Privacy Policy

Who we are

FLYING BITS SRL(“Company”), headquartered at 4 Bozieni Str., Bucharest 061616, Romania, is committed to processing personal data in accordance with all applicable legal regulations governing the protection of persons with regard to the processing of personal data.


This Privacy Policy outlines the reasons and methods by which we process personal data in various situations, and provides you with information about your rights specifically when our Company acts as a personal data Controller.

We may process personal data in relation to:

  • merchants using Shopify and their representatives, customers, and users
  • visitors to Flyng Bits SRL websites and pages or anyone contacting us

By reading this Privacy Policy, you can gain a better understanding of how we collect, use, and share personal data. Please note that if we make any changes to our privacy practices, we may revise this policy accordingly.

General information on processing personal data

Personal data refers to any information that pertains to an identified or identifiable person, also known as a data subject. An identifiable person is someone who can be directly or indirectly identified, typically by using an identifier such as a name, identification number, location data, online identifier, or by one or more factors that relate to their physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data encompasses any operation or set of operations that is carried out on personal data or sets of personal data, either by automated means or not. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

A Controller is a natural or legal person, public authority, agency or another body that, either alone or together with others, determines the purposes and means of the processing of personal data.

A Processor is a natural or legal person, public authority, agency, or another body that processes personal data on behalf of the Controller.

A Recipient is a natural or legal person, public authority, agency or another body, to whom personal data is disclosed, whether or not they are a third party.

The main data/categories of data processed by the Company

The Company processes different types and categories of data, depending on the purposes associated with the processing. These may include:

  • Identity data, which may include your name and surname
  • Contact details, such as your email address, mobile phone number, and instant messaging accounts
  • Data related to your role as a representative of an entity or legal person with whom we have a legal relationship, such as your position, place of work, and signature
  • Data obtained when you access our pages or site, such as online identifiers of the persons accessing our site, or identifiers processed for the purposes mentioned in our Cookies Policy
  • Data obtained when you use our products, services, and/or online platforms, including user/mobile account information, content, and other information you provide. We may also process information about you that is provided by social networking platforms and other engagement channels providers, based on your settings preferences within such engagement channels. This may include your username, hometown, age range, likes, and other data you set in your profile to be public or provided to others by that channel provider.
  • Information from merchants: If you are a merchant, it is important for your customers to understand how you (and how FLYING BITS) collect and process their personal information. Therefore, you agree to post an up-to-date and accurate privacy policy on your storefront that complies with the applicable laws for your business. You also agree to obtain consent from your customers for the use and access of their personal information by FLYING BITS and other third parties.

What information do we collect from merchants and why?

We gather several types of personal data to provide you with our services and to comply with legal requirements. The data we collect includes your name, email address, and phone number.

When you install our app, we collect personal information about your customers, such as their ID, name, email, phone number, shipping and billing address. We only use this information to provide you with our Service, and we never share your customers' information with third parties.

We also collect information from visitors to our website and users who contact us for support. This information includes data about the device and browser you use, your network connection, your IP address, and the cookies installed on your device.

Finally, we use cookies and similar tracking technologies to collect data about how you use our website. Cookies are small amounts of data that include a unique identifier and are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.

We primarily collect your personal data directly from you, especially when you are in a legal relationship with our Company or when you are representing an organization that is in a legal relationship with us.

However, there may be instances where we obtain personal data from other sources, including but not limited to, merchants, suppliers, and partners. We may also collect personal data from publicly available sources, Shopify, and other channels/platforms providers, as per your settings preferences within such channels/platforms.

Types of data processing

Our company engages in various data processing operations, including but not limited to collecting, recording, organizing, storing, adapting, retrieving, consulting, using, disclosing, transmitting, disseminating, combining, restricting, erasing, or destroying personal data, as necessary for the purposes outlined in this Privacy Policy. Please note that this policy only applies to data processing activities conducted by our company and not those carried out on behalf of our clients.

Purposes for which personal data are processed

The Company engages in various data processing operations depending on the purpose for which personal data is collected. This Privacy Policy outlines the different purposes for which we process personal data and the legal basis for processing, retention periods, and other relevant aspects.

We may use personal data for one or more of the purposes described in this Privacy Policy. If we subsequently process personal data for a purpose other than that for which you have already been informed and which is not compatible with the purposes you were initially informed of, we will provide you with information on that additional purpose and any relevant related information.

The following are the main purposes for which we process personal data:

  • Providing products and services related to our main scope of work, specifically vital services
  • Managing relationships with customers, suppliers, and professionals, including correspondence, offers, negotiations, contracts, and account management
  • Improving our services and activities in relation to our customers and partners
  • Fulfilling our contractual obligations and commitments
  • Managing risks related to our activity, including measures to protect personal data, detect, investigate, and resolve security threats
  • Providing information of interest to you via your contact details in accordance with applicable laws
  • Compliance with legal and/or regulatory requirements, such as fiscal or archival obligations
  • Economic-financial-administrative management
  • Exercising or defending our legal rights in court
  • Statistics
  • It is important to note that this Privacy Policy does not cover any data processing carried out by our Company on behalf of our clients.

Legal basis on which data processing is based

The processing of personal data considers both the provisions of relevant normative acts and the applicable legislation in the Company's field of operation.

The processing is deemed lawful based on the following conditions:
1) when necessary to fulfill a contract or to undertake pre-contractual measures at the request of the data subject;
2) when necessary to comply with legal obligations imposed on the Company as the controller;
3) when necessary to pursue legitimate interests of the controller or a third party;
4) when the data subject gives explicit consent for specific purposes, but only when required by law;
5) for managing potential customers, clients, and partners, including risk management;
6) handling complaints and notifications regarding the Company's services;
7) improving products and services; and
8) ascertaining and defending the Company's rights in court.

How long do we keep personal data

We only keep the personal data we process for the duration necessary to achieve the purpose for which it was collected, in accordance with applicable laws and regulations. This includes:

  • During the contract or legal relationship execution for personal data necessary for its conclusion/execution
  • During the legally required period for mandatory accounting records and supporting documents
  • During the management period of the relationship with potential clients/clients/beneficiaries of our services/partners and their representatives, until opt-out for data used in commercial communications is exercised
  • Until consent withdrawal for exclusively consent-based personal data processing
  • For the legally required archiving period or Company policies for archived documents
  • In the absence of specific requirements, our reference period for keeping personal data is at least 3 years after termination of relations/contact
  • Personal data may be retained until the limitation period expires, if the Company has a legitimate interest in doing so for potential litigation.
  • In any case, except as required by applicable laws, we delete personal data upon the data subject's request. Any exceptional situations will be communicated to the data subject in our response to the request to delete the data.

Your rights and how to exercise them

Our company is committed to helping you exercise your rights listed below. You can do so by sending an email to us or submitting a request to our headquarters address. To ensure the protection of your data, we may ask for additional information to verify your identity before processing your request, especially in cases where the request is made electronically.

If you submit an electronic request, we will provide the information in electronic format where possible. We will make every effort to respond promptly to your request, within the time limits set by the applicable legal provisions, usually within 30 days of the request being registered. Please note that in certain cases, we may charge an access fee to cover administrative costs associated with fulfilling the request, as provided by applicable laws.

If our company is unable to fulfill your request, either in whole or in part, due to legal provisions, we will communicate this to you in writing, providing an explanation for the denial.

The right to access your personal data

As a data subject, you have the right to request access to the personal data we process as the controller. You can obtain confirmation from our company whether we process your personal data and if so, the following information:

  • The purposes of the processing;
  • The categories of personal data involved;
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations;
  • Where possible, the expected duration for which your personal data will be stored or, if not possible, the criteria used to determine that duration;
  • The right to request the rectification or erasure of personal data or the restriction of processing, as well as the right to object to processing;
  • The right to lodge a complaint with a supervisory authority;
  • If your personal data is not collected from you, any available information on their source;
  • The existence of automated decision-making, including profiling, and, in such cases, meaningful information about the logic involved, as well as the significance and expected consequences of such processing for you.
  • If you fall under the protection of GDPR and we transfer your personal data to a third country or international organization, you have the right to be informed of the appropriate safeguards in place. To exercise your right to access your personal data, you can send an email or physical request to us. We may require additional information to verify your identity and prevent potential abuse. We will respond to your request as soon as possible, but no later than 30 days after receipt. If we cannot comply with your request in whole or in part, we will inform you of the applicable exceptional situations.

The right to rectification of data

You have the right to obtain from the Company, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes for which the data were processed, you have the right to obtain the completion of personal data that are incomplete, including by providing an additional statement. When possible or necessary we will make corrections (as appropriate) based on updated information and inform you about this if necessary.

The right to delete data

You have the right to obtain from the Company the deletion of personal data concerning you, without undue delay, except for certain cases provided by the law, if one of the following reasons applies:

  • personal data are no longer necessary for the purposes for which they were collected or processed;
  • you withdraw your consent on the basis of which the processing takes place insofar as the processing is based exclusively on the consent and there is no other legal basis for the processing;
  • you object to the processing carried out for the purpose of public interest or for the purpose of the legitimate interests pursued by the Company or a third party and there are no legitimate reasons to prevail over your interests / fundamental rights and freedoms regarding the processing
  • personal data have been processed illegally;
  • personal data must be deleted in order to comply with a legal obligation incumbent on the Company under the law governing it and/or its activity;
  • other situations provided by the applicable legislation insofar as they are applicable

The right to restrict processing

You have the right to request a restriction on the processing of your personal data in the following situations:

  • You believe the data is inaccurate and want to restrict its processing until the Company can verify its accuracy.
  • The processing of your data is unlawful, but you oppose its deletion and instead request that its use be restricted.
  • The Company no longer needs your personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims.
  • You have objected to the processing of your personal data for the Company's legitimate interests or those of a third party. In such cases, you can request a restriction on processing while the Company determines whether its legitimate interests override your rights as the data subject.

The right to data portability

You are entitled to receive a copy of your personal data that you have provided to the Company, in a format that is widely used and structured in a way that can be read automatically, and which can be transferred to another controller without any impediments from the Company, if (i) the processing is based on your consent or a contract with you, and (ii) the processing is carried out by automated means.

If you choose to exercise your right to data portability, the personal data may be transferred directly from the Company to another controller that you have specifically designated, provided that this is technically feasible.

The right to opposition

You are entitled to object to the processing of your personal data when it is done for the legitimate interests of the Company or a third party, including profiling, if it relates to your particular circumstances. This right applies even if the processing is carried out in the public interest. If you exercise this right, the Company will stop processing your personal data unless it can demonstrate legitimate and compelling reasons for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

The right to object to processing for direct marketing purposes

You have the right to object to the processing of your personal data for direct marketing purposes, including profiling, at any time. This applies specifically when the purpose of the processing is direct marketing. Please note that the Company may send you offers, information, and other types of communications based on your participation in an event organized by the Company as a main organizer or partner, or your agreement to receive commercial communications from us.

If you exercise your right to object to the processing of your personal data for direct marketing purposes, your data will no longer be processed for this purpose.

The right to withdraw consent

You can withdraw your consent for the processing of your personal data at any time if the processing is based on your consent. However, please note that the withdrawal of consent will not affect the legality of the processing carried out before the withdrawal. It's important to note that withdrawal of consent only applies if the processing is based on consent and not if it's based on another legal basis.

The right to submit a complaint

To report any concerns regarding the handling of your personal data, you may contact us by sending an email or letter that includes the details of your complaint. We will carefully examine and provide a response within the timeframe prescribed by law. Additionally, you have the right to lodge a complaint with the relevant data protection supervisory authority.

Our contact information for data protection purposes

Email: [email protected]

Address: Bozieni 4, Bucharest 061616, Romania

The Privacy Policy is subject to periodic updates, and it is recommended that you review the current version available on our website before continuing to use our products and/or services.

Date of Last Revision: April 07, 2023