RO28701654, as the developer and administrator of the INCTRL platform.

2. Who does this Privacy Policy apply to?

This Privacy Policy applies to all visitors and/or users of our website www.inctrl.ai, where the web platform is available, as well as to users of the INCTRL mobile application, available in the App Store or Google Play Store.

3. Definitions

1. “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
2. “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
3. “controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4. “visitor” means any person who visits our website www.inctrl.ai or who uses the web platform accessible at www.inctrl.ai or the mobile application from the App Store or Google Play Store without creating a user account;
5. “user” means any person who accesses the application/online platform and creates a user account through them, or who uses this platform in any way that involves the transmission of personal data. Users may create, within the same user account:

• a consultant profile – being able to enter into collaborations with the INCTRL platform as individuals, sole traders, or legal entities, in order to provide services through INCTRL to companies registered in the INCTRL application/platform
• a company profile – being able, as legal entities, to enter into collaborations with the INCTRL platform in order to benefit through INCTRL from the services provided by consultants registered in the INCTRL application/platform. 

2. Categories of data we process and methods of collection

1. Automatically collected data

We collect certain information automatically when you browse our website www.inctrl.ai and when you visit or use the platform/application. This information does not reveal your specific identity (such as your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website, and other technical information. This information is primarily necessary to maintain the security and operation of our website, as well as for our internal analytics and reporting purposes.

Like many companies, we also collect information through cookies and similar technologies. For details about our Cookie Policy, please click here.

2. Data collected as a result of being provided directly by you

1. Data you provide to us as a visitor/user with a consultant profile 

If you browse our website, visit or use the online application/platform, request information via email, the contact form displayed on the site, or through the Support section of the application/online platform, INCTRL may receive from you directly the following data: email address, first name, last name, phone number, as well as other information provided when completing the message/information form, IP address, cookies.

If you create a user account with a professional profile, depending on the features you use, INCTRL may receive from you the following data: 

• email address, first name, last name, phone number, profile photo, work schedule 
• CV-type information (e.g.: your previous work experience, current and former employers, employment periods, positions held, descriptions provided in the CV, schools attended, etc.) when completing this data in your profile or by uploading a CV document to the platform via the Upload CV feature. Through this functionality, data may also be stored for the purpose of training the AI document parsing engine.  
• contractual information, including your personal identification number (CNP), in the event of entering into a collaboration agreement with INCTRL (service contract or individual employment contract).
• information related to billing and payment details, in the case of users with a consultant profile operating as a sole trader (PFA) or limited liability company (SRL) (legal entity registration data, invoice number, IBAN account, etc.) 

Data provided within the professional profile is public within the application and can be viewed by other users with company profiles or by unregistered visitors (exceptions include: email address, phone number, billing and payment details.)

The legal basis for processing your data is found in Article 6(1)(a) of the GDPR, meaning data is processed based on your consent at the time of using the platform, or in Article 6(1)(b) of the GDPR, meaning data is processed on the basis of a contractual relationship we may have with users with a professional profile registered on the platform, and the purpose is the performance of the contract.

2. Data you provide to us as a visitor / user with a company profile.

If you visit our website or the online application/platform, subscribe to our newsletter, request information via email, the contact form displayed on the site, or through the Support section of the application/online platform, INCTRL may receive from you the following data: email address, first name, last name, phone number, as well as other information provided when completing the message/information form, IP address, cookies.

If you create a user account with a company profile, we will enter into a service agreement with you or the legal entity you represent, and depending on the features you use, INCTRL may receive from you the following data: 

• first name, last name, email address, phone number, images, company identification information, data about projects and roles registered in the platform 
• first name, last name, email address, phone number of the company’s contact person
• first name, last name, email address of users associated with the company  
• first name, last name, email address, link to, as well as data from the public LinkedIn profiles of current or former employees for profiling purposes, in the event that you use the “Find Alumni” feature (either by uploading the list of persons to the platform or by using the feature to find current or former employees in the public LinkedIn environment based on your company’s LinkedIn profile). In this case, you confirm that you hold prior consent for the use of this data from the data subjects. 
• billing and payment details 

All of this data will be collected and processed as a result of being provided directly by you or indirectly by the legal entity you represent, through the platform, mobile telephony, email, or in person at our registered office.

The legal basis for processing your data is found in Article 6(1)(a) of the GDPR, meaning data is processed based on your consent at the time of using the platform, or in Article 6(1)(b) of the GDPR, meaning data is processed as a result of entering into a contract, and the purpose is the performance of that contract.

3. FORM OF STORAGE OF PERSONAL DATA

• The personal data of visitors to our website and users of the platform/application is stored in electronic format through our internal servers and the company’s platform, where internal access is granted only to members of the IT department who have responsibilities related to the development or maintenance of the website and platform/application.

• The personal data you provide to us as a visitor or user of the website and platform/application will be stored primarily in an electronic environment through the INCTRL internal servers and platform.

4. PURPOSE OF DATA PROCESSING

We use the information we collect from you for the following purposes:

• To carry out the contractual relationships we have established upon acceptance of the terms and conditions of use of the website and platform/application. 
• To send newsletters or new information about updates on the INCTRL platform, to communicate with you, and to resolve any issues or queries related to the services we offer;
• To fulfil the obligations incumbent upon us as a result of the services provided (e.g., accounting obligations, etc.);
• To resolve complaints and claims, and to monitor traffic and improve your experience on the website and platform/application;
• For customer relations services, informing users/clients regarding the evaluation of services offered through the use of the platform available at www.inctrl.ai, or to improve service quality — you may contact us through the Support section of the platform/application or at [email protected]; 
• For any other purpose ancillary to the above, or for any other purpose for which personal data has been provided to us, in compliance with applicable legislation.

Sometimes, personal data is used by INCTRL for a number of secondary purposes (e.g., archiving, internal audit, etc.), which are always compatible with the primary purposes for which the data was collected. In situations where we use your data for purposes other than those mentioned in this Policy, we undertake to obtain your consent, unless we are subject to a legal obligation or have another legal basis for processing the data.

5. TO WHOM WE DISCLOSE YOUR INFORMATION

As a rule, the information you provide to us cannot be disclosed. However, there may be situations in which we are required to do so, such as, for example:

1. If you are a visitor or user of the application/platform — whether with a professional profile or a company profile — some personal data may sometimes be transmitted to our service providers, such as banking/payment services, web hosting, etc. Users with registered and approved company profiles may configure multiple users to administer the account. 

Users with registered and approved company profiles within the platform are controllers of personal data within the meaning of the GDPR. They are individually responsible for the processing of data made available to them by users with professional profiles as a result of the agreed service being performed, or if such data is voluntarily provided to them.

2. Regardless of whether you are a visitor to the website or a user of the platform/application, and regardless of the type of profile, your personal data may be transmitted upon request to public authorities, institutions, and bodies, in accordance with legal, fiscal, labour protection, social security, or any other applicable regulations (e.g., provision of contracts or fiscal invoices at the request of fiscal or judicial authorities).

Furthermore, the company reserves the right to disclose, in good faith, personal data or other information when it deems it necessary to take precautionary measures against liability, to protect ourselves or others from fraudulent, abusive, or illegal use, to investigate and defend against any third-party claims or allegations, to protect the security or integrity of our services and any facilities or equipment used to make the services available, to protect our property rights or other rights, as well as the safety of others, or to enforce contracts.

Regarding the transfer of personal data to other EU or non-EU states, as a rule, INCTRL does not transfer personal data to third countries. However, your personal data may be transferred to third countries on the basis of our contractual relationships with our partners, to the extent necessary for the performance of the contractual relationship with you. In such cases, the company undertakes to ensure that these transfers are carried out in accordance with the applicable legislation on the protection of personal data and data confidentiality.

6. THE PERIOD FOR WHICH YOUR PERSONAL DATA WILL BE STORED

The processing of personal data will cease depending on the type of data we process, as follows:

• Data collected from you as a platform user, in the case of holding a paid subscription or in the event of a contractual arrangement with INCTRL, will be stored for the period necessary for the provision/performance of the service or activity, respectively for a period of 5 years or up to a maximum of 10 years as stipulated in Article 25 of the Accounting Law.
• Your personal data provided through the contact form (Support), at the time of accessing our web page, or by sending an email, will be stored until the completion of the information/service process. In any case, this data will not be stored for more than 2 months from the deletion of the account.
• Data collected from you as a platform user will be stored for a period equal to the duration for which you hold a user account, or until you withdraw your consent, but no longer than 1 year from the communication of such withdrawal.

Furthermore, our company will destroy personal data when it no longer corresponds to the purpose of processing, providing sufficient guarantees regarding the security of this process.

7. YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA

In accordance with the provisions of the GDPR, you have the following rights:

1. The right to information – the right to be informed about the identity of the controller, the purpose for which data is processed, the recipients or categories of recipients of the data, the existence of the rights provided by the GDPR, and the conditions under which those rights may be exercised.
2. The right of access to personal data – the right to obtain from us, upon request and free of charge, confirmation as to whether or not data concerning you is being processed, and the right of access to such data, except where such requests are repetitive or made in evident bad faith;
3. The right to rectification of data – you may request the rectification of inaccurate personal data.
4. The right to erasure of data (“the right to be forgotten”) – erasure of data may occur when the processing was not lawful or in other cases provided for by law (for example, when the data is no longer necessary in relation to the purposes for which it was processed). However, erasure of data cannot take place where processing is carried out on the basis of a legal obligation;
5. The right to restriction of processing – restriction of processing may be requested where you contest the accuracy of the data, as well as in other cases provided for by law;
6. The right to object – the right to object at any time, on legitimate and compelling grounds, to your data being subject to processing, except where there are contrary legal provisions or where the processing is based on our legitimate interest;
7. The right to data portability – you may receive the personal data you have provided to us in a machine-readable format, or you may request that such data be transmitted to another controller.
8. The right to lodge a complaint – you may lodge a complaint regarding the processing of your personal data with the National Supervisory Authority for Personal Data Processing, or you may address the courts of law.
9. The right to withdraw consent – if the legal basis for the processing of data is consent, we inform you that this consent may be withdrawn at any time. The withdrawal of consent will only produce effects for the future, and processing carried out prior to the withdrawal remains valid. However, if processing is mandatory for the provision of services and can be carried out on the basis of other legal provisions, the company will proceed with such processing and will notify the data subjects accordingly.
10. The right not to be subject to automated decision-making or additional profiling related to automated decisions – the right to request and obtain the withdrawal, cancellation, or re-evaluation of any decision that produces legal effects, adopted exclusively on the basis of automated processing of personal data intended to evaluate certain aspects of personality, such as professional competence, creditworthiness, behaviour, or other such aspects, where applicable.

If you wish to exercise the rights mentioned above, please contact us by means of a written, dated, and signed request addressed to the registered office of INTELLIGENCE ACT SRL, located in Bucharest, Sector 1, Str. PICTOR ION NEGULICI, No. 32, 1st Floor, registered with the Bucharest Trade Registry under no. J40/7873/2011, CUI RO28701654. You may also contact us by email at [email protected]. 

Furthermore, our company has also appointed a Data Protection Officer (DPO), who can be contacted at [email protected] to assist data subjects in exercising their rights. 

To the extent that you exercise the rights available to you, our company may request that you prove your identity by providing an identity document or any other information necessary to carry out a prior verification procedure of the requesting person, in accordance with our legal obligations regarding data security and confidentiality.

We undertake to consider any request or complaint received and to respond within a reasonable timeframe so as to comply with the applicable legal provisions. We work with the competent regulatory authorities, including national data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve directly with our users.

In addition, below we present the response timeframes for requests concerning the aforementioned rights:

8. SECURITY OF PERSONAL DATA

To protect the data we process, both during transmission to us and subsequently, we adhere to the highest standards.

Accordingly, we have adopted technical security policies and procedures to protect personal data against loss, unauthorised use, destruction, alteration, unauthorised modification, disclosure or unauthorised access, and any other form of unlawful processing of personal data in our possession.

To guarantee this security, we outline, in general terms, the following security measures:

• Access to personal data is limited and authorised only to persons who have the legal right to use it, and they are obliged to ensure data confidentiality. For example, access to platform user data will be granted only to members of the IT department who have responsibilities related to the development or maintenance of the platform. Access to personal data by other departments will only occur in the performance of job duties or where required by law.
• Access to the electronic servers used by our company is secured by passwords and other access and authentication controls.
• Data held for one client will be kept separate from data held for another client.
• No employee or person who comes into contact with personal data or documents containing such data has the ability to disclose this data to third parties.

9. MINIMUM SECURITY MEASURES TO BE APPLIED BY ALL INCTRL / INTELLIGENCE ACT SRL EMPLOYEES

• Use of a password with a high level of protection (consisting of numbers, letters, and symbols)
• Prohibition on disclosing passwords to other persons, and prohibition on using an account assigned for professional use by more than one person.
• Prohibition on saving passwords in either physical or electronic format
• Any computer, laptop, or device left unattended must be disconnected from the network, locked, or shut down.
• When the computer is not in use, no information such as login usernames or passwords should appear on the screen.
• Prohibition on accessing areas for which authorisation has not been granted.
• Verification of the physical security of data through locking and padlocking; verification of the security of electronically stored data by keeping the computer supervised and using a password in accordance with this Policy.
• Informing our IT collaborators of any changes to roles and access requirements.
• Changing all passwords every 3 months.
• Databases are held on secured computers, accessible only to members of the relevant department.

Failure to comply with these requirements may lead INCTRL to take disciplinary action against those responsible.

Nevertheless, no method of electronic or physical transmission or storage is 100% secure. If you believe that your personal data has been compromised, please contact us in writing at our registered office address mentioned above. You may also contact us by email at [email protected]  

If we become aware of a security breach, we will notify both you and the relevant authorities of the occurrence of the breach in accordance with applicable legislation, within a maximum of 72 hours, within which we will communicate the relevant information related to the security incident.

10. SECURITY BREACHES

As our company’s policy is to act fairly and to respect the principle of proportionality when considering the actions we must take to inform persons affected by a security incident that is likely to result in a risk to the rights and freedoms of individuals, in the event of a breach we will notify both the Supervisory Authority and the data subject or subjects about such a breach.

11. WHEN DOES THIS PRIVACY POLICY APPLY

Our Privacy Policy applies to all services offered by our company.

12. Changes

Our Privacy Policy may change from time to time, however we undertake not to reduce the rights you hold under this Policy without your explicit consent.

We will publish any changes to the Privacy Policy in visible locations so that updates can be easily identified and their content reviewed. We will also keep previous versions of this Privacy Policy in our electronic archive, which may be requested at any time by submitting a request to that effect.

This Privacy Policy enters into force on 28.03.2023.

.