Privacy Policy

This Privacy Policy describes how Mavaxy SRL ("Mavaxy", "we", "us", or "our") collects, uses, and protects your personal data when you use our services. We are committed to protecting your privacy and ensuring the security of your personal information in accordance with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

We collect the following categories of personal data:

We use your personal data for the following purposes:

• To provide, maintain, and improve our services
• To create and manage your user account
• To process payments and manage subscriptions
• To communicate with you about your account and our services
• To analyze usage patterns and improve user experience
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and protect our rights

Our legal basis for processing your data includes: performance of contract, legitimate interests, legal obligations, and your consent where applicable.

We share your personal data with the following categories of third parties:

All third-party service providers are contractually obligated to protect your data and process it only according to our instructions.

We use cookies and similar technologies to provide, secure, and improve our services. Essential cookies are required for the platform to function. Analytics cookies help us understand how you use our services.

For detailed information about our cookie usage, please see our Cookie Policy

Under GDPR, you have the following rights regarding your personal data:

• Right of access - You can request a copy of your personal data
• Right to rectification - You can request correction of inaccurate data
• Right to erasure - You can request deletion of your data ("right to be forgotten")
• Right to restriction - You can request limitation of processing
• Right to data portability - You can receive your data in a structured format
• Right to object - You can object to processing based on legitimate interests
• Right to withdraw consent - You can withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact our Data Protection Officer using the contact information below.

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy. Account data is retained while your account is active and for a reasonable period thereafter. Usage data is retained for up to 24 months. When data is no longer needed, we securely delete or anonymize it.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and employee training. While we strive to protect your data, no method of transmission over the Internet is 100% secure.

For questions about this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:

privacy@mavaxy.com

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe your data protection rights have been violated.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.