<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=482955330209157&amp;ev=PageView&amp;noscript=1">

Privacy Policy

Last update: 25 March 2025

The Aqurate Privacy Policy details the Company's practice regarding the processing of personal data through the Aqurate business website at https://aqurate.ai (hereinafter briefly, generically, the Site), and through the Aqurate Software-as-a-Service platform at https://app.aqurate.ai (hereinafter the Platform), with the aim of informing users on this topic.

By using the Site further, you acknowledge that you have read and agree to this Privacy Policy, as well as Cookie Policy, the Terms of Service.

 

1.     Identification of the data controller

 

Name: MACHINE LEARNING SOLUTIONS SRL (hereinafter the Company or Aqurate)

Headquarters: Romania, Timis county, Timisoara, 2-4 Calea Circumvalaţiunii, office 210

Registration no.: J35/4631/2018

EUID ROONRC.J35/4631/2018

VIES (VAT) code: RO40330105

Email: office@aqurate.ai

 

2.     Contact details in the field of personal data protection

 

The contact details that the visitor can use to transmit any requests, notifications or claims regarding the Terms of Service, the Privacy Policy, the Cookie Policy, as well as any other information published on the Site, policies or operations performed by the Company, are indicated at point 1 above.

The deadline for the Company to send a response is no more than 30 days from the receipt of the request.

Aqurate collects information from users in the following ways: directly from the user, from the traffic reports recorded by the servers hosting the Site, as well as through cookies.

 

3.     Source of data

 

The Company collects information from users in the following ways: directly from the user, from traffic reports recorded by the servers hosting the Site, and through cookies.

Information provided directly by the user:

Beneficiaries of the Aqurate subscriptions (and hence our Customers) can only be legal persons, and not natural persons. However, the representatives, contact persons and the persons that have access to the Customer’s account on the Platform (the Direct Users) are natural persons.

(i) When the user fills in the fields in the Contact box or leaves a message on Chat or on the corresponding section from the Customer’s account on the Platform, he/she indicates: name, first name, e-mail address and telephone number (all being personal data).

This information is required by Aqurate in order to be able to respond to requests sent by that user.

Other personal data could be processed by the Company if included in the information / request sent by the user. Thus, Aqurate did not request the respective data, but insofar as they are absolutely necessary in order to be able to respond to those transmitted by the user, the processing of personal data shall be performed at the request of the message sender.

However, the use of boxes and sections abovementioned is not obligatory either for viewing the Site or for purchasing subscriptions. Any information can also be obtained in another way (for example by sending a question to the Company's headquarters’ address or by sending an email using the address indicated at art. 1 above).

(ii) When a user wants to benefit from a demo session, the name and email address address (all of which may be personal data and shall be processed after clicking the "Book a demo" button) must be providing for schedualing it with the Company.

(iii) When a Customer creates a user account on the Platform, in order to use a subscription or register for a Free Trial, a user name and an e-mail address and a personal password for this account (all of which may be personal data and shall be processed after clicking the "Sign up" button).

After creating an account, the Customer will be able to choose to maintain login (by filling in the Log In box only with his/her email and password) or to sign in every time it accesses the Site and wishes to do so (it will only indicate the email address and password chosen). The user can also change the password attached to its account at any time and Aqurate will not have access to it. The same applies for the access accounts created by the Customer to Direct Users.

Setting up a Customer account is mandatory in order to use the Platform, both for Free Trial as well as for a paid subscription version, as indicated in the Terms of Service, the boxes placed at the end requiring to be checked.

(iv) When a user purchases a subscription from the Site, following the order placement steps, the following mandatory information shall be provided to the Company: name; surname; telephone number in order for Aqurate to confirm the order and provide any other information requested by the buyer; email address for the above mentioned purposes; headquarters address for the invoice (ie, country, county, city, street, number, block, apartment); bank card data (cardholder name, card number, bank) in case of purchasing products using this means of payment, any possible additional information (maybe even personal data of the future Direct Users) filled in the optional field with Order Note - all this is personal data processed after pressing the "Complete signup" button.

When a Direct User consents to the use of his/her e-mail address for marketing purposes by Aqurate - Newsletters - (by clicking the "Subscribe" button and ticking the consent box), to receive information about new services or products, ongoing promotions, events etc. (personal data will be processed after the user has ticked the box for his/her consent).

The user who has chosen to receive newsletters from the Company will be able to unsubscribe at any time by simply clicking on the active "Unsubscribe" button at the end of each communication sent by Aqurate.

(iv) When a Direct User consents to the use of his/her image, voice, first name and surname/nickname chosen for social media platforms and links to them for marketing purposes by Aqurate, for the display of testimonials in the form of pictures and text or video (personal data which will be processed after obtaining the consent of the data subject).

The Company confirms that none of the personal data included at letters (i) to (vi) above, shall be used for purposes other than those expressly indicated and only by fully observing the applicable legal provisions.

 

Information provided directly by the user:

This type of information includes:

• data on the user’s sales, customers, inventory,

• data on the traffic and events recorded within the Customer’s website(s).

 

Information obtained from the traffic reports recorded by server:

When a website is accessed, users automatically disclose certain information, such as the IP address, the time of the visit, the place where the website was accessed. Aqurate, like other operators, registers this information.

 

Information obtained through cookie:

All details on how data is processed in this context, are indicated in the Cookie Policy.

 

4.     Data subject

 

Given that the Company processes personal data of Direct Users, they hold the status of data subject and declare that they are over 18 years old.

In the event that the information/requests submitted by users also include personal data relating to other persons (and they thus acquire the status of data subject), the Company will process their data strictly in order to be able to respond to that information/request and does not assume any liability in addition to that expressly indicated herein, in the Terms of Services or in the applicable legislation.

 

5.     Processed personal data

 

Any information regarding an identified or identifiable natural person, respectively the data subject, can be considered as personal data.

 Considering the processing purposes indicated herein, the Company tries to reduce as much as possible the personal data processed.

 Thus, according to the Cookie Policy, the data subject shall be able to choose the types of cookies (applicable where their use is not automatically made for the functioning of the Platform) by checking a box, in order to ensure a more complete and better experience when browsing the Site.

 

In order to send answers to requests/questions communicated by users using the Contact, Chat, the Customer profile on the Platform, to provide services, to offer demo sessions and to send information for marketing purposes, the Company processes the following personal data:

 • personal data of the Direct User:

- by the Contact/Chat/Section of the customer profile on the Platform: name and email address of the user, respectively the ID indicated for the connection through social media platforms

- by creating a Customer account and subsequent login: email address and password (password is not known to Aqurate, but the user can retrieve login data using the link indicated in the Terms of Service)

- by creating Direct User accounts provided by Customer and subsequent login: email address and password (password is not known to Aqurate, but if a user forgets it and requests it, the Company may ask the company hosting to retrieve it)

- by the order form: telephone number, name of the Customer's representative, bank card details (if this payment method is chosen)

- by the user's express confirmation by ticking the box corresponding to the consent to data processing for marketing purposes, by clicking on the "Subscribe" button: e-mail address

- by displaying testimonials materialized in pictures and text or video: image, voice, first and last name/nickname chosen by the user for social media platforms and links to them

- by connecting an integration to the Platform: email address

- IP of the Direct Users

Depending on the cookie settings, other data may also be processed (in particular data related to the visitor's preferences and behaviour on the Site).

 

• other natural persons than the Direct User

- depending on the content of the messages sent by Direct User, other data may be processed to the extent indicated, although not requested by Aqurate

- for the execution of its obligations under the Standard Service Terms, Aqurate processes the personal data of visitors of the Customer’s website(s), namely email, visitor ID, user ID, Google cookie ID, device attributes (eg, type, timezone).

The Company undertakes to comply with the legislation on the protection of personal data also in relation to these third parties, without, however, being obliged to obtain any separate consent in this respect. It is the Direct User who has transmitted such information who assumes full responsibility in this respect and declares that they have consented to the processing carried out by Aqurate and that they have been fully informed in this respect.

 

6.     Processing of personal data

 

It represents the processing of personal data, any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means.

 The Company accesses, collects, uses and performs any other actions allowed by the applicable law on the personal data provided by visitors, within the limits indicated at art. 4 above and art. 6 below.

 

7.     Purpose

 

The user of the Site is the person who accesses this page and who may become a buyer when placing a firm order, and with respect to whom certain personal data are processed for various purposes - namely:

• For the personal data provided directly by the user:

- providing answers, clarifications and remedying problematic situations in relation to requests and complaints submitted by the user;

- creating/administering the Customer's account on the Platform, in order to place the order, to have the related tax invoice drawn up by Aqurate, to have the services performed by the Company and to remedy issues;

- sending information for marketing purposes;

- ensuring compliance with this Privacy Policy, the Terms of Service and the Cookie Policy, as well as applicable legal provisions to protect the rights of Aqurate and safety of the Site

• For the personal data of visitors of the Customer’s website(s):

- Fully anonymized usage for training AI/ML models;

- Fully anonymized usage for research & development purposes or market reports;

- For the execution of its obligations under the Standard Service Terms;

• For the personal data provided by the traffic reports recorded by server:

- identification of the sections of interest of the Site

- safer administration of the computer system

• For the personal data provided by the use of cookies:

- functioning and smooth operation of the Platform

- depending on the settings chosen by the user, additional personal data can be used for obtaining statistical information that allows to improve the offered services, saving preferences, advertising etc. All details regarding this type of data processing can be found in the Cookie Policy.

If the Company intends to subsequently process the personal data for a purpose other than those indicated above, it shall provide the data subject prior to such further processing, additional relevant information regarding the secondary purpose, by completing the necessary formalities according to the law.

 

8.     Recipients of the processing

 

The personal data may be provided to:

• the administrators, shareholders and employees/collaborators of the Company that deal with the administration of the Platform (including sale, technical assistance, maintenance and invoicing) and who are involved in the activities regarding which the user sends questions / notifications - will process the name and e-mail address as well as any other personal data submitted by message;

• the administrators, shareholders and employees/collaborators of the Company that deal with the administration of the Platform, who are involved in the marketing process - will process the email address for newsletters, image, voice, name, surname, nickname on social media and link to the user's social media platforms for testimonials;

• support service providers contracted by the Company to fulfil its contractual or legal obligations, such as:

- IT firm - can access all data recorded in the Company's online records, including those of data subjects;

- accounting firm - will process the name, surname indicated on the invoices, as well as any other bank details (if payment is to be made in this way);

- law firms - may access all data recorded in the Company's records in the event of legal issues arising which require their involvement;

- advertising, PR and communications companies for marketing activity - may collect anonymised data via cookies or event registration or feedback forms, and to the extent that this happens, Aqurate will provide this information to data subjects in advance;

The list of providers indicated above is not exhaustive, but indicates the main such collaborating companies. They will be independent controllers, joint controllers or processors in relation to the Company. Regardless of their capacity, they are obliged to maintain the confidentiality and security of the data subject's personal data by taking appropriate technical and organisational measures.

Although they are not recipients according to legal interpretations, public authorities (including the fiscal authority and the courts) may process all/any of the data subjects' data obtained through the Platform.

 

9.     Legal ground for processing

 

• Art. 6 letter (a) of GDPR - processing is carried out on the basis of the data subject's consent -> applicable situation when data processing is done in the context of cookies accepted by the user and which are not necessary for the functioning of the Site, as well as when user data is processed for marketing purposes or when a user account is set up/administrated;

• Art. 6 letter (b) GDPR - processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the user prior to entering into a contract -> applicable situation when data processing is done in the context of filling in data in the Contact form/Chat box/contact section of the account made on the Platform, or when the order for the subscription is placed, as well as when processing personal data of the of visitors of the Customer’s website(s) for performing the obligations of Aqurate under the Standard Service Terms;

• Art. 6 letter (c) GDPR - processing is necessary for the purposes of complying with a legal obligation incumbent on Aqurate -> applicable situation in the context of data processing in relation to performing of services, invoicing and collection of the price, as well as in relation to competent authorities or service providers such as those dealing with the invoicing of the price;

• Art. 6 letter (f) GDPR - processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, provided that the fundamental rights and freedoms of the data subject are not violated -> situation applicable in the context of data processing for the purposes of the ordinary operation and administration of the Site.

 

10. Type of processing

 Data processing activities performed by the Company, mainly refer to:

• collecting the data indicated by the user in the Contact form/Chat box/contact section of the account made on the Platform;

• collection of the data indicated by the user when creating an account on the Platform and/or in the order form;

• use of data for providing feedback and answers to the messages transmitted by the user;

• use of data for the conclusion and execution of the contract;

• use of data for the purpose of each category of cookies chosen by the user;

• collecting other unsolicited data if provided by the data subject (user) in a communication, request or complaint addressed to the Company, so that it can respond and solve the request or remedy the incident;

• storing personal data according to the law and within the limits necessary to achieve the purpose, in the electronic and secure database held by the Company;

• allowing access to personal data to certain employee and external collaborator who provide support services for Aqurate, whose activity involves the processing of personal data under the condition of undertaking the obligation of confidentiality and standard contractual clauses agreed by the European Commission (in the case of collaborators from EU third countries);

• allowing access to personal data to the competent authorities, insofar as the law obliges.

 

11. Processing and storing of data duration

 

The storage period of the personal data collected, is:

• until the withdrawal of the consent or the exercise of the right to data erasure (right to be forgotten) of the user - for the processing of personal data based on the consent of the data subject;

• for 3 years after receiving the message from the Contact form/Chat box/contact section of the account made on the Platform, in order to be able to demonstrate the measures taken by the Company in consideration of the request/question received, considering the duration of the general limitation period for the right to action before the courts regulated by the Romanian Civil Code;

• for 1 year after receiving the message from the “Careers” section, in order to decide on the opportunity of interviewing that person immediately after receiving the message, but also at a later moment within the 1 year period (depending on the forecast of the need to hire new employees / collaborators by the Company);

• a longer period than the abovementioned, when the law regulates in such manner or when there is a well-justified ground for this action (for example, to exercise a right before the court in a litigation started before the expiry of the storage period indicated herein, data will be kept until a final ruling is obtained).

Upon expiry of the aforementioned periods, all data shall be deleted from the Company's records.

 

12. Rights of the data subject

 

a) The right to be informed

The internal regulations and policies of the Company are always available to the data subject, being posted on the Site. See in this regard the present policy, the Cookie Policy and the Terms of Service.

The Company reserves the right to modify / update the content of the Site, including the policies to which references are made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on the Platform). The revision of this policy in the future shall be signalled by modifying the "Last updated" date at the top of this document. After the date the updated policy is published, accessing the Platform shall represent the user's acceptance of these updated conditions.

However, if there shall be significant changes that could affect the rights and freedoms of the users or if it shall become obligatory to obtain their consent, informing them about these changes shall be made by easily visible indications posted on the Site (pop-ups) or by transmitting e-mails to the addresses provided (if applicable). Such significant changes shall have effects for users within 15 days from the time of the posting the pop-up in question or of sending the email (how the information shall be made being decided by the Company, by on a case by case basis).

 

Regardless of the extent of the change, the responsibility to check the content of the Site (including this Privacy Policy, as well as the Terms of Service and other policies displayed on the Platform), to be up to date with the latest versions, will be entirely the responsibility of the user. Thus, THE REVIEW OF THE STANDARD SERVICE TERMS, BUT ALSO OF THIS PRIVACY POLICY AND OF THE COOKIE POLICY, MUST BE PERFORMED BY THE USERS WHENEVER THEY ACCESS THIS SITE AND BEFORE MAKING ANY REGISTRATION OR PROVIDING DATA, WHEREAS CHANGES CAN APPEAR.

Upon request, the data subject shall be informed about the essence of the contracts concluded with the abovementioned recipients of personal data where possible, and also of the data source.

 

b) The right of access the personal data processed

If the data subject wishes to receive information regarding the processing of data performed by Aqurate, he/she can send a request to the Company, and a response shall be provided within 30 days as of reception.

c) The right to data rectification

If the data subject wishes to rectify / amend the inaccurate / incomplete personal data concerning him or her as provided to Aqurate, he / she can send a request to the Company, and a response shall be provided within 30 days as of reception.

d) The right to data erasure (right to be forgotten)

The data subject shall have the right to obtain the erasure of personal data concerning him / her:

• at the expiration of the processing duration;

• if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

• if the data subject withdraws his / her consent on which the processing is based and where there is no other legal ground for the processing;

• if the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

• if the processing is illegal, the personal data being unlawfully processed;

• the personal data have to be erased for compliance with a legal obligation.

The exceptional cases provided in art. 17 paragraph 3 of GDPR are applicable.

Some data are part of the Company's records, which it keeps in relation to its legal obligations or its legitimate interest. Therefore, not all data can be erased, according to the law. However, any refusal to delete the data shall be motivated by the Company and shall be based on a clear legal basis.

e) The right to restriction of processing and the right to object

The restriction of processing can be applied if the data subject finds out that:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

• the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

The Company may continue processing the restricted personal data if it is necessary to establish, exercise or defend a right in court, or protect / defend a person but only with the consent of the data subject.

The Company shall communicate to the recipients that a rectification, deletion or restriction of the personal data took place, unless it is impossible or it involves disproportionate efforts.

f) The right to data portability

The data subject or a third party indicated by him / her, can receive on request, the personal data processed by the Company. Aqurate assumes no responsibility for the data processing performed by that third party.

The obligation to ensure the right to portability is the responsibility of the Company only if the processing of the personal data is based on the consent of the data subject or on the conclusion and execution of the contract. The actions shall be taken within 30 days from the receipt of the request.

g) The right to object

The data subject shall have the right to object, on grounds relating to his / her particular situation, at any time to processing of personal data based on the legitimate interest of the Company (including profiling).

Regardless to the above, if Aqurate demonstrates well justified legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims, the processing of data can continue.

h) The right to submit a claim

The data subject may submit:

• a request / a claim using the contact data of the Company, as indicated at art. 1 above;

• an action before the competent court;

• a complaint before the Romanian National Supervisory Authority for the Processing of Personal Data (www.dataprotection.ro).

However, the Company wishes any conflict / dispute to be resolved amicably and provides all availability in this regard.

i) The right to withdraw the consent given

The data subject may withdraw his / her consent at any time, without however affecting the legality of the processing before the withdrawal nor the one based on another legal grounds.

j) The right to not be subject to an automated decision

The Company does not take any decision based solely on automatic processing of personal data.

 

13. Obligations of the Company. Security measures applicable to the processed personal data

 

The Company complied with the provisions of the data protection legislation and has implemented appropriate technical and organizational measures to ensure the security of the processed personal data and the rights of the data subjects. Thus, the Company has implemented measures such as:

• the conclusion of contracts with collaborators which have undertook the obligation of confidentiality in relation to the personal data processed, as well as the general obligation to comply with the applicable legislation in the field of personal data protection;

• training the employees and collaborators on the importance of personal data protection, as well as limiting their access to data according to their attributions and competences;

• establishing internal procedures having the purpose of protecting personal data;

• indicating specially contact data which can be used for questions/claims regarding personal data (ie. the one indicated in art. 1 of the present police);

• including the Unsubscribe button on all direct marketing communications (newsletters);

• implementing information security measures;

• not installing cookies in addition to those necessary for the functioning of the Site and offering the users at all times the possibility to choose the additional cookies accepted.

Also, the Company shall inform the competent data protection authority in the event of an breach concerning data security which generate risks for the data subject, without undue delay and, if possible, within 72 hours from the moment it became aware of it, unless it is unlikely to create a risk for the rights and freedoms of individuals. If the notification to the authority shall not be made within the 72 hours, it shall be accompanied by a justified explanation for the delay.

In the event of an incident concerning the security of personal data, Aqurate shall also inform the data subject without undue delay, if the breach of the security of personal data is likely to generate a high risk for his / her rights and freedoms. However, informing the aforementioned data subject is not necessary if any of the following conditions is met:

• the Company has implemented adequate technical and organizational protection measures, and these measures have been applied in the case of the personal data affected by the security breach;

• the Company has taken further measures to ensure that the high risk for the rights and freedoms of the data subjects is no longer likely to occur;

• would require a disproportionate effort. In this situation, a public notification shall be conducted instead or a similar measure shall be taken, so that the data subjects are informed in an equally effective manner.

Any statistics regarding the traffic of the users on the Site, which Aqurate shall provide to third party advertising networks or to other sites, shall have a data set form and shall not include any identifiable information about any individual user.

Unfortunately, no data transmission through the internet can be guaranteed to be 100% secure. Consequently, despite Aqurate's efforts to protect users' personal data, it cannot guarantee or ensure the security of information transmitted by them through the Site. Users are therefore warned that any information sent through the online environment shall be done at their own risk.

To mitigate this risk, one of the measures took by the Company is to offer all interested users the possibility to send requests / requests / addresses / messages in material form, to the Aqurate headquarters, and not necessarily through the Contact form/Chat box/contact section of the account made on the Platform.

 

14. Liability of the Company

 

The Company's liability in relation to the data subject shall be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, the security measures taken, the measures took to avoid incidents and the observance of the other legal obligations.

 

15. Transfer of personal data to third countries / international organizations

 

The Company does not transfer personal data of the data subjects outside the EU territory and hence no transfer of personal data is made according to GDPR.

 

16. Final provisions

 

This policy applies to the Company and to the Site users.

This document is part of the Company's set of security policies. Other policies can apply to the topics addressed herein and shall be reviewed according to specific needs.