General Data Protection Regulation
General Data Protection Regulation (GDPR) is a new legal framework for data protection legislation in the EU and entered into force on 25 May 2018. Unlike Directive 95/46, which governs this processing before this point, GDPR has a direct effect within the European Union and does not need to be transposed at national level. This will aim at harmonizing the laws governing the processing of personal data in Europe and, under certain circumstances; its scope can be extended beyond the borders of Europe.
If you are an organization that processes personal data, you are most likely to be subject to the GDPR provisions. In doing so, you are subject to obligations and you must respect them. The same applies to SC RONTRANSMAR SRL, which, in view of its situation, is bound by different obligations as a processor and data controller.
Understanding the specific realities of European regulations is not an easy task when the GDRP regulation contains 99 articles and numerous guidelines on how to apply. Understanding these issues is, however, essential to avoid any risk that might arise from an imprecise interpretation of your organization’s regulatory obligations. It is therefore essential to understand correctly the terms defined below:
Personal Information: Any information relating to an identified or identifiable real person.
An identifiable person is defined as any real person who can be identified directly or indirectly.
Processing: any operation or set of operations that is performed on personal data or on personal data sets, whether automated or not, such as collecting, recording, transmitting, storing, preserving, retrieving, consulting, using or other operations.
Operator: a natural or legal person, a public authority or other body that alone or with others determines the purposes and means of processing personal data.
Processor: a natural or legal person, public authority or other body processing personal data on behalf of the operator.
Data protection ensures that people’s data is kept secure and used for clear purposes that the individual has accepted.
Data privacy refers to IT security and to measures taken to keep data safe while in an organization or while it is transferred to a third party.
According to GDPR, you are required to make sure that the records are accurate and up-to-date, and the information is kept only as long as the organization needs it or kept under the law.
Data clearing seems the most sensitive first step; this should determine how long certain types of information should be retained before they are safely removed. A person designated in the company should be appointed as responsible to ensure that this is monitored regularly; so the organization respects the deletion of data it no longer needs.
If you have not set the data you want to process, the processing time, or the purpose, please let us knows in order to get you in accordance with Regulation.
SC RONTRANSMAR SRL as operator
Your personal data may be processed by other entities designated by SC RONTRANSMAR SRL on its behalf. However, SC RONTRANSMAR SRL remains your data carrier. Thus, it is possible to transmit data to public authorities, external consultants, empowered to whom we have outsourced the provision of certain services in Romania or abroad or the European Union / European Economic Area, but always ensuring that we provide adequate safeguards for data protection (for example, contractual terms of confidentiality and data protection).
The purpose of personal data processing is limited to performing customer-supplied products / services. We will process personal data in a manner consistent with EU Regulation 2016/679; the legal basis being the conclusion and performance of the contract in the case of order processing (according to Article 6 (1) (b) of the GDPR).
Personal data processed include name, surname, address, telephone number, e-mail address, personal identification number, date of birth of the customer and details of the orders sent to the subscriber. Your personal data will be retained and processed for a period of time to achieve the purpose of the processing.
You have the right to require the operator to access your personal data, rectify, delete or restrict the processing, as well as the right not to process or transfer it. You also have the right to portability of data under certain conditions.
Starting May 25, 2018, you can contact your personal data protection officer at the following e-mail address: firstname.lastname@example.org.
As a client of SC RONTRANSMAR SRL, what rights do I have?
The right to information – You can request information about the processing of your personal data;
• Right to rectification – You can correct inaccurate personal information or fill it out;
• The right to delete the data (the “right to be forgotten”) – you may obtain the deletion of the data if the processing was not legal or in other cases provided by law;
• Right to restrict processing – You may request restriction of processing if you dispute the accuracy of the data, as well as in other cases prescribed by law;
• Opposition – you can oppose in particular data processing based on our legitimate interest;
• Right to data portability – You may receive, under certain conditions, the personal data you have provided us in a format that can be read automatically, or you may require that the data be transmitted to another operator
• Right to file a complaint – You can complain about how to process your personal data with the National Supervisory Authority for Personal Data Processing.
• Right of withdrawal of consent – in cases where processing is based on your consent, it may be withdrawn at any time. Withdrawal of consent will have effects only for the future, processing prior to the withdrawal remaining valid;
• The right not to be subject to automatic automated or profiling decisions related to automated decisions: You can request and obtain human intervention with respect to that processing, or you can express your own views on this type of processing.
You can exercise these rights, individually or cumulatively, by simply sending a request to your email address email@example.com
Who owns the personal data used and stored by the client as part of the services?
Data stored by the client on the servers of RONTRANSMAR SRL within the purchased products remain the property of the client.
SC RONTRANSMAR SRL will not access or use these data unless it is necessary to ensure the functionality of the services (database repair, restore files from backup, debugging site errors)
Data of the customers are transferred outside the European Union?
Your personal data may be processed by other entities designated by SC RONTRANSMAR SRL to process the data on its behalf. However, SC RONTRANSMAR SRL remains your data carrier. Thus, it is possible to transmit data to public authorities, external consultants, empowered to whom we have outsourced the provision of certain services in Romania or abroad or the European Union / European Economic Area, but always ensuring that we provide adequate safeguards for data protection for example, contractual terms of confidentiality and data protection).
How long your personal data is stored and processed?
FOR THE PROCESSING OF ORDERS, WORKING OR OTHER SERVICES PROVIDED BY THE NEW PROCESSING DURATION WILL BE VARIABLE BY THE AGREED CONTRACT PERIOD OF PARTIES. FOR THE FULFILLMENT OF CERTAIN LEGAL OBLIGATIONS (HOW THE OBLIGATIONS OF ACCOUNTING AND TAX REPORTING IS, ARCHIVES, ETC.), THE DURATION OF THE PROCESS VARIATIONS IS AT THE POSSIBILITY OF AN INCIDENTAL LEGAL OBLIGATION. AS FROM 25 MAY 2018, YOU MAY REQUEST INFORMATION ABOUT THE DURATION OF YOUR DATA PROCESSING AT THE FOLLOWING EMAIL ADDRESS: firstname.lastname@example.org.