PRIVACY POLICY

Callity WhatsApp Messaging Application

www.callity.eu

Last updated: March 2025

1. Data Controller

This Privacy Policy applies to the Callity application and the website www.callity.eu, operated by:

ROSTO SRL

Str. Stirbei Voda nr. 166, Sector 1, Bucuresti, Romania

Registration number (CUI): RO5801425

Phone: +40 310 050 665

Email: support@callity.eu

ROSTO SRL acts as the data controller for all personal data processed through the Callity application and associated services.

2. Scope and Purpose

This Privacy Policy describes how ROSTO SRL collects, uses, stores, and protects personal data when you:

  • Access or register on the Callity platform (www.callity.eu)
  • Use the Callity application to send and receive messages via the WhatsApp Business API (provided by Meta Platforms, Inc.)
  • Interact with our customer support team
  • Use any other services offered through the platform

By using Callity, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

3. Data We Collect

3.1 Account and Registration Data

When you create an account on Callity, we collect:

  • Full name
  • Email address
  • Phone number
  • Company name and VAT number (if applicable)
  • Username and encrypted password
  • Billing and invoicing information

3.2 WhatsApp Messaging Data

When using Callity to send or manage WhatsApp messages through the Meta WhatsApp Business API, the following data is processed:

  • Recipient phone numbers (WhatsApp-registered numbers)
  • Message content (text, media, templates)
  • Message status metadata (sent, delivered, read, failed)
  • Timestamps of messages
  • Template names and parameters used

Important: Callity uses the official WhatsApp Business API provided by Meta Platforms, Inc. Message content may be processed by Meta’s infrastructure in accordance with Meta’s own Privacy Policy and Terms of Service. We recommend reviewing Meta’s policies at https://www.whatsapp.com/legal/privacy-policy-eea (for EEA users).

3.3 Technical and Usage Data

We automatically collect certain technical information when you use our platform:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Device identifiers
  • Log files and session data
  • Pages visited, features used, and time spent on platform
  • API call logs and error reports

3.4 Communication Data

When you contact our support team, we collect records of communications including emails, tickets, and any personal information you provide in those communications.

4. Legal Basis for Processing

We process your personal data under the following legal bases provided by Regulation (EU) 2016/679 (GDPR):

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Callity service as described in our Terms of Service.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing for fraud prevention, security, platform improvement, and customer support.
  • Consent (Art. 6(1)(a) GDPR): Where we rely on your explicit consent, for example for marketing communications.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with applicable Romanian or EU law.

5. WhatsApp Business API and Meta

Callity integrates with the WhatsApp Business API, operated by Meta Platforms, Inc. When you use Callity to communicate via WhatsApp:

  • Messages are routed through Meta’s global infrastructure.
  • Meta acts as an independent data processor for message delivery.
  • Callity is a Business Solution Provider (BSP) authorized to use the WhatsApp Business API.
  • End-to-end encryption applies to messages as per WhatsApp’s standard protocol.
  • Meta may process data in countries outside the European Economic Area (EEA).

You acknowledge that use of WhatsApp features through Callity is also subject to WhatsApp’s Terms of Service and Privacy Policy. ROSTO SRL is not responsible for Meta’s data processing practices.

6. How We Use Your Data

We use collected data to:

  • Create and manage your Callity account
  • Provide, operate, and maintain the messaging platform
  • Process and route WhatsApp messages on your behalf
  • Issue invoices and manage payments
  • Provide technical support and respond to inquiries
  • Monitor and ensure platform security and prevent fraud
  • Comply with legal and regulatory obligations
  • Improve and develop new features of the platform
  • Send service-related notifications (e.g., account alerts, system updates)
  • Send promotional communications, only with your prior consent

7. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of recipients:

  • Meta Platforms, Inc.: As required to deliver WhatsApp messages through their API.
  • Cloud hosting providers: For infrastructure and data storage (hosted within the EU or EEA where possible).
  • Payment processors: For secure billing and invoicing.
  • Analytics providers: To analyse platform usage in anonymised or aggregated form.
  • Legal and regulatory authorities: When required by law, court order, or to protect our legal rights.

All third-party processors are bound by data processing agreements consistent with GDPR requirements.

8. International Data Transfers

Some service providers, including Meta Platforms, Inc., may process data outside the EEA. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions where applicable.

9. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Account data: For the duration of your account plus 3 years after closure, unless a longer period is required by law.
  • Message logs and metadata: Up to 12 months from the date of the communication.
  • Financial and billing records: 10 years, as required by Romanian fiscal law.
  • Support communications: 3 years from the date of the last interaction.

After the applicable retention period, data is securely deleted or anonymised.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data (‘right to be forgotten’), subject to legal exceptions.
  • Right to restriction (Art. 18): Request that we restrict processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at: support@callity.eu or by post at the address above. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian supervisory authority: Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), www.dataprotection.ro.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encrypted data transmission (TLS/SSL)
  • Encrypted password storage (bcrypt or equivalent)
  • Access controls and role-based permissions
  • Regular security audits and vulnerability assessments
  • Incident response procedures

No system is entirely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority as required by GDPR.

12. Cookies and Tracking

The Callity web platform uses cookies and similar technologies. These may include:

  • Strictly necessary cookies: Required for login sessions and platform functionality.
  • Analytical cookies: Used to understand how users interact with the platform (e.g., via Google Analytics or equivalent, with IP anonymisation enabled).
  • Preference cookies: To remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

13. Children’s Privacy

Callity is a business-to-business (B2B) platform intended solely for use by adults and business entities. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately at support@callity.eu so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on the platform. The date of the most recent revision is shown at the top of this document. Continued use of Callity after changes take effect constitutes acceptance of the revised policy.

15. Contact

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices:

ROSTO SRL

Str. Stirbei Voda nr. 166, Sector 1, Bucuresti, Romania

Phone: +40 310 050 665

Email: support@callity.eu

Website: www.callity.eu

POLITICA DE CONFIDENTIALITATE

Aplicatia Callity de Mesagerie WhatsApp

www.callity.eu

Ultima actualizare: Martie 2025

1. Operatorul de Date

Aceasta Politica de Confidentialitate se aplica aplicatiei Callity si website-ului www.callity.eu, operate de:

ROSTO SRL

Str. Stirbei Voda nr. 166, Sector 1, Bucuresti, Romania

CUI: RO5801425

Telefon: +40 310 050 665

Email: support@callity.eu

ROSTO SRL actioneaza in calitate de operator de date cu caracter personal pentru toate datele prelucrate prin aplicatia Callity si serviciile asociate.

2. Domeniu de Aplicare si Scop

Aceasta Politica de Confidentialitate descrie modul in care ROSTO SRL colecteaza, utilizeaza, stocheaza si protejeaza datele cu caracter personal atunci cand:

  • Accesati sau va inregistrati pe platforma Callity (www.callity.eu)
  • Utilizati aplicatia Callity pentru a trimite si receptiona mesaje prin intermediul WhatsApp Business API (furnizat de Meta Platforms, Inc.)
  • Interactionati cu echipa noastra de suport
  • Utilizati orice alte servicii oferite prin platforma

Prin utilizarea Callity, confirmati ca ati citit si inteles aceasta Politica de Confidentialitate si consimtiti la prelucrarea datelor dumneavoastra cu caracter personal asa cum este descris in prezentul document.

3. Datele pe Care le Colectam

3.1 Date de Cont si Inregistrare

La crearea unui cont Callity, colectam:

  • Nume si prenume
  • Adresa de email
  • Numar de telefon
  • Denumire firma si CUI (daca este cazul)
  • Nume utilizator si parola criptata
  • Informatii de facturare

3.2 Date de Mesagerie WhatsApp

La utilizarea Callity pentru trimiterea sau gestionarea mesajelor WhatsApp prin intermediul Meta WhatsApp Business API, sunt prelucrate urmatoarele date:

  • Numerele de telefon ale destinatarilor (numere inregistrate pe WhatsApp)
  • Continutul mesajelor (text, media, sabloane)
  • Metadate privind starea mesajelor (trimis, livrat, citit, esuat)
  • Marcajele de timp ale mesajelor
  • Numele si parametrii sabloanelor utilizate

Important: Callity utilizeaza WhatsApp Business API oficial furnizat de Meta Platforms, Inc. Continutul mesajelor poate fi procesat prin infrastructura Meta in conformitate cu propria Politica de Confidentialitate si Termeni de Serviciu ai Meta. Va recomandam sa consultati politicile Meta la https://www.whatsapp.com/legal/privacy-policy-eea (pentru utilizatorii din SEE).

3.3 Date Tehnice si de Utilizare

Colectam automat anumite informatii tehnice atunci cand utilizati platforma noastra:

  • Adresa IP si locatia geografica aproximativa
  • Tipul si versiunea browserului si sistemul de operare
  • Identificatori de dispozitiv
  • Fisiere jurnal (log) si date de sesiune
  • Paginile accesate, functiile utilizate si durata sesiunii
  • Jurnalele apelurilor API si rapoartele de erori

3.4 Date de Comunicare

Atunci cand contactati echipa de suport, pastram inregistrari ale comunicarilor, inclusiv emailuri, tichete si orice informatii personale furnizate in cadrul acestora.

4. Temeiul Legal al Prelucrarii

Prelucram datele dumneavoastra cu caracter personal in baza urmatoarelor temeiuri legale prevazute de Regulamentul (UE) 2016/679 (GDPR):

  • Executarea contractului (Art. 6(1)(b) GDPR): Prelucrarea necesara furnizarii serviciului Callity conform Termenilor de Serviciu.
  • Interese legitime (Art. 6(1)(f) GDPR): Prelucrarea in scopul prevenirii fraudelor, securitatii, imbunatatirii platformei si suportului clienti.
  • Consimtamant (Art. 6(1)(a) GDPR): Acolo unde ne bazam pe consimtamantul dumneavoastra explicit, de exemplu pentru comunicari de marketing.
  • Obligatie legala (Art. 6(1)(c) GDPR): Acolo unde prelucrarea este necesara pentru respectarea legislatiei romane sau europene aplicabile.

5. WhatsApp Business API si Meta

Callity este integrat cu WhatsApp Business API, operat de Meta Platforms, Inc. Atunci cand utilizati Callity pentru a comunica prin WhatsApp:

  • Mesajele sunt rutate prin infrastructura globala a Meta.
  • Meta actioneaza ca operator de date independent pentru livrarea mesajelor.
  • Callity este un Business Solution Provider (BSP) autorizat sa utilizeze WhatsApp Business API.
  • Mesajele beneficiaza de criptare end-to-end conform protocolului standard WhatsApp.
  • Meta poate prelucra date in tari din afara Spatiului Economic European (SEE).

Confirmati ca utilizarea functiilor WhatsApp prin Callity este supusa si Termenilor de Serviciu si Politicii de Confidentialitate ale WhatsApp. ROSTO SRL nu este responsabila pentru practicile de prelucrare a datelor ale Meta.

6. Cum Utilizam Datele Dumneavoastra

Utilizam datele colectate pentru:

  • Crearea si administrarea contului dumneavoastra Callity
  • Furnizarea, operarea si mentinerea platformei de mesagerie
  • Procesarea si rutarea mesajelor WhatsApp in numele dumneavoastra
  • Emiterea facturilor si gestionarea platilor
  • Furnizarea de suport tehnic si raspunsul la solicitari
  • Monitorizarea si asigurarea securitatii platformei si prevenirea fraudelor
  • Respectarea obligatiilor legale si de reglementare
  • Imbunatatirea si dezvoltarea de noi functii ale platformei
  • Trimiterea de notificari legate de serviciu (ex. alerte de cont, actualizari ale sistemului)
  • Trimiterea de comunicari promotionale, exclusiv cu consimtamantul prealabil

7. Partajarea Datelor cu Terte Parti

Nu vindem datele dumneavoastra cu caracter personal. Putem partaja date cu urmatoarele categorii de destinatari:

  • Meta Platforms, Inc.: In masura necesara livrarii mesajelor WhatsApp prin API-ul lor.
  • Furnizori de hosting cloud: Pentru infrastructura si stocarea datelor (gazduite in UE sau SEE, acolo unde este posibil).
  • Procesatori de plati: Pentru facturare si plati securizate.
  • Furnizori de analiza: Pentru analiza utilizarii platformei in forma anonimizata sau agregata.
  • Autoritati legale si de reglementare: Atunci cand este impus de lege, ordin judecatoresc sau pentru protejarea drepturilor noastre legale.

Toti procesatorii terti sunt obligati prin acorduri de prelucrare a datelor conforme cu cerintele GDPR.

8. Transferuri Internationale de Date

Unii furnizori de servicii, inclusiv Meta Platforms, Inc., pot prelucra date in afara SEE. In astfel de cazuri, ne asiguram ca sunt instituite masuri de protectie adecvate, cum ar fi Clauzele Contractuale Standard (SCC) aprobate de Comisia Europeana, sau ne bazam pe decizii de adecvare, acolo unde este aplicabil.

9. Durata Retentiei Datelor

Retinem datele dumneavoastra cu caracter personal numai atat timp cat este necesar pentru scopurile descrise in aceasta politica:

  • Date de cont: Pe durata contului plus 3 ani de la inchiderea acestuia, cu exceptia cazului in care legea impune o perioada mai lunga.
  • Jurnalele si metadatele mesajelor: Pana la 12 luni de la data comunicarii.
  • Inregistrarile financiare si de facturare: 10 ani, conform legislatiei fiscale romane.
  • Comunicarile de suport: 3 ani de la data ultimei interactiuni.

La expirarea perioadei de retentie aplicabile, datele sunt sterse in mod securizat sau anonimizate.

10. Drepturile Dumneavoastra Conform GDPR

In calitate de persoana vizata conform GDPR, aveti urmatoarele drepturi:

  • Dreptul de acces (Art. 15): Solicitati o copie a datelor cu caracter personal pe care le detinem despre dumneavoastra.
  • Dreptul la rectificare (Art. 16): Solicitati corectarea datelor inexacte sau incomplete.
  • Dreptul la stergere (Art. 17): Solicitati stergerea datelor dumneavoastra (‘dreptul de a fi uitat’), cu exceptia cazurilor prevazute de lege.
  • Dreptul la restrictionarea prelucrarii (Art. 18): Solicitati restrictionarea prelucrarii datelor.
  • Dreptul la portabilitatea datelor (Art. 20): Primiti datele intr-un format structurat, lizibil de masina.
  • Dreptul la opozitie (Art. 21): Va opuneti prelucrarii bazate pe interese legitime sau pentru marketing direct.
  • Dreptul de retragere a consimtamantului: Acolo unde prelucrarea se bazeaza pe consimtamant, il puteti retrage oricand fara a afecta prelucrarea anterioara.

Pentru a exercita oricare dintre aceste drepturi, contactati-ne la: support@callity.eu sau prin posta la adresa de mai sus. Vom raspunde in termen de 30 de zile. Aveti, de asemenea, dreptul de a depune o plangere la autoritatea de supraveghere romana: Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), www.dataprotection.ro.

11. Securitate

Implementam masuri tehnice si organizatorice adecvate pentru a proteja datele dumneavoastra cu caracter personal impotriva accesului neautorizat, pierderii, distrugerii sau modificarii. Acestea includ:

  • Transmitere criptata a datelor (TLS/SSL)
  • Stocare criptata a parolelor (bcrypt sau echivalent)
  • Controale de acces si permisiuni bazate pe roluri
  • Audituri de securitate si evaluari periodice ale vulnerabilitatilor
  • Proceduri de raspuns la incidente

Niciun sistem nu este complet securizat. In cazul unei incalcari a securitatii datelor care este susceptibila sa prezinte un risc ridicat pentru drepturile si libertatile dumneavoastra, va vom notifica pe dumneavoastra si autoritatea de supraveghere competenta, conform cerintelor GDPR.

12. Cookie-uri si Urmarire

Platforma web Callity utilizeaza cookie-uri si tehnologii similare. Acestea pot include:

  • Cookie-uri strict necesare: Necesare pentru sesiunile de autentificare si functionalitatile platformei.
  • Cookie-uri analitice: Utilizate pentru a intelege modul in care utilizatorii interactioneaza cu platforma (ex. Google Analytics sau echivalent, cu anonimizarea IP activata).
  • Cookie-uri de preferinte: Pentru a retine setarile si preferintele dumneavoastra.

Puteti gestiona preferintele privind cookie-urile prin setarile browserului. Dezactivarea anumitor cookie-uri poate afecta functionalitatea platformei.

13. Confidentialitatea Copiilor

Callity este o platforma B2B (business-to-business) destinata exclusiv adultilor si entitatilor comerciale. Nu colectam in mod intentionat date cu caracter personal de la persoane cu varsta sub 16 ani. Daca credeti ca am colectat din greseala astfel de date, va rugam sa ne contactati imediat la support@callity.eu pentru a le sterge.

14. Modificari ale Politicii

Putem actualiza periodic aceasta Politica de Confidentialitate. Atunci cand efectuam modificari semnificative, va vom notifica prin email sau prin afisarea unui mesaj evident pe platforma. Data ultimei revizuiri este indicata la inceputul acestui document. Continuarea utilizarii Callity dupa intrarea in vigoare a modificarilor constituie acceptarea politicii revizuite.

15. Contact

Pentru orice intrebari, solicitari sau preocupari referitoare la aceasta Politica de Confidentialitate sau practicile noastre de prelucrare a datelor:

ROSTO SRL

Str. Stirbei Voda nr. 166, Sector 1, Bucuresti, Romania

Telefon: +40 310 050 665

Email: support@callity.eu

Website: www.callity.eu