This document is created on the basis and in accordance with the General Data Protection Regulation
(GDPR) (EU) 2016/679 with the purpose to inform you regarding your rights under GDPR legislation.
This document applies to you, in your quality of User of ro.exchange website (the “Platform”).
Who is collecting your personal data?
Your personal data is collected by Block Capital SRL (Cluj-Napoca, Dorobanților Nr. 5, Cluj, Romania CUI 39915424 / J12/43172018 / (EUID)ROONRCJ12/4317/2018), the
provider of ro.exchange website and Service.
What data is being collected?
When creating your user account and/or when using the Service, we may collect the following
The data required for creating the User Account: name, email, phone any other required data
as mentioned in the singing-in page under the Platform;
The data required for validating your identity, as such data result from the identification
documents that you provide to us;
Your activity under the Platform.
Why the data is being collected? How will the information be used?
Our primary purpose in collecting personal information is to provide you with a secure, smooth,
efficient, and customized experience when using the Service. We may use your personal information
Evaluate, approve and/or verify your Account after you sign up on the Platform;
Provide you the Service (the right to use the ro.exchange website);
Resolve disputes and troubleshoot problems;
Prevent potentially prohibited or illegal activities, and enforce our Terms of Service;
In some circumstances the data is collected and used in order to comply with legal obligation that
we might have.
Also, in case we have your consent, your data might be used on marketing purposes (in order to
promote our services to you).
What is the legal basis for processing the data?
We collect and process your data for the purposes stipulated under clause. 4.1 above based on GDPR
Regulation article 6 paragraph 1, letter b (execution of a contract).
We collect and process your data for the purposes stipulated under clause. 4.2 above based on GDPR
Regulation article 6 paragraph 1, letter c (legal obligation).
We collect and process your data for the purposes stipulated under clause. 4.3 above based on GDPR
Regulation article 6 paragraph 1, letter a (your consent).
Please be advised that if you do not accept to process your data required for the provision of
Service, you will not be able to use the Platform and the Service.
How long the data will be stored for?
When we process your data with the purpose to provide you the Service we will store your data as
long as we will provide you the Service. Therefore, we will delete your personal data at the moment
when your user account is deleted (by you or by us), unless we need to keep storing your personal
data on the basis of a legal obligation and/or unless we need to retain some personal information
from your account to collect any fees owed, resolve disputes, troubleshoot problems, assist with
any investigations, prevent fraud, enforce our Terms of Service.
When we process your data based on a legal obligation, the data will be stored for the entire
duration required by the law.
When we process your data based on your consent, the data will be stored as long as we have your
consent, but not more than 5 years.
We will delete and/or fully anonymize your data at the end of the storage period.
Where do we store the data?
The data is stored in United States.
What security measures we have implemented in order to protect the data?
In order to protect your data, we have implemented security measures in accordance with the
applicable laws and the best industry practices. In this respect, we protect your information using
physical, technical, and administrative security measures to reduce the risks of loss, misuse,
unauthorized access, disclosure, and alteration. We will protect your data for any security
incidents, but we cannot guarantee that such incidents cannot occur.
In case of personal data breach which is likely to result in a high risk to your rights and
freedoms we will communicate the personal data breach to you, without undue delay.
Will the data be shared with any third parties?
We will not share your data with third parties unless: we will have such a legal obligation; we
will have your consent; it is necessary to share information in order to investigate, prevent, or
take action regarding illegal activities, suspected fraud, situations involving potential threats
to the physical safety of any person, violations of Terms of Service, or as otherwise required by
law. We may also share your data with our service providers under contract who help with our
business operations such as fraud prevention, marketing, and technology services.
What rights do you have?
According to GDPR Regulation, you have the right to:
information about the processing of your personal data;
obtain access to the personal data held about you;
ask for incorrect, inaccurate or incomplete personal data to be corrected;
request that personal data be erased when it’s no longer needed or if processing it
object to the processing of your personal data for marketing purposes or on grounds
relating to your particular situation;
request the restriction of the processing of your personal data in specific cases;
receive your personal data in a machine-readable format and send it to another controller
request that decisions based on automated processing concerning you or significantly
affecting you and based on your personal data are made by natural persons, not only by
computers. You also have the right in this case to express your point of view and to
contest the decision.
Withdrawn your consent.
To exercise your rights, please contact us by email at: firstname.lastname@example.org. We will try
to respond to your request as fast as we can, but no later than 1 month since we receive your
We might ask you to provide information to confirm your identity (such as, clicking a verification
link, entering a username or password, id copies or others) in order to be able to respond to your
Do we use automated individual decision-making, including profiling
No, you will not be subject to any decision based solely on automated processing, including
How can you raise a complaint?
According to GDPR Regulation, you have the right to lodge a complaint with a supervisory authority.
Usually you will lodge a complaint with the supervisory authority headquartered in your country or
in the data controller’s country. Please find the Data Protection Authorities contact information
How can you contact us?
For any question or request regarding your data, please contact us at the following email address: