Svennis Partner Zoho Europe LogoSvennis

Privacy Policy

Introduction

SVENNIS CLOUD SOLUTIONS S.R.L. (hereinafter referred to as "Svennis" or "the Company"), CUI 29108532, headquartered in Satu Mare, Str. Careiului nr. 220/E, Satu Mare County, respects the confidentiality of your personal data. This Privacy Policy explains what data we collect through the svennis.eu website and how we process it, in accordance with applicable Romanian and European legislation, including Regulation (EU) 2016/679 on the protection of personal data ("GDPR"). By using this website, you agree to the practices described in this policy.

Personal data we collect

When you visit our website or contact us through the available forms, we may collect the following personal data:

  • First and Last Name – when you fill out the contact form, we ask for your first and last name in order to identify you and address you appropriately.
  • Email address – necessary to contact you and respond to your requests.
  • IP Address – the IP address from which you access the site may be collected automatically (for example, when you submit the contact form or through server logs) for security and statistical purposes (e.g., abuse prevention, detection of potential technical issues or cyber attacks).
  • Other voluntarily provided information – any other personal data you voluntarily provide in messages sent through forms (for example, phone number, the name of the company you represent, details about your request, etc.). We encourage you to send us only the data strictly necessary to resolve your request.

Note: The svennis.eu website does not create user accounts and does not collect financial or payment data, as there is no online payment system on this site. We also do not intentionally request or process sensitive data (such as data regarding racial or ethnic origin, political or religious beliefs, genetic or biometric data, etc.) or data of minors under 16 years of age. If a minor does provide us with personal data, we will delete that data as soon as we become aware of this fact.

Purposes of data collection and legal basis

Your personal data is collected and used only for determined, explicit, and legitimate purposes, such as:

  • To respond to your requests: The information you provide us (name, email, message) is used to contact you and provide answers to your questions or requests submitted through the contact form. The legal basis for processing is your consent (Art. 6(1)(a) GDPR), expressed through the action of voluntarily sending us your data. Additionally, insofar as you request information about our services or initiate discussions prior to entering into a contract, the basis may also be the performance of steps at the request of the data subject before entering into a contract (Art. 6(1)(b) GDPR).
  • For subsequent communication and customer relations: If you become our customer or express interest in our services, we may use your contact data to continue communication for the purpose of providing requested services, technical assistance, sending offers, or information related to our collaboration. This processing is based either on the performance of a contract/pre-contractual steps (Art. 6(1)(b) GDPR) or on our legitimate interest to conduct our commercial activity and maintain customer relationships (Art. 6(1)(f) GDPR).
  • For website security and fraud prevention: The IP address and other technical data may be used to ensure the IT security of the website and our systems (for example, monitoring unauthorized access, preventing cyber attacks, combating form spam). This type of processing is based on the Company's legitimate interest in protecting its infrastructure and information (Art. 6(1)(f) GDPR).
  • For compliance with legal obligations: In certain situations, we may be required to process and retain certain personal data to comply with our legal obligations (for example, accounting and tax records, reporting suspicious activities to authorities, complying with legal requests for data disclosure). In these cases, the legal basis is the fulfillment of a legal obligation (Art. 6(1)(c) GDPR).

Svennis does not use the collected data for purposes incompatible with those listed above. If, exceptionally, the need arises to use data for a different purpose (for example, direct marketing), we will ensure that we obtain your explicit prior consent or that there is another adequate legal basis, in accordance with the law. At present, we do not send unsolicited newsletters or marketing communications to website visitors, unless they explicitly request such information.

Disclosure of data to third parties

The confidentiality of your data is important to us. We do not sell, rent, or disclose personal data collected through the website to third parties, except in the following limited situations and with appropriate safeguards:

  • Our Zoho partner: Svennis is a Zoho reseller and partner, so in certain situations your data may be processed using Zoho platforms. For example, if you schedule a free demonstration or fill out a form that is part of Zoho services (such as Zoho Bookings or other integrated forms), the information provided will be stored on Zoho servers. We may also store potential customers' contact data in our CRM system provided by Zoho Corporation. In these cases, Zoho acts as a data processor on our behalf. We ensure that Zoho Corporation complies with GDPR requirements – Zoho has data centers in the European Union and has implemented Standard Contractual Clauses for data transfers, guaranteeing an adequate level of protection.
  • IT service and hosting providers: We may transmit some personal data to third-party providers who assist us in running the website, such as the company that hosts the website (web hosting) or the email service provider. These providers act either as processors on our behalf (processing data only on our behalf and according to our instructions, without the right to use them for their own purposes) or as joint controllers (for example, if they use data for purposes strictly necessary to provide their service, such as server storage). In all cases, we select trusted partners who also ensure data protection in accordance with GDPR and with whom we have confidentiality and data processing agreements.
  • Public authorities or other entities, as required by law: In the event that a public authority (for example, the police, courts, data protection authority) requests the provision of personal data, or if we are required by law to disclose certain information, we will comply only with those requests that are legally compliant. We will ensure that any disclosure is made with a valid legal basis and, if permitted, we will inform you about it.

Apart from the situations described above, we will not share your data with other third parties. In particular, we will not use data for advertising purposes through third parties without your consent. If, however, in the future the need arises to involve other partners, we will update our Privacy Policy and inform you in advance.

Data retention period

Svennis will store your personal data only for the period necessary to fulfill the purposes for which they were collected. The retention period depends on the nature of the data and the purpose of processing, as follows:

  • Data submitted through the contact form: Name, email address, message, and any other voluntarily submitted information will be kept for the duration necessary to resolve the request and communicate with you. After the request has been completed (for example, we have provided the requested information or the requested meeting/demonstration has taken place), we will retain this data for a limited period, in case we need to follow up with clarifications or additional offers. In general, if you do not become our customer and there are no further interactions, we will delete or anonymize the contact data after 12 months from the last communication, so as not to store it longer than necessary. Of course, you can request the deletion of your data sooner at any time, and we will comply (see the section on the Right to Erasure below).
  • Customer and business partner data: If we enter into a contract or collaboration, we will process the personal data of representatives/contact persons for the purpose of performing the contract (for example, name, position, phone, email). This data will be retained for the duration of the contractual relationship and subsequently, in accordance with legal requirements (for example, financial-accounting documents that may contain personal data must be kept for 10 years, according to tax legislation). We will retain only the strictly necessary information and will remove data that is no longer needed after the expiration of legal archiving periods or after the purpose of processing has been achieved.
  • Technical data and logs: IP addresses and web traffic data collected for security purposes may be stored in server logs for a limited period (usually between 30 days and 1 year), depending on the technical settings and backup policies of our hosting provider. If this data reveals possible security incidents, it may be retained until the complete resolution of the incident and any associated investigations.

After the expiration of the mentioned periods, or if there is no longer a legal purpose for retaining the data, we will proceed either to permanently delete or to anonymize that data (so that it can no longer be associated with an identified person). In cases where we wish to retain data for a longer period (for example, to recognize you in a future request and provide a more personalized service), we will request your explicit consent for such extended retention.

Data subject rights

In accordance with GDPR and applicable national legislation, you benefit from a series of rights in relation to your personal data that we collect and process. Respecting these rights is a priority for us. Your main rights are:

  • Right of access – You have the right to obtain from us confirmation as to whether or not we process personal data concerning you and, if so, access to the respective data and information about how they are processed. Upon request, we will provide you free of charge with a copy of the personal data we hold about you (for any additional copies, we may charge a reasonable fee based on administrative costs).
  • Right to rectification – You have the right to request the correction or completion of inaccurate or incomplete personal data concerning you. We will act promptly on any rectification request, ensuring that we subsequently use updated data.
  • Right to erasure ("right to be forgotten") – You may request the erasure of personal data concerning you, in the situations provided by law. For example, if the data is no longer necessary for the purposes for which it was collected, you have withdrawn your consent and there is no other legal basis for processing, you have objected to the processing and there are no overriding legitimate grounds, or the processing was carried out unlawfully. We will analyze each erasure request and, if the legal conditions are met, we will comply within a reasonable timeframe. Please note that there are exceptions: for example, we cannot delete certain data that we are required to retain by law (such as issued invoices) or if the data is necessary for the establishment or defense of a right in court.
  • Right to restriction of processing – You have the right to request the restriction (limitation) of the processing of your personal data, in certain situations provided by GDPR. This right may be exercised, for example, if you contest the accuracy of the data (for the duration of our verification), if the processing is unlawful but you do not wish the data to be erased, if we no longer need the data but you request it for the establishment of a right in court, or if you have objected to the processing (for the period during which it is verified whether our legitimate grounds override yours). During the restriction period, the data will only be stored, without being used (unless the law permits otherwise).
  • Right to data portability – You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller, if the processing is based on your consent or on the performance of a contract and is carried out by automated means. In practice, upon your request, we can provide you with the data you have given us (e.g., information submitted through the contact form) in a secure electronic format, or we can transmit it directly to another controller indicated by you, if this is technically feasible.
  • Right to object – You have the right to object, at any time, to the processing of your personal data when the processing is based on our legitimate interest. You may request that we stop processing data in these situations (for example, you may object to the use of your email address to send you offers, if you no longer wish to receive them). If the right to object is exercised, we will no longer process the respective data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the purpose is the establishment, exercise, or defense of a right in court.
  • Objection to direct marketing: If in the future you agree to receive marketing communications from us, you will always have the right to withdraw that agreement and object to the processing of data for this purpose. You can ask us to stop sending newsletters or invitations, using the unsubscribe option included in such messages or by contacting us directly. (We note that, at present, Svennis does not conduct direct marketing campaigns without the prior request of users).
  • Right to withdraw consent – In situations where the processing is based on your consent (for example, if you have given us express consent to retain your data for future collaborations), you have the right to withdraw your consent at any time. The withdrawal of consent will take effect for the future – processing carried out prior to the withdrawal remains valid. We will respect your choice and will cease processing the respective data for the purpose for which the consent was withdrawn.
  • Right to lodge a complaint with the supervisory authority – If you consider that your data protection rights have been violated, you have the right to lodge a complaint with the national supervisory authority for personal data processing. In Romania, the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP) – contact details: B-dul G-ral Gheorghe Magheru 28-30, Bucharest, www.dataprotection.ro. You also have the right to address the competent courts to exercise your rights.

To exercise any of the rights listed above, you can contact us at any time at the email address office@svennis.eu or by mail at our headquarters address (mentioned at the beginning of this policy). We will make every effort to respond to your request as soon as possible, but no later than one month from the date of receiving the request, in accordance with legal provisions. In complex cases or if we receive a large number of requests, this deadline may be extended by an additional two months, but we will inform you of any delay and its reasons. The exercise of rights is free of charge. However, in the case of manifestly unfounded or excessive requests (for example, repetitive ones), we may either refuse the request or charge a reasonable fee, in accordance with GDPR. We also wish to inform you that we do not make decisions based solely on automated processing of data (including profiling) that significantly affect you. Any decision regarding communication with you or the provision of services is made by human representatives of the Company, taking into account your specific needs and requests.

Personal data security

Svennis takes the security of personal data seriously. We have implemented appropriate technical and organizational measures to protect data against unauthorized access, loss, disclosure, or destruction. These measures include, among others:

  • Encrypted data transmission where possible (for example, our website uses the HTTPS protocol to secure communication between your browser and our server).
  • Access control measures: access to personal data is permitted only to authorized personnel, for the necessary purpose (the "need-to-know" principle). All our employees and relevant collaborators are trained regarding the importance of data protection and are bound by confidentiality agreements to respect the private nature of information.
  • Secure storage: we use data centers and cloud services recognized for high security standards (including Zoho or other certified providers). These servers benefit from physical and digital protections (firewalls, periodic backups, encryption, etc.).
  • Monitoring and testing: we constantly monitor our IT infrastructure to detect vulnerabilities or unauthorized access and perform regular updates of the systems and software used, to ensure we benefit from the latest security patches.

Despite our efforts, no data transmission or storage system is 100% secure. In the unlikely event of a security incident (such as a security breach that could affect your confidentiality), we will act in accordance with legal obligations: we will remedy the situation as soon as possible, and if necessary, we will notify the competent authorities and the affected data subjects within a maximum of 72 hours from the detection of the incident, in accordance with GDPR.

Changes to the Privacy Policy

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process data or changes in legal requirements. Any update will be published on this page, and at the top of the policy, we will update the date of the last modification. We encourage you to check this page periodically to stay up to date with the updated version of the policy. In the event that we make substantial changes (for example, if we begin to collect additional data or significantly change the purposes of processing), we will try to actively inform you about these changes – for example, by displaying a visible message on the site or by sending an email, if applicable. Continued use of our website after the publication of any changes constitutes acceptance of the updated Privacy Policy.

Contact

If you have questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise your rights regarding personal data, you can contact us using the following information:

  • Data Controller: SVENNIS CLOUD SOLUTIONS S.R.L., CUI 29108532
  • Postal address: Satu Mare, Str. Careiului nr. 220/E, postal code 440187, Satu Mare County, Romania
  • Email: office@svennis.eu
  • Phone: +40 722 945 189 / +40 722 567 135

We will promptly respond to any question or request related to the confidentiality of your data. Thank you for visiting svennis.eu and for trusting us with your information. We are committed to protecting your data and providing you with a safe experience on our website.