Română Personal Data Processing Policy
Version 22.1, last updated: 06.01.2021
Lightly is aware of the importance of your data and is committed to protecting your privacy and security. Therefore, it is important for us to provide you in a transparent manner the information regarding the processing of your personal data under this Personal Data Processing Policy, applicable for the purposes and in the situations set out below.
By creating an account on the Lightly application, accepting the provisions of the Terms and Conditions and accepting this Policy for the processing of personal data, you acknowledge and agree to the processing described in this document.
-
About us
-
Lightly is a service through which the owners/tenants of a building can track and pay the rents, utilities or any other payments generated by the maintenance of a building. The services we offer are the following:
For owners:
centralization and tracking of invoices issued by various service providers;
tracking your or your tenant's bill payments;
records of leases;
records of owned properties;
the record of the rent payment by the tenant;
For tenants:
easy viewing and payment of due invoices;
view the amount of rent payment;
-
The entity that provides the services offered on the Lightly.ro platform is THE COFFEE POT S.R.L., CIF 33751330.
-
-
What information do we process?
-
In order to provide our services, we process the following categories of personal data of users:
Email, for creating an account in the platform;
telephone number, for access to invoices related to the telephone subscription, respectively for various notifications issued by the application;
password, for access on the lightly.ro platform;
username and password related to the websites of the service providers that will be connected to the Lightly platform (providing services of: electricity, gas, telephony, internet, etc.);
billing data present on invoices issued by service providers;
data regarding rental contracts;
IBAN;
-
In order to improve the services offered by the Lightly application:
We store data related to visiting sessions for the purpose of telemetry and troubleshooting in the application.
-
For the purpose of marketing communications:
email;
phone number;
name.
For the purposes determined by the legislation in force, in connection with the activities mentioned above for the related archiving obligations in order to maintain records related to the activities carried out, to protect the rights in court and to exercise other rights according to the law and concluded contracts, the fulfillment of possible archiving requirements , in accordance with legal provisions.
-
-
To whom do we disclose your personal data?
-
In order to provide Lightly services, we transfer your data to the following companies:
Amazon Web Services ("AWS") - we use AWS services to store all information collected from users, except for information about payments made through our platform;
Netopia Payments - we use Netopia Payments services to process transaction information for the Services you purchase on our platform;
Smart Fintech - we use Smart Fintech services to make payments for bills issued by utility providers (gas, electricity, water, internet, TV, etc.) that you choose to make through Lightly. For this purpose, we transfer to Smart Fintech the following information of the user: IBAN, email, data included in the invoice;
third-party service providers that you will connect with through the Lightly platform.
-
In order to fulfill the legal obligations:
we may transmit your data to public authorities (Prosecutor's Office, Police, courts and other competent state bodies), on the basis and within the limits of legal provisions and as a result of expressly formulated requests.
Lightly's personal data is not sold to third parties or transferred outside the European Union.
-
-
What rights do you have regarding the processing of your data?
-
By reading this Policy, you acknowledge that your rights under the applicable law are guaranteed, namely:
the right to be informed about the processing of your personal data;
the right to access your personal data;
the right to rectify your personal data;
the right to delete (“the right to be forgotten”) your personal data;
the right to obtain the restriction of processing;
the right to data portability;
the right to object to the processing of personal data concerning you and to request the rectification, updating or deletion of data in accordance with the law - in the case of personal data processed for direct marketing purposes, this right can be exercised at any time, free of charge and without justification;
the right not to be subject to an individual automatic decision, including the creation of profile;
to submit a complaint to the National Authority for the Supervision of Personal Data Processing www.dataprotection.ro;
the right to go to court if you consider that your rights under this law have been violated;
You can exercise these rights by sending an e-mail to privacy@lightly.ro or by accessing the contact form at https://lightly.ro/support.
-
-
Collection of personal data of minors
Lightly does not collect or process personal data of minors. We also do not carry out direct marketing promotional activities for minors.
Minors who have reached the age of 16 may purchase products or services and request and receive communications from Lightly only if they have the consent of their legal representative or guardian, as required by law.
By reading and accepting the provisions of this policy, any person who provides us with personal data through the site or other applications or devices covered by this Policy guarantees that he is of at least 18 years old and has full capacity to exercise.
Any collection or processing of personal data of minors will be carried out only in accordance with the law.
-
How long do we process your data?
Your data will be kept for as long as you have an active account on our platform;
In order to protect the security and safety of our users' information, we have implemented a data retention period of three months from the time of account deletion. During this period, account information will be retained, although the account will no longer be visible on our platform;
-
We will also delete your information after 1 year of continuous inactivity, unless:
we need to keep the information in order to comply with applicable law (for example, some “traffic data” is kept for one year in order to comply with legal data retention obligations);
we must keep them in order to prove compliance with applicable law (for example, records of consents to our Terms, Privacy Policy and other similar consents are kept for five years);
there is a problem, a complaint or an unresolved dispute that requires us to keep the relevant information until it is resolved; or
information must be kept for our legitimate interests, such as preventing fraud and improving the safety and security of users. For example, the retention of information may be necessary to prevent a new account from being opened by a user who has been excluded due to dangerous behavior or security incident;
at the same time, the storage of personal data for a longer period of time can be done to compile statistics, improve services, manage customer accounts, research/market research.
-
Information security
We make every effort to protect the information we collect against unauthorized access, alteration, disclosure or destruction. As with all technology companies, although we take steps to secure the information, we cannot guarantee that the information will always remain secure.
We regularly monitor systems for possible vulnerabilities and attacks and regularly review our information collection, storage and processing practices to update our physical, technical and organizational security measures.
We may suspend the use of all or part of the Services without prior notice if we suspect or detect a breach of security. If you have any doubts about the security of your account or information, please let us know immediately.