Privacy Policy


This Privacy Policy describes the privacy practices of the smartPG  website.

If the information or content you provide on the smartPG website contains personal information of others, you must have legal permission to share that personal information.

IT Smart Systems processes personal data and ensures its protection, in accordance with the applicable legislation, including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).


Terms within the meaning of General Regulation (EU) 2016/679:

"GDPR" means Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity;

”Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Restriction of processing" means the marking of stored personal data in order to limit their further processing;

”Controller” means the natural or legal person, public authority, agency or other body which, alone or in association with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;

”Data controller” means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, the controller, the controller and the persons who, under the direct authority of the controller or controller, are authorized to process data with personal character;

"Consent" of the data subject means any manifestation of the free, specific, informed and unambiguous will of the data subject by which he or she consents, by an unequivocal statement or action, that personal data concerning processed;


Categories, Purpose and Basis of Processing

As a principle, we do not collect any special categories of personal information about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric information).


The information you provide to us through the smartPG website:

- First name

- Last name

- Developer Organisation

- e-mail address

In addition, IT Smart Systems also collects the following information:

- By accessing the website that automatically stores certain information: IP address, general location from where the website is accessed, history of accessed pages. This information is stored and collected by cookies and similar technologies. More details are presented in the Cookies policy section. 

We process the data obtained on the basis of the following legal grounds:

  • the execution of contractual obligations towards our partner customers who integrate our services
  • the execution of our service contract (as a result of your acceptance of the Terms and Conditions);
  • compliance with our legal obligations;
  • our legitimate interest in ensuring the security of our website, in preventing fraud and any incidents, in resolving any disputes, in monitoring the quality of services and the technical capacity of our services.


General purpose of processing

We will use your data to be able to create an account, to respond to your requests and to be able to provide services through the smartPG hub. Refusal to provide the personal data requested from you may make it impossible to provide the above.

We may also collect, use and/or share non-personal information or anonymized data such as statistical or demographic data.

To the extent our Websites or Apps include links to third-party websites, plug-ins and applications (including cookies, tracking technologies and widgets by third party advertisers), it is important that you understand that by clicking on those links or enabling those connections, you may allow third parties to collect or share data about you. IT Smart Systems does not have oversight of these third-party websites and we are not responsible for their processing of personal information.


Other purposes of data processing are:


  • For the purpose of informing about the availability of our services or other elements regarding the use of the service (security notifications, various legal information, etc.)
  • In order to provide assistance, we use the data we have available to investigate, resolve and respond to complaints or complaints about the use of the service;
  • In order to prevent fraud and security of payments when we invoice the services provided to our partner clients, we must maintain accounting records regarding the processed transactions, based on the fulfillment of the legal obligations from the financial-accounting and fiscal legislation;
  • For the purpose of our own accounting records when we invoice the services provided to our partner clients, we must maintain accounting records regarding the processed transactions, based on the fulfillment of the legal obligations from the financial-accounting and fiscal legislation;
  • In order to develop the services we use data, including feedback received through various channels, to carry out research and development activities in order to improve our services and to reduce the risk of fraud;
  • In order to defend our legitimate interests.


There may be situations in which we use or transmit information to protect our rights and business. These may include:

  • Measures to protect the website, smartPG hub and users against cyber attacks;
  • Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;
  • Measures to manage various other risks.


The general basis of these types of processing is our legitimate interest in defending our commercial activity, it’s being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.


Data storing

As a general rule, we will store your personal data for as long as necessary to provide the services used, as well as subsequently, in order to comply with applicable legal obligations, including, but not limited to, the provisions regarding archiving obligations.

The data related to cookies and similar technologies are kept according to the specific terms set for those technologies, the storage period can vary, please visit the Cookies policy for more details.

You may request the deletion of certain information or any request regarding your right at any time, and we will comply with such requests, subject to the retention of certain information in cases where applicable law or our legitimate interests so require. The request can be made with a written request, dated and signed at the email address:


Data transfer

We limit access to data to third parties, but in some cases we may be able to transmit or provide access to certain personal data of yours to the following categories of recipients: natural or legal persons acting as authorized persons for IT Smart Systems in various fields (such as be the archiving of documents, the destruction of documents, or the storage of data, payment services, various services that we can outsource, such as in the field of human resources, etc.), other people, courts, authorities. In such cases, we will disclose the data for legitimate reasons related to our business, such as ensuring our ability to ensure the security of documents, relieving our business, finding, defending and exercising our or another person's rights or interests.

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

We do not transfer your personal data or any part of it to other companies, organizations or individuals in third countries or to international organizations. If there are any changes in this regard, we will notify you so that you can exercise your right to express your consent or not.


Your rights according to the GDPR

By reading this Policy, you have become aware that your rights under the GDPR are guaranteed, namely:

  • the right to transparency of information, communications and the exercise of your rights;
  • the right to information and access to your personal data;
  • the right to rectification and the right to delete data ("the right to be forgotten");
  • the right to restrict processing;
  • the right to data portability;
  • the right to opposition and
  • not to be subject to an automated individual decision-making process;
  • the right to contact the Supervisory Authority (ANSPDCP) in case of violation of your rights guaranteed by the legislation on personal data protection.


To exercise your rights, stated above, or for any question regarding how your data is used or if some of the data about you are incorrect, you can address a written request, dated and signed at the email address:

In the request, please indicate if you want the information to be communicated to a specific address (postal or e-mail) or through a courier service to ensure that you receive the information in person. Please note that before accepting any such request, we reserve the right to verify your identity to ensure that the request comes from you. You also have the right to go to court for any breach of your personal data processing rights.

We intend to respond to any valid requests within a maximum of one month. We will let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us to act faster and shorten the response time to your request.

We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.


IT Smart Systems contact information:


Address: 24-26 Aleea Țibleș, district 6, Bucharest, 060233.



Contact Data Competent Authorities:

The National Supervisory Authority For Personal Data Processing

Address: 28-30 G-ral Gheorghe Magheru Bld. District 1, post code 010336 Bucharest, Romania

phone: +40.318.059.211

fax: +40.318.059.602



The Update of the Privacy Policy.

Privacy Policy may be updated from time to time, for example following the amendment of the relevant legislation. We encourage the visitors of our website to verify this page periodically in order to get informed on the latest news.


This Policy was last updated on 30.08.2022.