Politica de confidentialitate

Politica de confidentialitate

PRIVACY POLICY 

1. INTRODUCTION

INITINVEST CONSULTING SRL as author, owner and administrator of the website www.gdprexpert.ro, respects the privacy and security of personal details processing for each person who accesses the website in order to make online orders, session registrations course or access to online tools. 

1.1 CONTEXT OF THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

The General Data Protection Regulation, 679/2016, replaces the 1995 EU Data Protection Directive and in matters of the legislation of each Member State which was drafted in accordance with Directive 95/46 / EC on data protection. Its purpose is to protect the “rights and freedoms” of individuals (ie living persons) and to ensure that they are personal and are not processed without their knowledge and, whenever possible, that they are processed with their consent.

1.2 DEFINITIONS USED BY THE ORGANIZATION (EXTRACTS FROM GDPR)

Material scope (Article 2) – GDPR applies to the personal processing, carried out in whole or in part by automated means, as well as to the processing by means other than automated of personal data which are part of a given record system or which are intended to form part of a data record system.Territorial scope (Article 3) – GDPR applies to the processing of personal details in the course of the activities of an operator’s premises or a person authorized by the operator in the territory of the Union, whether or not processing takes place in the territory of the Union. This Regulation shall apply to the processing of personal data of data subjects who are in the Union by an operator or a person authorized by the controller who is not established in the Union, where processing activities are related to: goods or services of such persons concerned in the Union, whether or not requested by the person visited for payments; or b) monitoring their behavior if it occurs within the Union. This Regulation shall apply to personal processing by an operator who is not established in the Union but in a place where domestic law is applied under international law.

 1.3 DEFINITIONS OF ARTICLE 4

  • “Headquarters” – the operator’s head office in the EU will be the place where the controller takes the main decisions regarding the purpose and means of his data processing activities. The registered office of a person empowered in the EU will be its administrative center. “Personal data” means any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity, “Special categories of personal data” – personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on the sexual life or sexual orientation of a natural person. “Operator” means the natural or legal person, public authority, agency or other body which, alone or in conjunction with others, sets out the purposes and means of processing sonal; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law;
  • “Data subject” – any living person who is the subject of personal data held by an organization.
  • “Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extracting, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, deleting or destroying;
  • “Profiling” means any form of automatic processing of personal data which consists in the use of personal data to assess certain personal aspects of an individual, in particular to analyze or predict aspects of performance at work. , economic situation, health, personal preferences, interests, reliability, behavior, location of the individual or his travels.
  • “Security breach of personal data” means a breach of security that leads, accidentally or unlawfully, to the unauthorized destruction, loss, alteration, or disclosure of personal data transmitted, stored or otherwise processed, or to unauthorized access to them
  • “Consent” of the data subject means any manifestation of the free, specific, informed and unambiguous will of the data subject by which he / she accepts, by an unequivocal statement or action, that the personal data concerning him / her be processed ;
  • “Child” – The GDPR defines a child as anyone under the age of 16, although this can be reduced to 13 in the laws of the Member States. The processing of a child’s personal data is legal only if the consent of the parents or guardians has been obtained. The operator will make reasonable efforts to verify, in such cases, whether the holder of parental responsibility over the child grants or authorizes the agreement.
  • “Third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the controller and the persons who, under the direct authority of the controller or controller, are authorized to process data with personal character.
  • “Data record system” means any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or distributed according to functional or geographical criteria;

2. CONFIDENTIALITY DECLARATION

The management of Initinvest Consulting based in Str. St. Athanasius, No. 21, Iasi, undertakes to comply with all relevant EU and Member State laws regarding the personal data and protection of the “rights and freedoms” of persons whose information is collected and processed by Initinvest Consulting. with the General Data Protection Regulation (GDPR).

Compliance with the GDPR is described by this policy and other relevant policies, such as the Information Security Policy, together with related processes and procedures.

The GDPR will be applied by all persons within the S.C. INITINVEST CONSULTING S.R.L. which processes personal data, including all persons within the S.C. INITINVEST CONSULTING S.R.L. which processes the personal data of customers, employees, suppliers and partners, as well as any other personal data that the organization processes from any source.

The Data Protection Officer is responsible for the annual review of the processing register regarding any changes to the activities of S.C. INITINVEST CONSULTING S.R.L. (determined by changes in the data inventory register) and any additional requirements identified by data protection impact assessments. This register must be available at the request of the supervisory authority.

This policy applies to all employees / staff and stakeholders within S.C. INITINVEST CONSULTING S.R.L., such as outsourced suppliers. Any violation of the GDPR will be treated in accordance with the disciplinary policy of S.C. INITINVEST CONSULTING S.R.L. and it may also be a contravention, in which case the matter will be reported to the competent authorities as soon as possible.

It is expected that partners and any third parties working with or for S.C. INITINVEST CONSULTING S.R.L. and who have or may have access to personal data to have read, understood and complied with this policy. No third party may access personal data held by S.C. INITINVEST CONSULTING S.R.L. without first concluding a data confidentiality agreement, which imposes on the third party obligations no less onerous than those complied with by S.C. INITINVEST CONSULTING S.R.L. and conferring S.C. INITINVEST CONSULTING S.R.L. the right to verify compliance with the agreement.

We may also collect and further process certain information about your behavior while visiting our website, in order to personalize your online experience and provide you with offers tailored to your profile.

3. WHAT HAPPENS TO YOUR PERSONAL DATA?

The personal data we collect from you will be used for the following purposes:

  • Name and surname, E-mail address, Telephone number, County for direct marketing purposes:

ₒ Guaranteeing access to information, tools, resources dedicated to members of the expertGDPR community

ₒ Sending offers with preferential discounts, regarding our services

ₒ Transmission of new information, promotions regarding our services

ₒ Cookies with statistical analysis to improve the functioning of our site – Google Analytics

ₒ Essential cookies in order to comply with the legal requirements established in different jurisdictions around the world – Clym

  • Name and surname, CNP, Parents’ first name and Place of birth (only for training services cf GEO 129/2000), E-mail address, Telephone number, for the purpose of Contracting in order to provide services (including ANC authorized training services in base GEO 129/2000, information and professional counseling services (labor mediation) and reporting to the control authorities in the field, to which according to the law we transfer your data, respectively the Technical Secretariat of ANC, AJOFM.
  • Name and surname, Address for the purpose of Invoicing and reporting to the control authorities in the field through the Zoho Corporation B.V.
  • Name and surname, E-mail address, Telephone number (as applicable) for the purpose of Registration for course sessions or access to online tools made available to users through third parties (Microsoft Corporation, JotForm). For any other transfer of personal data to third parties, we ask for your prior consent.
  • Name and surname, Correspondence address, Telephone number in order to send you the correspondence requested by you Name, surname and e-mail address in order to register on the SpeedExam exam platform and generate the diploma.
  • Name, surname and e-mail address in order to subscribe to the newsletter, news and personalized offers through the Zoho Corporation B.V. platform.
  • Name, surname and e-mail address in order to register for seminars to the Association of Procurement Experts and the Iasi Chamber of Commerce and Industry.
  • Through the platform will be monitored, only during the examination, data such as: location, browser used and IP, in real time, subsequently, the data being deleted after validation of the score obtained.
  • Name and surname, e-mail address, telephone number, organization, department in order to register, validate and participate in the webinar through the Demio platform. The data collected through the Demio platform is stored in the Demio server, located in the USA, the organization is registered in the Privacy Shield at the US Department of Commerce, thus applying the principles of data privacy (Privacy Shield EU-US).

The data collected through the online examination platform are stored in the Liquid Web data center, located in Amsterdam.

We always want to offer you the best online shopping experience. To do this, we may collect and use certain information about your Buyer’s behavior, we may invite you to complete satisfaction questionnaires subsequent to the completion of an order or we may conduct, directly or with the help of partners, market research and research. We base these activities on our legitimate interest in doing business, always making sure that your fundamental rights and freedoms are not affected. To provide you with information of interest to you, we may use certain data about your buyer behavior (eg products viewed / added to your wishlist / purchased) to create a profile. We always ensure that such processing is carried out in compliance with your rights and freedoms and that the decisions taken on the basis of them have no legal effect on you and do not affect you in a significant way. With your consent you give us permission to use them for the purposes mentioned above.

Read more about how and why we use your personal data on www.gdprexpert.ro or in the materials displayed at the reception, and our colleagues will detail at any time the services provided that require the collection and storage of data.

You can withdraw your consent at any time, either in writing, requesting the withdrawal form, or online by requesting it at dpo@initinvest.ro.

WHAT IS PERSONAL DATA?

For the purposes of the General Data Processing Regulation (EU GDPR), Personal Data is defined as “any information regarding an identified or identifiable natural person (“ data subject ”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more many specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity. ”

Your consent is required for SC INITINVEST CONSULTING SRL to process personal data, but it must be given explicitly.

WHY DO SC INITINVEST CONSULTING SRL NEED TO COLLECT AND STORE THE INFORMATION PROVIDED AND HOW LONG WE KEEP IT?

SC INITINVEST CONSULTING SRL is obliged to process and store personal data in order to provide you with services in legal and high quality conditions. During the provision of services, with your consent we will transfer your data to third parties in order to fulfill legal obligations (ANAF, ANC, AJOFM).

Your data will be kept as long as the legislation in force requires. If no express mention is made in this respect, in security conditions according to ISO27001 and for a storage period according to the Internal Data Retention Procedure, but not more than 10 years.

WHO HAS ACCESS TO THE DATA PROVIDED?

The access to the data has the employees of SC INITINVEST CONSULTING SRL or third party processors, as described in point 3 of this Policy. We do not offer anyone access to personal data without your consent.

WHERE IS THE DATA PROVIDED BY YOU?

The personal data provided are stored in the EEA, in accordance with the requirements of the General Data Processing Regulation (EU GDPR).

COOKIES USED BY THE SITE GDPREXPERT.RO, RESPECTIVELY INITINVEST.RO

These sites use cookies. Some of them are essential, while others help us to improve the experience.

  • Cookie-urile esențiale ajută la crearea unui site web, permițând funcții de bază cum ar fi navigarea pe pagini și accesul în zonele securizate ale website-ului. Website-ul nu poate funcționa corect fără aceste cookie-uri. De asemenea, ne ajută să respectăm cerințele legale, cum ar fi GDPR.
  • Cookie-urile statistice colectează informații despre modul în care vizitatorii utilizează un site Web. Noi le folosim pentru a îmbunătăți funcționarea site-ului nostru. Cu toate acestea, unele dintre ele ar putea fi cookie-uri de terță parte, iar datele pe care le colectează pot fi folosite în scopuri necunoscute de noi ca proprietar al site-ului. Te rugăm să consulți politica noastră de confidențialitate privind operatorii de date de terță parte.
  • Cookie-urile funcţionale permit site-ului să ţină minte alegerile pe care le faceți și să furnizeze funcţionalităţi îmbunătățite (cum ar fi suportul). Unele dintre ele ar putea fi cookie-uri de terță parte și datele pe care le colectează pot fi puse în scopuri necunoscute de noi ca proprietar de site-uri. Te rugăm să consulți politica de confidențialitate a procesatorilor terță parte, si anume: Microsoft Corporation, JotForm, SpeedExam, Google Analytics si Clym.
  • Cookie-urile sociale ne permit să folosim butoanele și widgeturile furnizate de serviciile de rețele sociale și de alte părți terțe si functia de chat. Aceștia stabilesc cookie-uri care permit vizitatorilor să posteze link-uri, să aprecieze sau să comenteze pe un site prin intermediul rețelei, sau sa foloseasca functia chat prin Facebook Messenger. Ele permit si urmărirea vizitatorilor pe alte site-uri care au aceleași tipuri de funcţionalităţi încorporate. Te rugăm să consulți politica de confidențialitate a operatorului Facebook Inc.
  • Cookie-uri de Remarketing pentru a face reclama pe alte site-uri web utilizatorilor care au vizitat initinvest.ro. Google va afisa anunturi pe site-urile web pe care utilizatorii gdprexpert.ro le acceseaza, iar Facebook le va afisa in platformele sale (Facebook, Messenger, Instagram, Instant Articles). Aceste anunturi afisate se bazeaza pe vizitele anterioare ale unui utilizator pe site-ul gdprexpert.ro folosind cookie-urile. Daca doriti sa renuntati la cookie-urile de remarketing folosite de catre Google puteti alege ca Google Marketing Platform să nu mai folosească cookie-uri, accesând pagina de renunțare Google Marketing Platformpagina de renunțare Network Advertising Initiative sau Preferintele de tale de Publicitate Facebook.

SECURITATEA DATELOR DUMNEAVOASTRA

INITINVEST CONSULTING detine un Sistem de management al securitatii informatiilor conform ISO/IEC 27001:2013. Toți angajații sunt responsabili pentru a asigura că toate datele personale pe care INITINVEST CONSULTING  SRL le deține și pentru care este responsabil, sunt păstrate în siguranță și nu sunt divulgate în niciun fel unei terțe părți decât dacă acea terță parte a fost autorizată în mod specific de INITINVEST CONSULTING  SRL. să primească aceste informații și a încheiat un acord de confidențialitate.

Toate datele personale sunt accesibile numai celor care au nevoie să le folosească. Toate datele cu caracter personal sunt procesate in siguranta și sunt păstrate:

  • intr-o camera inchisa cu acces controlat; și / sau
  • intr-un sertar închis sau într-un dulap; și / sau
  • daca sunt pastrate pe computere, stocate si cu back-up uri in cloud, protejate prin parolă si drepturi de acces, în conformitate cu cerințele organizatiei din Politica interna de control al accesului și / sau
  • stocate pe suporturi (detașabile) care sunt criptate

Toți angajații au incheiat un acord de utilizare înainte de a li se permite accesul la informațiile organizaționale de orice fel. Imediat ce înregistrările in format fizic nu mai sunt necesare pentru clienții de zi cu zi, acestea sunt distruse in siguranta, în conformitate cu o anumita procedura interna.

Datele personale pot fi șterse sau eliminate în conformitate cu procedura de păstrare a înregistrărilor si conform legislatiei in vigoare. Înregistrările in format fizic care au ajuns la scadenta, sunt  distruse, utilizand un distrugator de hartii de nivel minim P3.

DREPTURILE PERSOANELOR

Persoanele vizate au următoarele drepturi în ceea ce privește prelucrarea datelor și inregistrarile acestor date pe care le pot exercita la https://gdprexpert.ro/protectia-datelor 

  • Să solicite acces cu privire la informațiile deținute și referitoare la cei carora le-au fost dezvăluite.
  • Sa se opuna prelucrarii care ar putea provoca daune sau prejudicii.
  • Sa se opuna prelucrarii în scopul marketingul direct.
  • Să fie informați cu privire la procesul decizional individual automatizat, inclusiv crearea de profiluri.
  • Persoana vizată are dreptul de a nu face obiectul unei decizii bazate exclusiv pe prelucrarea automată, inclusiv crearea de profiluri, care produce efecte juridice care privesc persoana vizată sau o afectează în mod similar într-o măsură semnificativă.
  • Să solicite despăgubiri în cazul în care suferă daune prin orice încălcare a GDPR.
  • Să ia măsuri pentru rectificarea, blocarea, ștergerea, inclusiv dreptul de a fi uitat sau distrugerea datelor inexacte.
  • Să solicite autorității de supraveghere să evalueze dacă o prevedere a GDPR a fost încălcată.
  • Persoana vizată are dreptul de a primi datele cu caracter personal care o privesc şi pe care le-a furnizat operatorului într-un format structurat, utilizat în mod curent şi care poate fi citit cu usurinta şi are dreptul de a transmite aceste date altui operator, fără obstacole din partea operatorului căruia i-au fost furnizate datele cu caracter personal.
  • Persoana vizată are dreptul de a se opune crearii de profile fara existenta unui consimtamant

INITINVEST CONSULTING SRL asigură persoanele vizate ca isi pot exercita aceste drepturi:

Persoanele vizate pot face cereri de acces la date, conform Procedurii de solicitare a accesului persoanei vizate; această procedură descrie, de asemenea, modul în care SC INITINVEST CONSULTING SRL se va asigura că răspunsul său la solicitarea de acces la date respectă cerințele legii. Exercitarea acestor drepturi se poate face la https://gdprexpert.ro/protectia-datelor.

Update: v6-2020

Va multumim ca sunteti clientul nostru! 

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Politică de confidențialitate
You have read and agreed to our privacy policy
Required
Politică de confidențialitate Cookies Policy