POLICY ON PERSONAL DATA PROCESSING

1. Terms and Definitions

1.1. "Personal data" - any information related to an identified or identifiable natural person (subject of personal data). An identifiable person is someone who can be identified, directly or indirectly, particularly through reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural, or social identity of that person.

1.2. "Processing of personal data" - any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.3. "Operator" – VISA CATCHER S.R.L., independently or jointly with others, organizes the processing of personal data and determines the purposes of the processing of personal data, the actions (operations) performed with personal data.

1.4. "User" - a natural person who accesses the Software over the Internet and uses it for the purpose of obtaining the services of the Service Provider.

1.5. "Policy" - this document, developed in accordance with the legislation of Romania, defining the basic principles and rules for the processing of personal data and measures for their protection.

1.6. "Software" - Website https://visacatcher.bot/ and/or Telegram-bot https://t.me/VisaCatcherBot , on which this Policy is posted, operating together and collectively forming a unified system for data accounting, necessary for the proper provision of Services to Users.

2. General Provisions

2.1. The Policy is formulated in accordance with the Law of Romania "On Personal Data Protection" No. 190 of 2018, as well as other regulatory legal acts of Romania in the field of protection and processing of personal data, and applies to all personal data that the Operator may receive from the data subject, intending to enter into and/or being a party to a civil law contract, as well as from the data subject having relations with the Operator governed by civil law (hereinafter referred to as the User). The policy is displayed at: https://visacatcher.bot/privacy-policy

2.2. The Policy applies to all information that the Operator may obtain about visitors to the site https://visacatcher.bot/ and/or Telegram-bot https://t.me/VisaCatcherBot .

2.3. The Operator ensures the protection of processed data from unauthorized access and disclosure, illegal use, or loss in accordance with the requirements of the Law No. 190 of 2018 "On Personal Data Protection" of Romania.

2.4. The use of Software services by the User implies his unconditional agreement with the Policy and the terms of data processing.

2.5. In case of disagreement with the terms of the Policy, the User must cease using the Software.

2.6. The Operator is the operator only of those Data that it receives from the User when using the Software with his consent, provided by the User’s conclusive actions in the Software.

2.7. The Operator does not verify the accuracy of the Data provided by the User in the Software. The Operator assumes that the User provides accurate and sufficient Data and keeps this information up to date. The User bears all responsibility for the consequences of providing inaccurate and/or invalid Data.

2.8. The User confirms that by providing his Data and agreeing to its processing, he acts voluntarily, by his own will and in his interest, and also confirms his legal capacity. In the case that the provision of Data is made by a representative (by law or other grounds) of the User, the representative acts in the interests of the represented.

2.9. Data allowed to be processed under the Policy are not special or biometric, do not belong to a special category, and are provided by the User by filling out special forms in the Software indefinitely (until the User revokes his consent to process Data). Depending on the form filled out by the User in the Software services, the data includes the following information:

- Surname, first name, patronymic (if any);

- Addresses of permanent and temporary residence;

- Phone number;

- Email address;

- IP address, passport details;

- Marital status;

- Facial photograph;

- Identification number/passport data;

- Network identifiers;

- and any other data that may be used for direct or indirect identification of a natural person.

2.10. By filling in the corresponding web forms about providing Data and/or sending their Data using the website https://visacatcher.bot/ and/or Telegram-bot https://t.me/VisaCatcherBot , the User expresses his agreement with the Policy.

3. Processing of Personal Data

3.1. Data Acquisition.

3.1.1. All Data should be obtained from the User directly. If User Data can only be obtained from a third party, the subject must be informed or consent must be obtained.

3.1.2. The Operator must inform the User about the purposes, anticipated sources, and methods of obtaining the Data, the nature of the Data to be obtained, the list of actions with the Data, the duration of the consent, and the procedure for its withdrawal, as well as the consequences of the User's refusal to provide written consent for their acquisition.

3.1.3. Documents containing Data are created by:

- copying original documents;

- entering information into forms provided in the Software.

3.2. Data Processing.

3.2.1. The Operator processes Data:

- with the consent of the User;

- in cases where processing is necessary for the performance and fulfillment of functions, powers, and duties imposed by the legislation of Romania;

- in cases where processing is of Data, access to which has been provided by the User or at their request (hereinafter - Data made publicly available by the User's decision).

3.3. Purposes of Data Processing:

3.3.1. fulfillment of obligations arising from civil-law relations;

3.3.2. processing incoming requests from the User for the purpose of providing services related to the Operator's field of activity.

3.4. Categories of Data Subjects.

3.4.1. Data concerning the following Users are processed:

- individuals who are in civil-law relations with the Operator and/or intend to enter into civil-law relations with him.

3.5. Data Processed by the Operator:

- Data obtained in the course of civil-law relations and/or the intention of the User to be in civil-law relations with the Operator.

3.6. Data Processing is carried out:

- using automation tools;

- without using automation tools.

3.7. Data Storage.

3.7.1. User Data may be acquired, undergo further processing, and be transferred to the Operator or his employees, both on paper and electronically.

3.7.2. Data recorded on paper is stored in lockable cabinets or in locked rooms with restricted access.

3.7.3. User Data processed using automated means for the purpose of executing contracts is stored in different folders.

3.7.4. It is not permitted to store and place documents containing Data in open electronic directories.

3.7.5. Storage of Data in a form that allows identification of the Data subject is carried out no longer than the purposes of their processing require, and they must be destroyed upon achieving the purposes of processing or when it is no longer necessary to achieve those purposes.

3.8. Data Destruction.

3.8.1. Destruction of documents (carriers) containing Data is carried out by shredding (grinding). The use of a shredder is allowed for the destruction of paper documents.

3.8.2. Data on electronic carriers are destroyed by erasing or formatting the carrier.

3.8.3. The fact of Data destruction is documented by a destruction act.

3.9. Data Transfer.

3.9.1. The Operator transfers Data to third parties in the following cases:

- The User has expressed their consent to the transfer of Data to a specific person and/or to an indefinite circle of persons;

- Transfer is provided by Romanian or other applicable legislation within the established procedure.

3.10. Third Parties to whom Data is Transferred:

- Persons, the transfer of data to whom is mandated by the legislation of Romania;

- Other persons to whom Data may be transferred under the terms of Consent from the transferring party.

4. Protection of Personal Data

4.1. Data protection is carried out in accordance with the requirements of the legislation of Romania, as well as international acts regulating the processing, storage, protection, and transfer (including cross-border) of Data.

4.2. The Operator has established a personal data protection system (PDPS), consisting of legal, organizational, and technical protection subsystems. The legal protection subsystem comprises a complex of legal, organizational-administrative, and regulatory documents that ensure the creation, functioning, and improvement of the PDPS. The organizational protection subsystem includes the organization of PDPS management structures, a licensing system, and information protection when working with employees, partners, and third parties. The technical protection subsystem includes a complex of technical, software, and software-hardware means that ensure Data protection.

4.3. The main measures for Data protection used by the Operator are:

4.3.1. Appointment of a Data Processor who organizes their processing, trains and instructs employees, and ensures compliance with the guarantees regarding the appropriate technical and organizational measures related to the processing being carried out.

4.3.2. Identification of Data security threats during processing and development of protection measures.

4.3.3. Development of a Data Policy.

4.3.4. Establishment of access rules to Data, as well as ensuring registration and accounting of all actions performed with the Data.

4.3.5. Establishment of individual access passwords for employees in the information system in accordance with their production duties.

4.3.6. Application of conformity assessment procedures for Data protection measures that have been established.

4.3.7. Certified antivirus software with regularly updated databases.

4.3.8. Compliance with conditions that ensure the preservation of Data and prevent unauthorized access to them.

4.3.9. Detection of unauthorized access to Data incidents and taking measures.

4.3.10. Restoration of Data that has been modified or destroyed due to unauthorized access.

4.3.11. Training of the Operator's employees who directly process Data, on the legislation of Romania regarding Data, including requirements for their protection, documents defining the Operator's policy concerning Data processing, and local acts on Data processing.

4.3.12. Conducting internal control and audit.

5. Rights and Responsibilities of the Parties

5.1. The User has the right to:

5.1.1. Have access to their Data and the following information:

- confirmation of the fact of Data processing by the Operator;

- legal grounds and purposes of Data processing;

- purposes and methods of Data processing used by the Operator;

- surnames, names, patronymics, and addresses of the Operator, information about individuals (excluding the Operator's employees) who have access to the Data or to whom the Data may be disclosed under a contract with the Operator or under law;

- terms of Data processing, including storage periods;

- the name or surname, name, patronymic, and address of the person processing the Data on behalf of the Operator if the processing is or will be entrusted to such a person.

5.1.2. Contact the Operator and send inquiries.

5.1.3. Appeal against actions (inaction) of the Operator.

5.1.4. Exercise other rights provided by the Policy.

5.2. The User is obligated to:

5.2.1. Familiarize themselves with the text of the Policy.

5.2.2. Provide truthful Data about themselves.

5.2.3. Fulfill other obligations provided by the Policy.

5.2.4. If the User believes that their rights and interests have been violated by the Operator, before exercising the right provided by 5.1.3 of the Policy, the User is obligated to contact the Operator's support service for explanations and dispute resolution in a claim procedure.

5.3. The Operator has the right to:

5.3.1. Receive reliable Data from Users.

5.3.2. Use Data for fulfilling obligations under contracts concluded with the User.

5.3.3. Make changes to the Policy. When changes are made, the date of the last edition is indicated in the title of the Policy. The new edition of the Policy comes into effect from the moment it is posted in the Software unless otherwise provided by the text of the Policy.

5.3.4. Exercise other rights provided by the Policy.

5.4. The Operator is obligated to:

5.4.1. Provide information on Data processing when collecting Data.

5.4.2. If Data was obtained not from the User, notify the User

5.4.3. If refusing to provide Data, explain to the User the consequences of refusal.

5.4.4. Publish or otherwise ensure unrestricted access to the Policy, to information about the implemented requirements for Data protection;

5.4.5. Take necessary legal, organizational, and technical measures or ensure their implementation to protect Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful acts concerning Data;

5.4.6. Respond to inquiries and appeals from Users, their representatives, and authorized bodies.

6. Purposes of Data Processing

6.1. The Operator collects and stores only those Data necessary for providing services or executing contracts with the User, except in cases where legislation requires mandatory storage of Data for a specified period.

6.2. User Data is processed for:

- Filling out forms on the website https://visacatcher.bot/ and/or Telegram-bot https://t.me/VisaCatcherBot ;

- Booking slots at visa centers.

6.2.1. The Operator processes User Data for the purposes of:

- Carrying out registration (authorization) in the Software, access to the Software, and any other related actions;

- Providing the User access to personalized resources of the Software;

- Establishing feedback with the User, including sending Notifications, inquiries concerning service provision, processing requests and applications from the User, providing effective customer and technical support in case of problems related to the use of the Software;

- Ensuring the operability and security of the Software to confirm actions taken by Users, prevent fraud, computer attacks, and other abuses, and to investigate such cases.

7. Dispute Resolution

7.1. Before filing a lawsuit for disputes arising from relations between the User and the Operator, it is mandatory to submit a claim sent to the Operator's email: legal@visacatcher.bot . The Operator must inform the claimant in writing of the results of the claim review within 30 (Thirty) calendar days from the date of receipt.

7.2. If it is impossible to settle the dispute amicably, the parties have the right to choose to approach:

· The judicial body at the location of the Operator;

· The International Commercial Arbitration Court at the Chamber of Commerce and Industry of Romania (ICAC at CCI of Romania) located at: Bucharest, Bulevardul Octavian Goga, 2.

7.3. The legislation Romania applies to this Privacy Policy and the relations between the User and the Operator.

7.4. This Policy is effective as of "July 18, 2024".