STEEL DESIGN SRL, legal entity with registered office on RENASTERII 24 C, Sanpetru, Jud Brasov, with the registration number of the Trade Registry J08 / 1036/2004 and CUI RO16407265, as an operator, wishes to inform you about the processing of your data personal in the context of operations related to the delivery of services / products STEEL DESIGN SRL to clients, for the purposes specified below.
By the nature and procedures of the services / products provided by STEEL DESIGN SRL ("products" or "STEEL DESIGN SRL"), their users (& Clients & Users) send certain personal data used to ensure the provision and performing according to the law and its own procedures, in optimal and safe conditions of services.
Protecting the personal data of STEEL DESIGN SRL's clients and keeping them safe is one of the major concerns of STEEL DESIGN SRL, the partners, the subcontractors involved in the provision of services.
Personal data means both non-personal data and personal data – information on an identified or identifiable individual. An identifiable person is that person who can be identified, directly or indirectly, in particular by reference to an identifier, including, but not limited to: (i) name, forename, address, e-mail, telephone eg fixed, mobile, fax); (ii) financial information (eg income, etc.); (iii) various information required or required by service-specific product / service-specific authorities; (iv) information resulting from video / audio monitoring if the Client visits one of the locations where the STEEL DESIGN SRL products / services are supplied or contacts the support services; (v) the signature; (vi) any other information resulting from the processing carried out by STEEL DESIGN SRL (eg customer segmentation according to different criteria, the unique identifier generated at STEEL DESIGN SRL for each client, specific information about the services / products offered by STEEL DESIGN SRL etc.) and any other information that is necessary for the activities of STEEL DESIGN SRL; (vii) the iP or the activities performed when you browse our site or use the STEEL DESIGN SRL services / services).
Personal data processing means any operation or set of operations that is performed on personal data by automated or non-automatic means such as collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using, disclosing third parties by transmission, dissemination or otherwise, joining or combining, blocking, archiving, deletion, destruction, etc..
Information is collected in the process of providing services / products to users or potential users. The main sources of information are: 1. the forms used to provide the services, the data provided when using the websites or the STEEL DESIGN SRL websites, other means of communication, questionnaires that users or potential users of services accept (without being obliged to accept ) to complete upon our request other documents that users or potential users provide at our request; 2. the transactions between STEEL DESIGN SRL and its agents / partners and between them and the users of the service; 3. external sources – for the fulfillment of specific obligations (competent institutions, public registers, electronic databases, information available in social media and on the Internet, or third-party abilities, possessing such information, such as but not limited to the following: National Office of the Trade Register, the portal of courts in Romania administered by the Ministry of Justice, other personal data providers etc.).
We collect the following data:
STEEL DESIGN SRL collects personal data from its users in three ways:
– directly from the user;
– traffic data from the user's browser;
– via cookies.
Personal Data Collected Directly
A1. When you access habur.ro you place an order we can ask for your name, surname and / or email address, as well as other data required for contracting, delivery or billing.
These data are kept for a period of 3 years after the termination of the contract (this)
being the general prescription period). Invoice data is kept for 10 years (where it is)
legal tax obligation).
If you do not give us this data, we will be unable to honor your order.
A2. When you access the assistance services, we can ask you for an email address or phone number. We reserve the right to record any communication made for the assistance services of the hubur.ro services in order to improve our services. These data are used, for example, for the purpose of contacting you to resolve your complaint / request.
We may also request other data that may constitute personal data only to the extent that it is necessary for those purposes.
This data is retained until your consent is revoked until your activity shows us that you are no longer interested in our communication.
B. Traffic data
When you visit a website, regardless of the device you use, you disclose certain information about you, such as your IP address, your visit time, where you went to our sites, the visited pages. habur.ro as well as other operators, register this information for a specified period of time. habur.ro uses external traffic analysis services such as Google Analytics.
These data are used exclusively by habur.ro to improve our site and services, but also to ensure our site's security:
– data provided voluntarily by customers when placing the order (name, surname, delivery address, telephone number) that we use to process the order and deliver the product to the customer via the courier. In case of return, we also use IBAN (return form);
– (IP) data that automatically logs in when a user visits the site and is used to collect anonymous statistical information about the use of the site in order to see the correct functioning in full security;
– cookies – per session and fixed
The purpose of collecting your data is solely to respond efficiently and promptly to your request at all stages of the acquisition process: verifying the correctness of the data you entered in the order form, checking your order, issuing the invoice for products ordered by you. As well as to be able to contact you in case you are unclear about the completion of your order.
PERSONAL DATA PROCESSING PURPOSES
The purposes for which STEEL DESIGN SRL processes personal data are:
1. identifying users / potential users via the means of communication (eg telephone, e-mail, post, internet, fixed or mobile applications that the Client accesses to use the services provided),
2. monitoring operations and developing services and providing support services for users / potential users;
3. Creating or analyzing profiles to improve services and conduct surveys as well as to perform any other types of service promotion and / or marketing or general advertising activities;
4. analyzing the behavior of any person accessing STEEL DESIGN SRL websites, using cookies, in order to provide content (general and commercial) adapted to user preferences, retains passwords, language preferences, child protection filters, frequency limiting the distribution of advertisements, etc .;
5. Performing internal analyzes (including statistical analyzes) on both services and on the portfolio of users / potential users, for providing, improving and developing services, as well as conducting market studies and analyzes on; br /> 6. Solving any procedural and / or legal situations in connection with the provision of services or the interest of the company
7. Archiving in both physical and electronic format of documents related to the provision of services and / or correspondence with users / potential users;
8. Reporting to state institutions in accordance with the legal regulations applicable to STEEL DESIGN SRL (eg regulatory authorities and legal authorities).
PERSONAL DATA PROCESSING PADS
STEEL DESIGN SRL processes the personal data for the above mentioned purposes, based on the following reasons:
1. Execution of the contract and preliminary steps for this contract (Article 6 (1) b GDPR) – for data collected through the order form or data received as a result of customer service;
2. Legal Obligations (Article 6 (1) c GDPR) for billing data;
3. Consent (art 6 (1) of GDPR) for marketing data for site visitors (e.g. newsletter subscription, marketing cookies, etc.)
4. The legitimate interest (art 6 (1) f GDPR for the data used for marketing for the current clients (according to the art. 506/2004 art 12 (2)) habur.ro, the security of the own site (recital 49 GDPR) used internally to optimize your own habur.ro site (and anonymized or pseudonymized, as the case may be).
IS YOUR USE OF COMMUNICATION OF DATA? WHAT ARE THE REFUSAL CONSEQUENCES?
The processing of personal data requested by users / potential users by STEEL DESIGN SRL for the purpose of providing the services is considered strictly necessary for the provision of services in accordance with the legal provisions and procedures of STEEL DESIGN SRL. Refusal to provide such data makes it impossible for us to provide the services. The user may choose not to process his data for direct marketing purposes.
DESTINATIONS OF PERSONAL DATA
In order to meet the above-mentioned goals, the company may disclose Customer data, where strictly necessary, based on the need for knowledge, to the following third-party categories:
- regulators and legal authorities
contractual partners (eg company agents, auditors, consultants, etc.), some also having the capacity of persons empowered by the operator to process personal data.
These contractual partners also carry out their business activity in Romania, and they may be provided with your personal data to be used within the limits of the obligations they have assumed towards the company. The personal data we disclose to the persons empowered by us with their processing are limited to the minimum necessary personal data for the execution of the respective services and, at the same time, we ask them not to use personal data for any other purpose.
We make every effort to ensure that all the entities we work with store your personal data safely and securely. Also, some of them are operators who also carry out commercial activity in Romania, such as agents of payment services as agents.
Some of them are third parties who do not have the role of processing personal data but can access them in order to fulfill their obligations or interact with the company, such as technical maintenance companies, financial auditors or service providers legal services.
The above-mentioned personal data may be made available or transmitted to third parties in the following situations:
(i) public authorities, auditors or institutions with controlling powers over the company's services, activities or assets that require the company to provide information based on the legal obligations incumbent on the company;
(ii) to meet a legal requirement, including those relating to the provision of services, or to protect the rights and assets of our company or other entities or persons, such as courts of law;
(iii) third party acquirers, to the extent that the activity of the company would (wholly or partially) be transferred and personal data to the data subjects would be part of the assets being the object of the transaction.
TRANSFER OF PERSONAL DATA OUTSIDE THE COUNTRY
In the context of the operations described above, Customer's personal data may be transferred to countries within the European Union ("EU") or the European Economic Area (SEE). We hereby inform Clients that any transfer made by the Company to an EU or EEA Member State will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (& GDPR & rdquo;).
DURATION OF PROCESSING
We will store Customer's personal data only for the time required to achieve the processing purposes as outlined above and in compliance with applicable legal regulations including, but not limited to, archiving provisions.
WHAT'S WITH THE PERSONAL USERS DATA WHEN PROCESSING DAMAGES
After the period of processing mentioned above expires and the company no longer has any legal or legitimate interest in processing your personal data, personal data will be erased in accordance with the company's procedures, which may involve archiving, anonymization , destruction.
AUTOMATIC DECISION MAKING PROCESS AND PROFILE
The personal data mentioned herein may be subject to automated decision-making processes, including profile creation.
SECURITY FOR PERSONAL DATA PROCESSING
The company constantly assesses and improves security measures implemented to ensure personal data processing in safe and secure conditions.
Measures taken to ensure personal data security
1. Users who have access to the personal information database can access the database only with their own account name and password. All users are required to keep confidentiality of the data they have access to, and each session end in the database will close the session.
2. Users access personal data only to perform their service duties;
3. Personal data may be printed only by users authorized for this operation and only for purposes required by applicable laws (invoices, merchandise accompanying, commercial contracts).
The company's headquarters is equipped with an alarm system, and personal data is stored electronically in secure, password-protected files. Hearing information is kept in special dossiers accessible only to employees of the company who are subject to confidentiality.
RIGHTS OF THE PERSON WITHIN THE PERSONAL DATA PROCESSING
In the context of processing the personal data of users / potential users, the person concerned has the following rights:
1. The Right to Information – art. 13 and 14 GDPR. Allows the data subjects to know, from the time they are collected, how the data will be used, to whom they will be disclosed or transferred, what rights the data subjects have on the processed data, etc.
2. Right of access to processed personal data – art. 15 GDPR. Allows the person to obtain from STEEL DESIGN SRL a confirmation that personal data are processed or not, and, if so, access to the data and other useful information;
3. Right to rectify or delete data – art. 17 GDPR. Allows the person to obtain from STEEL DESIGN SRL the deletion / rectification of personal data concerning it without undue delays. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; data is processed for statistical purposes or archiving purposes; the data is processed to meet a legal obligation or is processed to find or defend a law in court;
4. Right to request restriction of processing – 18 GDPR: You have the right to obtain restriction of processing in cases where: (i) you consider that processed personal data are inaccurate for a period of time allowing the operator to verify the accuracy of personal data; (ii) processing is illegal, but you do not wish to delete your personal data, but restrict the use of such data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need data to establish, exercise or defend a right in court; or (iv) you have opposed your processing for the length of time that we will check whether the legitimate grounds of the data controller override the rights of the data subject;
5. Right to data portability – 20 GDPR. Represents the right to receive the personal data that you have provided STEEL DESIGN SRL in a structured, currently used and readable form, as well as the right to transfer the data to another operator, in where the processing is based on your consent or the execution of a contract and is done by automatic means;
6. The right to withdraw your consent for processing, when the processing is based on the consent, without affecting the legality of the processing made so far;
7. The right to oppose the processing of personal data – art 21 GDPR – for reasons related to your particular situation, when processing is based on legitimate interest, and to oppose at any time data processing for direct marketing purposes, including the creation of profiles;
8. The right not to be the subject of a decision exclusively based on automated processing, including profile creation, which produces legal effects that affect the data subject or affects it to a significant extent;
9. The right to lodge a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) and the right to appeal to competent courts.
Data protection policy is based on the following data protection principles:
- Personal data processing will be done in a legal, fair and transparent manner;
- The collection of personal data will be appropriate, relevant and limited to the information required for the purpose of the processing;
- Personal data will be correct, and where needed, updated;
- All necessary steps will be taken to ensure that incorrect data is erased or corrected without delay;
- Personal data will be retained in a form that allows the person to be identified and for no longer than the time that personal data is processed;
- All personal data will be kept confidential and stored in a manner that provides the necessary security;
- Personal data will not be shared with third parties unless required for the purpose of providing services under agreements;
Persons concerned have the right to request access to personal data, rectification and erasure, impediment or restriction of data processing as well as data portability.
CHANGES TO THIS STATEMENT WITH REGARD TO THE PROCESSING OF PERSONAL DATA
Exercise of the above mentioned rights may be made at any time. In order to exercise these rights, we recommend that you use the forms that can be found on the www.steeldesign.ro or by sending a notification in electronically at the following address: firstname.lastname@example.org or a written, dated and signed notice at: RENASTERII 24 C, Sanpetru, Jud Brasov