PRIVACY AND DATA PROCESSING POLICY (GDPR)
Version 2.0 | Last updated: June 14, 2026
This policy describes how SERVSOFT MAG WEB S.R.L. processes personal data of SignalRadar Platform users.
DATA CONTROLLER:
SERVSOFT MAG WEB S.R.L.
Tax ID: 49728164
Address: Floresti, Cluj county, Romania
Email: hello@signalradar.eu
DATA WE COLLECT:
- Identification: email, encrypted password
- Profile: company/personal name, Tax ID, EU VAT ID
- Contact: billing address (company, city, country, postal code)
- Payment: Stripe customer ID, Stripe subscription ID (we do NOT store card data)
- Technical: IP, approximate geolocation, browser user-agent, login timestamps
- Usage: tracked tickers, alerts, language preferences, subscription plan
PURPOSE OF PROCESSING:
A. Service provision (contract execution - art. 6.1.b GDPR)
B. Payment processing via Stripe (contract execution)
C. Invoice issuance (legal obligation - art. 6.1.c GDPR)
D. Technical assistance and customer support
E. Fraud detection and system security (legitimate interest - art. 6.1.f GDPR)
F. Service communications (invoice, cancellation, terms changes)
G. Internal marketing - ONLY with explicit consent (art. 6.1.a GDPR)
STORAGE PERIODS:
- Active account: for duration of account
- Invoices: 10 years (Romanian tax obligation)
- Login audit: 90 days
- Stripe data: account duration + 7 years archival
RECIPIENTS:
- Stripe Payments Europe Ltd. (Ireland, under DPA)
- Resend Inc. (USA, under Standard Contractual Clauses)
- Romanian tax authorities (ANAF) - legal obligation for invoices
- Hetzner Online GmbH (Germany, under GDPR-compliant DPA)
USER RIGHTS (Art. 15-22 GDPR):
- Access to your data (Art. 15)
- Rectification (Art. 16)
- Erasure - "right to be forgotten" (Art. 17)
- Restriction of processing (Art. 18)
- Portability (Art. 20)
- Object (Art. 21)
- Not subject to automated decision-making (Art. 22)
- Withdraw consent (anytime, no penalty)
- File complaint with Romanian Data Protection Authority (www.dataprotection.ro)
HOW TO EXERCISE RIGHTS:
- "Delete account" button in /setari (for direct deletion)
- Email to hello@signalradar.eu with subject "GDPR Request - [type]"
- Response within max 30 days (Art. 12 GDPR)
SECURITY MEASURES:
- HTTPS/TLS encryption in transit
- Passwords hashed with PBKDF2/scrypt
- Daily encrypted backups
- Role-based access control (RBAC)
- Audit logs for administrative access
- 24/7 monitoring for security incidents
In case of security incident, affected Users will be notified within max 72 hours (Art. 33-34 GDPR).
MINORS:
SignalRadar is NOT intended for individuals under 18. If we learn an account belongs to a minor, it will be deleted immediately.
COMPLAINTS:
You may file a complaint with:
Romanian Data Protection Authority (ANSPDCP)
Boulevard Gheorghe Magheru 28-30, Sector 1, Bucharest
Email: anspdcp@dataprotection.ro
Tel: +40 318 059 211
Web: www.dataprotection.ro
CONTACT:
Email: hello@signalradar.eu
Address: SERVSOFT MAG WEB S.R.L., Str. Stejarului Nr. 13, Floresti, Cluj county, Romania