So nexy - making learning sexy again
Descarcă aplicația

Privacy Policy

Version of 07.02.2025

For information about deleting the account press here

  1. INTRODUCTORY INFORMATION

By means of this Privacy policy we inform you with respect to our practices regarding applying the provisions of the EU Regulation (UE) 2016/679 of the European Parliament (hereinafter referred to as “GDPR”) but also as regards personal data that we are processing, the aims and grounds of the processing, as well as the rights of data subjects.

Evolution Journey S.R.L. with seat in Bucharest Municipality, Sector 1, no.8 Menuetului str., Section 1, Room 2, third 3, Ap.4, registered with the Trade Registry under no. J40/27/2018, Sole Registration Code 38648191, (hereinafter referred to as ”the Company”) is the owner and administrator of the website sonexy.com (hereinafter referred to as “the WEBSITE”) and the application SO NEXY (hereinafter referred to as “the APPLICATION”); consequently all information comprised in this Policy is related and valid with respect to the activity within the WEBSITE and APPLICATION.

The terms used in this document have the meaning provided by GDPR and all the other legal provisions relevant:

  • „Personal data” means any information relating to an identified or identifiable natural person („data subject„); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or several specific elements, specific to their physical, physiological, genetic, psychological, economic, cultural or social identity;
  • „Processing” means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
  • Data controllermeans the natural or legal person, public authority, agency or other body which, alone or together with others, determines the purposes and means of processing personal data;
  • Data processor means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller;
  • Recipientmeans the natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities to whom personal data may be communicated in the context of a specific investigation in accordance with Union or national law are not considered recipients; the processing of this data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing;
  • Consentof the data subject means any manifestation of the data subject’s free, specific, informed and unambiguous will by which he accepts, through a statement or an unequivocal action, that the personal data concerning him be processed.
The company hereby pledges to abide by the data protection listed by GDPR, in order to ensure that all data are:
  • Processed fairly, legally and transparently;
  • Collected for specified, explicit and legitimate purposes;
  • Adequate, relevant and limited in relation to the purposes for which they are processed;
  • Correct and updated;
  • Kept in a form that does not allow the identification of the data subjects for longer than is necessary in relation to the purpose of the processing;
  • Processed in accordance with the rights of the data subject, in a way that ensures adequate security of the processing, so that the data are intact, confidential and available.
  •  
 

2. PERSONAL DATA TYPES

We collect personal data of the WEBSITE and APPLICATION users for the creation of user accounts and for the targeted persons to have access to the information provided by the WEBSITE and APPLICATION: Name, surname, e-mail address, profile picture.

3. THE PURPOSE FOR OUR PROCESSING OF PERSONAL DATA

We request and process personal data in order to:

  • make possible the creation and/or maintenance of your account in the WEBSITE and APPLICATION;
  • diagnose or fix technical problems, ensure the proper functioning of the WEBSITE and APPLICATION;
  • prevent spam, fraud and abuse and to help recover your account, account username via email;
  • contact you once you have expressed your consent in the „CONTACT” section;
  • in the unlikely event of litigation, to establish or claim a right in court.
  • for marketing purposes, only in case we have your prior consent.
 

4. GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL DATA

The Company processes personal data in the WEBSITE and APPLICATION:

  • based on the consent given by the persons entrusting us with the data (art. 6 para. 1 sentence 1 letter a. of the GDPR)
  • for the execution of a contract which you are a party of (art. 6 para. 1 thesis 1 letter. b GDPR)
  • in order to fulfil one of our legal obligations (art. 6 para. 1 thesis 1 letter. c GDPR)
  • as per the legitimate interest of the Company (art. 6 para. 1 thesis 1 letter. f GDPR).
 

5. PERSONAL DATA TRANSFERS

We may disclose your personal data, subject to applicable law, where necessary to comply with the law or to protect the security or integrity of the WEBSITE and APPLICATION. Also, there are cases when the data are sent to the competent authorities and institutions in carrying out inspections and controls on the Company’s activity, lawyers, financial auditors.

Whenever we use subcontractors, acting either as a data controller or as data processor, we ensure that the requirements set out by the GDPR are met and that your personal data are processed in an appropriate manner.

In principle, your personal data will not be transferred to a third country or an international organization.

In the event that we are required to disclose your personal data by a court order or to comply with other legal requirements, we will notify you by means of a notice before providing such data unless such disclosure is prohibited. We will not sell, disclose, share your personal data without obtaining your consent and permission.

6. STORAGE DURATION OF PERSONAL DATA

In order to fulfil the purposes described above as well as to fulfil the legal obligations to which we are subject, we keep the personal data provided by you for a reasonable period of time, as long as it is necessary to fulfil the purposes, but not more than 5 years from the termination of the contract with the Company or during the period imposed on us by law or until the moment when the data subject, or the legal representative, manifests the right of opposition/deletion (except in the case where the Company processes the data on the basis of a legal obligation or justifies a legitimate interest).

After the end of the personal data processing operations, for the purpose for which they were collected, if the data subject or his legal representative does not exercise the right of opposition/deletion, according to the law, these data will be destroyed or deleted from the computer systems of the Company or transformed into anonymous data to be used for scientific, historical or statistical research purposes.

7. SAFETY MEASURES FOR PROTECTING PERSONAL DATA

We are committed to adopting appropriate technical and organizational measures in accordance with industry standards. The WEBSITE and APPLICATION are aligned with GDPR requirements and use encryption and personal data security technology.

The company will not disclose the personal data collected through the WEBSITE and APPLICATION with the exception of its authorized employees and contractors/partners, who have the capacity of data processors.

The company has undertaken responsibility for the implementation of appropriate technical and organizational measures regarding the protection of personal data, respectively for the protection against unauthorized access, use, alteration or destruction of personal data according to the provisions of the GDPR, as follows:

  • The personal database can be accessed by designated employees, collaborators and/or service providers, only based on username and password.
  • All employees, collaborators and service providers of the Company, who come into contact with personal data, will act in accordance with the principles of policies and procedures for the protection and security of personal data by signing statements and confidentiality agreements regarding these data.
  • The computers which the database is accessed from are password-protected, have implemented up-to-date anti-virus, anti-spam and firewall protection solutions.

Personal data are stored through the cloud services offered by Google Mongo and Firebase, the servers are located on the territory of the European Union, in full compliance with legal requirements and under conditions of maximum safety and protection.

8. RIGHTS ODF DATA SUBJECTS AS REGARDS DATA PROCESSING

In the context of the processing of your personal data, you have the following rights:

  • The right of access to processed personal data: you have the right to obtain confirmation of whether or not your personal data are processed and, if so, to have access to the type of personal data and the conditions under which they are processed, by addressing a request to this effect to the data processor;
  • The right to request the rectification or deletion of personal data: you have the possibility to request, by sending a request in this regard to the data controller, the rectification of inaccurate personal data, the completion of incomplete data or the deletion of your personal data if (i) the data are no longer necessary for the original purpose (and there is no new legal purpose), (ii) the legal basis of the processing is the data subject’s consent, the data subject withdraws his consent and there is no other legal basis, ( iii) the data subject exercises his right to object and the data controller has no legitimate reasons to continue the processing, (iv) the data have been processed illegally, (v) the deletion is necessary to comply with EU or Romanian legislation or (vi) the data were collected in connection with information company services offered to children (if applicable), where specific consent requirements apply;
  • The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period that allows the data controller to verify the accuracy of the personal data; (ii) the processing is unlawful, but you do not want us to delete your personal data, but to restrict the use of such data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need the data to establish, exercise or defend a right in court; or (iv) you have objected to the processing, for the period of time in which we check whether the legitimate grounds of the data controller prevail over the rights of the data subject;
  • The right to withdraw your consent to processing, when the processing is based on consent, without affecting the legality of the processing carried out up to that point;
  • The right to object to data processing for reasons related to your particular case, when the processing is based on legitimate interest, as well as to object at any time to data processing for direct marketing purposes, including creating profiles;
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects him in a significant way;
  • The right to data portability, meaning the right to receive your personal data that you have provided to the data controller in a structured, commonly used and machine-readable form, as well as the right to transfer that data to another data controller, if the processing is based on your consent or the performance of a contract and is carried out by automated means;
  • The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address the competent courts.

The above rights can be exercised at any time. To exercise these rights, we encourage you to send a request in writing, dated and signed or in electronic format to the following address: Bucharest Municipality, Sector 1, no.8 Menuetului str., Section 1, Room 2, third 3, Ap.4, or by e-mail to: contact@sonexy.com.

9. UPDATING THE PRIVACY POLICY

This Privacy Policy may undergo occasional changes/updates. All updates and changes to this Policy are effective immediately upon notice, which we will provide by posting and/or email notification.

You may post any question with respect to this document to the following e-mail address: contact@sonexy.com.

10. DELETING THE ACCOUNT

You have the right to request the deletion of your account and all associated data. To initiate the deletion process, please send an email from the email address used to create your account to contact@sonexy.com.

Please ensure that the email clearly includes your request to delete your account. Upon receipt of your request, we will process the deletion of your account and all associated data as soon as possible.

Download SoNexy app

Scan the QR code to download the app on mobile

or use one of the links below to download the app