Introduction
At CertiPass.app, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our certificate management platform.
Please read this policy carefully. By using CertiPass.app, you agree to the collection and use of information in accordance with this policy.
Data Controller
Social IT srl
București, Sectorul 4, Splaiul Unirii, nr. 160
Tax ID (CUI): RO45300881
Email: contact@socialit.ro
Data We Collect
We collect different types of information to provide and improve our services:
Account Information
- Full name
- Email address
- Organization name (optional)
- Password (encrypted)
Event Data
- Event names and descriptions
- Certificate templates and designs
- Event dates and settings
Participant Data
- Participant names (as they appear on certificates)
- Email addresses (for certificate delivery)
- Custom fields defined by event organizers
Verification Logs
- IP address of verification requests
- Timestamp of verification attempts
- Verification method used (QR code or manual code)
Technical Data
- Browser type and version
- Operating system
- Pages visited and interaction patterns
How We Use Your Data
We use the collected data for the following purposes:
- To create and manage your account
- To generate and deliver certificates
- To provide certificate verification services
- To process payments and credit transactions
- To send important service notifications
- To improve our platform and user experience
- To prevent fraud and ensure security
Legal Basis for Processing
Under GDPR Article 6, we process your data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
Data Sharing
We do not sell your personal data. We may share your information with:
Stripe (Payment Processing)
We use Stripe to process payments. When you make a purchase, your payment information is sent directly to Stripe and is subject to their privacy policy.
Google Analytics
We use Google Analytics to understand how visitors use our platform. This data is anonymized and helps us improve our services.
Email Service Provider
We use email services to deliver certificates and notifications. Only necessary information is shared for delivery purposes.
We may disclose your information if required by law or to protect our rights, safety, or the rights of others.
International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Our service providers (Stripe, Google) maintain their own GDPR compliance measures and data protection agreements.
Data Retention
We retain your data only for as long as necessary:
| Data Type | Retention Period |
|---|---|
| User accounts | 3 years after last activity |
| Verification logs | 2 years |
| Certificates | Indefinitely (contain only names) |
| Payment records | 7 years (legal requirement) |
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data we hold.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data.
- Right to Restriction: Request limitation of data processing.
- Right to Data Portability: Request your data in a portable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.
To exercise any of these rights, please contact us at contact@socialit.ro. We will respond within 30 days.
You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.
Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data transmission
- Encrypted password storage using industry standards
- Regular security audits and updates
- Access controls and authentication measures
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
We aim to respond to all requests within 30 days.