Privacy Policy – Romana Trading

1) Definitions

• Service: The ROMANA TRADING Mobile Device Management Service.
• Personal Data: Personal data refers to information about a living individual who can be identified through that information (either alone or in combination with other data we hold or may obtain).
• Usage Data: Usage data refers to information that is automatically gathered either through your interaction with the Service or from the Service's own infrastructure (for example, how long you spend on a particular page).
• Data Controller: The Data Controller refers to the individual, legal entity, public body, or organization that, independently or together with others, decides the purposes and methods of processing Personal Data.
• Processing: Processing encompasses any action or series of actions carried out on personal data, such as collection, recording, organization, structuring, storage, modification, retrieval, consultation, use, transmission, dissemination, alignment, combination, restriction, or deletion of personal data. The terms "Process" and "Processed" should be understood accordingly.
• Data Processor (or Service Provider): A Data Processor (or Service Provider) is any individual or legal entity that handles data on behalf of the Data Controller. We may engage various Service Providers to process your data in a more effective manner.
• Sub-processor: A Sub-processor is any subcontractor appointed by us or our affiliates to support us in meeting our obligations related to the delivery of our Services under the Contract. Sub-processors may include third parties or affiliated entities, but do not include ROMANA TRADING employees or consultants.
• Data Subject (or User): A Data Subject is any living individual who makes use of our Service and whose personal data is being processed.
• Personal Data Breach: A Personal Data Breach is a security incident resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that is transmitted, stored, or otherwise handled by us and/or our subcontractors in connection with the delivery of our Services. A "Personal Data Breach" does not cover failed attempts or events that do not affect the security of personal data, such as unsuccessful login attempts, pings, port scans, denial of service attacks, or other network-based attacks on firewalls or systems.

2) What is Personal Data?

The concept of "personal data" is central to the RGPD's application: it comes into play whenever a data processing activity involves personal data. Personal data is any information that relates to an identified or identifiable natural person (Art.4 RGPD). It includes information that identifies you directly or that we or our Service providers and affiliates can combine with other data to identify you. Such information may include your full name, email address, home address, phone number, location data, IP address, cookie ID, and image, as well as details like your age or income when linked to you. Personal data may also cover behavioral details, such as whether you have opened our promotional emails or how you have navigated our website, provided we can connect that activity to you.

3) The Information We Collect

A. Personal data provided by the user for which ROMANA TRADING is Data Controller:

• Account Information: Email, first name, last name, company address, company phone number, company name, company country, accounting email address, email address for Google API Service.
  • Purpose: To deliver the Service (login, billing, and use of Google APIs).
  • Storage Period: All personal data is removed 6 months following account deletion to allow for account restoration in the event of an error. Primary contact details will be retained for 5 years after account deletion for billing tracking purposes, where applicable.

B. Personal data collected automatically and for which ROMANA TRADING is Data Controller:

• Dashboard Action Logs:
  • Purpose: To maintain account security.
  • Storage Period: Removed 6 months after account deletion.
• ID of the company using the Google API Service:
  • Purpose: To deliver the Service (use of Google APIs).
  • Storage Period: Removed 6 months after account deletion.
• Devices: Manufacturer, technical identifiers, IP address, SIM identifiers (ICCID, IMEI, phone number), installed applications, operating system version, system signature, GPS status.
  • Purpose: To deliver the Service (monitoring and management of registered devices).
  • Storage Period: Removed immediately upon an effective device reset; anonymized 6 months after account deletion (all personal data references are eliminated).

C. Personal data provided by the Customer and for which ROMANA TRADING is a Data Processor (see our DPA):

• Managers' Contact: Manager's email address.
  • Purpose: To enable different managers to access the account and to maintain account security.
  • Storage Period: Removed immediately if the Customer removes the Manager; deleted 6 months after account deletion.
• Devices (Naming): Device name.
  • Purpose: To link a named device to a specific user.
  • Storage Period: Removed immediately upon an effective device reset; anonymized 6 months after account deletion (all personal data references are eliminated).
• Wi-Fi Networks: List of Wi-Fi networks including passwords, Wi-Fi EAP certificate.
  • Purpose: To enable devices to connect to corporate Wi-Fi networks.
  • Storage Period: Removed immediately when the network is deleted; deleted 6 months after account deletion.
• Policies (Configurations): Selected and saved configuration settings applied to a group of devices.
  • Purpose: To maintain control over registered devices.
  • Storage Period: Removed immediately upon deletion of the policy; anonymized 6 months after account deletion (all personal data references are eliminated).
• Users: Email, name, directory name, associated device, custom fields.
  • Purpose: To assign devices to identified users.
  • Storage Period: Removed immediately if the Customer deletes the user; anonymized 6 months after account deletion (all personal data references are eliminated).
• Applications on the Store: Data used to manage private applications without going through the Google Play Store.
  • Purpose: To manage private applications.
  • Storage Period: Removed immediately when the application is deleted; deleted 6 months after account deletion.

D. Retailer and Customer Data

We are committed to being fully transparent about how data is managed within the 101 Premium ecosystem, particularly as it relates to our 101 Premium App.

101 Premium App Data: We do not collect, store, or process any personal or business data belonging to the retailer themselves through the 101 Premium App. This means that information such as the retailer's device data, usage patterns, or in-app activity is not gathered or retained by us in any form.

Customer Data via the 101 Premium App: The only data we collect is that of the end customer, and this is strictly limited to information the customer voluntarily submits by completing forms within the 101 Premium App. This may include details such as the customer's name, contact information, or other inputs needed to complete a transaction or service request.

In summary, our data collection through the 101 Premium App is entirely customer-initiated and form-specific — we only receive what the customer actively submits, nothing beyond that.

4) Difference between Personal and Company-Owned Mobile Devices

If your company has invited you to set up a work profile on your personal device, we do not gather any personal information related to how you use your device outside of that work profile.

5) Purposes of Processing Personal Data

• To Provide and Improve the Service: We use your account information and customer data to deliver our products and Services to you. For instance, the email address you provide during product registration is used to create your user account. We also collect data on how our products and Services are used through monitoring and tracking in order to develop and enhance them over time.
• To Secure and Protect Our Products and ROMANA TRADING Users: We use your account information to investigate and help prevent security incidents. This information may also be used to fulfill legal obligations, verify user accounts, detect misuse of our products, and prevent unauthorized registrations.
• To Provide Technical Support as Part of a Support Ticket: Authorized support agents, accessing from an approved workstation, may access your console using a secure password to assist you in resolving technical issues. Our support team will never ask for your login credentials or password. You may object to this access by notifying the support team, though doing so may limit our agents' ability to assist with your account.
• To Communicate with You About the Services: We use the information you provide when registering for the Service to reach out to you by email or in-app notification regarding billing, account management, event invitations, newsletters, technical and sales materials, updates to our Terms of Use or other legal agreements, and security alerts.
• To Improve Our Customer Relationship Management: We may monitor and record communications with you (such as phone calls and emails) for purposes of quality assurance, staff training, fraud prevention, and regulatory compliance.
• To Facilitate Social Networking: Our websites include social networking features (such as LinkedIn or YouTube "Like" buttons and sharing widgets) that may collect your IP address and browsing activity. These features are either hosted by third parties or embedded directly on our websites and are subject to their own respective privacy policies.

7) Security Measures for Personal Data

We are dedicated to upholding the privacy, confidentiality, and integrity of all personal and business data handled through our services. To protect user information and guard against unauthorized access or security breaches, the following security measures are in place:

Physical and Technical Safeguards

• • Secure data centers with controlled access and round-the-clock monitoring
• • Firewalls, intrusion detection systems, and hardened server infrastructure
• • End-to-end encryption for data at rest and in transit using SSL/TLS protocols

Access Control & Authorization

• • Role-based access controls to ensure users only interact with relevant data
• • Multi-factor authentication (MFA) required for all administrator and user accounts
• • Activity logs and audit trails to oversee and trace all data interactions

Data Privacy & Handling

• • Access to customer data is strictly restricted to authorized personnel
• • Certified team members adhere to internal policies governing data confidentiality
• • Personal data is never disclosed or sold without the explicit consent of the user

Backup & Disaster Recovery

• • Automated daily backups stored across multiple secure locations
• • Routine testing of disaster recovery and data restoration procedures
• • A 99.9% uptime commitment to support uninterrupted business operations

Compliance & Audits

• • Periodic security audits, penetration testing, and risk evaluations
• • Adherence to data protection regulations (e.g., GDPR and industry-specific requirements)
• • Continuously updated policies to keep pace with evolving security standards

Incident Response & Monitoring

• • Real-time system monitoring and proactive threat detection
• • A dedicated security response team to address vulnerabilities in a timely manner
• • Immediate alerts and responsive measures in the event of suspicious activity or a breach

Account Deletion

Retailers may request account deletion at any time by contacting our support team at support@romanatrading.in. Upon receiving such a request, we will promptly remove all associated data.

Note: While we employ industry-leading security measures, users are equally responsible for maintaining secure credentials and adhering to best practices on their own devices.

For detailed documentation, compliance certifications, or to report a security concern, please get in touch with our security team.

8) Use of Cookies

Cookies are small text files saved in your browser that allow website owners to understand how visitors use their site, recognize returning users, and store individual preferences. They are among the key tools that enable us to deliver secure and efficient Services. Essential cookies are necessary for the basic functioning of our Site and Services (such as navigation and secure login). Preference cookies are used to remember your settings and identify you when you return to our Services. Statistical cookies help us analyze how visitors engage with our Services. Marketing cookies are used to present advertisements relevant to our visitors.

You may turn off cookies at any time, with the exception of those required to deliver our Services. Disabling cookies may impact certain features or functionalities of our Site or Services.

9) Changes

This Privacy Policy may be revised periodically for various reasons. Any updates will be communicated by publishing the revised Privacy Policy on this page. We encourage you to review this Privacy Policy regularly, as your continued use of our Services will be considered acceptance of any modifications.