Personal Data Processing & GDPR Policy

I. General Information

This policy applies to BorgHive services and related websites operated by Borg Design SRL, headquartered at Str. Ing. Ștefan Hepiteș 16A, Et. P, Sector 5, Bucharest, 050196, Romania, as Data Controller.

BorgHive respects your privacy and protects personal data provided when you create an account, interact with assistants, or use integrations. We implement appropriate technical and organizational security measures.

This policy explains how personal data is processed in connection with the use of BorgHive services, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

II. Categories of Data We Process

The Controller processes the following online data sets:

• company-related datasets and related business information;
• user-related datasets for natural persons using BorgHive services.

a) Company-related datasets

As a general rule, GDPR does not apply to data concerning legal persons (companies) as such. Company contact records published for legal entities are treated as business information, not automatically as personal data of natural persons.

For this reason, where records strictly describe legal entities, those records are handled as non-personal or anonymized business information and do not require identification of a natural person.

If a natural person claims that a specific business contact record associated with a company is personal data belonging to that person, the person must provide additional identification details and evidence of ownership before GDPR rights requests (access, rectification, erasure, restriction, portability) can be processed for that specific record.

Where a company-linked contact element is proven to be personal data, BorgHive will restrict processing of that element and handle it under GDPR requirements.

Address/name overlaps are not automatically personal data. For example, the fact that a company name may include a personal name, or a company address may coincide with a residential address, does not by itself convert all legal-entity records into personal data.

Shareholders, directors, and beneficial owners

Where identification data for company representatives, shareholders, directors, or beneficial owners is obtained from official public sources and is made public under applicable company law and transparency law, processing may rely on lawful grounds such as legal obligation, public interest, and legitimate interest, as applicable.

In line with GDPR principles, individual notice obligations may be limited in situations where collection or disclosure is expressly provided by law, impossible in practice, or would involve disproportionate effort.

Company-related information may be sourced from official public registries, official gazettes, competent authorities, judicial/public portals, and official company channels, and may be cross-checked for data quality and service reliability.

Shareholders, directors, and beneficial owners may object and may submit personal requests for erasure or restriction, subject to identity verification (for example, qualified electronic signature or valid identity documentation, where legally appropriate).

Purposes for collecting/processing company-related data include:

• centralizing information of public/business relevance and providing accessible structured access to it;
• creating and delivering data selections based on business/public-interest information at user request.

Processing of company representative data (where applicable) may be based on public interest and legitimate interest.

Other types of information

Information that is not personal data and cannot reasonably identify a natural person (for example: registered trademarks, court file references, company status, financial indicators, etc.) is not covered by this section.

For requests (see model request), suggestions, notifications, complaints, or feedback regarding company data, you can contact us at dpo@borghive.ai.

b) User-related datasets

For user categories involving natural persons, BorgHive applies data minimization and transparency regarding both data content and processing operations.

Types of personal data processed for users: first name, last name, email, mobile phone number, IP address, cookies and similar identifiers, third-party authentication identifiers (where used), and payment token references (where applicable).

Payment card details are not stored directly by BorgHive. Card data is stored by authorized payment and transaction authorization institutions/providers. Card token references are processed only for users who enable recurring or automated payments.

III. Processing Purposes and Legal Bases

Personal data is collected directly from users, primarily via the registration form or other order/request forms on the BorgHive platform.

The main purposes for collecting and processing personal data are:

• Maintaining online user and client accounts, including account management and user records;
• Providing automated notifications regarding account status or activated services;
• Processing your orders, requests, inquiries, proposals, and suggestions;
• Ensuring the security of information and the platform;
• Allocating or offering potential rewards, discounts, or benefits (where applicable).

Processing of personal data for the above purposes is based on the performance of contractual obligations and/or steps taken prior to entering into a contract, and is necessary for the operation of the services. In some cases, processing is also required to comply with legal obligations. Providing your data for these purposes is necessary; refusal to provide data may result in the inability of the controller to fulfill legal obligations and therefore to provide services. Withdrawal of consent for any of the above purposes is performed by suspending or deleting your account.

Processing for the allocation or offering of rewards, discounts, or benefits is based on your explicit consent given at account creation, which can be enabled or disabled at any time from the [Messages] section of your account. You may also unsubscribe from such communications by using the unsubscribe link at the end of each related email message.

Legal bases for processing include: contract performance, legal obligation, legitimate interest, and consent (where required).

IV. Data Subject Rights

Users of the BorgHive platform are individuals who have created an account and accepted the contractual terms outlined in the Terms and Conditions section, thereby agreeing to the processing of their personal data for the purposes described above.

The following rights are guaranteed to users:

• Right to be informed: You will always receive clear, transparent, easily understandable, and accessible information about how we use your data and about your rights.
• Right of access: Users can access their own data after logging in, from the [My Account] menu. Additionally, each user may obtain, free of charge for one request per year, by submitting a written, dated, and signed request to the indicated address, confirmation as to whether or not their data is being processed by the controller. The first provision of information will be free of charge. If you request additional copies of the information already provided or repeat the request, we may charge a reasonable fee based on administrative costs. We cannot respond to requests that do not identify the data subject or where we have doubts about the identity of the requester.
• Right to rectification and erasure: Users can modify the personal data associated with their access account. Users also have the right to request, free of charge, the rectification, update, blocking, or total or partial erasure of their data. Requests for erasure will be fulfilled to the extent that there are no legal provisions requiring us to retain the data.
• Right to be forgotten: Users can delete their access account and associated personal data.
• Right to data portability: Users can save or print their personal data in an external file.
• Right to restriction of processing: Users can suspend their access account; data of suspended accounts is restricted from processing.
• Right to object: Users have the right to object to the processing of their personal data for certain purposes.
• Right to withdraw consent: This is exercised by suspending or deleting the account.

A detailed description of data subject rights can be found here.

In addition to the online options above, to exercise your rights, you may also submit written requests (see model request) to the controller at dpo@borghive.ai or by post, and you will receive a response within a maximum of one month.

If you are dissatisfied with how your rights have been respected, you may file complaints with the controller (dpo@borghive.ai), with the national supervisory authority, or you may seek redress in court.

V. Disclosure and Transfer of Personal Data

To fulfill the purposes of processing, the Controller may disclose your personal data to entities that support the operation of the BorgHive platform (such as courier companies, IT service providers, payment processors, and infrastructure partners), or to central/local public authorities, in the following illustrative cases:

• when such disclosure is necessary for awarding prizes or other benefits to data subjects, obtained as a result of their participation in various promotional campaigns organized by the Controller through the platform;
• for data analysis, testing and research, monitoring usage and activity trends, developing security features, and authenticating users;
• when the disclosure of personal data is required by law or by a competent authority, or for the defense of the Controller's rights in legal proceedings;
• to fulfill contractual or legal obligations, or to protect the vital interests of users or other persons.

All recipients of personal data are required to ensure adequate protection and confidentiality of the data, in accordance with applicable data protection laws and contractual obligations.

The transfer of personal data provided by the Controller is expressly prohibited, regardless of the destination, except where such transfer is required by law or is necessary for the fulfillment of the purposes described in this policy and is carried out in compliance with applicable data protection regulations.

When personal data is transferred outside the European Economic Area (EEA) or European Union (EU), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent lawful transfer mechanisms, to guarantee an adequate level of protection for your data.

If you wish to consult Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, you can find it here.

VI. Data Retention and Deletion Policy

We retain personal data only as long as necessary for the purposes listed above and applicable legal obligations.

• Account and service data: kept while the account is active and for a reasonable post-termination period required for security, dispute handling, and compliance.
• Billing and accounting records: retained according to fiscal/legal retention requirements.
• Support and operational logs: retained for troubleshooting, security, and legal defense where necessary.

Data scheduled for deletion may first be restricted from active processing, then permanently deleted or irreversibly anonymized when retention requirements expire.

VII. Security Measures

We implement technical and organizational safeguards to protect personal data, including:

• encryption in transit and at rest where applicable;
• access control, role-based permissions, and authentication safeguards;
• logging, monitoring, and anomaly detection;
• incident response and recovery procedures.

VIII. Minors

BorgHive services are not intended for children under 16. If we become aware that data of a minor has been processed without a valid legal basis, we will take steps to delete or restrict that data as required.

IX. Policy Updates

We may update this GDPR Policy to reflect legal, technical, or operational changes. The latest version is always published on this page, and where required we will notify users by email or in-platform notice.

X. Contact

• Email: support@borghive.ai
• Address: Borg Design SRL, Str. Ing. Ștefan Hepiteș 16A, Et. P, Sector 5, Bucharest, 050196, Romania