Legal notice

Data privacy

This notice explains how GROW Invest collects, uses, protects, stores and discloses personal data when you use the platform and related services.

Confidentiality

Personal data is processed only for defined platform, compliance, contractual and legal purposes.

Data minimisation

We collect the information needed to provide crowdfunding services, run onboarding and comply with regulation.

Security

Access is limited to authorised personnel and service providers under confidentiality obligations.

Data controller and platform owner

GROW Invest Romania SRL, a company operating under Romanian law, is the controller of personal data processed through the GROW Invest platform and in connection with the services provided through it.

This notice explains how we process personal data collected from users of the platform, including data provided during account creation, onboarding, identity verification, investment activity, support requests and marketing interactions.

Personal data we collect

We may collect information needed to create and validate your account, such as name, surname, email address, contact details, address, telephone number and information from identity documents.

We may also collect information needed to provide our services, including date of birth, country of residence, tax residence, identification document details, user account information, login records, IP address, platform activity and transaction information.

During onboarding and compliance checks we may process KYC and AML materials, such as copies of identity documents, documents uploaded to the platform, proof of source of funds, biometric verification data collected by us or by a specialised identity verification provider, bank account details and other financial information where required.

We may process any information you provide when contacting us, including requests, comments, complaints, support messages, email correspondence and telephone communications.

How we process personal data

Processing means any operation performed on personal data, including collection, recording, storage, organisation, consultation, use, modification, disclosure, transfer, restriction, deletion or destruction.

We maintain records that may include user identity data, contact data, language preferences, authentication details, onboarding progress, KYC and AML documentation, agreements entered into through the platform and other information you provide or that we lawfully collect from permitted sources.

Where necessary for the performance of agreements or for compliance with applicable law, we may process additional information related to your use of the platform and services.

Legal bases and purposes

We process personal data to identify users, provide platform services, communicate with users, enter into and perform agreements, manage contractual and financial obligations, protect our rights and operate the platform securely.

We may also process personal data to comply with legal and regulatory obligations, including crowdfunding, anti-money laundering, counter-terrorist financing, tax, accounting, audit and reporting requirements.

The main legal bases for processing are the performance of contractual obligations, compliance with legal obligations, our legitimate interests and, where applicable, your consent. Marketing communications are sent only where permitted by law and based on your consent or another valid legal basis.

Data retention

We retain personal data for as long as necessary to provide the services, perform agreements, comply with legal obligations, resolve disputes, protect our rights and maintain required compliance records.

When personal data is no longer required, it will be deleted, anonymised or otherwise handled in accordance with applicable law and our internal retention procedures.

Cookies and technical data

The platform may use cookies and similar technologies that collect technical data, including IP address, device and browser information, pages visited and platform usage information.

This data is used to provide a secure, reliable and high-quality platform experience, to analyse platform performance and to support security and compliance functions.

Access, security and confidentiality

We apply organisational and technical measures designed to protect personal data against accidental or unauthorised destruction, loss, alteration, access, disclosure or use.

Access to personal data is limited to employees, contractors, agents and service providers who need the information to perform their work and who are subject to confidentiality obligations.

We maintain procedures for handling suspected personal data breaches and, where required by law, will notify affected users and the competent supervisory authority.

Transfers and disclosure

We may disclose personal data to service providers who process data on our behalf, including identity verification, AML/KYC, payment, hosting, accounting, legal, audit, communication and support providers.

We may disclose personal data to public authorities, regulators, courts, law enforcement bodies or other parties where required by law or where necessary to protect the platform, users, rights, property, security or contractual claims.

Where data is transferred to a third-party processor, we seek to ensure that appropriate contractual, organisational and technical safeguards are in place.

Marketing communications

Where you consent or where otherwise permitted by law, we may use your information to send platform updates, service information, educational materials or marketing communications that may be relevant to you.

You may withdraw consent or opt out of marketing communications at any time through your account settings, by using the unsubscribe mechanism included in communications or by contacting us.

Your rights

Subject to applicable law, you may have the right to access your personal data, request rectification or deletion, request restriction of processing, object to processing and receive your data in a portable format.

You are responsible for keeping the personal data you provide accurate, valid and complete and for informing us promptly of any changes.

To exercise your rights or ask questions about personal data processing, contact us at support@growinvest.com. We will review your request and respond in accordance with applicable law.

Data storage

Personal data is stored in data centres located in the European Union or with providers that apply safeguards required under applicable data protection law.

Only authorised parties may access personal data, and data is retained only for the period required by law, contract or legitimate operational needs.

Legal disclosure

We may preserve or disclose information where reasonably necessary to comply with law, regulation, legal process or governmental request, to address fraud, security or technical issues, or to protect the rights, property and safety of GROW Invest, users and the platform.

Changes and contact

We may update this data privacy notice from time to time. The updated version will be published on the platform and will replace the previous version.

If you have questions about this notice or about how we process personal data, please contact us at support@growinvest.com.