Purpose of the Policy
Your privacy is very important to us. Therefore, we take outmost care to process your personal data in accordance with the principles set forth in the data protection legislation applicable in Romania, including (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
Personal data represents any information relating to an identified or identifiable natural or legal person and an identifiable person is that person that may be identified directly or indirectly, particularly by reference to an identification number or to one or more factors specific to its physical, psychological, mental, economic, cultural or social identity.
- the purposes for which we collect and use your personal data;
- the processing grounds for such purposes;
- the categories of personal data we collect from you and process;
- the duration of processing of such data;
- your rights as data subjects and the manner in which you may exercise them;
- to whom we may disclose your personal data.
I. Categories of personal data, purposes and grounds for processing
In the context of your interaction with Despa, you, as a natural person, may be subject to the data processing activities that we perform. Please be informed that we use your personal data in the following cases:
1. If you are a representative, employee, collaborator or contact person of a client or potential client
1.1. The goals of processing your data are:
1.1.1. Providing the services and/or products requested from us
We use your relevant personal data in order to prepare and provide the services and/or products requested from us. For instance, we may use the personal data to manage the relationship with the client you represent. We rely in this case on the legitimate interest in providing our services according to our area of activity and managing the relationship with our customers.
1.1.2. Communicating with you
We use your contact details in order to communicate with you with respect to your requests and any other relevant business-related matters regarding our cooperation or possible cooperation. We also rely in this case on the legitimate interest in providing our services according to our area of activity.
1.1.3. Data processing as obligation imposed by the law
We may process some of your data in the context of providing the services and/or products based on legal obligations, should it be the case. In such situation, the grounds for processing is the legal obligation.
1.1.4. Sending newsletters
We may also use your contact details in order to provide to you in electronic form our specialized newsletters on our services, but only if you have subscribed and, hence, given your express consent to such processing. You can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective e-mail or by writing at email@example.com with your request for cancelation of your subscription.
1.2. The categories of data processed in this context are generally your name, position, e-mail, phone, fax, as well as other personal data provided to Despa, usually by you, if needed to fulfill the above purposes. In all cases data is provided either directly by you or by the client.
2. If you are a business partner or supplier of Despa
2.1. The goals of processing your data are:
2.1.1. Maintaining our contractual relationship with you
We use your relevant personal data in order to maintain our contractual relationship with you. We rely in this case on the performance of our agreement as grounds for processing.
2.1.2. Communicating with you
We use your contact details in order to communicate with you with respect to any relevant business-related matters. We also rely in this case on the performance of our agreement as grounds for processing.
2.1.3. Data processing as obligation imposed by law
We may process some of your data in the context of providing the services based on legal obligations, should it be the case. In such situation, the ground of the processing is the legal obligation.
2.2. The categories of data processed in the context of our relationship with you are your name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us.
3. If you are a representative, contact person, employee or another collaborator of a business partner
3.1. The goals of processing your data are:
3.1.1 Maintaining our contractual relationship with our business partner
We use your relevant personal data in order to maintain our contractual relationship with our business partner (including a supplier). We rely in this case on the legitimate interest in ensuring that the contractual relationship is managed properly.
3.1.2. Communicating with you
We use your contact – details in order to communicate with you with respect to any relevant matters related to our partnership. We also rely in this case on the legitimate interest of ensuring that the contractual relationship is adequately carried out.
3.1.3. Data processing as obligation imposed by law
We may process some of your data in the context of providing the services based on legal obligations. In such case, the grounds for processing is the legal obligation.
3.2. The categories of data processed in this context are generally: name, position, e-mail, phone, address, as well as other personal data provided to Despa, usually by you, as needed to fulfill the above purposes.
In all cases, the data is provided either directly by you to Despa or or by the business partner of Despa.
4. If you are a job applicant
We use the personal data contained in the CVs we receive in order to assess the applicants’ qualifications for a position within Despa. We base our processing on the grounds of entering into and performing of the agreement.
The categories of data processed in the context of our relationship with you are your name, e-mail, phone, address, personal data included in CVs, education and training details, professional qualifications, as well as other personal data you may provide directly to us.
5. If you are a visitor of our premises
We use your personal data in order to ensure the security of our premises, assets and personnel. In this case, we base our data processing on the legitimate interest of Despa, namely the protection of such premises, assets and personnel.
The categories of data processed in this context are your name as well as other personal data you may provide directly to us.
6. If you are a user of our Internet website
We use the personal data we collect from you when you visit our Internet site, www.despasolutions.ro, in order to process and respond to your inquiries transmitted via our website.
We base this data processing activity on our legitimate interest in giving the information requested in respect to our activity and services. The categories of data processed in this context are the name, position, email address and phone number.
We also use your personal data in order monitor the traffic and improve the content of the website. We base this data processing activity on our legitimate interest in ensuring the proper functioning of our Internet website, as well as its improvement.
We use web analysis and report services (Analytics) in order to analyze information collected from the users of the website. This information allows Despa to better understand users of its website and the way they use the page.
The categories of data processed in this context are the hour and date of accessing the Internet website and the IP address from which our Internet website was accessed.
II. PROVIDING THE PERSONAL DATA
When the data is required directly from you, we kindly ask you to provide all categories of personal data we request in the aforementioned purposes, as otherwise we shall not be able to carry out our activity (including, among others, to provide you with our services).
III. DISCLOSURE OF YOUR PERSONAL DATA
While as a rule we shall not disclose your personal data to any third parties, we may:
- if necessary, send relevant personal data to business partners, technical service providers, acting as data processors for and on behalf of Despa, whose involvement is strictly required for fulfilling one of the aforementioned purposes.
- disclose the data in order to comply with the law or in response to a request from a court or other legal authority, such as a warrant or a subpoena. Despa might also share the information if we believe, in good faith, that it is necessary to prevent or address frauds or protect us.
- if necessary, disclose relevant personal data to relevant authorities, in the context of providing the services you have requested from us.
IV. DURATION OF PROCESSING
We intend to keep your personal data for the duration of the agreement concluded between the parties, as well as afterwards, according to our internal policies and the legal obligations incumbent upon us. Also, Despa shall maintain your personal data for a period which is necessary in order to preserve its rights and legitimate interests. In case the data is not collected in the context of an agreement, such data will be kept for as long as necessary in order to attain the purpose of the envisaged data collection or any other longer period imposed by the law, and applicable records retention regulation or public authorities.
Promptly after the applicable storage period has ended, the data shall be:
- securely deleted or destroyed;
- transferred to an archive (unless this is prohibited by law or an applicable records retention regulation).
V. YOUR RIGHTS
In your capacity as data subjects, the GDPR provides you with a series of rights including:
- the right of access – allowing you to obtain confirmation that your personal data is being processed by us and, if affirmative, the relevant details of such processing activities;
- the right to rectification – allowing you to rectify your personal data if inaccurate;
- right to erasure – allowing you to obtain the erasure of your personal data in certain cases (e.g., if the data is no longer necessary in relation to the purposes for which it was collected);
- right to restriction – allowing you to obtain the restriction of processing your personal data in certain cases (e.g., when you contest the accuracy of your personal data, for a period enabling us to verify such accuracy);
- the right to object – allowing you to object to further processing of your personal data within the conditions and limits set forth by law;
- right to data portability – allowing you to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another data controller.
We are committed to ensure your exercise of these rights.
You may exercise your aforementioned rights freely and at any time and find out more about such rights by filing with us, as data controller, a written request at DESPA S.R.L., 3 Principala Street, Colanu, 137456, Dambovita, Romania or by e-mailing us at firstname.lastname@example.org.
You also have the right to file a complaint with the data protection authority.
We encourage you to contact us immediately if you believe that your personal data was provided without consent. We shall always treat your requests with the highest degree of attention and address any queries you may have in the shortest time possible.
As part of the administration of our website, we have taken technical and organizational measures to ensure a level of security appropriate to the nature of data and the risks that processing of it can carry, so that the security and confidentiality of your personal data can be preserved, and notably so it can be prevented from being distorted, damaged or viewed by unauthorized third parties.
These measures may include practices such as limited access to data among staff members of departments authorized to gain access to it due to their work purposes, contractual guarantees in the event of resorting to an external service provider, regular examinations of our practices and policies of respect for people’s privacy and/or security measures that are material or computerized (secured access, authentication procedure, back-up copies, antivirus software, firewalls, etc.)
You shall be notified with respect to a data security breach, within a reasonable period of time following discovery of such breach, unless a law enforcement official determines that notification would impede a criminal investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such law enforcement official. We shall promptly respond to your enquiries relating to such data security breach.