ATELIERE MARI SI MICI POLICY REGARDING DATA PROCESSING
What are personal data and what is the Data Protection Regulation?
“Personal data” are any information relating to an identified or identifiable natural person (the “data subject”), who can be identified, directly or indirectly, in particular by reference to an identifier (e.g. a name, an identification number, location data, an online identifier) or to one or more factors which are specific (to his or her physical, physiological, genetic, mental, economic, cultural or social identity).
Personal data processing should, irrespective of the nationality or place of residence of the relevant natural persons, respect their fundamental rights and freedoms, in particular the right to the protection of personal data.
As of 25 May 2018, European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data (the “Regulation”) has been in effect, and it aims at contributing to the establishment of an area of freedom, security and justice.
We, the ATELIERE MARI SI MICI team, want to build this trust and to inform you about the ways in which we protect personal data and how we apply the provisions of the aforementioned Regulation.
What kind of personal data do we process and to whom do they belong?
The personal data processed by us are identification, demographic, transactional, financial, and location data.
- As a Data Controller, we process prospective candidates’ identification information, which we obtain from their resumes or from the recruitment form available on our website, as well as our employees’ identification information, which we obtain on employment (see our internal policy for further details).
- As a Data Processor, we process our employees’, associates’ and customers’ representatives’ personal data, in accordance with the instructions received from them, and we obtain said data as part of the contractual relationship, for the performance of the agreements entered into with our customers.
What does personal data processing mean for ATELIERE MARI SI MICI; what is the legal basis thereof and what are the purposes for which said data are processed?
Data processing means the operations performed by us upon personal data (e.g. recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use and disclosure by transmission, dissemination or otherwise making available), based on one of the following legal grounds:
- The performance of the agreements entered into with us;
- Compliance with legal obligations;
- Our legitimate interest; or
- The consent of those who express such a choice.
The personal data shall be used for the following purposes:
- To initiate, implement and process business agreements with customers;
- To carry out activities aimed at informing customers and interested third parties about the products and services offered by ATELIERE MARI SI MICI or its partners, as appropriate;
- To initiate, implement and perform agreements with ATELIERE MARI SI MICI service providers;
- To maintain relationships with other third parties;
- To send you information about our services and newsletters;
- To invite you to ATELIERE MARI SI MICI events.
What are cookies?
These tools collect general information which your browser sends to our website, such as the type of browser and the address of the website you visited before accessing our website.
They also collect information about:
- Your Internet Protocol (IP) address – this is a number automatically assigned to your computer or device whenever you connect online. This is a unique address assigned by your Internet service provider in a TCP/IP network. The IP address allows web servers to locate and identify your device.
We use the term “cookies” to refer to all the technologies that store and access information on the device you use to access our Services, such as your computer, tablet, or mobile phone. Also known as “browser cookies” or “tracking cookies”, cookies are small text files, which are often encrypted, and are located in the browser folders.
They are used to help users browse websites effectively and perform certain functions thanks to their primary role of improving/facilitating the use or processes of a website.
By changing browser settings, you can require your browser to stop accepting cookies, and to request permission before accepting cookies from the websites which you visit or to clear the cookies. For further information on how to change browser settings in terms of using cookies and how to block them, visit www.allaboutcookies.org.
To whom do we transfer personal data?
We want to make sure that we offer you the most competitive services possible, and that we also fulfil our contractual and legal obligations. Thus, we will transmit personal data to public authorities, notary offices, external consultants, lawyers, translators, financial and banking institutions, empowered persons to whom we have outsourced the provision of certain services and to other categories of recipients, in Romania or outside the European Union or the European Economic Area.
As regards the transfer of your personal data outside the European Union or the European Economic Area, we will ensure that the relevant organisations in these countries benefit from a decision on the adequacy of the level of protection or have issued adequate safeguards with regard to personal data protection.
How long do we process and retain personal data?
Personal data are processed throughout our contractual relationship (for the period required to fulfil the purposes of the processing) and, thereafter, for the period required by the applicable legal provisions in the field, including, but not limited to archiving provisions.
How do we protect personal data?
As both a Data Controller, and a Data Processor, ATELIERE MARI SI MICI implements appropriate technical and organisational measures to ensure an adequate level of security. We use encrypted processing means (VPN secured communication, Web access control or device control); we ensure the back-up of data stored in our systems; we regularly test and assess the effectiveness of the measures guaranteeing processing security.
How do we protect minors’ personal data?
If we are notified that we have collected the personal data of a person under the age of 18, we will promptly delete such data, unless such processing is provided for by a legal obligation. Please contact us if you believe that we have mistakenly or unintentionally collected personal data from a person under the age of 18.
What are the security measures taken by us to protect your personal data?
ATELIERE MARI SI MICI wants to take all necessary measures to protect your information against unauthorised access, loss, destruction or unauthorised alteration. Even if ATELIERE MARI SI MICI is always implementing and updating the administrative, technical and physical security measures to ensure the protection of your information, ATELIERE MARI SI MICI cannot guarantee at all times the security of the transmission or storage of your information online. Security measures include firewalls, password encryption, and access authorisation checks.
What are the rights of the data subject and how may they be exercised?
In accordance with the applicable legal provisions, you have the right to information, the right of access to the data, the right of intervention on the data, as well as the right to object to the processing of your personal data. You also have the right of data erasure (“the right to be forgotten”), the right of rectification, the right to restrict the processing, the right to data portability, the right not to be subject to an automated individual decision, and the right to file a complaint with the supervisory authority and to go to court.
You may exercise these rights at all times by submitting a signed and dated request to our Data Protection Officer, which you can contact on any issues relating to personal data protection:
- To our headquarters in 29 Constructorilor, District 6, Bucharest, Romania
- By sending an email to: email@example.com