top of page

GDPR (General Data Protection Regulation)

Thank you for your interest in our company, website, services, and/or products. When you establish a relationship with us and use the services of our company SC BIOSCALE ARCHITECTURE SRL, you entrust us with information about yourself, also known as personal data, and we appreciate the trust you place in us.

 

The protection and confidentiality of personal data are very important to us, and we strive to store and process them securely and carefully. In this regard, we explain our practices regarding your data privacy clearly and transparently in this document (hereinafter referred to as "Privacy Policy," "This Document," or "Document").

 

Please read this in conjunction with our Terms and Conditions (which you can find [here](insert link)). Our privacy policy aims to inform you about the processing of your personal data in connection with your visit to our website https://bioscale.studio (hereinafter referred to as the "website") and your use of any additional services offered by SC BIOSCALE ARCHITECTURE SRL. By visiting the website, purchasing our products and/or services, or interacting with us in any way, you declare your agreement with this Privacy Policy.

 

If you do not agree with what is described in This Document, please do not use our services. We inform you that SC BIOSCALE ARCHITECTURE SRL is a data controller within the meaning of the GDPR for the processing of personal data.

​

Introduction 

​

Purpose of the Privacy Policy

 

The purpose of this Privacy Policy is to explain what information we process (collect, use, share), why we process it, how we process it, your rights under the GDPR, and how you can update, manage, export, and delete your data. In this regard, we act as a data controller and, by law, are obliged to provide you with this information. Please be aware that this Privacy Policy applies wherever you find us online.

​

Who We Are

 

Below, you will find our identification data: SC BIOSCALE ARCHITECTURE SRL, a Romanian company with its registered office at 31 Dărmănești Street, Sector 1, Bucharest, registered with the Trade Register under order no. J40/927/2021, fiscal registration code 43595611, phone: 0773 883 185, email: wonder@bioscale.studio; In accordance with applicable law, our company is a data controller for personal data, and to ensure the secure processing of your data, we make every effort to implement reasonable and appropriate technical and organizational measures to protect your personal data.

​

Who You Are

 

According to the law, you, the individual benefiting from our services/products, the representative or contact person of a company that is our client or potential client, the website visitor, or the person in any kind of relationship with us, are a "data subject," meaning an identified or identifiable natural person. To be fully transparent regarding data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of these rights.

​

Definitions

 

Personal Data - means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

 

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction;

 

GDPR (General Data Protection Regulation) or RGPD (Regulation (EU) 2016/679) or the Regulation - means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

​

Data Subject - represents any identified or identifiable natural person whose data is processed by us as the data controller, such as customers, potential customers, or website visitors;

​

Consent - means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they accept, by a statement or by a clear affirmative action, that personal data concerning them are to be processed;

​

Anonymization - means the irreversible removal of the identification of personal data, so that the person cannot be identified by using reasonable time, costs, and technology, either by the Data Controller or by any other person, to identify that natural person. The principles of personal data processing do not apply to anonymized data, as they are no longer considered personal data.

​

Other Services

 

This Privacy Policy does not cover the applications and websites of third parties that you may access through the links on our website, and we encourage you to review the Privacy Policy of any website and/or application before providing personal data. Additionally, we are not responsible for any links from our commercial partners or those placing advertisements within our podcasts or articles, including those on social media profiles.

 

When you click on such links, third parties may collect or share data about you. You should be aware that we do not control any links placed on the site by us or by other Users (such as links in comments, videos, community, social media, etc.), and you are fully responsible when accessing such links and assume any harm (direct or indirect) that may occur.

 

Complaints

 

For any issues or concerns regarding the processing of personal data, you should know that you can file a complaint with the data protection supervisory authority. However, please send us a request to the address mentioned in this document first, and we will make every effort to resolve your request amicably in the shortest time possible.

​

For Romania, the contact details are as follows:

Name: National Supervisory Authority for Personal Data Processing

Address: 28-30 G-ral. Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212

Email: anspdcp@dataprotection.ro

​

​

Personal Data and Data Processing | Data We Collect and How We Use It

 

Personal data or personal information includes all information about an individual that can help identify that person, excluding data where identity has been removed (anonymized data). When you browse our website or contact us for any purpose using any communication channel, you may provide us with your personal data. We may need to collect, use, store, or transfer certain personal data, directly from you or from other sources.

​

Please be aware that we do not collect any Special Categories of Personal Data about you (including details about your race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health information, sexual orientation, or criminal convictions and offenses).

 

What Happens If You Don't Provide Us with Data

When we ask you to provide personal data to access certain features or services of the website, we will mark some fields as mandatory because they contain information we need to provide the service or access to that functionality.

Please note that if you decide not to provide this information, you may not be able to complete your registration as a user or may not be able to benefit from these services or features.

​

​

Purpose for Collecting Your Personal Data

​

Data Collected: Identification Data (including audio-video, where applicable), Contact Data

Purpose: User registration, Access to materials and products

​

Data Collected: Identification Data, Contact Data, Financial and Transaction Data, Profile Data, Marketing and Communication Data, Automated/Technical Data

Purpose: Improvement of services, Use of analytical data to enhance the website, products, services, customer service, and experience

 

Data Collected: Identification Data, Contact Data, Financial and Transaction Data, Profile Data, Marketing and Communication Data

Purpose: Conclusion and execution of the sales contract or service provision that you enter into with us

​

Data Collected: Identification Data, Contact Data, Financial Data, Transaction Data, Profile Data, Marketing and Communication Data, Usage Data, Automated/Technical Data

Purpose: Customer Service/Support requests, Managing our relationship with you, which may include notifying you about changes to terms and conditions and processing our suggestion to leave a review or participate in a survey

 

Data Collected: Identification Data, Contact Data, Financial and Transaction Data, Profile Data, Marketing and Communication Data, Automated/Technical Data

Purpose: Marketing, Delivering relevant content and personalized advertisements, and measuring and understanding the effectiveness of the advertisements we provide to you

​

Please note that we will only use your personal data for the purposes for which we have collected them, unless we reasonably consider that we need to use them for another reason and that reason is compatible with the original purpose. Please be aware that we may process your personal data without your knowledge or consent, in accordance with the above rules, where the law allows us to do so.

​

​

Legal Bases for Processing Personal Data

​

Our legal bases for processing your personal data will generally be as follows:

  • Your consent for processing personal data;

  • Processing is necessary for the performance of a contract between you and us;

  • Processing is necessary for the purposes of our legitimate interests or those of another party.

​

​

Disclosure of Personal Data and Data Transfers

 

We would like to inform you that we may disclose your data to business partners or other third parties, in compliance with applicable law. We consistently make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. With these third parties, we have contractual clauses in place to safeguard your data. In these situations, we will ensure that any transfer is legitimate according to the law.

​

Additionally, we may transmit data to other parties with your consent or according to your instructions. For example, in situations where you exercise a data portability request or to competent state authorities, within the framework and limits of legal provisions and as a result of express requests.

​

The transfer of personal data to a third country can only take place if the intended recipient country ensures an adequate level of protection.

​

The transfer of data to a country whose legislation does not provide at least the same level of protection as that offered by the General Data Protection Regulation is only possible if there are sufficient guarantees regarding the protection of the fundamental rights of the data subjects. These guarantees will be established by us through contracts concluded with providers/service providers to whom your personal data will be transferred.

​

Every time we transfer your personal data outside the European Economic Area (EEA), we will ensure there is an equivalent level of protection through one of the following safeguard mechanisms:

  • We will transfer your personal data to countries where the European Commission has determined that they provide an adequate level of data protection.

  • When we engage specific service providers, we may use certain contract models provided and approved by the European Commission, which provide your personal data with the same protection they have in Europe.

​

​

​

Data Security

​

We understand the importance of personal data security and take necessary measures to protect our customers and other individuals whose data we process from unauthorized access to personal data, as well as from unauthorized modification, disclosure, or destruction of data processed in our day-to-day activities. We have implemented the following technical and organizational data security measures for personal data:

 

Dedicated Policies: We constantly adopt and review internal practices and policies related to personal data processing, including physical and electronic security measures, to protect our systems from potential unauthorized access or other security threats. These policies are subject to regular checks to ensure compliance with legal requirements and proper system functioning.

​

Data Minimization: We ensure that your personal data, which we process, is limited to what is necessary, adequate, and relevant for the purposes stated in this Policy.

 

Access Restriction to Data: We aim to restrict access to personal data we process to the minimum necessary: employees, collaborators, and other individuals who need access to process these data and deliver a service. Our partners and collaborators are subject to strict confidentiality obligations (either through contracts or legal obligations).

 

Specific Technical Measures: We employ technologies to ensure our customers' security, always striving to implement the most optimal data protection solutions. Additionally, we perform regular data backups to recover data in case of an incident and have established periodic security equipment audit procedures. However, no website, application, or internet connection is completely secure and invulnerable.

​

Ensuring Data Accuracy: Sometimes, we may ask you to confirm the accuracy or timeliness of your data to ensure that they reflect reality.

 

Employee Training: We continuously train and test our employees and collaborators regarding legislation and best practices in the field of personal data processing.

 

Data Anonymization: Where possible, we try to anonymize/pseudonymize the personal data we process, so that individuals to whom they refer can no longer be identified.

​

However, despite our constant efforts to ensure the security of the data you entrust to us, we may also face less fortunate events and security incidents/breaches. In such cases, we will strictly follow the security incident reporting and notification procedure and take all necessary measures to normalize the situation as soon as possible.

​

Direct Marketing To the extent that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies using the information collected about you. Currently, we send commercial emails (email marketing). You can object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email or by sending a request to wonder@bioscale.studio.

​

​

Rights - Questions, Requests, and Exercising Your Rights

​

 

We do not have an obligation to appoint a Data Protection Officer, so any questions regarding the use of your personal data should be addressed to the contact details mentioned above. For any questions, clarifications, observations, or complaints regarding the processing of your information or if you wish to exercise your legal rights or have privacy concerns, you can contact us at the email address wonder@bioscale.studio.

 

Your rights under the GDPR are as follows:

  • The right to be informed about the processing of your data;

  • The right to access your data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and, if so, access to that data and the information provided by Article 15(1) of the GDPR.

  • The right to rectify inaccurate or incomplete data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay.

  • The right to erasure ("the right to be forgotten"): In situations provided in Article 17 of the GDPR, you have the right to request and obtain the erasure of personal data.

  • The right to restrict processing: In cases provided in Article 18 of the GDPR, you have the right to request and obtain the restriction of processing.

  • The right to data portability: The right to transmit your data to another controller ("the right to data portability").

  • The right to object to data processing: In cases provided in Article 21 of the GDPR, you have the right to object to data processing.

  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

  • The right to seek judicial remedy for the protection of your rights and interests.

​

Please note that the rights listed above are not absolute. There are exceptions, which is why each request received will be analyzed to decide whether it is justified or not. If the request is justified, we will facilitate the exercise of rights, and if the request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and your rights to lodge a complaint with the Supervisory Authority and seek judicial remedy. Additionally, we will attempt to respond to your request within 30 (thirty) days.

 

However, the term may be extended depending on various factors, such as the complexity of the request, the large number of requests received, or the inability to identify you in a timely manner. If, despite our best efforts, we cannot identify you, and you do not provide us with additional information to identify you, we are not obliged to respond to the request.

​

​

Changes/Modifications/Updates to the Privacy Policy

 

We may occasionally update the Privacy Policy and will notify you through the website or by email about the most recent version. All updates and changes to this document are valid immediately upon notification, which we will do by posting on the website and/or emailing. Even if you do not receive a notification, we encourage you to periodically access and read the Privacy Policy to stay informed about the latest versions.

 

Updated Privacy Policy as of September 14, 2023.

bottom of page