1 Privacy notice
This privacy notice serves as an explanation of the manner, scope, and purpose of processing personal data (hereinafter “data”) as part of our online presence and the websites, functions, and content associated with this, as well as external online presences, such as our social media profiles. (Hereinafter mutually referred to as “online content”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR).
1.1 Controller
Rom Sys Concept SRL
Contact: Office@romsysconcept.ro
1.2 Data protection officer
Rom Sys Concept SRL
Contact: Office@romsysconcept.ro
1.3 Types of data processed:
Contact data (e.g. name, email, telephone numbers)
Usage data (e.g. websites visited, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)
1.4 Categories of data subjects
Visitors and users of the online content.
1.5 Purpose of processing
Provision of the online content, its functions and content
Responding to contact inquiries and communication with users
Security measures
1.6 Terms used
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered as identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie), or to one or more particular characteristics that are the expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person. “Processing” refers to any process carried out with our without the use of automated procedures or any such series of processes in connection with personal data. The term is applied broadly and includes practically any handling of data.
2 Relevant legal basis
In accordance with Art. 13 GDPR, we would like to inform you about the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: The legal basis for obtaining consent is Article 6 Para. 1 (a) and Art. 7 GDPR, the legal basis for processing in the performance of our services and the execution of contractual measures, as well as for responding to inquiries, is Art. 6 Para. 1 (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 Para. 1 (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 Para. 1 (f) GDPR. In the event that crucial interests of the data subject or any other natural person require the processing of personal data, Art. 6 Para. 1 (d) GDPR serves as the legal basis.
2.1 Cooperation with contractual processors and third parties
If, as part of our processing, we disclose data to other persons and companies (order processors or third parties), transmit data to them, or otherwise grant access to the data, this is done only on the basis of a legal permission (e.g. if a transmission of the data to third parties, or to payment service providers, pursuant to Art. 6 Para. 1 (b) GDPR is necessary to fulfill a contract), which you have granted, a legal obligation requires this, or on the basis of our legitimate interests (e.g. when commissioning agents, web hosters, etc.). Provided that we commission third parties to process data on the basis of so-called “order processing agreements”, this is carried out on the basis of Art. 28 GDPR.
2.2 Transmissions to third countries
If we process data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)) or in the context of using third party services or disclosing or transmitting data to third parties, this will only be done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual allowances, we will process data in a third country only if the special conditions of Art. 44 (ff) GDPR exist. This means that processing will only occur on the basis of specific guarantees, such as the officially recognized level of EU data protection (e.g. the Privacy Shield for the USA) or in compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
2.3 Rights of the data subject
You have the right to request confirmation on whether related data is processed as well as information on this data and further information on copies of the data in accordance with Art. 15 GDPR. According to Art. 16 GDPR, you have the right to request completion of data that pertains to you or correction of incorrect data that pertains to you. According to Art. 17 GDPR, you have the right to request the immediate erasure of data that pertains to you, or, according to Art. 18 GDPR, request a limitation on processing this data. You have the right to demand that data pertaining to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other responsible parties. You also have the right, according to Art. 77 GDPR, to submit a complaint to relevant regulatory authorities.
You can exercise your rights at any time by emailing the following address: Office@romsysconcept.ro
2.4 Right of revocation
You have the right, according to Art. 7 Para 3. GDPR, to revoke consent given with effect for the future.
2.5 Right of objection
You can refuse the future processing of data pertaining to you at any time according to Art. 21 GDPR. In particular, you may object to processing for purposes of direct advertising.
2.6 Cookies and right of refusal for direct advertising
Cookies are small files that are saved to a user’s computer. Various pieces of information can be stored in cookies. A cookie primarily serves to save information on a user (or the device on which the cookie is stored) during or after a user makes use of online content. Temporary cookies, or session cookies or transient cookies, are cookies that are erased after a user leaves a website and closes their browser. Such a cookie may contain, for example, the contents of a shopping cart on an online shop or a login status. “Permanent” or “persistent” cookies remain saved even after the browser is closed. This allows the login status to be saved if the user visits again after several days. These cookies can also contain the user’s interests, which are used to measure reach or for marketing purposes. Third-party cookies are cookies that are provided by parties other than the data controller administering the online content (otherwise, when speaking of just the controller’s cookies, the term “first-party cookie” is used). We use temporary and permanent cookies and provide an explanation of such as part of our privacy notice. If the user does not want their cookies to be saved to their device, we request that they deactivate the corresponding option in their browser settings. Saved cookies can be deleted in your browser’s settings. Preventing the use of cookies can lead to limited functionality with respect to this online content. Various services provide information on how to make a general objection to the use of cookies used for online marketing purposes, especially in the case of tracking: via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, you can turn off the saving of cookies in your browser settings. Please note that this may prevent you from making full use of this online content.
2.7 Erasure of data
We erase the data we process, or limit the processing of such, in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data we store will be deleted as soon as it is no longer necessary for its intended purpose and this deletion does not conflict with any statutory storage requirements. If this data is not deleted because it is required for other and legally-permitted purposes, its processing will be limited. This means that the data will be locked and not used for other purposes. This also applies to data that must be stored for commercial or tax reasons.
2.8 Hosting
The hosting services we utilize serve to provide the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security services, as well as technical maintenance services that we utilize for the purpose of administering this online content. Here, we, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online content on the basis of our legitimate interests in the efficient and secure provision of this online content pursuant to Art. 6 Para. 1 (f) GDPR in connection with Art. 28 GDPR (closing of order processing agreement).
2.9 Collection of access data and log files
We, or our hosting provider, collects data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in the sense of Art. 6 Para. 1 (f) GDPR. This access data includes the name of the web page retrieved, file, date, and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the page previously visited), IP address, and the requesting provider. Log file information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from erasure until the incident is finally resolved.
3 Making contact
When contacting us (e.g. via the contact form, email, telephone, or social media), the user’s information is processed in order to handle and settle the contact request in accordance with Art. 6 Para. 1 (b) GDPR. The user’s information may be saved in a customer relationship management system (“CRM-System”) or similar inquiry organization system. We delete requests as soon as they are no longer required. We review their necessity every two years.
4 Links to other websites
This privacy notice applies only to our own internet presence. The web pages of this presence may contain links to third-party websites. Our privacy notice does not apply to these websites. When you leave our website, we recommend carefully reading the privacy policy of each individual website that collects personal data.
5 Online presences in social media
We maintain online presences on social networks and platforms in order to communicate there with active customers, interested parties, and users, and to inform them there of our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise specified in our privacy notice, we process user data if they communicate with us on social networks and platforms, e.g. if they submit posts on our online presence or send us messages.
6 Google Analytics
On the basis of our legitimate interests (meaning an interest in the analysis, optimization, and efficient administration of our online content in the sense of Art. 6 Para. 1 (f) GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information derived from cookies on how a user uses the online content is normally sent to a Google server. Google is certified under the Privacy Shield Framework and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate how users use our online content, to compile reports on actions taken within this online content, and to provide us with additional services related to the use of this online content and the internet. In doing so, pseudonymous usage profiles of the user can be created from the processed data . We use Google Analytics only with active IP anonymization. This means that user IP addresses are shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will not match the IP address sent by the browser with other data. Users can prevent cookies from being saved via the corresponding setting in their browser software; users can also prevent the collection, on the part of Google, of the data generated by the cookie concerning how they use this online content, as the processing of this data on the part of Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google uses data, as well as settings and refusal options, on Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google Uses Information from Sites or Apps That Use Our Services”), http://www.google.com/policies/technologies/ads (“How Google Uses Cookies in Advertising”), http://www.google.de/settings/ads (“Control the Information Google Uses to Show You Ads”).