GDPR

Privacy policy regarding personal data processing
datelor cu caracter personal

CONTED SA will make all reasonable efforts to process your data in full compliance with Regulation (EU) 679/2016 (General Data Protection Policy or GDPR), as well as with any other applicable legislation on the territory of Romania. For that we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when interacting with us, including through our website.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or any changes to our legal requirements. In the event of any such change, we will display on our website the modified version of the Privacy Policy, which is why please periodically check its contents.

Who are we and how to contact us

CONTED SA is a legal Romanian entity, from Dorohoi, December 1 Street, 1918, no. 8, Botosani county, with registration number with the Trade Register J07/107/1991, unique registration code RO622445. For the purposes of legislation on data protection, we are operators when processing your personal data.

Which categories of personal data are we processing?

CONTED SA collects personal data in the following ways: directly from you (emailed, translated in a contract, awarded on the website, SMS, social networks or other means of communication agreed) from our business partners who provide us with data to deliver the products to you (for example but not limiting to courier service providers).

What are the goals and reasons for processing?

We will use your personal data for the following purposes:

To provide services for your benefit

This general purpose may include, as appropriate, the following:

a) Processing orders, including acquisition, validation, dispatch and billing thereof;

b) Settlement of cancellations or problems of any kind related to an order or product purchased;

c) Return of products according to law;

d) Reimbursement of products as required by law.

Processing your data for these purposes is in most cases necessary for the conclusion and performance of a contract between your CONTED SA. Also, certain processing subsumed these purposes are required by applicable law, including tax law and accounting.

To defend our legitimate interests

There may be situations where we use or transmit information to protect our rights and business activities. These may include:

– Measures to protect the website from cyber-attacks;

– Prevention and detection of fraud attempts, including the transmission of information to the competent public authorities;

– Measures to manage various other risks.

General basis of this type of processing is our interest to defend our legitimate commercial activity, it being understood that we ensure that all measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

Also, in some cases, we consider processing under legal provisions such as the obligation to safeguard the goods and values provided for by the applicable laws in this area.

How long do we keep your personal data

You may ask us at any time to delete certain information and we will respond to these requests, subject to the preservation of certain information in situations where applicable law or legitimate interests impose it.

Time limits for personal data storage:

– general prescription – 3 years;

– employment contracts – 75 years;

– payment states – 50 years;

– financial-accounting documents – between 5 and 10 years.

To whom can we submit your personal data

As the case may be, we may transmit or give access to certain personal data of you to the following categories of recipients:

– courier service providers;

– payment / banking service providers;

– insurance companies;

– IT service providers.

If we have a legal obligation or if it is necessary to protect our legitimate interest, we can also disclose certain personal data to public authorities.

We ensure that third-party private law access to your data is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

In which countries can we transfer your personal data?

We currently store and process your personal data in Romania only.

How do we secure your personal data?

We are committed to ensure the security of personal data by implementing appropriate technical and organizational measures. The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while providing data redundancy.

What rights do you have?

The General Data Protection Regulation will recognize a series of rights in relation to your personal data. You may request access to your data, correct any mistakes in our files and / or you may oppose the processing of your personal data. You can also exercise the right to complain to your competent supervisory authority or to address the court. As the case may be, you also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.

In order to exercise your rights, you can contact us using the contact details listed below. Please note the following if you wish to exercise these rights:

Identity. If necessary, we reserve the right to verify your identity by requesting additional information to confirm your identity.

Fees. We will not charge any fee to exercise any right in respect of your personal data, unless your request for access to information is ungrounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before you resolve your request.

Response time. We try responding to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made more requests, in which case the deadline will be extended for a further two months. We'll let you know if we'll need more than a month. We may ask whether you can tell us exactly what you want to receive or what you are worried about. This will help us to act faster and shorten the response time to your request.

Rights of third parties. We are not obliged to respond to a request if it would adversely affect the rights and freedoms of other persons concerned.

Rights covered

Access

You can ask us:

  • to confirm if we process personal data;
  • to offer a copy of such data;
  • to provide other information about your personal data, such as data that we have, what we use, to whom they disclose if they transfer abroad and how we protect them during storage and what rights you have, how can you make a complaint, where have we obtained your data.

Correction

You can ask to correct or supplement your personal data is inaccurate or incomplete. We may try to check the accuracy of the data before we rectified it.

Deleting personal data

You can ask us to delete personal data, but only if:

  • they are no longer necessary for the purposes for which it was collected; or
  • you have withdrawn consent (where data processing is based on consent); or
  • you oppose the processing of your personal data; or
  • they have been processed illegally; or
  • it is our legal obligation in this regard.

We have no obligation to conform to your request to delete your personal data if it is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defense of legal court.

There are some other circumstances in which we are not obliged to respect your request for data deletion, although these are the most likely circumstances in which we may decline your request.

Restricting of data processing

You can ask us to restrict the processing of personal data, but only if:

  • their accuracy is contested (see section rectification), to allow us to check their accuracy; or
  • processing is illegal, but you do not want data to be deleted; or
  • they are no longer necessary for the purposes for which it was collected, but you need them in order to establish, exercise or defend a right in court; or
  • you have exercised their right to oppose and check if our rights prevail is underway.

We can continue to use your personal data following a request to restrict, if they:

  • have your consent; or
  • in order to establish, exercise or in defence of a right in court; or
  • to protect the rights of Conted SA or any other natural or legal person.

Data portability

You may ask us to provide your personal data in a structured, commonly used and automatically readable format, or request that it be "ported" directly to another data operator, but only if:

  • processing is based on your consent, or conclusion, or performance of a contract with you; and
  • processing is done by automated means.

Opposition

You may oppose at any time, for reasons related to your particular situation, the processing of your personal data on our legitimate interest, in case you believe that your fundamental rights and freedoms prevail over this interest.

Automated decisions

You can ask that you not be the subject of a decision based solely on automatic processing, but only when that decision:

  • has legal effect on you; or
  • will otherwise affect you in a similar way and to a significant extent.

This right does not apply if the decision reached by the automatic decision-making:

  • we need to conclude or perform a contract with you;
  • is authorized by law and there are adequate safeguards for your rights and freedoms; or
  • is based on your explicit consent.

Complaints

You have the right to make a complaint at the supervisory authority about the processing of your personal data. In Romania, the contact data of the data protection supervisor is the following:

National Supervisory Authority for Personal Data Processing

Gheorghe Magheru Street, No. 28-30, Sector 1, Postal code 010 336, Bucharest, Romania

Phone: 031-8059211 or 031-8059212;

E-mail: anspdcp@dataprotection.ro

You can contact anytime CONTED SA’ data protection officer by sending your request by any of the following ways:

– E-mail: data.protection@conted.ro, secretariat@conted.ro or

– by mail to: Dorohoi city, December 1, 1918 Street, No. 8 Botosani county, with reference to Conted SA’ responsible with the protection of personal data.