Politica de Confidentialitate

Operator de date

XVEND TECHNOLOGY SRL

CUI

50205185

Reg. Comertului

J2024004214238

Sediu social

[ADRESA SEDIU SOCIAL]

Email DPO

office@xvend.eu

Cuprins

Cine suntem
Date colectate
Scopurile prelucrarii
Temeiul legal
Cui transferam date
Perioada de pastrare
Drepturile tale
Securitatea datelor
Cookies
Reclamatii
Contact

1. Cine suntem

XVEND TECHNOLOGY SRL ("XVend", "noi") este operatorul de date cu caracter personal pentru informatiile prelucrate prin serviciile sale: site-ul www.xvend.eu, platforma operator si modulele XVend instalate pe automate.

Respectam in totalitate Regulamentul (UE) 2016/679 (GDPR), Legea 190/2018 si toate normele aplicabile in Romania pentru protectia datelor cu caracter personal.

2. Date colectate

2.1 Pentru utilizatorii finali (cei care platesc cu QR)

Cand efectuezi o plata prin XVend, colectam:

Date tranzactie: suma platita, data si ora, automatul (ID), produsul achizitionat, status plata.
Token plata: primim un token criptat de la Apple Pay/Google Pay — NU primim nici nu stocam datele cardului tau.
Date tehnice: tip dispozitiv, browser, adresa IP (anonimizata partial), pentru analiza si securitate.

Important: Pentru plati standard nu colectam nume, email, telefon sau alte date personale identificabile.

2.2 Pentru utilizatorii cu cont (Cashless, Loyalty, etc.)

Daca te logezi cu Google sau Apple ID pentru a beneficia de functionalitati premium, colectam suplimentar:

Identificator: ID-ul Google sau Apple (un cod unic), email asociat contului.
Nume afisaj: daca alegi sa-l partajezi (optional).
Istoric tranzactii personalizat: pentru programe Loyalty, Cashless corporate, etc.

2.3 Pentru operatori (clienti business)

Pentru clientii care folosesc platforma XVend, colectam:

Date contractuale: denumire firma, CUI, sediu social, IBAN, persoana de contact.
Date contact: nume, email, telefon ale persoanelor autorizate.
Date utilizare platforma: log-in-uri, actiuni efectuate, configurari.

2.4 Pentru vizitatorii site-ului

Date formular contact: nume, email, companie, telefon, mesajul tau (numai daca alegi sa completezi formularul).
Date analytics anonime: pagini vizitate, durata vizita, sursa traficului.
Cookies: conform Politicii de Cookies.

3. Scopurile prelucrarii

Prelucram datele tale pentru:

Procesarea platii si livrarea serviciului catre tine si operator;
Raportare fiscala conform legislatiei romane (factura, ANAF, etc.);
Suport tehnic in caz de probleme cu plata;
Imbunatatirea serviciilor noastre (analitica anonimizata);
Detectarea fraudelor si protectia impotriva utilizarii abuzive;
Comunicari de marketing — doar daca ti-ai dat consimtamantul explicit.

4. Temeiul legal

Prelucrarea datelor se bazeaza pe:

Executarea contractului (Art. 6(1)(b) GDPR) — pentru tranzactii si serviciile catre operatori;
Obligatie legala (Art. 6(1)(c) GDPR) — pentru raportare fiscala si pastrare evidente;
Interes legitim (Art. 6(1)(f) GDPR) — pentru securitate, prevenirea fraudei, imbunatatirea serviciilor;
Consimtamant (Art. 6(1)(a) GDPR) — pentru marketing si cookie-uri non-esentiale.

5. Cui transferam date

Datele tale pot fi transferate catre:

Acquireri bancari licentiati — pentru procesarea platilor (token-ul si date tranzactie);
Apple si Google — pentru autentificare si plata (conform politicilor lor);
Furnizori de infrastructura cloud — pentru gazduire date (ex: AWS, Google Cloud — toti certificati GDPR);
Autoritati publice — la cerere expresa si justificata legal (ANAF, organe de urmarire penala, etc.);
Operatorii (clientii nostri business) — primesc date tranzactii pentru automatele lor.

Nu vindem datele tale catre nimeni, niciodata.

6. Perioada de pastrare

Date tranzactie: 10 ani (obligatie fiscala conform legislatiei romane);
Date cont utilizator: pe perioada existentei contului + 2 ani dupa stergere;
Date contractuale operatori: 10 ani de la incetarea contractului;
Date formular contact: 12 luni de la primirea solicitarii;
Date marketing: pana la retragerea consimtamantului.

7. Drepturile tale

Conform GDPR, ai urmatoarele drepturi:

Dreptul de acces

Sa stii ce date prelucram despre tine si sa primesti o copie.

Dreptul la rectificare

Sa corectezi datele inexacte sau incomplete.

Dreptul la stergere

Sa ceri stergerea datelor (in conditiile permise de lege).

Dreptul la restrictionare

Sa limitezi prelucrarea in anumite situatii.

Dreptul la portabilitate

Sa primesti datele intr-un format structurat si sa le transferi.

Dreptul la opozitie

Sa te opui prelucrarii pentru marketing direct sau pe baza interesului legitim.

Pentru exercitarea acestor drepturi, ne poti scrie oricand la office@xvend.eu. Raspundem in maxim 30 de zile.

8. Securitatea datelor

Aplicam masuri tehnice si organizatorice adecvate pentru protectia datelor:

criptare end-to-end pentru toate platile;
tokenizare pentru datele cardului (nu le stocam niciodata);
conformitate PCI DSS si PSD2;
acces restrictionat la date doar pentru personalul autorizat;
monitorizare continua pentru detectarea breselor.

In caz de bresa de securitate care afecteaza datele tale, te vom notifica in maxim 72 de ore.

9. Cookies

Folosim cookie-uri pentru functionarea site-ului si analitica. Detalii complete in Politica de Cookies.

10. Reclamatii

Daca consideri ca prelucrarea datelor tale incalca drepturile tale, poti depune o plangere la:

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
Adresa: B-dul G-ral. Gheorghe Magheru 28-30, sector 1, Bucuresti, cod postal 010336
Email: anspdcp@dataprotection.ro
Web: www.dataprotection.ro

Ne incurajam sa ne contactezi pe noi mai intai — vom face tot posibilul sa rezolvam orice problema rapid.

11. Contact

Pentru orice intrebare legata de prelucrarea datelor tale:

XVEND TECHNOLOGY SRL
Email: office@xvend.eu
Telefon: +40 735 510 407
Adresa: [ADRESA SEDIU SOCIAL]

1. Who we are

XVEND TECHNOLOGY SRL ("XVend", "we") is the personal data controller for information processed through its services: www.xvend.eu, the operator platform, and the XVend modules installed on machines.

We fully comply with Regulation (EU) 2016/679 (GDPR), Romanian Law 190/2018, and all applicable rules for personal data protection.

2. Data collected

2.1 For end users (those who pay via QR)

When you make a payment through XVend, we collect:

Transaction data: amount paid, date and time, machine (ID), product purchased, payment status.
Payment token: we receive an encrypted token from Apple Pay/Google Pay — we do NOT receive or store your card details.
Technical data: device type, browser, IP address (partially anonymized), for analytics and security.

Important: For standard payments, we do not collect your name, email, phone or other identifiable personal data.

2.2 For users with accounts (Cashless, Loyalty, etc.)

If you log in with Google or Apple ID to access premium features, we additionally collect:

Identifier: Google or Apple ID (a unique code), email associated with the account.
Display name: if you choose to share it (optional).
Personalized transaction history: for Loyalty programs, corporate Cashless, etc.

2.3 For operators (business clients)

For clients using the XVend platform, we collect:

Contractual data: company name, tax ID, registered office, IBAN, contact person.
Contact data: name, email, phone of authorized persons.
Platform usage data: logins, actions performed, configurations.

2.4 For website visitors

Contact form data: name, email, company, phone, your message (only if you choose to submit the form).
Anonymous analytics: pages visited, visit duration, traffic source.
Cookies: per Cookies Policy.

3. Purposes of processing

We process your data for:

Payment processing and service delivery to you and the operator;
Tax reporting in compliance with Romanian legislation (invoicing, ANAF, etc.);
Technical support in case of payment issues;
Service improvement (anonymized analytics);
Fraud detection and protection against abuse;
Marketing communications — only if you have given explicit consent.

4. Legal basis

Data processing is based on:

Contract performance (Art. 6(1)(b) GDPR) — for transactions and operator services;
Legal obligation (Art. 6(1)(c) GDPR) — for tax reporting and record keeping;
Legitimate interest (Art. 6(1)(f) GDPR) — for security, fraud prevention, service improvement;
Consent (Art. 6(1)(a) GDPR) — for marketing and non-essential cookies.

5. Data recipients

Your data may be transferred to:

Licensed banking acquirers — for payment processing (token and transaction data);
Apple and Google — for authentication and payment (per their policies);
Cloud infrastructure providers — for data hosting (e.g., AWS, Google Cloud — all GDPR certified);
Public authorities — upon express and legally justified request (ANAF, criminal investigation bodies, etc.);
Operators (our business clients) — receive transaction data for their machines.

We never sell your data to anyone, ever.

6. Retention period

Transaction data: 10 years (tax obligation per Romanian legislation);
User account data: while account exists + 2 years after deletion;
Operator contractual data: 10 years from contract termination;
Contact form data: 12 months from request receipt;
Marketing data: until consent withdrawal.

7. Your rights

Under GDPR, you have the following rights:

Right of access

To know what data we process about you and receive a copy.

Right to rectification

To correct inaccurate or incomplete data.

Right to erasure

To request deletion (under legally permitted conditions).

Right to restriction

To limit processing in certain situations.

Right to portability

To receive data in a structured format and transfer it.

Right to object

To object to processing for direct marketing or based on legitimate interest.

To exercise these rights, you can write to us anytime at office@xvend.eu. We respond within a maximum of 30 days.

8. Data security

We apply appropriate technical and organizational measures to protect data:

end-to-end encryption for all payments;
tokenization for card data (never stored);
PCI DSS and PSD2 compliance;
restricted access to data only for authorized personnel;
continuous monitoring for breach detection.

In case of a security breach affecting your data, we will notify you within 72 hours.

9. Cookies

We use cookies for site operation and analytics. Full details in Cookies Policy.

10. Complaints

If you believe the processing of your data violates your rights, you can file a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP) — Romania
Address: B-dul G-ral. Gheorghe Magheru 28-30, sector 1, Bucharest, postal code 010336
Email: anspdcp@dataprotection.ro
Web: www.dataprotection.ro

We encourage you to contact us first — we will do everything possible to resolve any issue quickly.

11. Contact

For any question regarding the processing of your data:

XVEND TECHNOLOGY SRL
Email: office@xvend.eu
Phone: +40 735 510 407
Address: [REGISTERED OFFICE ADDRESS]

Politica de Confidentialitate

1. Cine suntem

2. Date colectate

2.1 Pentru utilizatorii finali (cei care platesc cu QR)

2.2 Pentru utilizatorii cu cont (Cashless, Loyalty, etc.)

2.3 Pentru operatori (clienti business)

2.4 Pentru vizitatorii site-ului

3. Scopurile prelucrarii

4. Temeiul legal

5. Cui transferam date

6. Perioada de pastrare

7. Drepturile tale

Dreptul de acces

Dreptul la rectificare

Dreptul la stergere

Dreptul la restrictionare

Dreptul la portabilitate

Dreptul la opozitie

8. Securitatea datelor

9. Cookies

10. Reclamatii

11. Contact

1. Who we are

2. Data collected

2.1 For end users (those who pay via QR)

2.2 For users with accounts (Cashless, Loyalty, etc.)

2.3 For operators (business clients)

2.4 For website visitors

3. Purposes of processing

4. Legal basis

5. Data recipients

6. Retention period

7. Your rights

Right of access

Right to rectification

Right to erasure

Right to restriction

Right to portability

Right to object

8. Data security

9. Cookies

10. Complaints

11. Contact

Cookie-uri pe XVend