Last updated: 03.07.2025
This Privacy Policy sets out in clear terms how VISUAL SPACE APP SRL (“Visual Space”, “we”, “our”, or “us”) collects, uses, stores, shares and protects personal data when you interact with us.
Our commitment to privacy is rooted in the principles of lawfulness, fairness, transparency, data-minimisation and security, as required by the EU General Data Protection Regulation (GDPR) and all other applicable data-protection laws. Whether you are a registered account holder, an invited collaborator, a casual Site visitor, a representative of a corporate customer, or an applicant for employment, this Policy explains how we process your personal data. Please read this Policy carefully to understand our practices and your rights regarding to the processing. By accessing or using the Site or Platform, or by otherwise providing us with personal data, you acknowledge that you have been informed about our processing activities as described below. If you do not agree with any part of this Policy, you should refrain from using our services.
| Legal detail | Information |
|---|---|
| Company name | VISUAL SPACE APP SRL |
| Legal form | Societate cu Răspundere Limitată (limited-liability company) |
| Unique Registration Code (CUI) | 51945580 |
| Trade Registry Number | J2025041399009 |
| EUID | ROONRC.J2025041399009 |
| Registered office | Bd. Timișoara nr. 101N, bl. C1, et. 5, ap. 46, Sector 6, 061327 Bucharest, Romania |
| [email protected] |
We process personal data exclusively for clearly defined, lawful, and legitimate purposes as outlined below:
We process your personal data to create and manage your Visual Space account, authenticate your identity when logging in, enforce security measures such as password strength and multi-factor authentication (MFA), and enable you to create, join, administer, and participate in various Projects and Spaces. This processing also includes providing technical support, customer assistance, and sending essential in-product notifications or e-mails.
Legal basis: Art. 6(1)(b) GDPR – necessary for the performance of our contract with you.
Your personal data is processed to host, store, back-up, display, and transmit the content you upload, share, or publish on the Platform, including text, files, code, images, and communications. We ensure that User Content remains available and securely stored according to the features and functionalities you use.
Legal basis: Art. 6(1)(b) GDPR – necessary for the performance of our contract with you.
We use your data to process payments through our trusted third-party payment processors (Stripe and RevenueCat), manage subscriptions, issue invoices, verify payment statuses, reconcile accounts, and prevent fraud. Processing includes minimal transactional details necessary for compliance with accounting and tax requirements, as well as to prevent financial fraud or abuse.
Legal basis: Art. 6(1)(b) GDPR – necessary for the performance of our contract with you.
Your data helps maintain the security and stability of our Platform. We monitor technical logs, user activity, and other relevant data to detect, investigate, and prevent security threats, malicious attacks, fraudulent activities, breaches of our Terms of Service, or any behaviour that could adversely affect the integrity, availability, or security of the Platform and its users.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in safeguarding the Platform and its users.
We process your data to send relevant marketing communications. You can control the receipt of such communications through opt-out mechanisms provided in each communication. We may also process your data to highlight exemplary Projects, Spaces, or user achievements on the Platform to foster community engagement.
Legal basis: Art. 6(1)(a) GDPR – consent, where required; Art. 6(1)(f) GDPR – our legitimate interest.
To showcase the Platform’s capabilities, we occasionally use publicly available User Content for promotional purposes. Such promotion may involve displaying examples of successful collaboration or content from Public Spaces within marketing materials, websites, social-media posts, or promotional videos. We do so while respecting your original content choices and privacy settings.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in promoting our services using publicly available content.
We analyse aggregated or anonymised user activity data to evaluate platform usage patterns, feature adoption, user satisfaction, and performance issues. Insights gained from analytics help prioritise new feature development, optimise existing functionalities, and continuously improve the Platform’s user experience.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in improving the Platform’s functionality and user experience.
We process your personal data to comply with applicable legal obligations, including accounting and tax regulations, data-protection laws, and lawful requests from public authorities or courts. This processing is essential for demonstrating compliance, protecting our legal interests, responding to regulatory investigations, and enforcing contractual terms or policies.
Legal basis: Art. 6(1)(c) GDPR – compliance with legal obligations; Art. 6(1)(f) GDPR – legitimate interest in establishing, exercising, or defending legal claims.
We store your personal data only for the period necessary to fulfil the purposes for which they were collected, but in no event longer than 5 years from the termination of the contract or your last interaction with us. After the expiry of this retention period, your personal data will be securely destroyed, deleted from our information systems, or converted into anonymised data for scientific, historical, or statistical research purposes. Please note that, in certain explicitly regulated circumstances, we retain data for the period required by applicable law.
We may disclose your personal data, in accordance with applicable law, to business partners or other third parties. We continuously undertake reasonable efforts to ensure these third parties implement appropriate measures for the protection and security of personal data. We have contractual clauses in place with these third parties to ensure your data remains protected. In such cases, we will ensure that each transfer complies with the requirements of applicable legislation. For example, we may share your personal data with other companies such as providers of IT services (e.g., cloud storage, hosting), telecommunications providers, accounting and legal services, as well as other third parties with whom we have contractual relationships.
We may also transfer your personal data to other recipients based on your explicit consent or according to your instructions—for example, if you exercise your right to data portability.Additionally, we may provide your personal information to prosecutors, police authorities, courts of law, or other competent public authorities, strictly in accordance with legal provisions and in response to explicit requests.
Transfers of personal data to a third country may only occur if that country provides an adequate level of protection. Transfers of personal data to countries whose laws do not ensure a level of protection at least equal to that provided by the GDPR may occur only if appropriate safeguards regarding the protection of the fundamental rights of data subjects are in place. We establish these safeguards through contracts entered into with the relevant providers or service suppliers receiving your personal data. Whenever we transfer your personal data outside the European Economic Area (EEA), we ensure that a similar level of protection is guaranteed through one of the safeguards provided by the GDPR. Currently, we may transfer your personal data to countries recognised by the European Commission as offering an adequate level of protection for personal data.
Provided that we have obtained your prior consent or you are already a customer of our company, we may use direct marketing technologies based on the information collected about you.
You may object to direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions included in each email, or by sending a request in this respect to us at [email protected].
The Platform does not employ automated decision-making producing legal effects within the meaning of Art. 22 GDPR.
Under the GDPR, you have several rights regarding your personal data. We respect your rights and ensure that you can exercise them easily and transparently. Specifically, you have the following rights:
Right of access (Art. 15 GDPR). You have the right to request confirmation from us regarding whether we process your personal data. If we do, you have the right to access that data and receive detailed information about its processing purposes, categories of personal data involved, recipients or categories of recipients, storage periods, and your rights under GDPR.
Right to rectification (Art. 16 GDPR). You can request us to correct inaccurate personal data about you without undue delay. Additionally, you have the right to complete any incomplete data.
Right to erasure ("right to be forgotten") (Art. 17 GDPR). You have the right to request the deletion of your personal data without undue delay, provided certain conditions are met. This right is subject to exceptions, such as where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR). You can request us to restrict the processing of your data under certain circumstances, such as when you contest the accuracy of your data or when you object to data processing. If processing is restricted, we may store the data but not further process it without your explicit consent, except for certain limited purposes (e.g., legal claims).
Right to data portability (Art. 20 GDPR). You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request the transmission of your data directly to another controller, provided that the processing is based on your consent or on a contractual relationship, and is carried out by automated means.
Right to object (Art. 21 GDPR). You have the right to object, at any time, to processing of your personal data carried out on the basis of our legitimate interests or for direct-marketing purposes. If you object, we will cease such processing, unless we can demonstrate compelling legitimate grounds for the processing or for the establishment, exercise, or defence of legal claims.
Right to withdraw consent (Art. 7(3) GDPR). If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of processing based on your consent prior to its withdrawal.
Right to lodge a complaint (Art. 77 GDPR). You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR. In Romania, the competent supervisory authority is:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul General Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
Website: www.dataprotection.ro
Telephone: +40 (0)318 059 211
Email: [email protected]
To exercise any of the rights described above, please contact us by sending a clear and detailed request via email at [email protected]. We will respond without undue delay, but no later than one month from receiving your request. In exceptional circumstances, this period may be extended by two additional months, in which case we will inform you about the extension and the reasons for the delay.
We may ask for additional information to confirm your identity or clarify your request, ensuring that personal data is not disclosed to unauthorised parties.
We may periodically update or amend this Privacy Policy to ensure that it remains aligned with our practices, business developments, technological advancements, and applicable legal and regulatory changes. Such updates may include new categories of data processed, modifications to our processing purposes, adjustments of retention periods, and changes related to data recipients or international data transfers.
When we make material changes to this Privacy Policy—meaning substantial modifications that could significantly affect your privacy rights or the way your personal data is handled—we will provide clear and explicit notification of these changes. Specifically, we will inform you at least fifteen (15) days prior to the changes becoming effective, either by sending a notification via email to the address associated with your account or by displaying a prominent in-product notice within the Platform or on our website.
We recommend that you review this Privacy Policy periodically to remain informed of how we protect your personal data. If you do not agree with any updates or amendments to this Privacy Policy, you must cease using our services and contact us for the deletion of your account. Continued use of our Platform after the effective date of any announced changes constitutes your acceptance of the updated Privacy Policy.
For any question regarding this Policy or our privacy practices, please write to [email protected] or to the registered office.
Help us make Visual Space better — share your feedback with us.