Privacy Policy

Effective Date: 30 Dec 2025 Last Updated: 30 Dec 2025

1. Introduction

Virano ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Services").

We process personal data in accordance with the General Data Protection Regulation (GDPR) and Romanian Law No. 190/2018 on implementing the GDPR. The National Supervisory Authority for Personal Data Processing (ANSPDCP) is the competent authority for data protection matters in Romania.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller for your personal data is:

Virano

Email: [email protected]

Address: Vlad Țepeș 5, 305500, Lugoj, Timis

Company: Matello Software Solutions SRL

VAT ID: RO33403298

3. Information We Collect

3.1 Information You Provide

Account Information:

Email address (required for account creation)
First and last name
Phone number (optional, international format)
Date of birth
Sex (optional: Male, Female, Other)
Profile photo/avatar

Child Profile Information: If you are a parent or guardian booking activities for children:

Child's first and last name
Child's date of birth
Child's sex
Your relationship to the child (parent, tutor, other)
Child's phone number (optional)

Organizer Information: If you register as an Organizer:

Organization name and type (Independent, Company, NGO, Public, Other)
Business email and phone number
Company identifier (CUI/CIF)
Bank account details for payouts
Coach profiles (tagline, biography, certifications, specializations)

Activity and Booking Information:

Activities browsed and booked
Subscription and payment preferences
Attendance records
Ratings and reviews you provide

Communications:

Messages sent through the Platform
Customer support inquiries
Feedback and survey responses

3.2 Information Collected Automatically

Technical Data:

Device type and operating system
App version
IP address
Browser type (for web access)
Access times and dates

Usage Data:

Features used
Pages viewed
Actions taken within the app
Session duration

Location Data:

When you search for activities by location
When Organizers add activity locations (via Google Places)
We do not track your location in the background

3.3 Information from Third Parties

Payment Processors (Stripe):

Transaction status and history
Payment method details (stored by Stripe, not by us)
Stripe Connect account status for Organizers

Google Services:

Location information from Google Places API for activity addresses
Map data for displaying activity locations

4. How We Use Your Information

4.1 To Provide and Maintain the Services

Create and manage your account
Process bookings and payments
Facilitate communication between users and Organizers
Track attendance and manage subscriptions
Send real-time notifications about bookings and activities

4.2 Legal Bases for Processing

Purpose	Legal Basis
Account creation and management	Performance of contract
Payment processing	Performance of contract
Customer support	Performance of contract / Legitimate interest
Service improvement	Legitimate interest
Legal compliance	Legal obligation
Marketing communications	Consent
Safety and fraud prevention	Legitimate interest

4.3 To Improve the Services

Analyze usage patterns to improve user experience
Develop new features and functionality
Fix bugs and technical issues

4.4 To Communicate with You

Send booking confirmations and reminders
Notify you of changes to your subscriptions
Respond to your inquiries
Send service-related announcements
With your consent, send marketing communications

4.5 For Safety and Legal Compliance

Detect and prevent fraud
Enforce our Terms and Conditions
Comply with legal obligations
Respond to legal requests from authorities

5. Children's Data

5.1 Processing Children's Data

Our Services involve processing data about children for activity bookings. We process this data based on the consent of the parent or legal guardian who creates the Child Profile.

Under Article 8 of the GDPR and Romanian law, children under 16 cannot provide their own consent for online services. By creating a Child Profile, you confirm that:

You are the parent or legal guardian of the child
You consent to the processing of the child's data as described in this Policy
You have the authority to provide this consent

5.2 Data We Collect About Children

We limit children's data to what is necessary for booking activities:

Name and date of birth (to ensure age-appropriate activities)
Sex (for activity eligibility)
Attendance records

We do not:

Collect children's email addresses or create accounts for children
Allow children to use the Services directly
Process children's data for marketing purposes

5.3 Parental Rights

Parents/guardians can:

Access their child's data through their account
Request correction or deletion of their child's data
Withdraw consent for processing

6. Data Sharing and Disclosure

6.1 With Organizers

When you book an Activity, we share relevant information with the Organizer:

Your name and contact information
Child's name, age, and relevant details
Booking and payment status
Attendance records

Organizers are independent data controllers for the data they receive. Review their privacy practices before booking.

6.2 Service Providers

Stripe, Inc.

Purpose: Payment processing
Data shared: Payment information, transaction details
For Organizers: Stripe Connect for receiving payments
Stripe's Privacy Policy: https://stripe.com/privacy

Google LLC

Purpose: Maps and location services
Data shared: Location searches, activity addresses
Google's Privacy Policy: https://policies.google.com/privacy

Hosting and Infrastructure Providers

Purpose: Storing and serving application data
Data processed: All data stored on the Platform

6.3 Legal Requirements

We may disclose your data if required by law or in response to:

Valid legal processes (court orders, subpoenas)
Government requests
To protect our rights, privacy, safety, or property
To investigate potential violations of our Terms

6.4 Business Transfers

If Virano is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

7. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA:

To the United States (Stripe): We rely on Standard Contractual Clauses and Stripe's Data Processing Agreement
We ensure appropriate safeguards are in place as required by GDPR

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption of data in transit (TLS/SSL)
Secure storage of credentials using platform-specific secure storage
Access controls and authentication
Regular security assessments
JWT-based authentication with token expiration

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

9. Data Retention

We retain your personal data for as long as necessary to:

Maintain your account and provide Services
Comply with legal obligations
Resolve disputes and enforce agreements

Retention Periods:

Data Type	Retention Period
Account data	Until account deletion + 30 days
Booking records	7 years (tax/legal requirements)
Payment records	10 years (legal requirements)
Communication logs	2 years
Technical logs	90 days

After account deletion, we may retain anonymized data for analytics purposes.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

10.1 Right to Access (Article 15)

Request a copy of the personal data we hold about you.

10.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data. You can update most information directly in the app.

10.3 Right to Erasure (Article 17)

Request deletion of your personal data, subject to legal retention requirements.

10.4 Right to Restrict Processing (Article 18)

Request that we limit how we use your data in certain circumstances.

10.5 Right to Data Portability (Article 20)

Receive your data in a structured, commonly used, machine-readable format.

10.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

10.7 Rights Related to Automated Decision-Making (Article 22)

We do not make decisions based solely on automated processing that significantly affect you.

10.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

Through the app settings (profile management, account deletion)
By contacting us at [email protected]
We will respond within 30 days

You also have the right to lodge a complaint with ANSPDCP:

Website: https://www.dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București

11. Cookies and Tracking

The Virano mobile app does not use cookies. We use:

Local storage for user preferences and authentication tokens
Secure storage for sensitive credentials

We do not use third-party analytics or advertising trackers.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. Review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Email to your registered address
In-app notification
Updating the "Last Updated" date

Your continued use of the Services after changes indicates acceptance of the updated Policy.

14. Contact Us

For questions, concerns, or to exercise your rights, contact us:

Virano

Email: [email protected]

Address: Vlad Țepeș 5, 305500, Lugoj, Timis

Company: Matello Software Solutions SRL

VAT ID: RO33403298

Response Time: We aim to respond to all inquiries within 30 days.