Privacy Policy for Weilo (CROSS & NUBE SOLUTIONS SRL)

Last Updated: April 30, 2025

CROSS & NUBE SOLUTIONS SRL (“Weilo”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://welio.webflow.io/ (“Website”) or use our AI-driven marketing solutions, including digital signage and advertising services. This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

1. Data Controller

CROSS & NUBE SOLUTIONS SRL, a company registered in Romania with registration number 38324063, is the data controller responsible for your personal data. You can contact us at:

  • Email: business@weilo.ro

  • Address: Bucureşti Sectorul 3, Drumul GURA CALIŢEI, Nr. 4-32, Bl. 5, Scara A, Ap. B23

2. Personal Data We Collect

We collect and process the following types of personal data:

a. Data You Provide Directly:

  • Contact Information: Name, email address, phone number, and company details when you fill out forms on our Website (e.g., contact or inquiry forms).

  • Account Information: If you create an account for our services, we collect login credentials and billing information.

  • Communications: Information you provide when contacting us, including inquiries or support requests.

b. Data Collected Automatically:

  • Website Usage Data: IP address, browser type, device information, pages visited, and time spent on the Website, collected via cookies and similar technologies (see Section 8).

  • Audience Engagement Data: For our AI-driven advertising services, we may collect anonymized or pseudonymized data about audience interactions with digital signage, such as demographics, engagement metrics (e.g., smiles, waves), and location-based data. Where personal data is involved, it is processed in compliance with GDPR.

c. Data from Third Parties:

  • Partners and Clients: Information provided by media agencies, DOOH networks, or other partners for campaign targeting or analytics.

  • Publicly Available Data: Information from public sources to enhance campaign personalization, where permitted.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, based on the specified legal grounds under GDPR:

Purpose

To provide and manage our Website and services, including account creation and customer support

To deliver AI-driven advertising solutions, including personalized and interactive ads

To analyze audience engagement and optimize campaigns

To send marketing communications (e.g., newsletters)

To comply with legal obligations (e.g., tax or data protection laws)

To protect our rights, prevent fraud, or ensure Website security

Legal Basis

Performance of a contract (Art. 6(1)(b) GDPR)

Legitimate interests (Art. 6(1)(f) GDPR) to provide effective advertising, or consent (Art. 6(1)(a) GDPR) for certain data processing

Legitimate interests (Art. 6(1)(f) GDPR) to improve services, or consent (Art. 6(1)(a) GDPR) for specific analytics

Consent (Art. 6(1)(a) GDPR)

Legal obligation (Art. 6(1)(c) GDPR)

Legitimate interests (Art. 6(1)(f) GDPR)

4. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Third-party vendors (e.g., cloud hosting, analytics, or payment processors) who process data on our behalf under strict data processing agreements.

  • Partners: Media agencies, DOOH networks, or creative partners to deliver advertising services, only with your consent or under a contract.

  • Legal Authorities: When required by law or to protect our rights.

  • Business Transfers: In case of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity.

We do not sell your personal data to third parties.

5. International Data Transfers

As an EU company, we primarily process data within the European Economic Area (EEA). If we transfer data to third countries (e.g., for cloud services), we ensure compliance with GDPR through:

  • Adequacy decisions by the European Commission.

  • Standard Contractual Clauses (SCCs) with recipients.

  • Other safeguards as required by law.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Contact and account data: Retained for the duration of our relationship or until you request deletion, unless legal obligations apply.

  • Website usage data: Typically retained for [e.g., 12 months], unless anonymized.

  • Audience engagement data: Retained in anonymized form for analytics or as specified in client contracts.

7. Your Rights Under GDPR

As an EU data subject, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data, subject to legal exceptions.

  • Restriction: Limit how we process your data in certain cases.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests, including direct marketing.

  • Withdraw Consent: Revoke consent at any time, without affecting prior processing.

To exercise these rights, contact us at [insert contact email]. We will respond within one month, extendable by two months for complex requests. You may also lodge a complaint with a supervisory authority (e.g., [insert national data protection authority]).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized ads. Categories include:

  • Essential Cookies: Necessary for Website functionality.

  • Analytics Cookies: Track usage to improve our services

  • Advertising Cookies: Enable personalized ads on our platform

You can manage cookie preferences via our cookie banner or browser settings. For more details, see our Cookie Policy.

9. Security

We implement technical and organizational measures (e.g., encryption, access controls) to protect your data from unauthorized access, loss, or alteration. However, no system is completely secure, and we cannot guarantee absolute security.

10. Third-Party Links

Our Website may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to review their policies.

11. Children’s Privacy

Our services are not directed to individuals under 16. If we learn we have collected personal data from a child under 16, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a Website notice. The latest version is available on our Website.

13. Contact Us

For questions or concerns about this Privacy Policy, contact: