GDPR Compliance

This page explains how Aroundly complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). It supplements our Privacy Policy, which covers what data we collect, how we use it, our legal bases for processing, data retention periods, third-party service providers, and international data transfers.

The data controller is OVERTIME O'CLOCK S.R.L., registered in Romania (CUI: RO47328072), with its registered office at Aviator Traian Darjan no. 53F Street, Sannicoara City (Apahida), Cluj County, Romania. You can reach us at privacy@aroundly.app.

1. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this within 30 days of receiving your request.

Right to Rectification (Article 16)

You can correct inaccurate personal data. Your name, company, and role can be updated directly from your account settings after logging in. For other corrections, contact us.

Right to Erasure (Article 17)

You can request deletion of your account and all associated personal data. Upon receiving your request, we will deactivate your account immediately and delete your personal data within 30 days. Payment records may be retained longer as required by Romanian fiscal law.

Right to Restriction of Processing (Article 18)

You can request that we restrict processing of your data in certain circumstances, for example while we verify the accuracy of contested data or assess a deletion request.

Right to Data Portability (Article 20)

You can request a copy of the personal data you provided to us, in a structured, commonly used, machine readable format (JSON). This covers your account information and report configuration data. To request an export, contact us at privacy@aroundly.app.

Right to Object (Article 21)

You can object to processing of your data where we rely on legitimate interest as the legal basis. You can opt out of marketing communications at any time from your notification preferences after logging in.

Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw it at any time. For marketing emails, use your notification preferences. For marketing cookies, click "Cookie Settings" in the footer. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint (Article 77)

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. See Section 2 below for details.

2. How to Exercise Your Rights

To submit a GDPR request (access, rectification, erasure, restriction, portability, or objection), contact us at:

We will respond within 30 days of receiving your request, as required by Article 12(3) of the GDPR. For complex requests or a high volume of requests, we may extend this period by up to 60 additional days. If we need additional time, we will inform you within the initial 30 day period and explain the reason.

We may ask you to verify your identity before processing your request, to protect your data from unauthorized access.

For full details on what data we collect, how we use it, our legal bases for processing, data retention periods, third-party service providers, and international data transfers, see our Privacy Policy.

3. Supervisory Authority

If you believe we have not adequately addressed your data protection concern, you have the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR. The Romanian data protection authority is:

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucuresti, Romania
Website: www.dataprotection.ro

If you reside in another EEA member state, you may also contact the supervisory authority in your country of residence.