Welcome to our website https://spotlegal.io !   

We are IO MASTERMINDS S.R.L., a company registered in Romania with the Bucharest Trade Registry under No. J40/3313/2020, sole registration code (in Romanian “Cod Unic de Iinregistrare”) 42364171, with registered office address at 1A, Ispravnicului Street, Room 1, Bucharest District 2, postal code 023741, Romania (hereinafter referred to as “the Supplier”, “we,” or “our”).  

The Supplier respects your right to privacy and is committed to protect your personal data and use it appropriately.  

This is a Privacy Notice and it explains how the Supplier processes (collects, stores, shares, uses) the personal data that you share with us when you visit our internet page and/or communicate with us otherwise, or which we generate about you, and what your rights are in this regard. 

Before sharing with us any information, we kindly ask you to read carefully and thoroughly this Privacy Notice.  For data protection purposes, the Supplier is the data controller of your personal data you submit to us. 

We reserve the right to change and or update from time to time this Privacy Notice at our discretion at any time.  You will be accordingly notified in advance of material changes and/or updates, which we also urge you to read carefully and make sure you understand.   

The personal data that we collect about you 

As used in this Privacy Notice, “personal data” means any information that can be used to individually identify you directly or indirectly, alone or along with other information, or contact you online or elsewhere.  The categories and volume of personal data that we collect vary depending on the activities in relation to which the data is collected and include:  

• your name and surname; 
• your email address; 
• your mobile phone number; 
• your address; 
• your voice and inquiries made when contacting us; and or 

• other personal data clearly identified to you at the point when such data is collected. 

Data with respect to the use of our website by you, which we obtain by means of tracking technologies such as cookies, IP address recording, log file. Such data includes your IP address and if you have logged in, your log in details, as well as information as the pages you have viewed, for how long and your website journey. More about that in our Cookie Policy.

How we collect your personal data 

We solely collect your personal data with your informed knowledge i.e. when you voluntarily submit it to us or when it is generated in the course of your relationship with us. 

Collection of data occurs in various ways, by way of flyers or forms, filled in by you or at your request by our employees or other dedicated personnel, fiscal receipts, or electronically.  For example, personal data collection happens: 

• when you opt-in to receive the “5LegalHacks Brochure” or other similar flyers that we share with you on an opt-in basis; 

• when you book a Free Legal Strategy Session with us; 
• when you opt-in to open an account with us, 
• when you take part in the events that we organize, 
• when you accept to participate to our marketing campaigns, 
• when you claim a voucher or other benefits as a result of a promotional activity or otherwise, 

• when you subscribe for other ancillary services, such as our newsletters,  
• when you contact us for various purposes (feedback, questions, or comments through a ‘contact us’ form), 
• by means of tracking technologies, such as cookies, IP address recording, log files. 

Once collected, we shall at all times ensure that any processing of personal data is carried out with the observance of the applicable laws, this Privacy Notice and for the purpose for which you submitted such data to us. 

For what purpose we use your personal data 

You need to know that for the processing of the personal data that you voluntarily submit to us, in certain cases your express prior written consent is required, however there are other cases where we may lawfully process this data in order to: 

• comply with various laws that govern our business activity, or 

• perform our contractual obligations to you, or 
• take steps as per your request prior to entering into a contract with you, or 
• protect a legitimate interest which we or a third party might have, except when such interests are overridden by your interests or fundamental rights and freedoms 

Your consent shall be deemed granted when you actively give us your permission in view of such processing, most usually by ticking the relevant tick box or clicking a button whereby you express your wish to register in an event or to subscribe to our newsletter service.  

The data we collect is only used for the purpose for which you submitted it to us, and such purpose is made clear to you at the point it is collected or here in this Privacy Notice.  Thus, we intend to use your personal data as follows: 

(A)  We shall process your personal data in order to perform the contract based on which we provide our services to you, or in order to take steps at your request prior to entering into the contract for our services, in the following cases: 

1. In order to grant you the services and/or products that you are entitled to, further to using our services and products; 

1. When you register in an event (promotional activities, social campaigns and others), we shall use the personal data that you willingly submitted to us to offer you the benefits that customarily come along with such registration: you will be able to participate in the event, to be contacted for clarifying your participation details, to benefit from our trainings, as the case may be.   

1. When you contact us voluntarily, we shall use your personal data in order to respond to your questions, comments and claims, to offer guidance and clarifications, to provide you with assistance and customer support. 

1. The placement of certain cookies on your computer, called Necessary cookies, is necessary in order to display the website page to you. Such cookies fall into the category “Essential cookies” which are needed for our website to function and, therefore, cannot be turned off. 

1. We may use your e-mail address or mobile phone number also in order to: 

• send you administrative communications such as confirmation e-mails when you sign up for or unsubscribe from a specific registration or activity 

• send you certain service-related announcements, such as updates to our Terms and conditions, the Privacy Notice or other policies. 

 (B)  Based on your prior consent, we shall process your personal data in the following cases: 

1. When registering in an event, you may also be given the free choice to sign up (through a tick box or else) for an activity or service different from the one you are requesting. For example, if you register your data for a promotional activity, you may also be asked if you desire to sign up for our newsletter about other products, services and or events of ours or our affiliates mentioned below in the Section “With whom we share your personal data”, or to allow us to use your personal data for publicity purposes, or to participate in a survey. You will be free to refuse such additional options.   

1. If and when you subscribe to receive our newsletters, we shall use your personal data to send you our newsletters periodically.  You will be eligible to receive various information on our and/or our affiliates’ activities and events (promotions, social campaigns, new products launched or offered by us or our affiliates), whether they are organized by us or by companies which are affiliated with us.  

1. If and when you accept to participate in a survey, we shall use your personal data to send you our surveys, which are ordinarily carried out in order to receive our clients’ opinions on our products and services and to improve their experience with us, but also to acknowledge the market preferences, desires, expectations and consequently be able to offer better products and services.   

1. If and when you accept to have your personal data used for publicity purposes, we shall use such data for such purpose, in the form agreed with you.   

1. If and when you sign up for receiving our direct marketing communications (including newsletters, invitations, surveys, etc.), we shall also use your personal data to contact you with general or bespoke service-related notices and promotional messages. Through signing up for our direct marketing communications, YOU EXPRESSLY AGREE TO RECEIVE MESSAGES, CALLS AND/OR PROMOTIONAL CONTENT FROM US OR OUR AFFILIATES ACTING AS DATA PROCESSORS (in the section below “With whom we share your personal data”) ON OUR BEHALF THROUGH YOUR EMAIL ADDRESS AND PHONE NUMBER OR OTHER MEANS THAT YOU SHARED WITH US.  Thus, you enable us to call you and deliver to you promotional content or messages via SMS, email, direct text messages, instant messages, marketing calls and other types of communication.  Should you at any time desire not to receive such promotional calls, messages, notices or information, you may notify in this respect the Supplier or follow the “UNSUBSCRIBE” or STOP instructions contained in the promotional messages you receive. 

1. In order to improve your experience on our website and provide you a more personalized content, we collect data about your use of our website, such as the pages you have viewed, for how long and your website journey.  This data includes your IP address and if you have logged in, your log in details and it is collected by means of cookies or other tracking technologies. In this respect, please note that there are three categories of cookies on our website – Essential, Performance and Advertising. All cookies, except for the Essential cookies, which are needed for our site to function, can be turned off, if you wish. Please note that if you do delete all your cookies, some features of our websites, such as remembering your login details, will not work and your experience on our websites may be affected. 

(C) Based on our legal obligations, we shall process your personal data in the following cases: 

1. In order to strengthen our data security and fraud prevention capabilities.  

1. In order to comply with the obligations imposed by the legal framework applicable to the ecommerce industry. 

1. In order to perform our fiscal obligations in accordance with the applicable tax provisions and other relevant tax legislation. 

(D) For pursuing our following legitimate interests, we shall process your personal data as follows: 

1. Based on our interest for improving our products and services – we shall process your personal data for statistical purposes, to produce depersonalized aggregated statistical data, which we use to improve our products and services. 

1. Based on our legitimate interest to strengthen, expand or make our business more efficient – we shall process your personal data in case of legal reorganization or merger or acquisition by another company or in case of a transfer of business. 

1. Based on our legitimate interest to protect, secure, or prevent loss/damage to our rights – we shall process your personal data in the context of filing claims or responding to claims filed against us. 

Purpose and availability of the Privacy Notice 

This Privacy Notice is meant to inform you with respect to the processing activities we perform in connection with your personal data, so we urge you to read it carefully prior to sharing with us any personal data.  This Privacy Notice is located at https://spotlegal.io and is also available on other pages or locations where personal data is requested.  At such time as the data is collected, further information may be provided, as may be necessary, in other documents (such as, but not limited to, promotional campaigns etc.) as to the purposes for which the personal data will be used.  Nevertheless, the collection by us in all circumstances of personal data shall be governed by the general terms of this Privacy Notice, which shall prevail upon other documents in case of discrepancies.  

What happens if you do not provide and let us use your personal data 

You may at any time decide not to submit the required personal data.  However, in case of your refusal to share your personal data if and when requested, we might not be able to fulfill our contractual obligations when collecting and processing the respective data represents for us a legal obligation (for example, if you refuse to provide us with your delivery address, we cannot deliver to you the products/services, further to your acquiring our products/services). Also, you may not be eligible to participate in certain activities or events if you do not provide the minimum required information (for example, should you refuse to share with us your contact details, you may not participate in a training or event, as we would have no possibility to contact you to participate).    

Your refusal to share your personal data in order to benefit from certain services may also limit the services and special offers we can provide you. As an example, if you fail to give your consent for receiving our newsletter, you will not be able to receive any of our newsletters.  However, please be informed that we do not process your personal data should you just want to browse our website and find out more about our services and products. 

With whom we share your personal data and why 

In the situations when your consent is required in this respect, if you agree with such sharing, please note that we also share your personal data with data processors, acting as our contractors or service providers (also referred to as business partners in this document), for the purposes listed in the Section “For what purpose we use your personal data” above. For example, we use the services of: 

• Payment processing services providers; 
• Customer experience automation providers (such as email marketing, CRM, etc.) 

• IT& C support providers; 
• Accounting services providers. 

These data processors, or controllers, as the case may be, are under the obligation to ensure at least the same level of diligence and security as us when it comes to the processing of your personal data.  We also ensure that they are contractually obliged to process it solely based on our instructions, for the purposes set by us and in a manner that ensures its appropriate security and confidentiality, including for preventing unauthorized access to, or use of, such data and the equipment used for the processing. 

Please note that we may have legal obligations to share your personal data with the Romanian authorities (such as tax authorities, the ANPC, police, courts of law) if so required by the applicable laws.  We may also share your personal data, in good faith, in order to protect, secure or prevent loss of our rights or for the legitimate interest of the Supplier or its clients or the public, or to respond to various claims by other parties.  

Personal data sharing may occur as part of our legal reorganization or merger or acquisition by another company or in case of a transfer of business on the basis of our legitimate interest to strengthen, expand or make our business activity more efficient.  In any of the listed cases, the acquirer may have access to the data that we store, including your personal data, always subject to the applicable law.  

We may also share aggregated statistical data or survey results; however, such data are anonymized and contain no personal data.  

We will never share your personal data with any third party that intends to use it for direct marketing purposes, unless we have specifically informed you of this and you have given us explicit permission to do this. 

Where your personal data is stored 

Your personal data will be maintained, processed and stored by us and our services providers on the European Union territory, in Bucharest, Romania and Limburgerhof, Germany.  

Each of our services providers that process and store your personal data is committed to keep it protected and secured, in accordance with industry standards and irrespective if any lesser legal requirements may apply in their jurisdiction. 

Furthermore, the majority of the service providers which act as data processors on behalf of the Supplier are enrolled in the US – EU Privacy Shield, which is a framework for transatlantic exchanges of personal data for commercial purposes between the EU and the United States of America, approved by the EU through the EU-US Privacy Shield Decision adopted on 12 July 2016.  The US – EU Privacy Shield provides for a self-certification mechanism through which US based companies commit to comply with the privacy principles set out in the US – EU Privacy Shield framework, which is deemed as representing an adequate level of protection of personal data. 

In the case of the data recipients which are located in third party countries for which the European Commission did not issue an adequacy decision or which are not enrolled in the EU – US Privacy Shield, the Supplier concluded with each such recipient contracts which include contractual clauses aimed to ensure the appropriate level of protection. 

Term of storage of your personal data  

We assure you that your personal data will solely be stored just for as long as necessary, in accordance with the purposes for which they were collected.  

For your information, we shall retain personal data: 

• for as long as we are required to comply with our applicable laws and reporting and regulatory obligations (for example, archiving terms provided in the accounting legislation);  
• for as long as needed to provide you with our services and fulfill our obligations to you; 

• for a period of time as provided in the applicable statute of limitations, in order to be able to respond to any potential claims and requests and protect our rights and any legitimate interests;  
• for as long as necessary to respond to your questions, offer guidance and solve your problems in connection with our services;  
• to prevent fraud and abuse (for example, personal data collected in the course of know your customer procedures must be stored for a minimum period of 5 years according to the provisions of Law no. 656/2002 for the prevention and sanctioning of money laundering as well as for the implementation of measures for the prevention and fight against terrorism). 

Upon expiry of the above-mentioned terms, your personal data will be deleted.  

Should you desire at any time that we stop using your personal data to provide you with services, please contact us as described in Section How you can access, modify, delete or object to the use of your personal data.  

Please note that in cases where your personal data deletion requests are conflicting with our legal and regulatory obligations or the data concerned by your deletion request are necessary for the exercise or defense of our legal claims, we might not be able to satisfy your request.  

How we keep your personal data secure  

The Supplier has implemented all necessary technical and organizational measures, be them physical, electronic or procedural, to protect the confidentiality and security of the personal data you share with us.   

These measures include, without being limited to:  

-       Storage of the personal data in environments that are solely accessible to authorized and trained personnel.  

-       Passwords. 

-       Monitoring the systems for possible vulnerabilities and attacks.  

Your rights 

You will at all times have the following rights as to your personal data processed by us (the “Rights”): 

1. Right to basic information. You have the right to be provided with information on the identity of the controller, the controller’s reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of your personal data. 

1. Right of access. You have the right to confirmation of whether, and where, our company is processing your personal data, information about the purposes of the processing, information about the categories of data being processed, information about the categories of recipients with whom the data may be shared, information about the period for which the data will be stored (or the criteria used to determine that period, information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing, information about the existence of the right to complain to the Data Protection Authority (ANSPDC), where the data were not collected from you, information as to the source of the data, information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.  

1. Right to rectification. You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. 

1. Right to erasure (‘right to be forgotten’). You have the right to obtain from us the erasure of your personal data without undue delay and we shall have the obligation to erase your personal data without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent on which the processing is based, if there is no other legal ground for the processing; (c) you object to the processing pursuant to your opposition right and there are no overriding legitimate grounds for the processing, or you object against the processing of your data for direct marketing purposes; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in EU or other law applicable to us. Notwithstanding the above, we may continue to lawfully process your personal data to the extent that processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the establishment, exercise or defense of legal claims.  

1. Right to restriction of processing. You have the right to obtain from us restriction of processing where one of the following applies: (a) if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you objected to processing pending the verification whether our legitimate grounds of override those claimed by you.  

1. Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means. 

1. Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on the legitimate interests of ours or of a third party. However, we have the right to prove that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the purpose of the processing is for the establishment, exercise or defense of legal claims. 

1. Right not to be subject to a decision based solely on automated processing.  Unless the decision (a) is necessary for entering into, or performance of, a contract between the you and us; (b) is authorized by the Union law or the law applicable to us; or (c) is based on your explicit consent, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. 

We will give effect to the rights of access, rectification, erasure and the right to object free of charge. We may charge a reasonable fee for repetitive requests, or requests which we find manifestly unfounded or excessive or for further copies. 

We will respond to you in a time frame of 30 days after receiving a request from you made under those rights. If we receive large numbers of requests, or especially complex requests, the time limit may be extended by a maximum of two further months. 

If we will not meet this deadline, you may complain to ANSPDC and may seek a judicial remedy. 

How you can access, modify, delete or object to the use of your personal data 

In order to exercise your Rights listed above, you can always contact us at: privacy@spotlegal.io  

You may at any time refuse to share any of your personal data with us or you may object to the processing of your personal data by us. However, you must understand that if you choose this option in certain cases, we might not be able to fulfill our contractual obligations to you. As mentioned in Section “What happens if you do not provide and let us use your personal data” above, such situations may occur when collecting and processing the respective data represents for us a legal obligation (for example, if you refuse to provide us with your address, we cannot deliver your goods to you, further to your acquiring our services/products). Similarly, you may not be eligible to participate in certain activities or events if you do not provide the minimum required information, or restrict the use of the information already provided (for example, should you refuse to share with us your contact details, you may not participate in a promotional activity, as we would have no possibility to contact you to collect your winnings).  

We recommend that you do not opt-in for communications or services when you first register, if you do not want to receive such services or communications (newsletters, calls, announcements, or other communications and/or services from us).  If you opted-in and you subsequently decide that you no longer desire to benefit from these services or communications, we inform you that we give you the option to discontinue receiving communications and services in the future by unsubscribing.  For this, you just need to follow the unsubscribe process or instructions provided in our communications or notify us of your intention at: privacy@spotlegal.io 

How you can contact us 

For any questions or requests for clarification in connection with this Privacy Notice, you are invited to contact us at: privacy@spotlegal.io or at the address: Str. Ispravnicului No.1A, Room 1, Bucharest District 2, postal code 023741, Romania.