Company Policy on Personal Data Protection and Processing (PDP)

Dear Madam / Dear Sir, Dear Collaborators,

Taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in conjunction with other national regulations on personal data protection, RARTEL SA, headquartered in 70, Dr. Iacob Felix street, District 1, Bucharest, in our capacity as personal data operator, we kindly ask you to pay attention to our company’s data protection Policy in order to understand how your personal data, in our administration, will be treated.

The protection of your personal data is very important to us, therefore we pay special attention to protect the privacy of every person we work with: staff of clients and suppliers, visitors to our website, as well as other persons whose personal data were provided to us by a third party or we accessed from another authorized source.

 

1. WHAT IS PERSONAL DATA?

Personal data means any information relating to an identified or identifiable natural person (”data subject” as defined in GDPR 2016).

 

2. WHAT IS THE PROCESSING OF PERSONAL DATA?

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In the context of GDPR requirements, please be informed that:

  • we do not carry out automatic processing of your personal data;
  • the processing is carried out in compliance with the national and European regulations in the field of personal data protection;
  • data processing is carried out both by electronic means and by paper-based storage;
  • data processing/transfer is carried out by use of fax machine, by e-mail or by other mens of communication.

 

3. OUR PRINCIPLES ON DATA PROCESSING

RARTEL S.A complies with personal data protection principles of GDPR 2016, to ensure that all data shall be:

  1. Processed fairly, lawfully and in a transparent manner;
  2. Collected exclusively for specified, explicit and legitimate purposes;
  3. Adequate, relevant and limited to the purposes for which they are processed ;
  4. Accurate and up to date;
  5. Kept for no longer than is necessary for the purposes for which are processed;
  6. Processed in accordance with the rights of the data subject, in a manner that ensures appropriate security of the processing so as the data remain integral, confidential and available.

 

4. THE LAWFULNESS AND PURPOSES FOR THE PROCESSING OF PERSONAL DATA

Please be informed that we might use your personal data for the following purposes:

  1. For the conclusion and execution of your contracts or orders (as per art.6 para.1 letter b) of GDPR, personal data can be processed for the purpose of concluding or executing the contract). In order to be able to offer you our products and services, we need to process certain personal data that is yours.
  2. For the fulfillment of a legal obligation (as per art. 6 para.1 letter c) of GDPR, personal data can be processed for the purpose of compliance with a legal obligation). We request a series of personal data, in order to fulfill our legal obligations established by governmental and local authorities for tax purposes or for other legal purposes.
  3. For marketing – with your consent (as per art. 6 para. 1 letter a) of GDPR, personal data can be processed if the data subject has given consent to the processing of her or his personal data for one or more specific purposes). Therefore, in certain situations, we will ask for your consent to use your personal data in order to send you marketing messages, offers, invitations to various events, etc.
  4. For other purposes related to our object of activity (as per art.6 para.1 letter a) of GDPR, personal data can be processed if the data subject has given consent to the processing of her or his personal data for one or more specific purposes). Therefore, we can contact you or we may send your personal data to third parties involved in the carrying out of our object of activity.

We hereby inform the holders of personal data (the data subject) that the refusal to transmit personal data or to allow their processing may hinder the provision of the requested services and products or functional and marketing communications.

 

5. TRANSFER OF PERSONAL DATA TO THIRD PARTY

The personal data processed by RARTEL S.A may be disclosed and/or transferred to third party only in the case of your express consent to do so – except for the situations in which there is a legal/contractual obligation or for legitimate purposes  to proceed in this way, such as, transfers to:

  • companies that are member of Leonardo S.p.A Group and its subsidiaries ;
  • contracting parties and their banks, in relation to any type of transfer of funds ;
  • insurance and/or reinsurance companies ;
  • services providers (e.g. courier, telecommunication, IT, payments, processing, training, storage, archiving);
  • professional counsellors, as assessors, auditors or lawyers ( including related to debt tracking);
  • regulatory authorities, professional bodies and/or local and central public authorities in order to comply with the applicable regulations.

If necessary, we shall transfer your personal data outside the Economic European Area only in compliance with the legal regulations in force, applying appropriate security measures and notifying you when necessary.

 

6. PERSONAL DATA PROCESSING BY THIRD PARTY

RARTEL S.A  ensures contractually and by the selection of the third party with whom collaborates, that such third party meet the requirements of the Regulation (EU) 2016/67 with respect to the processing of the personal data transferred to them.

 

7. PERIOD FOR DATA STORAGE

RARTEL SA keeps the processed data for various time intervals for legal, contractual and archiving purposes. As a principle, we keep your data only for the period of time necessary for achivieng the purpose for which we hold such data, the contractual provisions, for meeting your needs or for fulfilling the obligations stipulated by law.

 

8. RIGHTS OF THE DATA SUBJECT

In accordance with the GDPR 2016 Regulation, as natural persons, you have a series of rights with respect to the personal data processed by RARTEL S.A:

Except for the case in which specific laws stipulate otherwise, you have the following rights:

  • right to access – the right to obtain a confirmation from us that we process your personal data, as well as the access to your data and the provision of information regarding the processing modality;
  • right to rectification – rectification at your request, without undue delay, of inaccurate personal data and/or completion of incomplete data;
  • right to erasure/right to be forgotten – right to erase without undue delay the collected personal data, in case that such data are no longer necessary in relation to the purposes for which they were collected and there is no other legal ground for the processing, the personal data have been unlawfully processed or the personal data have to be erased for compliance with a legal obligation ;
  • right to restriction of processingyou can challenge certain forms of personal data processing. We will reply to your requests after a short period of time in which we verify that our legitimate interests in the processing of personal data prevails over your rights;
  • right to object to processing, except for the case in which we will demonstrate that we have legitimate grounds for the processing of your personal data, grounds that override your interests, your rights and freedoms, or for the finding, exercise or defense of a right in court;
  • right to data portability, respectively, your right to receive the personal data you provided to us for the purposes indicated herein, in a structured, commonly used and machine-readable format, as well as the right to send such data to another controller ;
  • right to lodge a complaint to the National Supervisory Authority for Personal Data Processing(ANSPDCP) to the postal address 28-30, G-ral. Gheorghe Magheru blvd., sector 1, postal code 010336, Bucharest or at the e-mail address:  anspdcp@dataprotection.ro;
  • the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects on you or affects you in the same way, unless such processing is necessary for the execution of the individual labor contract or is permitted by law.

Prior to exert your right to lodge a complaint to ANSPDCP, as per abovementioned, please send a written request to our company’s address or to the address of our Data Protection Officer at: data.protection.officer@rartel.ro.

 

9. SECURITY OF PROCESSING

RARTEL S.A has adopted technical and organizational measures for the processing of personal data in compliance with the requirements GDPR 2016, in order to protect your personal data against any unauthorized access, improper use, unauthorized disclosure or alteration, accidental destruction or loss.

All employees and collaborators of RARTEL S.A, as well as any thrid party that acts on behalf and for the account of RARTEL S.A, have the obligation to respect the confidentiality of your information and the requirements of GDPR 2016.

Our Company makes all reasonable efforts to protect your personal data in our possesion or under our control. Please let us know if you have identified an incident related to the protection of your personal data and we assure you that we will take immediate action.

 

10. UPDATING THE PERSONAL DATA PROTECTION AND PROCESSING POLICY

Please consider that the present Policy may be subject to periodic changes of content, by updating the website of  RARTEL S.A.

 

11. CONTACT

For any question or concern about how we treat and use your personal data or if you wish to exercise any of your rights, please contact us at the following email address: data.protection.officer@rartel.ro.