WPRiders - WordPress Experts
Starting with 2018, Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”) is applicable in all European Union Member States.
GDPR also applies to the website www.wpriders.com, which is operated by WPRIDERS S.R.L., with its headquarters in Bucharest, 12 Masina de Paine Street, block OD39, ground floor, apartment 2, room 1, district 2, Romania, registered with the Trade Registry under no. J40/8227/2015, having fiscal identification code 34738097 (hereinafter referred to as “WPRIDERS”).
Should you have questions or requests regarding the processing of personal data, you can contact us by sending an e-mail at: email@example.com.
What are personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How we collect personal data
Personal data are processed in the following ways:
1) As a data processor, WPRIDERS can process personal data:
- when the data processor conduct the relevant searches (during the contractual negotiations) in order to have an overall view of the client’s website so that a proper fee for the project can be proposed;
- when, during its actual activity, the data processor has access to all personal data contained by the client’s website, so that he can make proper use of all the relevant tools for its activity;
2) As controller, WPRIDERS can process personal data:
- when you are using the contact form presented on the website;
- when you subscribe to the newsletter;
- when you complete the „e-book” section in order to download the document;
- when you complete the „free 5-minute review of your business idea” section;
What kind of personal data do we process
At the moment when you complete the “contact”/”contact us” form which redirects to the “tell us about you project” section, the following data will be processed: name, surname, email address and other information which can be provided via the message sent for the description of the project. In this last case, given the variety of personal data that can be transmitted, WPRIDERS cannot mention an exhaustive list.
If you have requested WPRIDERS to share relevant news with you and you have completed the newsletter section, your email address will be processed by the controller.
If you have requested WPRIDERS to send an e-book containing information on how to make your business idea a reality, your email address, name and surname will be processed by the controller.
If you complete the dedicated section named “Get a Free 5-Minute Review of Your Business Idea”, WPRIDERS will process the following personal data: name, surname, email address, different personal data contained in the project description (which cannot be mention in an exhaustive manner due to their nature). Also, with your express consent, name, surname and email address will be stored and further used by the WPRIDERS for the sole purpose of receiving news on how WPRIDERS can help providing their services.
If you send a written review following the collaboration with WPRIDERS, your first name, last name, and other personal data depending on the message send will be processed by WPRIDERS. Also, should you choose to send a video testimonial, these audio-video images will also be processed.
Also, we can obtain information regarding the general use of the website, indirectly, by using cookies. Such personal data may be preferences regarding the use of the website or relevant ads. The entire description of cookies and the exact information processed can be found here, in the Cookies Policy.
During the actions performed by WPRIDERS as data processor, since the nature of the personal data processed is not at anytime clear, the personal data processed can be various, depending on each project in part.
To the extent that the personal data of other data subject are sent to WPRIDERS by the controller (if WPRIDERS acts like data processor) or by the data subject (for the situation in which WPRIDERS is a controller), and bearing in mind that in such situations WPRIDERS does not have a direct possibility to provide information to these categories, the person providing the data has the obligation to inform properly the data subject about the processing of personal data, according to the details presented in this section. Thus, suitable measures will be taken so that this disclosure is made according to any applicable relevant law, so that WPRIDERS can process personal data for appropriate purposes, without fulfilling any other additional formality.
Grounds for data processing
WPRIDERS can process personal data based on the following legal grounds:
- article 6 (1) letter a) from GDPR: data subject has given consent to the processing of his or her personal data;
- article 6 (1) letter b) from GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- article 6 (1) letter c) from GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject;
- article 6 (1) letter f) from GDPR: processing is necessary for the purposes of the legitimate interests of WPRIDERS.
Personal data sent to third party
Your personal data may sometimes be transferred even outside Romania, under legal or contractual obligations. However, in such cases in which WPRIDERS act like data processor, no such data shall be further sent to other controller/data processor without the express consent of the entity which has sent the personal data.
When we transfer your personal data to a country that is not in the EEA, we ensure that a similar degree of protection is granted by ensuring the implementation of at least one of the following protection measures:
- i) We will only transfer personal data to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission. For more details please see: Adequacy of the protection of personal data in non-EU countries;
- ii) If we use certain service providers, we may use specific contracts which can guarantee an adequate level of protection;
- iii) If we use US-based service providers, we may transfer data since they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and US. For more details please see: EU-US Privacy Shield.
Personal data storage
All the personal data processed are stored in a secure environment which protects the content from unauthorized access, disclosure, use, modification or destruction by any person/entity. WPRIDERS takes appropriate technical and organisational measures to ensure the security of personal data, such as controlled access or transfers in strict compliance with confidentiality requirements.
Refusal of data processing and its consequences
If you do not provide WPRIDERS with the requested personal data, you will not be able to fully benefit from the content of the website, and we will not be able to meet your requests. For the situations when WPRIDERS acts like a data processor, the refusal of data processing should be mentioned by the data subject in front of the entity who provide WPRIDERS with the personal data.
The rights of the data subject. Means of exercising
Any data subject has the following rights:
- The access right means the right of the data subject to obtain a confirmation from WPRIDERS regarding the existence of the processed data and, if so, access can be obtained to the respective data and to information on the way in which the data are processed;
- Correction right refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data were transmitted, unless this proves impossible or involves disproportionate efforts from WPRIDERS;
- Data deletion (“the right to be forgotten”) means certain persons concerned by a request for any personal data, without undue delay, under conditions of care, in the case one of the following reasons can be applied: they are no longer important for fulfilling the purposes for which was collected or processed; the person concerned decides to withdraw his or her consent if there is no other legal basis for the processing; the person concerned opposes to the processing and there are no legitimate reasons to prevail; the personal data was processed illegally; personal data must be deleted in order to comply with legal obligations;
- Restricted processing right can be exercised in case the accuracy of the data processed by WPRIDERS is contested, for a period that allows the verification of the correctness of the data; the processing is illegal, and the person in question opposes the deletion of personal data, instead requesting the restriction; if WPRIDERS no longer needs the personal data for the purpose of processing, but the person in question requests them for the finding, exercise or defense of a right in court; if the person has objected to the processing for the period of time in which it is verified whether the legitimate rights of WPRIDERS prevail over those belonging to the data subject;
- The data portability right refers to the right to receive personal data in a structured, commonly used and automatically readable format and to the right to have this data transmitted directly to another controller, but only if this is feasible from a technical point of view;
- Opposition right refers to the right of the data subject to oppose the processing of personal data when the processing is necessary for the performance of a task that serves a public interest or when it considers a legitimate interest of the controller. When the processing of personal data is aimed at direct marketing, the data subject has the right to object to the processing at any time;
- The right to withdraw your consent means that the data subject may withdraw its prior consent for data processing. However, those data that have been processed based on the previous consent are deemed to be legally processed;
- The right to complaint with the competent supervisory authorities. If it is considered that the rights recognized by Regulation no. 679/2016 have been violated, any data subject has the possibility to address to the supervisory authority by submitting a complaint.
Any requests/complaints/notifications regarding personal data will be addressed in writing to the controller (please note that if WPRIDERS acts like data processor, the above rights shall also be addressed to the controller), at the email address: firstname.lastname@example.org and with the provision of a contact address to which the answer/information related can also be communicated in writing. The same procedure will be followed in the case of requests/communications related to previous requests/complaints/notifications.
When addressing any request /complaint/notification, the claimant will be properly identified, in order to prevent compromising the confidentiality of data, taking measures at the request of unjustified/unauthorized persons or endangering/violating in any way the rights and legitimate interests of persons targeted in relation to the data for which the request is made.
In the case of requests formulated by a proxy, the appropriate identification of the proxy and the verification of his quality will be carried out. Requests sent by telephone or requests in which the only available contact date is the telephone number of the data subject will not be considered, until they are sent in writing, under the conditions specified above. Similarly, if the request is made in conditions that raise a suspicion of the controller regarding the identity of the applicant or regarding the legal nature of the request, the controller may suspend the solution until providing reasonable additional information/data to confirm the identity and/or the quality of the claimant.
The solution of any request will be made within 30 days from its receipt. The response to the request and / or any related communications will be sent in writing to the person concerned or to the person authorized by him, in the manner in which the controller received the request (example – for the request sent by e-mail, it will be answered by e-mail, for the request by physical correspondence, it will be answered by physical correspondence), or in another written way, expressly and reasonably requested by the person concerned/by the proxy.
The security incident
The security incident is a violation of the security of personal data, which involves unauthorized processing. In case of a security incident, WPRIDERS, following a detailed internal analysis, may address the Romanian supervisory authority – ANSPDCP without undue delay and, if possible, within 72 hours from the date on which it became aware of it, except the case in which it is unlikely to pose a risk to the rights and freedoms of individuals.
If the security incident is likely to pose a high risk to the rights and freedoms of individuals, the controller shall inform adequately and in accordance to the law including the data subject, without undue delay.
Exceptionally, informing the data subject in case of an incident will not be done if:
a) adequate technical and organizational protection measures have been adopted regarding the data covered by the incident, whereby these data have become unintelligible to any person who is not authorized to access them;
b) the controller has ensured, through appropriate subsequent measures, that the high risk to the rights and freedoms of the data subjects is no longer likely to materialize;
c) information would require a disproportionate effort. In this situation, a public information will be made – through the controller ‘s website and, possibly, in another way that will be considered necessary by the authority or that would ensure an equally efficient way of informing the data subjects.
In the phase prior to solving any request/complaint/notification and during its resolution, as well as in case of any possible security breach, the relations between the controller with the data subject and the supervisory authority will be characterized by transparency and openness to cooperation in order to resolve any incident.
The duration of the processing
We will store your personal data only for the time necessary to achieve the processing purposes set out above, while respecting the legal legislation in force. Once the purpose of the processing has ceased and the legal obligations of WPRIDERS have been fulfilled, the data will be deleted in accordance with the legal procedures.
Data protection officer
We remind you that you can contact the Data Protection Officer appointed by WPRIDERS by sending your request at email@example.com and by mentioning the following email subject: In attn. of WPRIDERS DPO.