Processing of personal data

Your message has been sent successfully.

Account deleted

Your account and related data were deleted successfully.

Your account has been created successfully.
To activate it, please open the confirmation link sent to your email address.
If you cannot find the message, please also check your Spam folder.

Access account

The data was updated successfully.

ok

The data was updated successfully.

ok

Terms and Conditions

Terms and Conditions

This document sets out the terms and conditions for the use of the website www.inmysoul.eu (hereinafter referred to as the "Website"), operated by Ilab24 Studio SRL, with its registered office in Bucharest, Intrarea Gheorghe Simionescu, No. 19, Ap. B26, Sector 1 (hereinafter referred to as "InMySoul" or the "Provider").

Accessing, browsing, and using the Website implies full and unconditional acceptance of these Terms and Conditions.

1. Definitions
Website - the domain www.inmysoul.eu and all its subdomains
User - any person who accesses the Website
Client - a natural or legal person who places an order
Service - the services offered by InMySoul, including the creation and administration of digital memorial pages associated with QR codes
Account - the secure section of the Website accessible to the Client

2. Scope of Services
InMySoul provides services for creating digital memorial pages, accessible via a QR code placed on a memorial plaque (such as Memory Square or Memory Heart). The memorial page may contain biographical information, texts, images, photos, video links, quotes, and other materials provided by the Client.

3. Right to Use the Website
Users are entitled to access and use the Website exclusively for personal and lawful purposes. Any use of the Website that may cause harm to InMySoul, other users, or third parties is strictly prohibited.

4. Account Creation
To benefit from certain services, the Client must create an account. The Client is responsible for the accuracy of the information provided and for maintaining the confidentiality of their login credentials.
InMySoul reserves the right to suspend or delete accounts that violate these Terms and Conditions or applicable law.

5. Orders and Payments
Placing an order on the Website implies acceptance of the displayed price and service description. Payment is made via NETOPIA Payments, using the methods available on the Website. All payments are processed in RON (Romanian Lei).
After payment confirmation, the Client will receive access to their Account and the services related to the order.

6. Service Duration and Renewal
The purchase of an InMySoul memorial plaque includes activation of the memorial page for a chosen initial period:
1 year - 59 EUR / 299 RON
5 years - 119 EUR / 599 RON
After the initial period expires, the Client may renew at the following rates:
Renewal for 1 year - 19 EUR / 99 RON
Renewal for 5 years - 79 EUR / 399 RON
Renewal options are available directly from the Client's Account. InMySoul will notify the Client prior to expiration. Failure to renew will result in the memorial page being suspended.

7. Right of Withdrawal and Refunds
The services provided by InMySoul consist of personalised digital content. In accordance with EU consumer law, the right of withdrawal does not apply once the digital service has begun with the Client's explicit consent.
By completing the order and checking the consent box, the Client:
requests the immediate commencement of the digital service;
confirms that they waive the 14-day right of withdrawal once service provision has begun.
Refunds may be granted exclusively if the service has not yet been activated (the memorial page and QR code have not been created), or if a duplicate or erroneous payment was made.

8. Client-Provided Content
The Client is fully responsible for the content published on the memorial page (texts, images, biographical data, quotes, video links). The Client warrants that they hold all necessary rights to the published content and that it does not infringe the rights of third parties or applicable law.
InMySoul reserves the right to remove or restrict content that is illegal, offensive, contrary to public morals, or that infringes the rights of any person.

9. Intellectual Property Rights
All content on the Website (design, texts, graphic elements, logos, source code) is the property of InMySoul or its partners and is protected by copyright and intellectual property law.
Any copying, distribution, or use of such content without the prior written consent of InMySoul is prohibited.

10. Limitation of Liability
InMySoul does not guarantee uninterrupted operation of the Website and shall not be liable for technical errors, temporary unavailability, or data loss beyond its control.
InMySoul is not responsible for the content provided by Clients or for any consequences arising from its use.

11. Personal Data Protection
Personal data is processed in accordance with the Privacy Policy available on the Website and applicable legislation (GDPR – Regulation (EU) 2016/679).

12. Amendments to the Terms and Conditions
InMySoul reserves the right to amend these Terms and Conditions at any time. The updated version will be published on the Website and shall take effect from the date of publication. Continued use of the Website after changes constitutes acceptance of the updated Terms.

13. Governing Law and Jurisdiction
These Terms and Conditions are governed by Romanian law. Any dispute shall be settled by the competent courts of Romania.

14. Contact
For any questions or requests, you may contact us at:
Email: memory@inmysoul.eu
Website: www.inmysoul.eu

Processing of personal data

Privacy Policy

This policy describes how ILAB24 STUDIO SRL ("we", "the platform") processes personal data in the context of providing a digital service for creating and managing memorial pages accessible via QR code, available in Romania and across the European Union.

We are committed to complying with Regulation (EU) 2016/679 ("GDPR") and applicable data protection legislation.

1. Who we are
ILAB24 STUDIO SRL is a legal entity registered in Romania, with its registered office at Intrarea Gheorghe Simionescu, Nr. 19, Ap. B26, Sectorul 1, Bucharest, and acts as a data controller within the meaning of the GDPR.

For all data protection enquiries: memory@inmysoul.eu

2. Categories of data we process
a) User account data (living persons):
first and last name, email address
password (stored as Argon2id hash - never in plain text)
delivery address (country, city, postcode, street)
phone number

b) Order and payment data:
order details (products, amounts, transaction identifiers)
payment status and history
payment token (encrypted reference stored for recurring renewals - see section 11)

c) Technical and security data:
IP addresses (stored encrypted)
user agent strings
payment event logs

d) User-provided memorial page content:
biographical data of the deceased (name, dates)
texts, images, photos, video links, quotes
commemorative messages from visitors

3. Data relating to deceased persons
The platform allows users to enter information about deceased persons exclusively for memorial purposes. Under the GDPR, data relating to deceased persons does not constitute personal data.
However, we reserve the right to remove or restrict published content if it:
infringes the rights of living persons
contains sensitive data of third parties
is contrary to applicable law or public morals
Responsibility for the legality and accuracy of the published content lies with the user who publishes it.

4. Purposes and legal bases of processing
account creation and management - Art. 6(1)(b) GDPR (contract)
provision of memorial page and QR code service - Art. 6(1)(b) GDPR (contract)
order processing and payment - Art. 6(1)(b) GDPR (contract)
subscription renewal notifications - Art. 6(1)(b) GDPR (contract)
fraud prevention and platform security - Art. 6(1)(f) GDPR (legitimate interest)
compliance with financial record-keeping obligations - Art. 6(1)(c) GDPR (legal obligation)
transactional emails (order confirmation, renewal reminders) - Art. 6(1)(b) GDPR (contract)
newsletter (only with explicit opt-in consent) - Art. 6(1)(a) GDPR (consent)

5. Public nature of memorial pages
Memorial pages associated with QR codes are publicly accessible to any person who scans the code. The user is fully informed of and explicitly accepts the public nature of the information published on the memorial page at the time of account creation.

6. Data retention periods
We retain different categories of data for different periods:

Order and financial records: retained for 5 years from the date of transaction, as required by Romanian fiscal law (Law no. 82/1991).

Payment event logs (admin_order_payment_logs): retained for 3 years for fraud prevention and dispute resolution purposes, then permanently deleted.

Active account data: retained for the duration of the account and subscription. If a subscription expires and is not renewed, the account is flagged as inactive. Inactive accounts with no subscription activity for 3 years will receive a deletion warning notification and be permanently deleted 30 days thereafter, unless the account is reactivated.

Payment tokens for recurring renewals: retained while the token is active and the client has an active subscription. Tokens are invalidated and scheduled for deletion upon account closure or explicit user request.

Upon account deletion: all personal data (name, email, address, phone, IP addresses) is permanently removed from our systems. Order records are anonymised and retained only to the extent required by applicable law.

7. Data recipients and sub-processors
We use the following third-party sub-processors who may process personal data on our behalf:

Web hosting and infrastructure: server infrastructure located within the European Union, governed by data processing agreements compliant with Art. 28 GDPR.

NETOPIA Payments (netopia-payments.com): payment processing service. Processes name, email, phone, order details, and payment card data. Acts as an independent data controller for card data. Governed by NETOPIA's own privacy policy and PCI-DSS compliance obligations.

Courier services: name and delivery address are shared with courier partners solely for the purpose of delivering physical products (memorial plaques).

Public authorities: data may be disclosed to competent authorities where required by law.

We do not sell, rent, or share personal data with any third party for marketing purposes.

8. International data transfers
All personal data is stored and processed within the European Union. We do not transfer personal data to countries outside the EU/EEA. If this changes in the future, any such transfer will be governed by appropriate safeguards under Art. 46 GDPR (standard contractual clauses or equivalent).

9. Security measures
We apply the following technical and organisational security measures:

Encryption at rest: all personally identifiable fields in the database (name, email, phone, address, IP address) are encrypted using AES-256 symmetric encryption with a per-record key prefix (v1: scheme). Only hashed representations are used for lookups.

Password hashing: user passwords are stored exclusively as Argon2id hashes with per-user salts. Plain-text passwords are never stored or logged.

Access control: database access is restricted to application-level service accounts. No direct database access is available to general staff. Administrative access requires multi-factor authentication.

Payment tokenisation: card details are never stored on our servers. NETOPIA Payments provides an encrypted token reference (stored encrypted) that enables recurring renewals without re-entering card data. The token contains no card number or CVV.

Transmission security: all data in transit is protected via TLS 1.2 or higher.

Audit logging: all payment events are logged with encrypted IP and user agent data for security auditing and fraud detection.

10. Your rights and how to exercise them
Under the GDPR you have the following rights:
right of access (Art. 15) - request a copy of all personal data we hold about you
right to rectification (Art. 16) - correct inaccurate or incomplete data
right to erasure (Art. 17) - request permanent deletion of your account and personal data
right to restriction of processing (Art. 18) - ask us to limit how we use your data
right to data portability (Art. 20) - receive your data in a structured, machine-readable format
right to object (Art. 21) - object to processing based on legitimate interest
right to withdraw consent - withdraw any consent given at any time

How to submit a request:
Send an email to memory@inmysoul.eu with the subject line "GDPR Request" and specify the right you wish to exercise. Include the email address associated with your account so we can verify your identity.

We will respond within 30 days of receiving a verifiable request. In complex cases this period may be extended by a further 60 days, in which case we will notify you within the initial 30-day period.

If you believe your rights have not been respected, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) in Romania (www.dataprotection.ro), or with the data protection authority in your country of residence.

11. Online payments and payment tokenisation
For processing online payments, we use NETOPIA Payments (netopia-payments.com).

At the moment a payment is initiated, the following data is transmitted to NETOPIA Payments:
first and last name
email address
phone number
delivery address
order details (products, amount, transaction identifier)

Bank card details (card number, CVV, expiry date) are entered directly on NETOPIA's secure payment page and are NEVER transmitted to or stored by us.

Recurring renewals: if a user opts in to recurring renewal, NETOPIA Payments provides us with an encrypted payment token. This token is stored encrypted in our database and is used solely to initiate renewal charges when authorised by the user. The token does not contain any card number or CVV. Users may revoke recurring payment authorisation at any time by contacting us at memory@inmysoul.eu.

Both we and NETOPIA Payments act as independent data controllers for our respective processing activities.

12. Cookies
This website uses cookies. For details on the types of cookies used, their purposes, and how to manage your preferences, please refer to our Cookie Policy available on the Website.

13. Contact
For any data protection enquiries or to exercise your rights:
memory@inmysoul.eu
ILAB24 STUDIO SRL, Intrarea Gheorghe Simionescu, Nr. 19, Ap. B26, Sectorul 1, Bucharest, Romania

Access account