Escogram
    Escogram Logo

    Privacy Policy

    Last Updated

    Bosa Group S.R.L., a Romanian legal entity, registered at the Trade Register Office attached to the Bucharest Tribunal under no. J2024012889404, having a unique registration code 50305303, headquartered in Bucharest, 3rd District, Sector 3, 317. Calea Călărași street, 1st floor, ap. 2, room nr. 8, e-mail: info@bosagroups.com, sole licensee of the website owner of the website www.escogram.com , informs that the personal data relating to navigation within EscoGram, with direct access from the homepage or through sub-pages, as well as related to the services offered, will be processed with utmost care and with appropriate means to guarantee security.

    1.DATA CONTROLLER

    1.1 The data controller BOSA GROUP S.R.L., a Romanian legal entity, registered at the Trade Register Office attached to the Bucharest Tribunal under no. J2024012889404, having a unique registration code 50305303, headquartered in Bucharest, 3rd District, Sector 3, 317. Calea Călărași street, 1st floor, ap. 2, room nr. 8, e-mail: info@bosagroups.com.

    1.2 The data controller has appointed a personal data protection officer. The person responsible for the protection of personal data can be contacted at the following email address: info@escogram.com.

    2.DEFINITIONS

    2.1 ANSPDCP represents the National Supervisory Authority for Personal Data Processing;

    2.2 User represents that person who accesses EscoGram and who is interested in the services provided by Bosa Group S.R.L. and/or who registers in order to use the services provided by Bosa Group S.R.L, has read and accepts the provisions of this policy;

    2.3 Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

    2.4 Processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

    2.5 Restriction of processing means the marking of stored personal data for the purpose of limiting their future processing;

    2.6 Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;

    2.7 Processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

    2.8 Recipient means the natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities to whom personal data may be disclosed in the context of a particular investigation in accordance with European Union or national law are not considered recipients; the processing of such data by the respective public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;

    2.9 Consent of the data subject means any free, specific, informed and unambiguous expression of the data subject's will by which he/she agrees, by an unequivocal statement or action, to the processing of personal data concerning him / her.

    3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING AND DATA RETENTION

    3.1 It is necessary for the data controller to collect the User's personal data in order to comply with legal provisions. According to Regulation 679/2016 on data protection, the data controller has identified the legal bases on the basis of which the User's personal information is being processed.

    PurposeLegal basisData retention
    Allowing correct navigation on EscoGramPerformance of a contractDuration of each technical cookie (see the table below)
    Providing services on EscoGramPerformance of a contractUntil the end of the use of the service
    Allowing registration of a user account on EscoGram and the use of related servicesPerformance of a contract and explicit consent for special categories of personal dataUntil the account is deleted
    Performing anonymous statistical analysis of navigation and users through Google Analytics 4ConsentDuration of each analytical cookie (see the table below)
    Managing requests made via e-mail or live chat provided by tawk.toPerformance of a contractUntil the communication is concluded
    Allowing newsletter subscription for promotional information about EscoGram and its features and servicesConsentUp to two years, unless renewal or opposition to subscription is made
    Complying with all the legal obligationsCompliance with a legal obligationDuration deriving from each relevant legal obligation
    Exercising or defending legal claimsLegitimate interestLegal limitation period for each case or, if the judicial (or arbitration, or other jurisdictional) action has been undertaken, until the end of the procedure

    3.2 The provision of personal data by the User, although not a legal obligation, constitutes a necessary requirement for the pursuit of the aforementioned purposes. Failure to provide data, therefore, may prevent the achievement of these purposes. By providing personal data for any of the purposes listed above, Bosa Group S.R.L. may process such data to fulfil legal obligations and pursue its legitimate interest in exercising or defending legal claims.

    3.3 In certain situations, Bosa Group S.R.L. may base its marketing activities on the legitimate interest in developing the business. The User can ask Bosa Group S.R.L. at any time to stop processing his/her personal data for marketing purposes, and Bosa Group S.R.L. will comply with his/her request.

    4. CATEGORIES AND SOURCES OF DATA CONCERNED.

    In general, Bosa Group S.R.L. collects personal data directly from the User, so the User is in control of the type of information provided. EscoGram does not process personal data relating to persons under the age of 18.

    4.1  Data deriving from User's navigation.
    4.1.1 These data, through the normal functioning of EscoGram, are acquired and transmitted implicitly in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but, by its very nature, through processing with data held by third parties, could allow Users to be identified.
    4.1.2 This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time and geographical location of the request, the method used to submit the request to the server, operating system, internet service provider, web browser used, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and to the User's IT environment.
    4.1.3 These data are used for the sole purpose of obtaining anonymous and aggregate statistical information on the use of EscoGram and to check its correct functioning, and permanently reside on third party servers (or hosting providers). The data could also be used to ascertain responsibility in the event of any illicit or harmful actions committed on or through EscoGram.
    4.1.4 In any case, these data processing and association activities are not carried out by Bosa Group S.R.L., and are only used to check the correct functioning, to be then automatically deleted after processing.
    4.2  Cookies
    4.2.1 We may also collect and further process certain information about the User's behaviour. During the User's visit on EscoGram, to personalize the online experience and provide the User with suggestions tailored to its profile. On EscoGram, we may store and collect information in cookies, according to the Cookie Policy.
    4.3  Data voluntarily provided by the User.
    4.3.1 The personal data we collect from the User voluntarily includes:
    a. Contact information: full name, alias (if applicable), email address, phone number, age, gender, nationality, city/country of birth, country of residence;
    b. Account data for the models: profile name, avatars, pictures, videos, earnings, pay-out requests;
    c. Authentication data: username, password;
    d. Service usage information: search history, preferences, feedback, payments made
    e. Payment data: billing information, bank details (if applicable).
    4.3.2 These data are provided by the User, during the voluntary interaction with EscoGram, in order to create an account, use the services offered, request information, receive assistance or for any personal purpose.
    4.3.3 The services provided by EscoGram are strictly intended for individuals 18 years of age or older. Anyone under 18 years of age is not permitted to use EscoGram. By using EscoGram, the User states that he/she is 18 years of age or older.
    4.3.4 Bosa Group S.R.L. collects this data to provide the User with the services rendered, answer the User's questions, improve the User experience, and personalize the User's interaction with EscoGram.

    5. DATA PROCESSING MODE

    5.1 The processing will take place using manual, IT and telematic tools with logic strictly related to the purposes for which they were collected, in compliance with the principle of purpose limitation as well as all the other principles present in Article 5 of the EU Regulation 2016/679 (GDPR). In particular, in compliance with the principles of integrity and confidentiality, pursuant to which specific security measures are adopted to prevent data loss, illicit or incorrect use and unauthorized access. Personal data are not subject to automated decision-making, nor transferred outside the European Economic Area.

    6. DATA COMMUNICATION

    6.1 Categories of persons involved in the organisation, management and maintenance of the site (administrative staff, system administrators), as well as third parties, external service providers acting on behalf of EscoGram, duly appointed as data processors and who will process the data in accordance with the purpose for which the data was originally collected.

    6.2 Furthermore, the data may be communicated to all subjects to whom communication is due as per legal obligations.

    6.3 The list of subjects who process personal data is available by making a specific request via e-mail to info@escogram.com

    7. DISCLOSURE OF USER'S PERSONAL DATA

    7.1 As the case may be, Bosa Group S.R.L. may transmit or provide access to certain personal data of the User, to the following categories of recipients:
    a. courier service providers;
    b. payment/banking service providers;
    c. IT service providers;
    d. marketing service providers.
    7.2 EscoGram may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about the User. Bosa Group S.R.L. is not responsible for, and this Policy does not apply to, the content, security or privacy practices of those other websites, plug-ins or applications. Bosa Group S.R.L. encourages the User to view the privacy and cookie policies / notices of those third parties to find out how your personal data may be used.
    7.3 Bosa Group S.R.L ensures that access to the User's data by third parties legal entities of private law is carried out in accordance with the legal provisions on data protection and confidentiality of information, between Bosa Group S.R.L. and the aforementioned recipients there are contractual and/or confidentiality obligations.
    7.4 Bosa Group S.R.L. will not disclose, share the User's personal data without obtaining the User's consent and permission.
    7.5 Under no circumstances will Bosa Group S.R.L. sell User's personal data.

    8. TRANSFER OF PERSONAL DATA

    Personal data could be shared outside the European Economic Area, basing on:

    8.1 An adequacy decision of the European Commission pursuant to Art. 45 of GDPR;
    8.2 One of the safeguards indicated in Art. 46 of GDPR, such as the standard contractual clauses adopted by the European Commission on the type of data protection
    8.3 in the absence of the above, the conditions referred to in art. 49 of Regulation (EU) 2016/679:
    8.3.1 if the data subject has given unambiguous consent for the transfer;
    8.3.2 the transfer is necessary in order to execute a contract between the data subject and the data controller, or to carry out pre-contractual measures requested by the data subject;
    8.3.3 the transfer is necessary in order to complete or execute an agreement, concluded or to be concluded in the interests of the data subject, between the data controller and a third party;
    8.3.4 the transfer is necessary or required by law in order to safeguard a significant public interest, or to establish, exercise or defend a right in court;
    8.3.5 the transfer is necessary in order to safeguard the vital interests of the data subject;
    8.3.6 the transfer is activated from a public register (subject to the access conditions applicable to the registers in general).

    9. RIGHTS OF THE DATA SUBJECT

    Pursuant to articles 7, 15-21 of the GDPR, the User has the following rights:

    9.1 The right of access means the right of the data subject to obtain confirmation from the controller as to whether or not he or she is processing personal data concerning him or her and, if so, access to that data and to information on how the data is processed.
    9.2 The right to data portability refers to the right to receive personal data in a structured, commonly used and machine-readable format and the right to have this data transmitted directly to another controller, if this is technically feasible.
    9.3 The right to object refers to the right of the data subject to object to the processing of personal data when the processing is necessary for the performance of a task that serves a public interest or when it concerns a legitimate interest of the controller. When the processing of personal data is for the purpose of direct marketing, the data subject has in particular the right to object to the processing at any time.
    9.4 The right to rectification refers to the correction, without undue delay, of the inaccurate personal data stored. The rectification must be communicated to each recipient to whom the data have been transmitted, unless this proves impossible or involves disproportionate (demonstrable) efforts.
    9.5 The right to erasure of data (right to be forgotten) means the right of the data subject to request the erasure of his or her personal data, without undue delay, if one of the following reasons applies: it is no longer necessary for the fulfilment of the purposes for which it was collected or processed; withdraws their consent and there is no other legal basis for the processing; opposes the processing and there are no overriding legitimate grounds; personal data have been unlawfully processed; personal data must be deleted in order to comply with a legal obligation; personal data have been collected in connection with the provision of services of the information company.
    9.6 The right to restriction of processing can be exercised if the person contests the accuracy of the data, for a period that allows the verification of the correctness of the data; the processing is unlawful and the individual opposes the erasure of the personal data, requesting the restriction instead; if the controller no longer needs the personal data for the purpose of processing, but the person requests them for the establishment, exercise or defence of a right in court; if the person has objected to the processing for the period of time in which it is verified whether the legitimate rights of the controller prevail over those of that person.

    10. SECURING PERSONAL DATA

    10.1 Bosa Group S.R.L. is committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
    10.2 Bosa Group S.R.L. undertakes the responsibility of implementing appropriate technical and organizational measures regarding the protection of the confidentiality and security of personal data, respectively for the protection against unauthorized access, use, alteration or destruction of personal data according to the provisions of the GDPR, as follows:
    10.2.1 The data controller's employees, collaborators and service providers that come into contact with personal data, must act in accordance with the principles of privacy and personal data security policies and procedures, signing confidentiality agreements with respect to such data.
    10.2.2 The computers from which the database of personal information is accessed are password-based, have implemented anti-virus, anti-spam and firewall protection solutions, updated.
    10.2.3 All employees, collaborators and service providers who come into contact with personal data must act in accordance with the principles of privacy and personal data security policies and procedures by signing confidentiality statements and/or agreements regarding such data. At the same time, Bosa Group S.R.L. undertakes the responsibility of implementing appropriate technical and organizational measures regarding the protection of the confidentiality and security of personal data.

    11. CONTACT DETAILS IN THE FIELD OF PERSONAL DATA PROTECTION

    11.1 The contact details that the User can use to send any requests, notifications or notifications regarding the Privacy Policy and the Cookie Policy as well as any other information published on the website, policies or operations carried out by Bosa Group S.R.L., are indicated in article 1 of this Privacy Policy.
    11.2 The deadline in which the company will send a response is no more than 30 days from the receipt of the request.

    12. CONTACT DETAILS FOR THE NATIONAL SUPERVISORY AUTHORITY FOR PERSONAL DATA PROCESSING (A.N.S.P.D.C.P.)

    12.1 The User has also the right to lodge a complaint before a Supervisory Authority, in particular in the Member State in which the User habitually resides, works or in the place where the alleged violation occurred. In Romania, the supervisory authority is the National Supervisory Authority For Personal Data Processing, headquartered in 28-30 G-ral. Gheorghe Magheru Boulevard, 1st District, Bucharest, e-mail: anspdcp@dataprotection.ro, telephone numbers: +0318.059.211; + 0318.059.212.

    13. CHANGES TO THE PRIVACY POLICY

    13.1 EscoGram reserves the right to modify, update, add or remove parts of this Privacy Policy at its discretion, at any time and for any reason (including but not limited to the occurrence of legislative changes that may affect the consequences of those published on the website).
    13.2 The revision will be signalled by changing the Last Updated date. After the date on which the updated policy is published, accessing EscoGram will represent the User's acceptance of the respective updated conditions.
    13.3 The User (data subject) must periodically check any changes published on the website.