POLICY REGARDING THE PROCESSING OF PERSONAL DATA
This Policy regulates the way in which personal data collected from visitors through the site is processed www.valmix.ro (referred to in what follows as website).
The personal data operator is VALMIX STEEL SRL, with headquarters in Bucharest, Turnu Măgurele str., no. 13, block S2, stair 3, floor 7, apartment 507, sector 4, registered at the Trade Register with no. J40/3310/2007, CUI: 21117683 (hereinafter referred to as The society, operator, we or Our).
The personal data protection officer can be contacted at the following contact details: e-mail: email@example.com.
The processing of personal data of natural persons is mainly regulated in EU Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR) – the official text can be consulted on https://eur-lex.europa.eu/.
The terms used in this Policy have the meaning defined in the GDPR.
- CATEGORIES OF PERSONAL DATA CONCERNED. THE SOURCE FROM WHICH THEY COME FROM. SUPPLY OBLIGATION (if applicable)
According to the Terms and Conditions, you must be at least 18 years old to be able to use the Site. Therefore, we do not wish to collect or process data of persons under the age of 18. Also, we do not collect or process sensitive data, provided for by the GDPR, and please do not send us such data either through the contact form or in any other way.
Types of processed data:
- data from communications, such as: the Site contact form, chat, notifications/complaints, support requests, various requests, communications sent by visitors, recommendations received from visitors, etc. Such communications may contain various personal data, such as: name, address, e-mail, telephone, data from messages, or, if we are contacted in connection with recruitment ads or to hire you with us, data identification, contact data, data on experience, workplace, current/former employers, CV data, data from letters of recommendation, letters of interest, etc.
We receive this data when messages are sent to us through the contact form on the Site or when various requests or other communications are addressed to us, in writing or by telephone at any of our contact details.
The transmission of identification data (name) and contact data (e-mail address, telephone) are necessary to be able to register the request, to make the necessary checks, to respond to communications (as appropriate), and in some cases, to be able to identify the person. Without them, we may not be able to respond properly to the request. In the contact form, the transmission of the telephone number is necessary.
Also, depending on the type of communication, it is possible that the provision of certain data by you may even represent a legal obligation.
- data regarding the device used: device type and unique identification (IP) number, operating system used, preferred language of the device.
This data is collected each time you access or use the Site.
- data regarding the use and operation of the Site, such as: the date and time you access the Site, the type of browser used and related information (such as browser settings), the options expressed on the Site, the pages viewed on the Site and the duration of viewing, third-party sites or services parts you used before interacting with our services.
We collect this data when you use the Site, including through cookies or other similar means.
- cookies and similar technologies: on the Site we may store and collect information through cookies and similar technologies.
Details about these technologies, how we use this information and how you can block or delete cookies can be found in Cookies Policy.
It is very important that the data we process about you is accurate and correct. Please inform us if the data submitted has changed or contains errors.
- PURPOSE AND LEGAL BASIS OF PROCESSING
We will use personal data for the following purposes:
- Customer support
We use the personal data received through the contact form, collected by telephone, received at the contact e-mail addresses or through any other forms of communications/notifications/petitions, to assist you in relation to the aspects for which you contact us, assistance that can includes, as appropriate:
- analysis and resolution of formulated issues
- transmission and investigation of issues reported to/by the responsible persons
- sending a response to the contact details provided
- as appropriate, sending the requested offers, taking steps to conclude a contract
- monitoring and analyzing the customer support activity in order to improve the services offered.
We base this processing either on necessity to take steps at the request of the data subject to enter into a contract, either on our legitimate interest to carry out our business in the best conditions, providing support to users, as well as to develop commercial activity, ensuring that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
Depending on the specific situation, certain processing may be imposed by the obligations which are due to us under the law, such as the obligation to respond to requests regarding personal data.
For data that is not strictly necessary to respond to the request (such as the telephone number which is optional), we rely on your consent expressed when filling in that data.
- Safety and security
We use some of the collected data to ensure and maintain the security and integrity of the site and visitor data. Thus, we use the data collected regarding, for example, the device used or other information to:
- to prevent and detect fraud, theft / loss / deletion of data, unauthorized access and / or use, inappropriate behavior and the like on the site, devices, computer systems and networks, software programs, databases, servers, e-mails , and generally on the goods and means used by us to maintain the site
- to limit or remove their effects
- to analyze, synthesize and, as appropriate, report such incidents to the competent authorities.
In certain cases, such incidents may lead to the blocking of the use of the site.
We base such processing mainly on our legitimate interest to carry out our business in the best possible conditions and to protect our business and business interests, including those carried out through the Site, by ensuring that all measures we take ensure a balance between our interests and your rights and freedoms your fundamentals.
Depending on the specific situation, we can base our data processing for this purpose, to the extent necessary, including on legitimate interest of other people, when frauds may affect the data of other parties, or on various legal obligations such as the obligation to report theft, fraud or security incidents to the authorities or to take other measures to prevent or detect fraud.
- Analysis and improvement of the services offered
We want to give you the best experience using the Site and the services offered through it. For this, we may collect and use certain information, especially in relation to how visitors use the Site, in order to analyze the way the Site works, to improve it.
We base these activities on our legitimate interest to carry out and develop our business activities, always taking care that your fundamental rights and freedoms are not affected.
In the case of cookies and similar means used on our Site, we base our processing on consent your prior consent (less for cookies that are strictly necessary for the operation of the Site). Details on how you can express your consent or block or delete cookies found in Cookies policy.
Lack of consent may result in a less pleasant user experience.
- Fulfilling our legal obligations
We process the data collected, to the extent necessary, including to comply with various legal requirements that are applicable to us, obligations that may include, as the case may be:
- archiving related documents;
- keeping records required by law;
- recording and archiving confirmations/options/agreements expressed by visitors;
- providing data to the Romanian authorities upon request or when required by law;
- providing data to visitors, upon request or in cases established by law, etc.
We base this processing on the need to comply legal obligations which come back to us.
- For carrying out legal procedures
We may also process a range of data, depending on the specific situation, for:
- to analyze and solve requests, notifications, complaints, disputes regarding our activity or the way the Site works
- to defend, preserve or exercise our rights, in all procedural phases: pre-litigation, litigation (mediation, courts, arbitration), enforcement
We base these processings mainly on our legitimate interest to protect our business and commercial interests by ensuring that all the steps we take ensure a balance between our interests and your fundamental rights and freedoms. Depending on the concrete situation, we can base our data processing for this purpose, in a limited way and to the necessary extent, including on the legitimate interest of other persons or the public interest.
Also, in certain cases we base our processing on legal obligations, such as the obligation to make available to the judicial authorities the data they may request.
- RIGHT TO OBJECT TO PROCESSING
Please note that for the data we process based on LEGITIMATE INTEREST (as detailed above) you have the RIGHT TO OBJECT such processing for reasons related to your particular situation.
More information about the right to opposition can be found in Section IX below, as well as in art. 21 of the GDPR.
- RIGHT TO WITHDRAW CONSENT
We process the following types of data based on your prior consent:
- The data regarding the phone number, email from the Contact Form, or other data that we need to respond to the requests sent to us
- Data submitted for recruitment upon submission or (if you wish) to retain your CV for a longer period of time in the event that you are not selected for the position you have applied for (if applicable), to give you the opportunity to be considered for further positions
Please note that you are not required to give us your consent for any of this processing. You can use the Site and if you do not agree to us processing any of this data/ do not transmit this data to us.
You can express or withdraw your consent at any time by sending an e-mail to the address firstname.lastname@example.org, in which you inform us that you wish to withdraw your consent for this processing. Withdrawal of consent does not need to be justified.
Please note, however, that due to technical processing times, there may sometimes be a delay between the time you express your new option and the time it is fully implemented internally. That is why we cannot completely rule out that, within a short time after you have withdrawn your consent (which in principle should not exceed a few hours), we will continue the processing and you will be contacted by phone. We strive to prevent this from happening.
Withdrawal of consent means that we will no longer be able to process that data on the basis of consent. However, it is possible that depending on the circumstances, we may continue to process, for limited purposes, the respective data based on other grounds, for example to be able to preserve, exercise or defend our rights in court, to fulfill certain legal obligations or in other cases similar that are closely related to the initial processing.
However, note that the withdrawal of consent does not affect the legality of processing previously carried out based on the expressed consent, nor the processing of data that is not carried out based on consent.
- DATA STORAGE PERIOD
- Data from communications
The data from the contact form, chat, messages, requests, requests or any other addresses that you transmit to us are kept until the resolution of the issues that make up their subject, and thereafter for the applicable general limitation period (as a rule 3 years), and if if applicable, for the entire duration necessary for the resolution of any disputes or related controls.
If the messages received do not have any content, the data are, as a rule, deleted within 2 months of receiving them, to the extent that they are not required for other purposes (for example, to defend our rights or to to respond to other requests related to them).
- Data collected or used through cookies or other similar means; data regarding the use and operation of the Site; data on the device used
These data are stored according to Cookie policies which we kindly ask you to consult in this regard.
- RECIPIENTS OF PERSONAL DATA
The personal data mentioned in this Policy may, in a limited way, be transmitted to/accessed by affiliated entities, service providers, collaborators of the Company or other independent legal entities, but also to public authorities or institutions, such as to:
- collaborators, service providers or other entities with which the Company has concluded various service contracts or other types of contracts, aimed at the proper functioning and/or development of our activity (e.g. IT service providers, HR, e-mail services and servers, marketing, analysis, optimization and security web, logistics, technical assistance, accounting and audit services, market research service providers, insurers, couriers, etc.). Where appropriate, they may act as an operator or authorized persons on our behalf. In general, the access of these entities to personal data is restricted or limited to the minimum necessary to provide the respective services.
- lawyers, bailiffs and/or others external professional consultants. They generally have a legal obligation to keep data confidential.
- public authorities, individuals tinvested with public power, public institutions, relevant courts, etc., from Romania or abroad, in case of control, at their request or at our initiative, when we are obliged or to protect our rights and legitimate interests, in accordance with the applicable legislation. And in this case, we consider a limitation of the personal data that are transmitted to the data strictly necessary for the respective purpose.
- potential buyers or investors in the case of analyzing, planning, negotiating, concluding or implementing various types of transactions/sales operations, merger, division, reorganization, etc. of our society. In general, the data provided is either statistical or anonymized, and where the transmission of personal data is required, it will be limited to the minimum necessary for the respective purpose.
- other third parties, in cases provided for or permitted by law
- in other cases, with your prior notice.
Keep in mind that, depending on the specifics and the way the services/activities are carried out and the related legal requirements, it is possible for any of these entities/persons to transmit the data obtained in this way to public authorities, accountants, lawyers, courts , other entities/persons, etc. (eg each may have their own IT provider who may have limited access to data).
- DATA TRANSFER TO RECIPIENTS IN THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
As of the date of this Policy, our Company does not transfer and does not intend to transfer your personal data, or the data of third parties received from you to entities or persons outside the European Union or international organizations.
We inform you that the servers used by the Company are located in Romania, a state which, being part of the European Union, ensures an adequate level of personal data protection. Therefore, your personal data/third party data provided by you are also processed in this country.
For the safe and optimal operation of the Site and the services provided through it, we use a number of services provided by well-known international companies that have their main place of business in the United States of America.
In August 2016, Commission Implementing Decision (EU) 2016/1250 of July 12, 2016 was published in the Official Journal of the European Union pursuant to Directive 95/46/EC of the European Parliament and of the Council regarding the adequacy of the protection provided by EU-US Privacy Shield. According to this decision, the United States guarantees an adequate level of protection of personal data transferred from the European Union to organizations in the United States under the EU-US Privacy Shield, provided that those entities process the personal data in accordance with a strong set of principles and guarantees for the protection of privacy and personal data that are equivalent to those of the European Union.
The text of the Commission's Decision can be consulted on:
On the US Department of Commerce website (https://www.privacyshield.gov/welcome) a List of companies covered by the EU-US and Switzerland-US Privacy Shield is included.
All companies based in the United States of America from which we use services are included in this List and are thus subject to the EU-US Privacy Shield.
Thus we use:
As of the date of this Policy, except as mentioned above, we do not transfer and do not intend to transfer your personal data to entities or individuals outside the European Union or to international organizations. Collaborators, partners and, in general, the persons and entities we directly contract and to whom we directly transmit personal data are, as a rule, Romanian or European Union persons/entities. In any case, their access to data is generally extremely limited (to only what is possibly necessary for the provision of the respective service).
However, we cannot exclude that they transmit or process, in certain situations, your data to/from other countries, which may or may not be members of the European Union (for example, if they have servers located at Microsoft). In the contractual clauses that we will conclude with them, we will consider that these entities/persons assume the existence of security measures and adequate guarantees aimed at ensuring the confidentiality and appropriate protection of your personal data.
In the event that the Company transfers personal data to entities/persons outside the European Union, we will ensure that adequate personal data protection measures are put in place, or we will request your consent for such transfers, with your prior information on the related potential risks. In exceptional situations where it will be necessary to transfer data outside the European Union, and the above-mentioned conditions are not met, we will ensure that the transfer will be carried out exclusively in cases where the law allows express exemptions (e.g. art. 49 of the GDPR).
- DATA SECURITY
We have taken appropriate technical and organizational measures to ensure data security and limit the risks that may be generated by the destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.
In the event of a security breach, we consider reporting these incidents to the relevant authorities, and as appropriate we will inform you directly (via email, in-app notifications, or other available means).
- YOUR RIGHTS IN RELATION TO THE OPERATOR REGARDING DATA PROCESSING
You have the following main rights, which you can exercise, under the conditions established by law (these rights are established in art. 12-22 of the GPDR):
- the right of access to data (art. 15 of the GDPR): you have the right to obtain from us a confirmation as to whether or not personal data concerning you is being processed and, if so, access to said data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients from third countries or international organizations;
- where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to establish this period;
- the existence of the right to request the operator to rectify or delete personal data or to restrict the processing of personal data relating to the person concerned or the right to oppose the processing;
- the right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from the data subject, any available information regarding its source;
- the existence of an automated decision-making process including the creation of profiles (mentioned in art. 22 (1) and (4) of the GDPR), as well as, at least in the respective cases, pertinent information regarding the logic used and regarding the importance and expected consequences of such processing for the data subject. In this case, if the processing is carried out by automated means you have the right not to be subject to an individual decision.
- if personal data is transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards regarding the transfer (pursuant to Art. 46 GDPR).
Without prejudice to the rights and freedoms of others, you have the right to obtain a copy of the personal data that is the subject of processing.
- the right to data rectification (art. 16 of the GDPR): you have the right to obtain from us, without undue delay, the rectification of inaccurate data concerning you; depending on the purposes for which the data is processed, you have the right to obtain completion of personal data that is incomplete, including by providing an additional statement.
We must notify each recipient to whom we have disclosed personal data of any rectification of personal data, unless this proves impossible or involves disproportionate effort. If you request this, we will inform you about those recipients.
- the right to data deletion ("the right to be forgotten") (art. 17 of the GDPR): you have the right to obtain from us the deletion of your personal data, and we have the obligation to delete the data without undue delay, if one of the following reasons applies:
- the personal data are no longer necessary to fulfill the purposes for which they were collected or processed
- you withdraw your consent on the basis of which the processing takes place and there is no other legal basis for the processing
- you object to the processing pursuant to art. 21 paragraph (1) of the GDPR – i.e. for reasons related to the particular situation you are in, when for example the processing is based on legitimate interest (details also found below) and there are no legitimate reasons that prevail in what concerns the processing
- you object to the processing pursuant to art. 21 paragraph (2) of the GDPR – i.e. when the processing of personal data is aimed at direct marketing (if applicable);
- personal data were processed illegally;
- personal data must be deleted to comply with a legal obligation that falls to us under Union law or the internal law to which the operator is subject;
- the personal data were collected in connection with the provision of information society services directly to a child (mentioned in art. 8 paragraph (1) of the GDPR).
If we have made the personal data public and we are obliged to delete it, we must, taking into account the available technology and the cost of implementation, take reasonable measures, including technical measures, to inform the operators processing the personal data that you have requested the deletion by these operators of any links to said data or any copies or reproductions of such personal data.
Please note that in certain cases expressly permitted by law (in Art. 17 para. (3) of the GDPR), we may not delete the data (for example if we need to keep it to comply with a legal obligation).
We must also notify each recipient to whom we have disclosed personal data of any data deletion, unless this proves impossible or involves disproportionate effort. If you request this, we will inform you about those recipients.
- the right to restrict data processing (art. 18 of the GDPR): you have the right to obtain from us the restriction of the processing of your data if one of the following cases applies:
- if you dispute the accuracy of the data, for a period to allow us to verify the accuracy of the data;
- the processing is illegal and you object to the deletion of the personal data, requesting instead the restriction of its use;
- we no longer need the personal data for the purpose of processing, but you request them to establish, exercise or defend a right in court; or
- you objected to the processing in accordance with art. 21 para. (1) of the GDPR (i.e. for reasons related to your particular situation, when for example the processing is based on legitimate interest) for the period of time in which it is checked whether our legitimate rights prevail over your rights.
We must communicate to each recipient to whom we have disclosed personal data any restriction of the processing carried out, unless this proves impossible or involves disproportionate efforts. If you request this, we will inform you about those recipients.
- the right to data portability (art. 20 GDPR): you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another operator, without hindrance from our side, if:
- the processing is based on consent or a contract and
- the processing is carried out by automatic means.
You also have the right to have your personal data transferred directly from one operator to another where this is technically feasible.
- the right to object to processing (art. 21 of the GDPR): you have the right to oppose, at any time, for reasons related to your particular situation, the processing of personal data concerning you pursuant to art. 6 para. (1) lit. (e) of the GDPR (that is, when the processing is carried out for the performance of a task that serves a public interest or that results from the exercise of the public authority with which the operator is vested) or letter (f) (ie when the processing is carried out for the purposes of the legitimate interests pursued by the operator or a third party), including the creation of profiles based on those provisions.
In this case, we no longer process the personal data, unless we can demonstrate that we have legitimate and compelling reasons that justify the processing and that prevail over your interests, rights and freedoms, or that the purpose is to establish, exercise or defend a right in instance.
You also have the right to object at any time to the processing of personal data concerning you carried out for direct marketing purposes (if applicable), including the creation of profiles, insofar as it is related to that direct marketing. In this case, personal data are no longer processed for this purpose.
- HOW YOU CAN EXERCISE YOUR RIGHTS
To exercise your rights or to ask us any questions or concerns about any of these rights, please contact us at contacts:
- Address: Olteniței Street, 202, Popești-Leordeni, Ilfov County, Premises at Viscofil
- E-mail: email@example.com
Please note that submitting these requests involves additional processing of your data.
In order to respond to submitted requests, we may require you to provide additional information necessary to confirm your identity.
We trust that you will not exercise these rights in an unreasonable, excessive or abusive manner.
- THE RIGHT TO SUBMIT A COMPLAINT TO THE SUPERVISORY AUTHORITY
If you believe that we are not complying with data protection legislation, you have the right to lodge a complaint with the data supervisory authority.
In Romania this is:
The National Supervisory Authority for the Processing of Personal Data (ANSPDCP).
At the date of this, ANSPDCP has the following contact details:
Headquarters: Bd. Gheorghe Magheru no. 28-30, Bucharest, Sector 1, postal code 010336, Romania