GDPR - Data Protection
Last Updated : 12 Oct 2022
Table of Contents
Thank you! By choosing to make your instructions digital or by scanning the QR code and reading the product instructions online, you, are making the world a better place!
Who are we?
We are a Data Processor of your Personal Data and our identification details are:
Name: GUIDEFAI S.R.L. (“GuidefAI”, “Company”, “us”, “we”)
Postal address: Timişoara, 9 Dr. Iosif Nemoianu Street, Rooms 1, 2 and 4, flat 2, Timiş county, Romania
E-mail address: firstname.lastname@example.org
What is your relationship with GuidefAI and who is the data controller?
GuidefAI provides a SaaS Software which offers Brands the possibility to digitalise the documentation accompanying the products and/or services that they offer. Also, the Software optimises the after-sale communication by embedding additional features that allow Brands to interact with and have direct insights from you.
As a general reference, the processing activities of GuidefAI on behalf of the Brands are governed by the Data Processing Addendum available here. However, please request the necessary information as there might be instances where the Data Processing Addendum has been modified as per request of the Data Controller.
Definition of used terms
a. Brand(s) – the entity that has signed up on the Platform as a partner of GuidefAI, who chooses to make the Documentation available for the final users in a digital format, through the GuidefAI App.
b. Brand Platform – the page within the Platform, created under the Brand Account, containing all Documentation, Brand details and any other relevant information, that will be presented to final Users.
c. Brand User – employees and/or individual contractors or of any affiliates of the Partner, who are authorized by the Partner to use the Platform and which have an individual account under the account of the Brand the “Brand User”, “Brand Users” or “you”).
d. Documentation – all the content that the Brands choose to make available on the Platform such as: product manuals, images, instructions, videos, text and any other such material, in connection to the products and/or services they offer.
f. Data Processor – us, GuidefAI, who process your personal data based on the instructions and controls establish by the Brands within the Platform.
g. General Data Protection Regulation – (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
h. GuidefAI’s Services – the services offered by GuidefAI S.R.L. through the GuidefAI Software, for the purpose of allowing Brands to digitalise Documentation and for making available to Users and Visitors such Documentation and any other additional information.
i. Licensable software and/or Software – the website www.guidefai.com together with all software made available by GuidefAI and any other sub-domain assigned to a Brand; such software has an interface and certain functionalities available only for Brands (the “Platform”) and a different interface together with special features available only for Users (the “App”). The GuidefAI App is available to download as a Progressive Web App (“PWA”), for any device with internet connection, optimized for mobile phones and tablets and, through it, Users can access the Documentation made available by the Brands by scanning the QR code provided together with the Brands’ products and/or services (“GuidefAI”, “App”).
l. T&C – the terms, conditions and legal information contained in our Terms & Conditions, that govern your use of our platform and form the legal agreement between you and us.
m. Users – the individuals who, having the minimum required age in order to access our information society services, scan the QR code made available to them by the Brands together with the product and/or services and choose to register on GuidefAI and create an Account, having therefore direct access to the Documentation and also the possibility to access other additional features such as: saving a copy of the product guarantee, receive notifications from Brands and others (the “User”, “Users” or “you”).
n. User’s Account – comprises of the identification and authentication details that Users provide to register on our App.
o. Visitors – the individuals who, having the minimum required age in order to access our information society services, scan the QR code made available to them by the Brands together with the product and/or services, having therefore the possibility to access the Documentation through GuidefAI, without opening an account on the App (the “Visitor”, “Visitors” or “you”).
Categories of personal data that we process
For the purpose of offering GuidefAI’s Services we process different categories of Personal Data that can identify you or your device. Some of the data is actively provided by you and some is passively collected by us. Also, for running the Brand Platform, in certain cases, we use the help of sub-processors which may collect and share data about you. More precisely, we collect and process:
• identification data such as: first name, last name;
• contact data such as: e-mail, phone number, company name;
• data that identifies you & your device such as: browser type, connection type, identification codes such as IP, MAC, IMSI, language preference, mobile device identifiers and SDK’s, mobile carrier, time zone setting, location data (non-continuous);
• data on how you use the service such as: date and time of online activity, errors, frequency of visits, page response time, clickstreams, purchase history, previous conversations, purchasing behaviour, preferences and others;
• data from your device such as: photos (only if provided), camera access (only if requested), contacts (only if requested);
• data introduced by you within the App / Platform such as: pictures, comments, messages;
• financial information such as: payment method, card details, purchase amount, bank account;
Categories of data subject of whom we process personal data
In order to be able to offer our Services, allow Brands to register their Brand Users and to create the Brand Platform and offer it to their final users, respectively to Users and Visitors, we process the Personal Data of the following categories of data subjects:
• Users. Please consider that if you are a User, we will not process your financial data.
• Visitors. Please consider that if you are a Visitor, we will not process your: identification data, contact data, data related to your third-party accounts, data from your device, financial information.
• Brand Users;
Purposes of processing
6.1 App / Platform registration, access and connectivity
– for this purpose, we process your data in order to perform activities such as:
identify you and authorize you to access our App / Platform;
• allow you to create a profile and User Account;
• facilitate the invitation of others to our App / Platform;
• verifying that you are the legitimate holder of the scanned QR code;
• verifying your age and/or the consent of the holder of the parental responsibility.
6.2 Provide GuidefAI’s Services, allow you to access the Brand Platform, the Documentation provided by the Brand and to interact with the different embedded features
– for this purpose, we process your data in order to perform activities such as:
• allow you to scan the QR code and access the Brand Platform;
• verify the correspondence between the scanned QR code and the Brand Platform made available to you;
• allow you to access the different features, made available to you by the Brand, such as the interactive guides or the guarantee module;
• facilitate the interaction with the Brands through functionalities such as chat.
6.3 Removing errors and improving Software functionality & security
– for this purpose, we process your data in order to perform activities such as:
• keep the Software running by removing errors, enhancing the security, combatting spam and verifying identity or service access;
• track and analyse your clickstream and your response in relation to different changes of the Software, such as changes in the structure or in the available content;
• to perform analysis of functionalities in order to enhance the provided features and to adapt the Software to your needs.
6.4 To provide Customer Support
– for this purpose, we process your data in order to provide you with professional assistance, upon your request. To this end we will perform activities such as:
• provide information about the Software, respond to inquiries, complaints and requests for support;
• connect you with the Brand where needed;
• connect you with relevant service providers which may be able to solve your requests.
6.5 Marketing and personalized offers
– for this purpose, we process your data in order to be able to promote products & services by sending you messages and by showing you advertising messages based on your use of the Software. For this purpose, the processing of your personal data will take place only if we obtain your consent for marketing purposes or, unless you oppose to such processing, as the case may be.
For this purpose, we might build and use user profiles and so, the content could be tailored to your interests and behaviour. Also, some communications might be triggered automatically by a specific action you perform on the Brand Platform, such as a click.
6.6 Analysing your online behaviour, discovering patterns and creating statistics
– for this purpose, we process your data in order to be able to create aggregated statistical data and other aggregated and/or inferred information, which we and / or the Brands may use to provide and improve our respective services.
In this sense we analyse User’s common or personal preferences, experiences and difficulties in using the Brand Platform so that we can further develop, customize, expand, and improve our Services. Also, GuidefAI is constantly evolving and seeks to offer the best services to Users by constantly responding to requests, trends and market changes. For this purpose, we also process statistical and aggregated data in order to analyse and predict such trends.
6.7 Enforcing our Terms & Conditions, perform or legal obligations or communicate with relevant authorities
When using the Software, you agree to our Terms and Conditions, that define how you can use it. To ensure that the usage is in accordance with our policies we store your personal data and we may process it for purposes such as:
• investigate, prevent and mitigate any potentially prohibited or illicit activities related to, for e.g. fraud, IP infringement etc.
• enforce our agreements with third parties;
• comply with applicable legal obligations.
Legal basis for processing
In general, the processing of personal data is necessary in order to carry out the activity specific to the purpose of processing, more precisely, the provision of the different functionalities of the Software.
In order to process your personal data, we rely on various legal grounds, as follows:
a. Contract – in this case the processing is necessary either for entering into a contract (e.g. you have registered on the App / Platform and we have to take the necessary steps to implement your registration) or for performing contract concluded (e.g. utilizing the Software);
b. Consent – you gave us your consent for processing your personal data for a specific purpose. Please take into account that in line with the applicable legislation, consent can be granted in multiple ways. In this sense, you give us your consent by clicking a tick-box, by performing a certain action, by voluntarily introducing data or by facilitating a certain interaction, depending on the situation. We optimise the way in which you grant consent for experience and usability purposes. You can always withdraw you consent and, if we do not have another legal basis for processing your data, we will immediately stop such processing. Please consider that consent withdrawal is not retroactive and so it affects only future processing activities. Also, the implementation of the withdrawal will be executed considering the time needed for technical implementation and the timelines provided by law.
c. Legal obligation – the processing is necessary for us to comply with the applicable laws.
d. Legitimate interest – the processing is necessary for our legitimate interests or the legitimate interest of a third party, as long as such legitimate interests are not out-weighted by your rights and interests. Such legitimate interests could refer to:
• gaining insights from your behaviour on the Software;
• delivering, developing and improving our Services;
• enabling us to enhance, customize or modify our services, content and communications;
• evaluating your feedback and solving your queries;
• enhancing data security and detecting fraud or misbehaviour;
• marketing our products & services to existing users;
• displaying advertising on our Software, tailored to your interests.
Categories of recipients
Furthermore, for running our Software and for making our services more efficient for some of the processes we may involve third parties. We guarantee that all our business partners, technicians, suppliers or independent third parties are obliged by contractual commitments to process the personal data shared with them only in accordance with our instructions, this Policy and the applicable data protection legislation.
In order to facilitate the activities related to the purposes of processing detailed above, we communicate these data to third parties, including partners / sub-processors, such as:
a. Third parties which help us with access and connectivity by:
• managing the user registration process and the log in / sign in operations;
• allowing interconnectivity with other platforms.
b. Third parties which help us with marketing and advertising such as:
• marketing agencies and commercial affiliation partners;
• integrated marketing tools for emailing, notifications and pop-ups, surveys, analytics and measurement;
• direct advertising and remarketing tools.
c. Third parties which help us with operations by:
• managing contact and support requests, complaints and by collecting data about the interaction and result;
• offering customer relationship management, aggregating info and making our interactions more efficient.
d. Third parties which help us with infrastructure by:
• offering hosting and external backup services;
• managing security systems and traffic distribution systems;
• offer IT support;
• remove errors and improve functionality & security.
e. Other third parties such as:
• companies from the group to which GuidefAI belongs;
• business partners, investors, assignee for the purpose of facilitating transactions in commercial assets (which may include a merger, acquisition, debt or sale of goods);
• professional advisers, such as auditors or lawyers;
• regulatory authorities, professional bodies and / or public authorities for compliance with applicable regulations.
GuidefAI may also share Personal Data with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (i) comply with applicable law; (ii) enforce the Terms & Conditions that govern the ; (iii) protect our rights, privacy, safety or property, and/or that of you or others; and (iv) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
When choosing its sub-processors, GuidefAI may transfer user data outside the borders of the European Economic Area. In such cases, before any transfer takes place, we will ensure that these service providers comply with the minimum security standards set by the European Commission and that they always process the data in accordance with our instructions.
Data subjects rights
9.1 Right of access
Upon request you have the right to be informed if your personal data are processed, and if so, you have the right to request access to your data. This allows you to obtain information about:
• the purposes of processing;
• the categories of personal data we are processing;
• the recipients or categories of recipients to whom your personal data has been or will be disclosed;
• for how long the data will be processed or the criteria to determine that period.
You have the right to obtain a copy of the personal data processed free of charge. For additional copies, we may charge a reasonable fee based on administrative costs.
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others like, for e.g. another’s person confidentiality or intellectual property rights.
9.2 Right to rectification
You have the right to request and obtain the modification of any personal data that is incorrect or obsolete.
9.3 Right to erasure (“right to be forgotten”)
You have the right to ask us to delete your personal data and we will honour such request unless the circumstances do not allow us to do so like, for e.g. in the case in which we are legally obliged to keep specific details for a number of years.
9.4 Right to restriction of the processing
You have the right to request a restriction on the processing of your personal data and this is applicable in different circumstances such as:
• we no longer need your data but you ask us to keep it so that you can establish, exercise or defend legal claims;
• you appreciate that the personal data we hold is not accurate and you request us to review it.
• you oppose to the processing of your personal data based on our legitimate interests.
9.5 Right to data portability
You have the right to ask us to transfer your data either directly to you or, if possible, to another service provider. This is applicable only for the data that you have actively provided to us and that we process automatically based on your consent or based on a contract. Where possible, we will transfer your data in a structured, commonly used, machine-readable format.
Please consider that we are not able to honour such transfer request in those cases in which it would have a negative effect on other individuals like, for e.g. if the data also contains personal data of other people.
9.6 Right to object to the processing
You have the right to object to the processing of your personal data, for reasons related to your situation, at any time and free of charge. In relation to direct marketing, such objection can be made at any time and without any justification. In relation to the processing based on our legitimate interest, for objecting, you will need to provide a specific reason. Please consider that such right is not always applicable, in particular in those situations in which the processing of your personal data is related to a contract and it is necessary for the preliminary steps related to its conclusion or to the performance of a contract already concluded.
9.7 Right not to be subjected to a decision based solely on automated processing, including profiling
We may use your data for taking decisions by automated means, without any human involvement. This processing activity is taking place in compliance with the data protection regulation, respectively if: (a) it is necessary for entering into, or for performing the contract between the User/Brand and GuidefAI, (b) is authorised by Union or Member State law, or (c) we have your explicit consent. Such decisions may be based on factual data like, for e.g. on digitally created profiles.
With respect to such decisions, you have the right to (a) obtain human intervention, (b) express your point of view and, (c) contest the decision.
9.8 Right to lodge a complaint in front of the National Supervisory Authority, which in our case in the Romanian Supervisory Authority (“ANSPDCP”)
We would appreciate hearing and trying to solve your problem first but if you consider that we have not responded to your requests properly, you have the right to file a complaint with the Romanian data protection authority.
For exercising any of your rights under the data protection laws please contact us at the contact details provided under Section 1. Also, please note that these rights are not without limitations so please exercise them in good faith. We will make our best to respond to your request as soon as possible and always within one month. We reserve the right to protect ourselves against malicious or unjustified repeated requests.
Data security and storage
We take all necessary measures in order to make sure that all Users data is stored within EU / EEA. However, if by processing your data alone or together with our sub-processors as provided in this Policy we transfer and/or store data outside of the EU / EEA we will take all necessary measure in order to make sure that the provisions of data protection regulations are respected.
We have taken appropriate technical and organizational measures to ensure the security of your data and, in particular, to protect your personal data against access by third parties and against any intentional alteration, loss or destruction. These measures are regularly reviewed and adapted according to the latest technologies.
Please consider that no electronic transmission of data is ever fully secure or error free so please take care in deciding what information you disclose. Furthermore, we are not to be held responsible for the functionalities and security measures of any third party.
• user authentication;
• saving Users’ preferences and settings;
• determining the popularity of the content;
• delivery and measurement of the efficiency of advertising campaigns;
• analysis of trends and traffic on sites and general understanding of the behaviour and interests manifested online by those who interact with our services.
We limit the storage period of your personal data to the time necessary to fulfil the purpose for which we have collected it and, as a general principle, for the period required or permitted by applicable law, as follows:
• if the data is collected and processed for the purpose of a contract, we will retain such data for the entire period of its performance;
• if the data is collected and processed with your consent, we will retain it until you withdraw such consent;
• if the data is collected and processed based on our legitimate interest, we will retain it until such interest is fulfilled and, as a general rule, for a period of 3 (three) years from the termination of the contractual relationship;
• if the data is collected and processed pursuant to a legal obligation, the time frame will depend on the legal provisions regarding mandatory retention periods.
Please consider that the period may be longer if we are required to store the data for the purpose of satisfying any legal, accounting or reporting obligations or to resolve any legal disputes.
Also please note that, as underlined under Purposes of Processing, we process data for statistical and analytics purposes. When the data is no longer necessary for fulfilling the purpose of processing, we will remove / delete your personal data from our systems and records and / or take steps to anonymize it so that you can no longer be identified. Afterwards, the rights related to access, erasure, rectification and transfer will not be enforceable.
• compromise ourselves to always respect your privacy;
• if we make any material changes to this Policy, we will endeavour to notify you by email or by posting a prominent notice on the Platform prior to the change becoming effective.
You may refer to the “Last updated” date to determine if the Policy has changed since the date of your last visit.