Considering the "General Data Protection Regulation" or "GDPR", Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons, with regard to the processing of personal data and on free circulation of this data and repealing Directive 95/46/EC, published in the Official Journal of the European Union L 119 (04.05.2016) and applicable from 25 May 2018, we are sending you this document to explain when and why namely, how we process your personal data, how we use it, the conditions under which we may disclose it to others and how we store it securely.
In the context of concluding and executing the Contract, the Parties will process a series of personal data, respectively: the personal data of the Client's contact persons disclosed by the Client to LRHUS and the personal data of LRHUS' contact persons disclosed to the Client.
Any information by which a natural person becomes identifiable, such as: a name, an identification number, location data, an online identifier, one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social etc.
Any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as: collection, recording, organization, structuring, storage, adaptation, modification, extraction, consultation , use, disclosure by transmission (including to third parties), dissemination or otherwise making available, joining/aligning or combining, blocking/restricting, deleting or destroying.
The risk to which Regulation (EU) 2016/679 and Law no. 677/ 200, with
subsequent amendments and additions, refers to and is defined as follows:
,,The risk [..] may be the result of a processing of
personal data that could generate damages of a physical,
material or moral nature, especially in cases where: the
processing may lead to discrimination, identity theft or fraud,
loss financial, reputational compromise, loss of confidentiality
of personal data protected by professional secrecy, unauthorized
reversal of pseudonymization or any other significant disadvantage of
an economic or social nature" (Regulation (EU) 2016/679 on the
protection of natural persons, regarding the processing personal
data and regarding the free movement of such data).
We process your personal data in order to execute the contract with the legal entity or natural person, on whose behalf you act (which also includes interactions prior to signing it) and to fulfill our obligations as a contracting party.
We may also send you offers, promotions, advertising and marketing messages by e-mail, without further obligation or payment, from any party or with your consent, to benefit from the organization of contests and advertising campaigns with prizes.
In addition, we process your personal data in order to satisfy legitimate interests, for example:
We will process the personal data during the existence of the data subject's account, and during the warranty period of the purchased products, and after the deletion of the data subject's account, the company will transform the personal data into anonymous data and will process them for internal statistical purposes, for the duration of the company's existence .
The Company will make all reasonable efforts to protect your personal data in our possession or control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal, as well as other similar risks.
Our company can empower courier companies to process such data for the delivery of the products, at the same time in the process of collection and processing of personal data, there are also our employees are also involved.
The company may also provide personal data to other companies with which it is in partnership, but only under a commitment to confidentiality commitment from them, guaranteeing that such data is kept secure and that the provision of such personal information is provided in accordance with the law in force, as follows: marketing service providers, courier, payment/banking, telemarketing or other services, provided by companies with whom we may develop programs joint marketing of our Goods and Services, insurers.
Your information or personal data, may also be provided to the Public Prosecutor's Office, the police, the courts and other authorised state bodies, on the basis and in within the limits of the legal provisions and following specific requests.
In processing personal data under the Contract, The parties undertake to comply with all obligations applicable to them as personal data controllers under including personal data protection legislation, but without limitation, under the provisions of the GDPR.
1. Processes the personal data of the Client's Contact Persons for the purpose of concluding and executing the Contract, as well as for the purpose of sending communications to the Client's Contact Persons, including commercial communications from LRHUS
2. It complies with its obligations as an operator regarding the breach of personal data security and, at the same time, informs the Client of any such breach of personal data security, without undue delay.
3. Designates a personal data protection officer, who can be contacted by the Client, for issues related to personal data protection, at the following e-mail address: office@lrhus.ro.
4. Processes the personal data of the Client's contact persons for the purpose of concluding and executing the Contract, thus ensuring that it complies with the requirements of the legislation by using an appropriate basis of data processing and ensuring the appropriate information of LRHUS, according to this document.
5. As a personal data operator, he is responsible for implementing appropriate technical and organizational measures to ensure the security and confidentiality of personal data, to all clients who provide personal data, as well as LRHUS contact persons, mentioned in the contract or other documents
6. If required by applicable law, appoint a personal data protection officer and communicate the contact details at which he can be contacted by LRHUS for issues related to personal data protection.
EXCEPT AS OTHERWISE PROVIDED BY LAW, YOU HAVE THE FOLLOWING RIGHTS:
1. The right of access, i.e. the right to obtain a confirmation from us that we are processing your personal data, as well as access to it and the provision of information about the processing method.
2. The right to rectification, which refers to the correction, without undue delay, of inaccurate personal data and/or the completion of incomplete data.
3. The right to erasure / the right to be forgotten, i.e. the right to delete your collected personal data without undue delay, if this data is no longer necessary to fulfill the purposes for which it was collected and there is no other legal basis for processing, the data was collected illegally or the data must be deleted to comply with a legal obligation.
4. The right to restrict processing or to object, which applies if you dispute the accuracy of the personal data, the processing is unlawful.
5. The right to portability, i.e. your right to receive the personal data you have provided to us for the purposes indicated herein, in a structured, commonly used and machine-readable format, as well as the right to send this data to another operator.
6. The right to submit a complaint to the National Supervisory Authority for Personal Data Protection (ANSPDCP), at the postal address b-dul. G-ral. Gheorghe Magheru no. 28-30, sector 1, 010336 Bucharest or to the e-mail address anspdcp@dataprotection.ro.
7. The right to information - you can request information regarding the processing activities of your personal data
8. The right to object - you can object, in particular, data processing based on our legitimate interest.
9. The right to withdraw consent - in cases where the processing is based on your consent, you can withdraw it at any time. The withdrawal of consent will only have effects for the future, the processing carried out prior to the withdrawal still remaining valid.
With the exception of the right to file a complaint with the ANSPDCP, according to the above, these rights can be exercised by sending a written request to the LRHUS headquarters, Arad
1. We ensure that the rights of data subjects related to the processing of personal data held by us are respected and that we provide the necessary means to enable them to exercise their rights.
2. Providing information to data subjects – we provide data subjects with clear and easily accessible information about the data controller and the processing of their personal data.
3. Providing a mechanism for amending or withdrawing consent - we provide a mechanism for data subjects to amend or withdraw their consent.
4. Providing a mechanism to object to processing - we provide a mechanism that allows data subjects to object to the processing of their personal data.
5. Sharing the exercise of rights in principle with respect to personal data - we take reasonable steps to inform third parties with whom the personal data has been shared, of any modification, withdrawal or objections resulting from the exercise of the rights of the data subjects
6. Correction or erasure - we implement a mechanism to facilitate the exercise of data subjects' rights to access, correct and/or delete their personal data.
7. Providing copies of personal data processed - we may provide a copy of personal data processed, subject to the retention policy and when requested by a data controller. with the personal data.
8. Limiting collection - we limit the collection of personal data to the minimum relevant, proportionate and necessary for the identified purposes.
9. Limiting processing - we limit the processing of personal data to what is appropriate, relevant and necessary for the purposes identified.
10. Retention - we do not retain personal data more than is necessary for the purpose for for which the personal data was processed.
11. Disposal - will be done safely and to avoid and prevent further risks.
The Company will make all reasonable efforts to protect your personal data in our possession or control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal, as well as other similar risks.
The company also guarantees the security and confidentiality of the data hosted and transmitted through its computer system, declares that the databases are protected, including through electronic encryption, collaboration protocols have been concluded with the computer companies that manage our web page, specifications have been provided of data security in the collaboration contracts as well as in the internal procedures and there are confidentiality provisions in the contracts of our employees.