CONSTRUCTII ERBASU S.A. with its registered office in Bucharest, Sector 1, str. Nicolae G. Caranfil no. 72, Block XXII A, Ground floor, Ap.1 (rooms 2 and 4), Ap. 2, registered at the Trade Register Office under no. J40 / 2205/1991, CIF RO 430008 (“ERBAȘU” or “Company“), a company belonging to the companies Erbașu (“COMPANIILE ERBAȘU“) owner and administrator of https://www.erbasu.ro/, complies the legal provisions in force regarding the protection of personal data in the course of its entire activity and gives respect, trust and confidentiality, offering security to all personal information collected on our site.
Erbasu keeps confidential the information of the visitors of the site https://www.erbasu.ro/ and of the persons whose personal information it receives through the use of the applications, forms and other related services.
In order to facilitate the browsing of the document, we have included at the end of this note a glossary that explains the main concepts used (e.g. “personal data”, “processing”, etc.).
I. OUR CONTACT DATA
If you have any comments, suggestions, questions regarding any information in this note or any other issues regarding the processing of your data we make, please do not hesitate to contact our Data Protection Officer at any time. Depending on your preferences, you can contact us through any of the communication channels below:
Full name: CONSTRUCTII ERBASU S.A
Address of registered office: Bucharest, Sector 1, str. Nicolae G. Caranfil no. 72, Block XXII A, Ground floor, Ap.1 (rooms 2 and 4), Ap. 2
Phone number: 021.232.35.45
E-mail address: firstname.lastname@example.org
II. COMPLIANCE WITH THE PROCESSING PRINCIPLES:
- Erbasu, in its activity of processing personal data, always obeys the following principles:
- All data are processed in a legal, fair and transparent manner vis-à-vis the data subject (“legality, fairness and transparency“);
- Personal data are collected for specific, explicit and legitimate purposes and are not subsequently processed in a manner incompatible with these purposes (“purpose limitations“);
- All personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“minimizing data“);
- We make sure your data is accurate and, if necessary, updates it; we take all necessary measures to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are deleted or rectified without delay (“accuracy“);
- Your personal data is not stored longer than necessary (“storage limitations“);
- Adequate security of the processing of your personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures (“integrity and confidentiality“);
- The processing takes place in accordance with the respect of your rights as a data subject;
- Your data are not transferred outside the European Economic Area, unless the territory / country to be transferred ensures an adequate level of protection of personal data.
III. PERSONAL DATA WE PROCESS:
The personal data relating to you that we will process are the data obtained directly from you, which you transmit to us voluntarily, technical data collected from all users of the site, information collected through our services, information that we collect them from third parties, who are allowed to exchange information with us and include the following categories of data:
- Personal details: name; first name; sex; date of birth / age; citizenship; home / residence address, mobile / landline number, fax number; e-mail address, CNP, the rest of the information in your identity document (including date of issue, date of expiration of the act, place of birth),
- Image data: geolocation data, images / video recordings, (in our premises where we have CCTV video surveillance cameras – where they exist, they are indicated by visible signs);
- Your contact with us, such as a note or recording of a call you made to us, data sent by email or letter, requesting an offer, or other records of a contact with us;
- Payment information: billing address, bank account number or bank card / IBAN code, name and surname of bank account holder or bank card (it may be different from you if someone else paid a bill on your behalf and for you ) the date from which the bank card is valid; bank card expiration date, customer code;
- Opinions and visions (may include sensitive data), such as: any opinions and visions you transmit to us or any opinions and visions you post publicly about us on social media (or social media) or that you make known on other public channels;
We will collect your usual personal data when, for example:
- Visit us at our headquarters, send us CVs or job applications;
- You send us a request for collaboration or a response to the request for collaboration;
- Order / purchase or use any of our services / products;
- In order to conclude / execute a contract;
- You subscribe to newsletters, alerts or other services offered by us;
- Contact us through various channels to request information about our services; for example. when you choose to offer them through the website https://www.erbasu.ro/ including when you send us an email asking a question – it registers to respond to your request;
- Visit or browse our site;
- If we transmit such data to our third-party suppliers or collaborators, to the extent that we have legal grounds, for example: lawyers, consultants, accountants, etc.;
- When your personal data is public;
- We automatically receive and record information from server logs in your browser when you use https://www.erbasu.ro/ We can use a variety of methods, including “cookies” to collect this information. Information we may collect through these automated methods may include, for example, your IP address, the type of browser used, the content and pages you access on our site, the duration and frequency of your visits to track movements you’re on our site – see the Cookies section below.
Our respect for your data includes the fact that we give them the necessary human attention, through our staff. Under the present conditions, you are not the subject of a decision of ours based solely on the automatic processing of your data (including the creation of profiles) that will have legal effects on you or which will affect you in a similar manner to a significant extent.
IV. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
The purposes for which we process personal data relating to you are the following:
- To provide our services. Your personal data are used to carry out our activity, to respond to requests made by the competent authorities that supervise and regulate our activity.
- Billing and customer relations. In order to invoice you for the purchase of our services, to contact you if the billing data you have provided to us are incorrect, about to expire or we cannot collect the payment, to answer any questions or concerns you have you may have contact with our services;
- Management of our communication systems and IT (information technology). Managing our communications systems; managing our IT security; conducting security audits on our IT networks, issuing reports to authorized institutions or repairing system errors;
- Fulfillment of our legal obligations. Fulfillment of our legal obligations regarding archiving, security, reporting, keeping records and other obligations imposed by law.
- Improving services. Identifying the potential problems regarding our services in order to improve them, solving your notifications / complaints registered on the Company’s website https://www.erbasu.ro/,- managing the usual correspondence with the contractual partners, etc., controlling the access of visitors to the headquarters company;
- Surveillance of the spaces according to the legal provisions. CCTV systems mounted for the surveillance of the spaces related to the access roads, the zones of values, for the guarding and protection of the goods and the personnel located in those spaces, etc.
V. WHO WE TRANSMIT YOUR DATA
As a general rule, we do not disclose your data to other companies, organizations or individuals in any country (including Romania). However, in certain situations, we may disclose your data to other natural or legal persons.
But we try to be as transparent and specific as possible, and then we will present the categories of such recipients:
- Competent authorities, accounting and audit firms, lawyers, human resources, contractual partners, service providers, etc. Whenever we do this, we ensure that there is a sound justification, that we will only transmit the data strictly necessary to achieve the purpose of the transmission and we will try to ensure that the recipient ensures a high standard of protection of personal data.
In the case of data processing activities performed by a third party provider / supplier / partner / intermediary for the Company on the basis of a contract for the provision of services of any type concluded between Erbasu and the respective third party (which has the status of processor of personal data from the point of GDPR), these contracts are concluded in writing and include a number of specific clauses, whereby third parties provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing complies with the requirements set out in the GDPR and ensures the protection of the rights of the data subject.
- Recipients for whom you request or give us consent in this regard or persons who can prove that they have the legal authority to act on your behalf;
- Any person, agency, court executor or relevant court in Romania – to the extent necessary to establish, exercise or defend a right of ours;
- If it is our legitimate interest to do so to manage, expand or develop business, for example, if we sell or transfer all or part of our shares, our assets or our business (including in the case of our reorganization, dissolution or liquidation), situation in which the personal data held by us will constitute one of the transferred assets – in this situation the potential acquirers will be held by an obligation of confidentiality.
VII. HOW LONG AND HOW WE KEEP YOUR DATA
We keep your personal data only for as long as they are required or provided for by the legislation in force.
Your data that are necessary for purposes related to the provision of our services will be stored for a period of 3 years from the termination of the service contract concluded with the Company.
The payment / billing data will be stored for a period of 10 years, according to Law no. 82/1991 regarding the accounting.
The data on video surveillance to ensure the security of goods and persons will be stored for a period of 30 calendar days in accordance with the legislation in force.
If there is no legal requirement, we will only store them for as long as necessary for the processing of the data for the purposes mentioned above.
Except where the law provides otherwise and the ones exemplified above, we will usually process your data during the existence of a contract between you and “Erbasu”, plus a period of 3 years from its termination.
We make every effort to ensure that data is kept safe. For storing your data in electronic format, we use our own servers or other companies specialized in electronic archiving.
We strive to use reasonable organizational, technical and administrative measures to protect personal data within our Company.
To this end, we have adopted dedicated policies regarding physical and electronic security measures, in order to protect our systems of unauthorized access and other possible threats to their security.
To the extent possible, we will anonymize data that is no longer required by us in a manner that does not allow data subjects to be identified or we apply pseudonymization to limit the risks regarding personal data processed.
VIII. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
We treat with seriousness and full involvement the rights you have in connection with the processing we carry out on your data. In short, your rights are as follows:
- The right to be informed. When the personal data are collected from you or obtained from another source, we have the obligation to inform you about the purpose of using this data and the rights you have.
- The right of access to data. You have the right to request information about the personal data we hold about you, including information about the categories of data we hold or that we control, for what they are used, the source from which we collected them if we have obtained indirectly, and to whom these data are disclosed, if applicable. We will provide you with a copy of your personal data upon request. If you request multiple copies of your personal data, we may charge you a reasonable fee based on administrative costs.
- The right to rectify data. You have the right to obtain the rectification of your data that we process or control, if they are not correct.
- The right to delete data (“the right to be forgotten“). You have the right to obtain from us the deletion of your data that we process or control. “Erbasu” aims to process and store your data only for as long as necessary.
We must comply with this request if we process your personal data, and if:
- personal data are no longer necessary for the purposes for which they were collected;
- you oppose the processing for reasons related to your particular situation;
- your data have been processed illegally;
- personal data must be deleted in order to comply with a legal obligation incumbent upon us;
- unless your data is still required:
- for the exercise of the right to free expression and information;
- to comply with a legal obligation, we have specified;
- for archiving purposes for public, scientific or historical studies or for statistical purposes; or
- for finding, exercising or defending a right in court.
- The right to restrict data processing. You may obtain from us the restriction of the processing of your personal data, if:
- challenge the accuracy of your personal data, for the period we need to verify the correctness,
- the processing is illegal, but you oppose the deletion of personal data, asking instead to restrict their use,
- The right of opposition to the use of personal data. In certain circumstances, you have the right to object to the processing of your data by us or on our behalf. Where the processing is not based on your consent, but on our legitimate interests or those of a third party, you may at any time object to the processing of your personal data for reasons related to your particular situation. In this case we will no longer process your personal data, unless: (a) we can prove legitimate and compelling reasons that justify the processing and prevail over your interests, rights and freedoms, or (b) if the purpose is the finding, exercising or defending a right in court.
If you object to processing, please specify if you also want your personal data to be deleted, otherwise we will only restrict it.
- The right to data portability. You have the right to receive your personal data that you have provided to us, and if it is technically feasible, request that we pass on your personal data (which you have provided to us) to another organization / clinics.
These two rights are rights that you have if, cumulatively: (a) we process your personal data with automatic means, (b) we rely, in the processing of your personal data, on your consent or processing of our personal data by us it is necessary for the conclusion or performance of a contract to which you are a party; (c) your personal data is provided to you, and (d) the transmission of your personal data does not adversely affect the rights and freedoms of others.
You have the right to receive your personal data in a structured, commonly used and automatically readable format.
Your right to receive personal data should not have a negative effect on the rights and freedoms of others. This may happen if a transfer of your personal data to another organization also involves the transfer of your personal data to others (who do not consent to this transfer).
The right to have your personal data transmitted to us by another organization is a right that you have if this transmission is technically feasible.
- The right not to be subject to an automatic decision (including profiling). You have the right not to be subjected to a decision based solely on automatic processing (including profiling) and that will have legal effects on you or that will significantly affect you.
This right will not apply in the following exceptional situations, where the automatic decision:
- a) it is necessary for the conclusion or execution of a contract between the data subject and the Company;
- b) is authorized by Union law or national law that applies to the Company and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or
- c) it is based on your explicit consent;
In the situations of letters, a) and c) of this paragraph, the Company has the obligation to implement the appropriate measures to protect your rights, freedoms and legitimate interests, at least your right to obtain human intervention from the Company, to express yourself point of view and to challenge the decision.
- The right to withdraw consent. In the situations in which we process your data under your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you initially gave us consent. Withdrawal of consent will not affect the legality of processing your data that we have made before withdrawal.
- The right to lodge a complaint with the supervisory authority. If you have a dissatisfaction with how we process your data, we would prefer to contact us directly so we can resolve your issue. However, if you still have any complaints, you can contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):
Address: G-ral Boulevard. Gheorghe Magheru, Bucharest, Romania;
Phone: 40.318.059.211/ +40.318.059.212
- The right to bring you justice. At the same time, it is important to note that, in the event that you consider that the rights you benefit under the Regulation have been violated as a result of processing your personal data with non-observance of its provisions and without prejudice to your right to file a complaint with the authority of supervision, you have the right to address the courts, by filing an appeal against the Company.
In order to exercise one or more of these rights or to ask any questions about any of these rights or other aspects of the processing of your data by us, you can do so by sending a written, signed and dated request to the e-mail address. : Also, at our headquarters there are also printed forms that you can fill in to request the exercise of one or more of the above rights.
We will try to respond to your request within a month, which may be extended by two months due to specific reasons related to the specific right invoked or the complexity of your request. In any case, if this period is extended, we will inform you about the extension period and the reasons that led to this extension.
In some situations, we may not be able to grant you access to all or part of your personal data due to legal restrictions. If we refuse your request for access, we will notify you of the reason for this refusal.
In some cases, we may not be able to identify your personal data because of the identifying elements you provide in the application. In such cases, if we cannot identify you as a data subject, we cannot process your application in accordance with this section, unless you provide us with additional information that will allow us to identify you. We will inform you and give you the opportunity to give us such additional details.
A cookie is a string of information that a website stores on a visitor’s device and that the visitor’s browser provides to the site each time the visitor returns. Because the browser provides this cookie information to the site at each visit, cookies serve as a kind of tag that allows a site to “recognize” a browser when it returns to the site. For more details, please visit: http://en.wikipedia.org/wiki/Cookie.
Cookies store information about your activities on a website or other platform. For example, cookies can store session information to easily connect to a website or other platform you have visited previously.
Information we may collect through these automated methods may include, for example, IP address, user code, browser type, system type, content and pages you access on our sites or services, frequency and duration of visits your site.
If you have agreed to include cookies in your browser via the banner on the first homepage of the website, please note that your acceptance may be withdrawn at any time. Current browsers (web browsers) offer the ability to set / disable cookies. To do this, in general, go to Options or Preferences.
However, if you do not accept cookies, you may not be able to use all portions of our site or all its features.
Please note that disabling these technologies may interfere with the performance and features of the services provided.
X. MODIFICATION AND UPDATE OF THE CONFIDENTIALITY POLICY
We reserve the right to modify, when we deem appropriate, data protection practices and to update and modify this information note at any time. For this reason, we encourage you to periodically check this information note.