S.C. EXPROM S.R.L.
Thank you for accessing the website www.exprom.ro (hereinafter referred to as the “Website” or the “Company”).
In the European Union, personal data is protected by the Regulation no. 679 of 27 April 2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, which came into force on 25 May 2018 (hereinafter referred to as the “GDPR” or “the Regulation”).
According to art. 13 of the Regulation, before collecting your personal data we will identify ourselves and inform you about the reason, purpose and justification for collecting such data. This Policy is aimed to appropriately inform you about the processing of your data in the context of using the Company’s services.
By the policies in force, the company gives importance to the protection of personal data, will ensure that it respects the rights of the data subjects under the GDPR and will make every effort to ensure that your data is processed in compliance with the GDPR requirements.
If you are under the age of 16, please do not provide us with personal data.
The reason for collecting your personal data occurs when you interact with the Company by phone, directly or through the Website (filling in the contact form).
– triggering factors of the collection action.
We collect and process your personal data to fulfill our contractual obligations to you or to improve the services we provide.
We may use your information to provide you with products and/or services that we believe might be of interest to you if you have expressed your explicit consent in this regard.
The company cannot be held responsible for the inaccuracy of the data you provided, the lack of updating and/or your negligence on data security in the event that third parties have accessed your data.
What information we collect about you
The personal data we collect from you and subsequently process based on legal provisions (Accounting Act no. 82/1991 and Order no. 3512/2008 on financial and accounting documents), legitimate interests or consent are: [surname], [first name], [ID number], [personal identification code], [telephone number], [email address].
The company stores, as specified in the Regulation, all information collected for the purpose of contractual or pre-contractual relationships, as well as a record of the electronic transactions that are necessary for establishing, exercising or defending a right in court. In this regard, a minimum set of data regarding your identity will be processed with the sole purpose of complying with the legislation in force to ensure the record keeping, archiving, selection, storing and using the documents held by the Company.
Your rights according to the GDPR
In accordance with the Regulation, you have the following rights when processing your personal data:
- Right of accessing the collected data. If your personal data is processed by the Company, according to the GDPR we will give you access to that data and to a number of information. We will send you, if you request us, a copy of your data that is being processed;
- Right to rectification. You are entitled to obtain from the Company, upon request and free of charge, the rectification of your inaccurate data, having at the same time the right to complete your data, including by providing an additional statement;
- Right to erasure (“the right to be forgotten”). You have the right to obtain from the Company the erasure of your data if one of the reasons provided by the GDPR is applied;
- Right to restriction of processing. You have the right to obtain from the Company the restriction of processing your data;
- Right to data portability. You are entitled to receive from the Company the data you provided to us and the right to request, as far as is technically possible, to transmit your data to another personal data service operator.
The rights you have can be exercised, according to the terms of the Regulation, by written, dated and signed request, sent by post to the Company’s address from the preamble or to the email address [email protected]. We will respond to the request within the time limit set by the GDPR. Please note that in order to provide you with a response to such a request, you will need to prove your identity and give us any further details to help us respond to your request.
We wish to inform you that, based on the legal provisions, we have the possibility to duly refuse any abusive requests and/or certain requests that do not fall within the limits set by the rules in force and at the same time that we have the right to charge a reasonable fee proportionally to your request.
If you believe that the processing of your data is not performed in compliance with all the requirements imposed by the Regulation, you may contact the National Supervisory Authority for Personal Data Processing (hereinafter referred to as “ANSPDCP”) – www.dataprotection.ro and/or the competent courts.
Processing of personal data
Your data will be processed by the Company based on the consent you provide to us when you send your personal data. Subsequently, you will be able to withdraw your consent at any time through a request sent to [email protected] or by any other available means (including the use of the UNSUBSCRIBE link from the newsletter you receive). However, withdrawal of the consent will not affect the legality of any processing that occurred prior to this withdrawal.
Personal data will be processed on the territory of Romania and/or other countries within the European Union, in compliance with the requirements of the Regulation. However, some information may be collected by third parties through cookies.
Transferring personal data to third parties
Your data collected and processed by the Company will not be sold to third parties.
Personal data may be communicated to the authorized suppliers of the Company, who process the data for the purpose for which they were collected and according to the Company’s instructions. The categories of representatives who process data on behalf of the Company may be, for example, but not being limited to: human resources, management consultancy, IT support service providers, IT security service providers, analysis service providers and search engines that help us improve and optimize our website. The Company will priory make appropriate assessments in selecting third-party service providers and will require them to maintain adequate technical and organizational security measures to protect personal data and to process personal data only in accordance with the Company’s instructions.
Personal data may be communicated to law enforcement authorities and/or law enforcement agencies if required by the applicable law or if necessary for the exercise of our rights, including the conditions of use, or for the protection of our legitimate interests under the applicable laws.
The company will store your data on our servers and/or servers hosted by third parties (including third-party cloud services). We use appropriate technical and organizational measures to protect your personal data and prevent unauthorized access to it. Data transfer via the internet is not entirely secure, thus we cannot guarantee the security of your data until they reach our website. Any transfer is made at your own risk and the Company is not be liable for any damages you or others may suffer as a result of unauthorized interception. Once we receive your data, we will use strict procedures and security features to try to prevent unauthorized access.
Privacy of minors
The company does not knowingly collect personal data from people under the age of 16. If a parent or a guardian is aware of situations where his/her children provided the Company with their personal data, they must immediately inform the Company. If the Company discovers that a person below the age of 16 provided personal data, the Company will immediately delete that information from its systems, unless the parent or the guardian explicitly gives its consent to the processing of the child’s personal data by the Company for the specified purposes.
Cookies and social communication features
Period of time to store and process your data
The Company will operate and process your data for a period that will not exceed the time required to meet the purpose for which the data are processed.
Thus, if you withdraw your consent to data processing, the Company will cease to process your data. In such cases, we will cease to process such personal data for the relevant purposes, subject to any legal obligation to process such personal data and/or our need to process such personal data for the exercise of our legitimate rights.
We can update this Policy periodically, depending on the applicable legislative changes and additions, as the services we provide change, and on the level of technological development. In these situations, we will notify you of any change by posting a new version on the Website. If you provided us with your contact details and authorized us to contact you, we will notify you if we modify this Policy.
Please periodically consult this Policy to be informed about the changes occurred.
For any questions or concerns about the processing of your personal data or if you wish to exercise a right, please email us at [email protected] or send a request to the Company’s address from the preamble.
In order to benefit from the services provided by the Company, it isn’t necessary to send sensitive personal data to the Company (e.g. information about racial or ethnic origin, political opinions, religious or other beliefs, health state or membership to a trade union) or information related to the criminal record.
Questions and contact details:
National Authority for Data Protection
Address: 28-30 Magheru Boulevard, Sector 1, zip code 010336, BUCHAREST