1. Data Controller Identity

The controller of personal data collected through the enlivy.com website and the app.enlivy.com application is:

Enlivy SRL

Registered office: 28 Avram Iancu Street, Dej, Cluj County, Romania

VAT ID: RO44824071  |  Trade Registry: J12/4142/2021

Email: office@enlivy.com

Bank account: RO75RZBR0000060022929164, BIC RZBRROBUXXX – Raiffeisen Bank, Dej branch

2. Personal Data We Collect

2.1. Data collected when creating an account

When registering an account on app.enlivy.com or api.enlivy.com, we collect the following data:

  • First and last name
  • Email address
  • Password (stored in encrypted form)
  • Phone number (optional, for SMS alerts)
  • Country of residence

2.2. Data collected through use of the services

When using Enlivy services (invoice generation, document management, financial and HR management), personal data of third parties (the User’s clients, employees, or partners) may be processed, including:

  • First and last name
  • Full address
  • Email address and phone number
  • Personal identification number (CNP) – only for documents issued to individual clients
  • Bank account number (IBAN)
  • Identification data of the document issuer

The User may also add additional personal data directly to documents, which the Processor cannot anticipate in advance.

2.3. Data collected automatically

When accessing enlivy.com, certain technical data may be collected automatically, such as IP address, browser type, session data, and navigation information, for the purpose of ensuring the correct functioning of the services.

3. Legal Basis for Processing

The processing of personal data is carried out on the following legal bases, in accordance with Regulation (EU) 2016/679 (GDPR):

  • Performance of a contract (Art. 6(1)(b) GDPR) – data necessary for providing the purchased services;
  • Consent of the User (Art. 6(1)(a) GDPR) – for optional communications and SMS alerts;
  • Legal obligation (Art. 6(1)(c) GDPR) – retention of accounting and fiscal documents in accordance with applicable legislation;
  • Legitimate interest of the controller (Art. 6(1)(f) GDPR) – platform security, fraud prevention, and service improvement.

4. Purposes of Processing

Personal data is processed for the following purposes:

  • Creating and managing user accounts;
  • Providing the services purchased through the enlivy.com platform;
  • Generating, managing, and storing financial documents (invoices, receipts, etc.);
  • Sending notifications about services, payments, and contractual changes;
  • Technical support and handling user requests;
  • Compliance with applicable legal obligations;
  • Platform improvement based on anonymized statistical data.

5. Data Retention Period

Personal data is retained for as long as the User benefits from Enlivy’s services. Upon termination of the contract or loss of access to the services, the User has the right to obtain a backup of their data within a maximum of 10 days.

After this period, data may be deleted in accordance with internal procedures, except for data subject to a legal retention obligation (e.g., accounting documents – 5 to 10 years under Romanian fiscal legislation).

6. Recipients of Personal Data

Enlivy SRL does not sell or transfer users’ personal data to third parties for commercial purposes. Data may be disclosed or transferred exclusively in the following situations:

  • Authorized sub-processors (e.g., cloud infrastructure providers, email service providers) – under data processing agreements compliant with GDPR;
  • Public authorities or state institutions – exclusively upon their lawful request;
  • Cybersecurity auditors – in anonymized form or with limited access, within the scope of periodic security audits.

Enlivy SRL reserves the right to engage sub-processors, with the obligation to inform the User in advance and to ensure an adequate level of data protection.

7. Data Security

Enlivy SRL implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction, including:

  • Periodic cybersecurity audits conducted by external experts;
  • Restricted database access (limited to a very small number of authorized employees);
  • Continuous monitoring of data access;
  • Encrypted connections via SSL/HTTPS protocol;
  • Encrypted (hashed) password storage;
  • Regular data backups.

However, no data transmission over the internet can be guaranteed to be 100% secure. Users understand and accept the inherent risks of transmitting information online.

8. Rights of Data Subjects

Under the GDPR, individuals whose data is processed have the following rights:

  • Right of access – to obtain confirmation that data is being processed and to receive a copy of it;
  • Right to rectification – to request correction of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”) – to request deletion of data, under the conditions provided by law;
  • Right to restriction of processing – to request limitation of processing in certain situations;
  • Right to data portability – to receive data in a structured, commonly used format;
  • Right to object – to object to the processing of data in certain circumstances;
  • Right not to be subject to automated individual decision-making.

To exercise any of these rights, please contact us at: office@enlivy.com. We will respond to requests within a maximum of 30 calendar days.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro.

9. Use of Cookies

The enlivy.com website and the app.enlivy.com application may use cookies and similar technologies to ensure the correct functioning of the platform, user authentication, and anonymous traffic analysis. Users can manage cookie preferences through their browser settings.

10. International Data Transfers

Personal data is generally stored on servers located within the European Economic Area (EEA). In the event that transfers to third countries are made, Enlivy SRL ensures they are carried out with adequate safeguards as required by GDPR (e.g., standard contractual clauses).

11. Changes to This Privacy Policy

Enlivy SRL reserves the right to update this policy periodically, in line with legislative or operational changes. Users will be notified by email of any significant changes, with a minimum notice period of 30 days. The updated version will be published on enlivy.com/privacy-policy and will enter into force on the communicated date.

12. Contact

For any questions or requests related to the processing of personal data, please contact us:

  • Email: office@enlivy.com
  • Postal address: 28 Avram Iancu Street, Dej, Cluj County, Romania
  • Website: enlivy.com