Policy regarding personal data confidentiality and personal data protection
GDPR explained to you
The security of your data is the most important for us, that is why we treat with SERIOUSNESS and INVOLVEMENT any aspect regarding the protection of your data. Moreover, we AMBITION to offer you a unique experience in the both ways, in the online store and in every office in the country you visit, helping you to choose the best solution for your home.
What is happening starting with May 25, 2018?
From this date, the Regulation (EU) 2016/679 on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing of the Directive 95/46 / EC (The General Regulation about data protection) known as the GDPR (General Data Protection Regulation),will be implemented. This means that any Operator / entity that processes personal data must apply these new requirements and provide in a transparent manner information on how the data is processed.
Why is my data being processed?
Given the need to comply with the provisions of the GDPR, as well as the fact that we are dedicated to taking care of your personal data (which may include name, surname, e-mail address, depending on the purpose of processing) that are found into the our database, we inform you that they are used only for the purpose of successfully fulfilling the processes carried out in relation to you (we mention some processes without limiting them: RESERVATION / SALE / ORDER, TRANSPORT and DELIVERIES, WARRANTIES and SERVICE, maintenance customer relations – CUSTOMER SUPPORT SERVICE, recruitment processes).
What options do I have?
To exercise your rights regarding the processing of personal data and in this regard, please consult the section on the Rights of the data subject.
How do I find out more about the new regulations?
We are dedicated your data protection and security and we want you to be informed and make an informed decision on how the information you provide to us is used.
In this regard, please consult the following pages to find out more information about the application of “GDPR” starting with May 25, 2018 and how it is transposed in our relationship.
How can I contact you?
If you still have questions or want more additional information related to data protection, please send us an e-mail to firstname.lastname@example.org and we will respond as soon as possible.
Note: Sisteme Cofraje are in line with all legislative measures regarding the protection of personal data.
INFORMATION REGARDING THE APPLICATION OF „GDPR” WITHIN Formwork SRL
Starting with May 25, 2018, Regulation (EU) 2016/679 on the protection of individuals with regard on to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (The General Regulation about data protection) known as the ”GDPR Regulation”, shall apply.
Please look over the information from this document because it express the policy of Sisteme Cofraje regarding the processing of personal data.
Within Oberhauser Invest SRL we process personal data exclusively within the legal provisions regarding the protection of personal data.
- Operator = The operator responsible for data processing within the meaning of the GDPR Regulation is OBERHAUSER INVEST S.R.L., company with private capital, registered at the Trade Register with No. . J24 / 400 / 29.04.2013 and having C.I.F .: RO 31589810, and the registered office in Baia Mare municipality, str. Dealul Florilor, no. 14B, Maramures county, postal code 430165, country Romania, hereinafter referred to as “Operator” or ” Sisteme Cofraje”.
- Contact data responsible for data protection (DPO) = Address to which requests for information regarding the processing of personal data can be sent: Baia Mare, str. Dealul Florilor, no. 14B, Maramures county, Sisteme Cofraje Headquarters – in the attention of the DATA PROTECTION MANAGER or at the e-mail address: email@example.com
- Cookies = A “cookie” is a small file, usually made up of letters and numbers. It is downloaded into the memory of a computer or other type of device used for browsing the Internet (smartphone, tablet, etc.), when the user accesses a particular website.
- Target person within the meaning of the GDPR Regulation = identified or identifiable natural person (who can be identified, directly or indirectly, especially by reference to an identification element: name, identification number, location data, an online identifier, or one / several specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity). The data subject may be the applicant for a service offered by the Operator, as well as any other natural person whose personal data is transmitted to the Operator (for example a client or potential client, a candidate for a certain available position, a user of the site of the Operator, etc.).
- Categories of processed data = Personal data (first name, last name, date of birth, address, telephone number and e-mail address, etc.) are processed by us only if you enter this data in a site field or send them to us by e-mail.
- Processing of personal data means any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying , extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction.
1.PURPOSES AND LEGAL BASIS OF YOUR DATA PROCESSING:
According to Regulation (EU) 2016/679 and related legislation, the purposes for which we process your personal data are strictly related to the relationship between Sisteme Cofraje and the data subject. The information you provide to us is treated with the utmost confidentiality and exclusively for the purposes for which it was collected.
Please see below the details of the purposes for which we process data and the legal basis:
1.1. Contracting and managing the relationship with clients:
- Accessing the site:
Each time a user accesses a page in our offer and each time a file is opened, the access data is saved by us and partially by third parties in the form of protocol files. Each data set includes: the website from which you access our page, IP address, date and time of access, customer request, http response code, amount of data transferred, information about the browser and the operating system used by you.
- Geographical location:
Through the geographical location, with the help of the IP address, it is technically possible to estimate the location of the internet user. In order to be able to directly view the offers and items of the nearest Sisteme Cofraje store, the IP address is stored and used for the purpose of geographical location. After the end of the current session, the IP address is not stored with us for the purpose of geographical location.
Note: Certain traffic data (such as IP addresses or other identifiers of the devices with which you access our site) may in certain circumstances be personal data that we will treat as such.
- Data for the client account:
When creating a customer account using the “new customer” option, your data will be stored in the company database of formwork systems. You can request the deletion of your data and your customer account at any time. If you place an order on our website, the data will be processed in order to successfully carry out the sales process.
- Data for placing an order:
The personal data stored will be used for the purpose of carrying out contracts and processing your requests. After the completion of the contract or your request, your data are saved taking into account the retention periods according to the fiscal and commercial legislation and where applicable for a period necessary to protect the rights of the Operator.
- Data for the newsletter service:
When you provide your data to benefit from our newsletter service, your data is used by Sisteme Cofraje only for the purpose of sending direct marketing messages such as SMS, E-mail / newsletter.
Through direct marketing actions we can keep you up to date with our products, services and campaigns, respecting the legal provisions in force. The use of the data stops as soon as you give up the newsletter service. You can unsubscribe at any time and free of charge to the newsletter service by: accessing the “Subscriptions” section, checking the “Unsubscribe” option in the newsletter or sending an email to address firstname.lastname@example.org by which you expressly request unsubscription.
➢ LEGAL SUBJECT: the legitimate interest of the Operator to avoid online frauds and to ensure the general functionality of the site, the execution of a contract and the consent of the data subject, as the case may be.
➢ LEGAL SUBJECT: the consent of the data subject.
1.2. Business administration: COOKIES policy
- In general, the role of cookies is to ensure a quick and easy interaction between users and websites. Also, cookies are used so that users can easily resume their activities the next time they visit a website, previously visited. Basically, cookies tell the server which pages should be displayed to the user, without the user having to remember the pages they browsed or navigate on the entire site from the beginning. Please see the Cookies Policy for detailed information.
➢ LEGAL SUBJECT: the legitimate interest to permanently offer improved services to the users of the Sisteme Cofraje site.
Note: If we intend to process your personal data for a purpose other than those mentioned above, we will provide you, prior to this further processing, information on that secondary purpose and any relevant information.
2. YOUR RIGHTS AS A PERSON CONCERNED WITH REGARD TO THE PROCESSING OF PERSONAL DATA PROVIDED:
2.1. The rights of the data subject and how they can be exercised
According to the GDPR Regulation, as a data subject you benefit from an accumulation of rights, respectively:
- The right to information and access to the personal data: the right to obtain a confirmation of the fact that your personal data are processed or not and, if so, the right to access your data.
- Right to rectification: the right to request the Operator and to obtain, without undue delay, the rectification of inaccurate personal data concerning you and / or to obtain the completion of personal data that are incomplete, with the mention that in case of a online account you can make these changes personally from the account data editing section.
- The right to delete data (“right to be forgotten”): the right to obtain the deletion of personal data concerning you, without undue delay, if certain reasons are mentioned in the GDPR Regulation.
- The right to restrict processing: the right to obtain the restriction of processing in certain cases.
- The right to data portability: the right to receive personal data concerning you and to transmit them to another operator.
- The right to oppose: the right to oppose at any time the processing of personal data concerning you, under the conditions of the GDPR Regulation.
- The right not to be subject to a decision based solely on automatic processing, including the creation of profiles, which produces legal effects that concern or affect you in a similar way to a significant extent.
- The right to address through a complaint to the National Authority for the Supervision of Personal Data Processing (ANSPDCP) in the situation where you consider that your data have not been processed in accordance with the legal provisions.
➢ How can you exercise these rights?
For the exercise of the rights mentioned above, please address by written request, dated and signed at the e-mail address: email@example.com, or at the postal address: Baia Mare, str. Dealul Florilor, no. 14B, Maramures county, to the attention of the data protection officer.
➢ What is the term in which we meet your requirements?
Within a maximum of one month, calculated from the receipt of your request, you will be provided with information on the actions taken or, where applicable, on the reasons why the requested measures cannot be taken.
Note: Please note that in order to process a request for access to personal data we will take all reasonable steps to verify the identity of the data subject.
Also, according to the GDPR Regulation, the response period mentioned above can be extended by a maximum of two months if it is necessary, taking into account the complexity and number of requests, and we will inform you about this issue, if of course this will be the case.
3.RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA:
Recipients who process personal data within the European Union have the obligation to comply with the same legal provisions, offering the same level of protection as the Operator.
Note: In the case of recipients operating in the United States, the Operator guarantees that they are certified “Privacy Shield” and are considered by the European Commission as providing an adequate level of protection. The list of companies joining the “Privacy Shield” is available on this website: https://www.privacyshield.gov/welcome.
3.1. Data transmission for order processing
The personal data stored by Sisteme Cofraje are transmitted to our collaborators in order to complete / deliver orders. For example, your data will be sent to courier companies, if you choose to deliver the order by courier.
If you select the option to pay online by payment with a bank card, it is important to know that this operation takes place in a secure way on the site provided by the payment processor, and Sisteme Cofraje transmits to the payment processor only the data related to your order (Sisteme Cofraje does not access or process any personal data regarding the bank card).
3.2. Data transmission for the purpose of operating the newsletter service
In order to be sure that this service works at the desired parameters, we use a third party specialized in the field of e-mail delivery, respectively the mailchimp.com platform belonging to The Rocket Science Group. Its data protection policy can be found here: https://mailchimp.com/legal/privacy/.
You can always unsubscribe from the newsletter service – either from your account – the “Subscriptions” section, or by pressing the “Unsubscribe” button in the received e-mail, or by sending an email to firstname.lastname@example.org by which you expressly request to unsubscribe.
3.3. Transmission to public institutions, courts, as well as competent authorities to investigate the commission of criminal acts
In special cases, when required by law, the company Sisteme Cofraje may provide the competent institutions with information on personal data.
3.4. Transmission to other third parties
In order to offer you a pleasant experience in the online environment, we are constantly concerned with improving / maintaining the software programs used. In this sense, we have concluded development contracts with companies specialized in the field of programming and software maintenance.
3.5. Google Adwords / Analytics web analytics service
Our website uses Google Inc.’s “Google Adwords / Analytics” web analytics service for statistical purposes.
If the anonymization of the IP address is activated, your IP will be shortened in the space of the member states of the European Union or of other third members of the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is enabled for this site. Google will use this information on behalf of the operator of this site for the purpose of evaluating your use of the website, generating reports on website activity for website operators and providing other services relating to website activity and internet usage.
Note: Additional information is available on the Google Analytics terms of service and Google Analytics pages.
4. LEGAL BASIS
For even more details you can consult the legal basis:
- Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (accessible at http: //dataprotection.ro/?page=Regulamentu_nr_679_2016).
- Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.