RisCo Confidentiality Policy


We take ensuring personal data protection a s fundamental commitment at RisCo. Accordingly, we will dedicate all efforts and resources required in order to process your personal data in full accordance with the Regulation (EU) 2016/679 ("The General Regulation regarding Data Protection" or "GDPR"), as well as any other legislation as applicable in Romania. Because one of the essential principles of this legal network is represented by transparency, we wish to inform you about the way in which we collect, use, transfer and protect your personal data when you interact with us regarding our products and services, including through our website, or through our mobile based apps


We preserve our right to update and modify periodically this Confidentiality Policy, in order to reflect any change in the way we process your personal data, or any changes in the legal requests in this respect. In case of any such changes, we will list on our website the updated version of the Confidentiality Policy, so please verify from time to time the content of this Confidentiality Policy.


Who we are and how can you contact us

RisCo is the commercial denomination of the company Risco Servicii Financiare S.R.L., a Romanian incorporated legal entity, with its premises in Bucharest, Bdul Pierre de Coubertin nr. 3-5, Office Building, etaj 5, camera 5N, sector 2, incorporated in the Registry of Commerce under no J40/12529/2014, fiscal code RO33741906 (henceforth called "RisCo"). Regarding data protection legislation, we act as an operator when we process your personal data.

Because we are always open to your opinions, and to supply you with any further information that you might need regarding your personal data processing, we encourage you to contact the person responsible with data protection with RisCo, at the email address dpo@risco.ro or by mail or courier at the address Bucuresti, Bdul Pierre de Coubertin nr. 3-5, Office Building, etaj 5, camera 5N, sector 2 - in attention of the person responsible with data protection at RisCo.


What types of personal data we process

In general, we collect your personal data directly from you, so that you are in full control about the type of information you convey to us. For example, we receive information from you as such:

- When you create a RisCo account, you deliver to us: your e-mail address, your name and surname, your mobile phone no, the series and number of your ID card, your address. All this data is taken for the purpose of creating your user account, uniquely identifying you, to sign-in in your account, and for the issuance of invoices in case of your acquisitions.

- Within your personal webpage (My account) from the RisCo platform you have the possibility to complete your RisCo Profile, by adding supplementary information like: photo, mobile phone number, website, Facebook account, Twitter account, working experience, education, foreign languages known, areas of interest, communication areas.

We can also collect and subsequently process certain information regarding your behaviour during visiting our website or using our smartphone app, in order to personalize your online experience and make available to you offers customized to your profile. On our website and in our smartphone application we might store and collect information in cookies and similar technologies, accoring our Cookies policies Cookies policy

We do not collect and do not process in any other way sensitive data, included in the General Data Protection Regulation (GDPR) in special categories of personal character data. At the same time, we do not want to collect or process data of persons less of the age of 18.


Which are the purposes and grounds or data processing

We will use your personal data to the following purposes:

1. For the provision of RisCo services in your benefits, which include:

a) Creation and administration of your client account within RisCo platform;

b) Processing of your orders, including their validation and invoicing;

c) Ensuring support services, including responding to your questions.

Processing your personal information for these purposes is neccessary in most cases for the good conclusion and execution of a services contract between you and RisCo. At the same time, certain processing for those purposes are imposed by the applicable legislation, including the fiscal and accounting regulations.

2. For the improvement of our services

We permanently wish to offer to you the best online purchasing experience. For that purpose, we might collect and use certain information regarding your user behaviour, we might invite you to fill-in some satisfaction questionnaires after finalizing an order/purchase with us, or we might develop directly or through specialized partners, some market research or studies.

We ground all these activities on our legitimate interest to pursue commercial activities, while being always concerned that your fundamental rights and freedoms would not be affected in a negative way.

3. For marketing purposes

We want to keep you informed regarding the best offers for the products/ services of interest to you. To this purpose, we can send to you any message type (like for example e-mail/SMS/telefonic/mobile push/webpush/etc.), which contains general and particular information regarding RisCo products and services.

Our marketing communication is based on your prior consent. You can change your mind and revoke your consent at any moment, by:

- Modifying setting from your client account in the section "My subscriptions"

- Accessing the unsubscribe link, as listed within the messages you receive from us, or by

- Directly contacting RisCo using the contacts details as described above.

In certain circumstances, we can base exclusively our marketing activities on our legitimate interest to promote and develop our commercial activity. In any situation, when we use your information to our legitimate interest, we take a proper care and take all neccessary measures that your fundamental rights and freedoms not to be affected whatsoever. However, you are still entitled to request from us, using the means as described above, to stop processing your personal data for marketing purposes, and we will be liable to do so.

4. For the defense of our legitimate interest:

There can be certain situations when we will use or transmit information in order to protect our rights and commecial activity. These instances may include:

- Protection measures of the website and the users of RisCo platform regarding cyberattacks

- Fraud prevention and detection measures, including transmission of certain information to the competent public authorities;

- Measures to manage variours types of other risks.

The general purpose of those types of processing is our legitimate interest to defending our commercial activity, by that meaning that we ensure that all measures we take fully guarantee an equilibrium between our interests and your fundamental freedoms and rights.


For how long do we keep your personal data

As a general rule, we will store your personal data for as long you have a user account open on RisCo platform. You can request us at any time to delete certain information, or closing your account and we will follow your request, under the restriction that certain information need to be kept active even after the account closure, when applicable legislation or our legitimate interest impose such a behaviour..


To whom do we send your personal information

We can send or offer access to your personal information, as case may be, to the following third parties::

- courier service providers;

- payment/ banking services providers;

- marketing/ telemarketing services providers;

In case we have a legal obligation or we find it bound to defend our legal interest, we may also disclose some of your personal information to certain public authorities..

We ensure that access to your personal data by third parties legal entities is done according to legal requirements regarding data protection and confidentiality under GDPR, based on contracts concluded with those parties.


In which countries do we transfer your personal information

We currently store and process your personal information only in Romania.


How do we protect the security of your personal information

We commit ourselves to ensure the security of your personal information through the implementation of adequate technical and organizational measures, in line with industry standards.

For payments we use the services provided by ING Bank payment processing unit. Any information regarding payments are encrypted using the HTTPS technology with the encryption type TSL 1.2.

Despite all measures we take to protect your personal information, we must stress that transmission of information by internet in general, or through other private networks in particular, is not completely safe, and a risk exist that your data could be seen and used by unauthorized third parties. We cannot be held liable for such vulnerabilities of systems which are beyond our control.


What rights you have

The general regulation regarding general data protection recognize a series of rights you have regarding your personal information. You may request full access to your personal information, correction or any mistakes from your files and/or you can oppose to any processing or your personal information. Additionally, you can exercise your right to complain to competent supervisory authorities or you can go to justice. If case, you may have the right to solicit the deletion of your personal information, your right to restrict your personal data processing and your have the right of portability of your personal information.

You may at any time exercise the following rights:

The right to information: you may request information regarding your personal information processing activities;

The right to rectification: your may rectify your inaccurate personal information or you may complete them;

The right to data deletion: ("the right to be forgotten") you can obtain data deletion, if their processing was not legal or in other cases provided by law;

The right to restrict processing: you may solicit restriction of personal information processing in case you dispute data accuracy, as well as in other cases as provisioned by the law;

The right to opposition: you can oppose, speciafically, to processing of data based on our legitimate interest;

Right of data portability: you may receive, in certain conditions, the personal information you provided to us, in a format that can be automatically be read or you can solicit that the respective information to be transmitted to another operator;

Right to complain: you may complain against the way we processed your personal information to the National Authority for Processing Personal Information Supervision;

Right to withdraw your consent: in cases when data processing is based on your consent, you can withdraw this consent at any time. Withdrawal of consent will bear effects only for the future, processing done before withdrawal of consent remaining valid;

Supplementary rights afferent to automatic decisions: you may request and obtain human intervention regarding the prespective processing, you may express your own viewpoint regarding this processing and you may contest the decision.


Time of response

We commit ourselves to respond to any valid request in maximum one month, with the exception when this is very complicated, or you made a many requests, in which case we commit ourselves to respond to your requests in maximum two months. We will inform you whether we would need more than one month to respond. We might ask you if you could tell us exactly what you want to receive from us, or what exactly is your concern. This would help us act quicker and shorten the response time to your request..

We may continue to use your personal information following a restriction request in case that.

- we have your consent.;

- to establish, exercise or ensure defense of a right in court;

- to protect the rights of RisCo or of other individual or legal person;



You have the possibility in any moment to exercise the following rights::

The National Supervisory Authority for Personal Information Processing

B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod postal 010336, Bucuresti, Romania

Phone: +40.318.059.211 sau +40.318.059.212

E-mail: anspdcp@dataprotection.ro


Without affecting your right to contact at any time the supervisory authority, please contact us previously, and we promise that we will commit any necessary diligence to resolve any of your requests amicably.


Questions and requests regarding data protection

RisCo is at your disposal for any queries, clarifications or any details you need regarding the present Data Processing Policy.

You may contact us also for any sugestions or coments regarding this Policy, or the way in which we collect and use your personal information, to the contact data of the DPO as listed below.

RisCo has denominated a person responsible with Data Protection. You can contact him regarding any issue connected with the presonal data processing, by using the following contact data::

Responsible with Data Protection

Address: Bd. Pierre de Coubertin 3-5, Office Building, etaj 5, camera 5N, Sector 2, Bucuresti

Email: dpo@risco.ro