- Identity of operator/processor
- DPO
- Scope of application
- Use of this Privacy Policy
- Relation between Us and the Client and between Us and the data subjects
- PD collected
- PD processing activities
- Use of the PD
- Basis of PD processing
- Sources of PD
- Storage and erasure of PD
- Transfer of PD to third parties and countries outside the EU
- Rights of the data subjects
1. Identity of operator/processor
The logistia.app website, mobile applications and related services (the “Platform”) are operated by FESPORE IT SRL, headquartered in Bucharest, District 4, No. 17 Sold. Nicolae Barbu Alley, Floor 2, Apt. 10, email: hello@logistia.app (“Us”, “We”).
2. DPO
Vlad Retca: email at: contact@fespore.ro; post to: Bucharest, District 4, No. 17 Sold. Nicolae Barbu Alley, Floor 2, Apt. 10.
3. Scope of application
This privacy policy (the “Privacy Policy”) is referenced and incorporated by the Terms and Conditions and applies to all of the personal data (“PD”) of data subjects processed through the Platform.
The legal relation for providing the services of the Platform is between Us and a legal entity (“Client/Clients”).
The Platform does not knowingly collect PD of minors under the age of 18. We will use reasonable efforts to ensure that no minors register on the Platform. PD of minors will be erased upon request from the natural person entitled to request such deletion. This paragraph supersedes any other provision of this Privacy Policy.
This Privacy Policy applies to the following data subjects and incorporates their respective notices:
1. Platform Users – natural persons that are representatives of the Client and have registered an account on the Platform. Platform User Notice [link].
2. Client Drivers – natural persons that are employed by the Client for delivery. Client Driver Notice [link].
3. Platform Visitors and Email Senders – natural persons that only visit the site or send emails. Client Representative quality prevails over Platform Visitor and Email Senders quality. Platform Visitor and Email Sender Notice [link].
4. Client Business Partners – natural persons (suppliers, recipients, etc.) or representatives of the Client suppliers, recipients, etc. Client Business Partner notice [link].
This Privacy Policy is also supplemented and incorporates the Cookie Policy [link].
This Privacy Policy may be changed from time to time. Please review this page from time to time to ensure that the Platform complies with your standards.
4. Use of this Privacy Policy
If you are a Client you should submit this Privacy Policy to your legal counsel/legal department so it can be reviewed and incorporated into your Data Protection Policy.
If you are a data subject, you can view the PD processed and your rights in the section that applies to you (Platform User, Client Drivers, Platform Visitor or Email Sender, Client Business Partners).
5. Relation between Us and the Client and between Us and the data subjects
If you are a Client, in almost all of the processing of PD is done by Us as processor under your direction as controller.
In some limited cases PD (contact data, login credentials, invoicing, etc.) is processed by us as independent controller.
We will process PD only in accordance with the purpose and the basis established in this Privacy Policy.
We will process PD in accordance with the Client instructions. We reserve the right to refuse the carrying out of instructions of the Client that violate the GDPR or the rights of the data subjects. We will inform the Client when the instructions issued violate the GDPR or the rights of the data subjects. Please note that almost all of the relevant operations can be carried out via the Platform.
We will inform the Client and the Client will inform Us about PD requests from data subjects and both Us and the Client will ensure a legal and coherent response to the data subject requests.
We will make available upon request to the Client all information necessary to demonstrate compliance with the obligations laid down in GDPR and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the controller.
If security breaches relevant for the PD provided by the Client, We will inform the Client in his capacity as controller to ensure compliance with the GDPR.
You, the Client, authorize Us to engage sub-processors.
You, the Client, authorize Us to transfer PD to third countries outside the EU using appropriate safeguards.
You, the Client, represent and warrant that you will inform all relevant data subjects about the PD processing and their respective rights. In this regard you will provide at least the information contained in the notices mentioned in section 3. In particular, you will provide information about the GPS processing of Drivers and Platform Users. We can provide the DPIA upon request to ensure the documentation of this processing.
You, the Client, represent and warrant that you: (i) have obtained the PD provided to Us in accordance with all relevant laws; (ii) have the right to transfer the PD to Us; (iii) have reviewed this Privacy Policy and found it in accordance with your own Privacy Policy and Practices.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3. If We process your PD as processor, your requests will be forwarded to the controller to ensure a legal and coherent response to your request. If We process your PD as controller, we will process your request directly.
6. PD collected
When operating the Platform, we collect PD like: name, email, telephone, logon credentials, address, geolocation, cookies, IP, browser data, deliveries and other PD as needed for providing the service.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
7. PD processing activities
The following processing activities will be carried out by us: access to PD by authorized persons, storage of PD in the physical archive or in electronic format, on our infrastructure or the infrastructure of sub-processors, transfer of PD to said third parties, other processing operations carried out for the purpose and on the basis of those grounds.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
8. Use of the PD
We use the collected PD to: create the user account, to process payments, to invoice, to manage, drivers and client business partners (suppliers, receivers, etc.), to manage stocks, to calculate routes, to track deliveries, add new functionalities to the Platform as they are developed.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
9. Basis of PD processing
PD is processed on the basis of:
art. 6 (1) (a) GDPR – the processing is performed based on the consent of the data subject;
art. 6 (1) (c) GDPR – the processing is necessary for the fulfillment of the legal obligations of the Operator regarding archiving, taxing and other similar obligations;
art. 6 (1) (f) GDPR – the processing is necessary to achieve the legitimate interest of the Operator to pursue its business activity.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
10. Sources of PD
PD is obtained from the Client, from the data subject, from the integrated services and from the cookies.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
11. Storage and erasure of PD
PD is stored on our infrastructure and on the infrastructure of the service providers.
We will store the minimum amount of PD to ensure the functionality of the Platform.
The PD is stored until it is no longer needed, the law permits erasure and any legal conflict is resolved.
The PD is also erased when an erasure request is received and all the conditions above are meet.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
12. Transfer of PD to third parties and countries outside the EU
We transfer PD to third countries like USA, Canada, Switzerland and others based on appropriate safeguards.
We review the privacy policies, practices and technologies of our service providers periodically to ensure that such transfers are in accordance with the GDPR.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
13. Rights of the data subjects
As a Client in your capacity as controller you will protect the rights of data subjects in accordance with this Privacy Policy and GDPR.
We in our capacity as processor and controller will protect the rights of data subjects in accordance with this Privacy Policy and GDPR.
If you are a Client you should review the Notices and Cookie Policy mentioned in section 3 to ensure the uniform information of data subjects.
If you are a data subject you can find relevant information the Notices and Cookie Policy mentioned in section 3.
