1. DEFINITIONS
The term “EZ4U” or “us” or “we” or “our” refers to the company EZ4U – Curiosity Layer – Investigação e Comunicação Lda, with its registered office in Portugal, Matosinhos, Polo Mar UPTEC, Avenida da Liberdade s/n Sala B8 and registration number PT 513687106.
The term “GDPR” means the EU General Data Protection Regulation (the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC).
The term “personal data” means any information about you by which you can be identified, directly or indirectly.
The term “controller” means the natural or legal person which determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the GDPR and other applicable European and national regulations on personal data protection.
The term “processor“ means a natural or legal person who processes personal data on behalf of the controller.
The term “Services” means EZ4U’s
The term “you” refers to a natural person (an individual) whose personal data EZ4U collects and processes.
2. ABOUT EZ4U SERVICES
EZ4U is a Communications Platform provider. While providing Services to our customers and processing personal data, we act either as the controller or the processor, depending on the situation.
Our customers are mainly companies that integrate our Services into their business operations through their own software applications (via API) or using EZ4U Portal, our website interface. By using our cloud communications platform, our customers are able to send or exchange their communications with their end users using different communication channels (for example, SMS, email, Voice). We are not in direct relationship with our customers’ end users, so we will distribute these communications through telecom operators and other communications providers.
We act as the processor when processing personal data of individuals on behalf of our customers, and for the sole purpose of providing our Services to them. We do that within limits and according to customers’ instructions and in line with the Service terms and conditions, agreement for Services and/or data processing agreement concluded with the customer.
For example, when you, as an end user of our customer are the recipient of communication that our customer sent you by using our platform (such as an SMS message), we send that customer’s communications acting on behalf of our customer. That means that the customer is the controller, and EZ4U is the processor.
Any request we may receive from customers’ end users regarding their rights related to our activities taken on behalf of our customers will be forwarded to customers, or the end users will be asked to contact them directly.
3. CONTROLLER’S CONTACT DETAILS
EZ4U – Curiosity Layer – Investigação e Comunicação Lda, Portugal, Matosinhos, Polo Mar UPTEC, Avenida da Liberdade s/n Sala B8 and registration number PT 513687106.
If you have questions regarding this Privacy Notice or about the EZ4U’s privacy practices, you may reach our Privacy team and Data Protection Officer via the email address dpo@ez4uteam.com.
4. HOW DO WE OBTAIN PERSONAL DATA?
Most of the personal data we process is provided to us directly by you for one of the following reasons:
•You created an account and started using our Services
•You visited our website, registered for more information on a specific Service, and/or you initiated communication with us
•You registered to attend or have attended an event organised by EZ4U
•You subscribed to our
•We also receive personal information indirectly, such as in the situations where:
o Our customer or supplier provided us with the contact details of its representatives and personnel who will be our business contact points
o Our customer provided us with the contact details of individuals authorized to use its account to access our Services,
o Our customer provided us with the contact details of its personnel who will attend our event
o Our customer provided us with contact details of its end users (such as telephone number or email address) when using our Services
5.WHAT PERSONAL DATA DO WE COLLECT, WHY AND ON WHICH LEGAL BASIS, HOW DO WE USE IT AND FOR HOW LONG DO WE KEEP IT?
5.1. When we provide the Services to our customers
5.1.1.To create the customer’s account and enable the customer to start using our Services:
What personal data do we collect?
We collect customer’s “account data”, which is data that relates to the customer’s relationship with EZ4U.
If you sign up for our Services, in order to create a customer’s “account” we ask for your name, contact details (e.g., phone number, email address, country), and certain related information such as your company’s name, industry and your business role, as well as your login details (e.g., username and password, or API key).
We also collect names, contact details and login details of customer’s personnel or any other individual authorised by the customer to log into and utilise our Services connected with the customer’s account (a “user” of the customer’s account).
Within the customer’s account we also collect billing information (such as billing address, information on whether the customer is a legal entity or an individual, prepaid or postpaid subscriber, and further information if we are legally required to, and depending on each country’s legislation).
When doing business with legal persons, we may collect personal data (such as name, business contact details, position in the company) related to their representatives and other personnel that will be our contact points.
Collecting your name, contact details, login details, and billing information is necessary for us in order to enter into an agreement for Services with you. Therefore, we will not be able to provide you with our Services without collecting this basic information. If you sign up for a free trial account, you are not required to enter your billing information unless and until you decide to continue with a paid subscription to our Services.
How do we collect personal data?
If you are our customer as an individual, we obtain this data directly from you. If your organisation is our customer, we may obtain your personal data either directly from you or via your organisation.
Why do we collect personal data, under which legal basis, and how do we use it?
We collect and use collected data for agreement signing and agreement administration purposes, to create your account and enable you to access and use our Services, to keep your account secure, to provide you with customer care and technical support, to share relevant information about our products and services and to exercise our rights and fulfil our obligations arising from the business relationship that we may have with you or with your organisation.
Conducting these activities is our legitimate interest according to GDPR article 6.1.(f) in the sense of providing our Services to your organisation. However, if you personally are our contractual counterpart, we process your data because it is necessary for the performance of an agreement for Services, or in order to take
steps, at your request, prior to entering into the agreement in accordance with GDPR article 6.1.(b).
5.1.2.To enable customers to exchange their communications by the use of our Services and to ensure the security of our network and Services:
What data do we collect?
We collect traffic data. Traffic data is data that is processed for the conveyance of a communication exchanged by using our Services or for billing related to that communication, and it includes data on the routing, type, duration, and time of the communication. So, this data encompasses data used to trace and identify the source and destination of a communication (including customer end user’s telephone number or email address, depending on the Service provided).
We also collect the commands your application communicates to EZ4U (such as your IP addresses, information on your usage, routing information), as well as logs on your activities created during your use of our tools and Services and we connect this information with your account details.
How do we collect this data?
We receive the customer’s end user’s telephone number or email addresses from our customer, while other traffic data are automatically generated or unveiled during the process of conveyance of a communication.
We collect data related to your activities on our platform directly from you when you use our Services.
Why do we collect this data, under which legal basis, and how do we use it?
We collect and process traffic data to provide customers with our Services, that is, to manage traffic with the purpose of transmitting customer’s communications toward or from telecom operators and other communication networks, in order to handle customer’s enquiries and to calculate charges.
If you, as our customer, are an individual, we rely on GDPR article 6.1. (b) for these processing activities, since it is necessary for the performance of our agreement for Services. If our customer is a legal person, we rely on our legitimate interest (GDPR article 6.1.(f)).
We also process traffic data to prevent spam and fraud, for troubleshooting and detecting problems with the network, and to settle interconnection payments with telecom operators and other communications providers. Should we have a billing dispute with our customer or with telecoms or other communications providers, we may need to use traffic data related to routing (including the end user’s telephone number or email address, as well as the customer’s IP address) in order to resolve it. The carrying out of these activities is our legitimate interest in the sense of GDPR article 6.1.(f).
In order to comply with our legal obligations (article 6.1.(c) GDPR), we may be obliged to retain records containing communications related data as stipulated in the relevant national data retention provisions regulating the law enforcement matter, and to share them upon government request.
5.2. When you visit our webpage
We use
6. HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We may engage processors to facilitate us in the processing of your personal data through CRM (Customer Relationship Management), marketing, recruitment and other tools necessary for conduct our business activities or to assist us in providing you with our Services.
We maintain an
Before engaging a new processor, we perform security & privacy assessment of the processor, and we ensure that the processing of personal data is always regulated with written data processing agreements. If the personal data during the provision of the services of our processor is being transferred outside the European Economic Area (EEA), EZ4U will always ensure that the transfer is in line with applicable data protection laws, including the GDPR.
Notwithstanding the foregoing, as a rule, we do not share personal data with third parties except when necessary, such as:
With telecom operators and other communications service providers when necessary for the
With
Due to relevant legislation. If we are presented with the legal obligation, we will share the data with third parties that are legally entitled and authorized to request it, such as for criminal procedures or because of threats to public security. As a communications provider, we are required to retain certain
Targeted Advertising. We do not and will not sell, rent, or share in any other shape or form any information to a third party for advertising or similar marketing purposes.
7. HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EEA?
Your personal data may be processed both inside and outside of the European Economic Area by the parties specified in the section above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations.
In any case, any activity that involves access to the personal data from outside the EEA (with or without
8. HOW DO WE SECURE YOUR PERSONAL DATA?
Before we engage any
9. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
Under GDPR and/or other applicable data protection law, you have rights we need to make you aware of.
Where permitted by applicable data protection law or regulation, you have the right to:
withdraw your consent to our processing of your personal data (to the extent such processing is based on your consent and consent is the only permissible basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal,
request from us to access your personal data, which means request a copy of the personal data we hold about you,
ask us to rectify (correct) your personal data that you think is inaccurate and to complete your personal data that you think is incomplete,
ask us to erase your personal data in certain circumstances,
ask us to restrict the processing of your personal data in certain circumstances, if we process your personal data by automated means based on your consent or upon a contractual relation with you, you can exercise the right of data portability, if we process your personal data upon our legitimate interest, you have the right to object to the processing, and we will reassess the legitimacy of the processing, you may also have specific rights in exceptional cases when we may carry out automated
you also have a right to file a complaint with us and/or the relevant data protection authority.
You can exercise these rights within limits stipulated by the applicable data protection legislation.
10. HOW CAN YOU OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA?
If we process your personal data upon our legitimate interest, you have the right to object to the processing. In such a case we will reassess its legitimacy and will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defence of legal claims.
11. HOW CAN YOU EXERCISE YOUR RIGHTS?
If you have any questions on how we use your personal data or if you wish to exercise a certain right (as specified under 9 and 10 of this Notice) or resolve a complaint regarding the processing of your personal data, you can contact our Data Protection Officer by sending an email to the following email address: dpo@ez4uteam.com or by sending a written request via the postal address: EZ4U – Curiosity Layer – Investigação e Comunicação Lda, with its registered office in Portugal, Matosinhos, Polo Mar UPTEC, Avenida da Liberdade s/n Sala B8.
If you want to file a complaint or contact the relevant data protection authority for any other reason, you may find contact details of EEA data protection authorities at:
In particular, you can lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or place of the alleged infringement.
12.DO WE CONDUCT AUTOMATED
No. We do not conduct any operation under which you would be subject to a decision based solely on automated processing that has legal or similarly significant effects for you, including profiling.
13. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data that has been collected and saved in our database in accordance with your consent and will be saved in our database for a period specified in the
consent. If you wish to withdraw your consent for the processing of your personal data for any purpose and to delete your data from our database, you can do that at any time by sending an email to dpo@ez4uteam.com.
Regarding your personal data that is not subject to your consent, we will process it for the period necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer period for the processing of such personal data is required or permitted by law. We have provided relevant information under section 5 of this Privacy Notice.
Any storage of data beyond the deletion deadlines will encompass only
14. INFORMATION FROM CHILDREN
Our products and services are not intended for children under 18 and we do not knowingly permit children under 18 to use our services. If we learn or are notified that we have collected and/or processed personal data from a child under 18, we will immediately take reasonable steps to delete that information form our records as quickly as possible. If you believe we have any information collected from a child under 18, please contact us at dpo@ez4uteam.com.
15. HOW OFTEN DO WE UPDATE THIS PRIVACY NOTICE?
The most current version of this Privacy Notice will govern our practices for collecting, processing, and disclosing personal data. We will provide notice of any modifications by posting a written notice on our website.