Confidentiality

Somaco Group Information Note on Personal Data Processing Policy

1 How to contact us

2 What does our Information Note cover?

3 Why and how we process your personal data?

4 From whom and how we collect your personal data?

5 What are our legal grounds for processing your personal data?

6 In what situations do we process your personal data?

7 We use automated profiling processes and automated decisions?

8 About the purposes for which we process personal data

9 How long do we keep your personal data?

10 Do we reveal your personal data?

11 Do we transfer your personal data outside the EU or EEA?

12 Are your Personal Data safe?

13 What are your rights?

14 How can you exercise your rights?

15 Do you have the right to file a complaint?

16 Explanations of the terms and phrases used in this information note

1 How to contact us

SC Somaco Grup Prefabricate

Bucharest, Strada Biharia nr 67-77, Complex Metav, corp I, etaj 2.

ROMANIA

office@somaco.ro

2 What's covered by our Information Note?

 2.1 Our information note is effective from: 25.05.2018

2.2 Our information notice applies to our website: somaco.ro 

3 Why and how we process your personal data?

3.1 For job applicants and / or internship in Somaco

3.1.1 From the applicants to a job or internship in the company, we collect the following personal data in the legitimate interest of recruiting and selecting candidates who express their interest in doing so by submitting the application: contact details, qualifications, specializations, employment history, citizenship, age, address. These data are strictly in the interest shown above and are kept for a maximum of three months from the date of the selection process completion.

3.2. For visitors to the Somaco site, other than those specified in 3.1.

3.2.1 We collect your email for registration of an account on the somaco.ro website. We also collect your email to keep you up to date with Somaco's news to send you informative offers or notices for different marketing projects (Satisfaction Studies, Events, Easter / Christmas / birthdays wishes) etc.). 

3.2.2 We collect your phone number to keep you up to date with Somaco's news to send you informative offers or notes for various marketing projects (Satisfaction Studies, Events, Easter / Christmas / birthdays) etc.). 

3.2.3 We collect your occupation/position to personalize the invitations or content of Somaco's information,  to send you informative offers or notes for various marketing projects (Satisfaction Studies, Events, Easter / Christmas / birthdays) etc.).

3.2.4 We collect your business registered office for marketing campaigns that involve the sending of informative and promotional materials.

3.2.5 We use the content of your messages written or transmitted by you in the satisfaction studies to improve Somaco's work (we use data internally). Your appreciations about some of Somaco's projects can be pre-recorded as testimonials of your Somaco experience.

3.2.6 We collect your birthday date to wish you happy birthday, electronically, by telephone and / or by post.

3.2.7 We collect your ID from the strictly required cookies placed by somaco.ro to enable you to log in, to keep logged in as you navigate through the pages of our site.

3.2.8. We collect video, audio, or photo material from events to make a photo / audio / video material that can be distributed to Somaco participants and employees or can be used for promoting the company image. By signing up for the event and implicitly by accepting this set of terms and conditions, the participant agrees that Somaco may use the photographs, video or audio material created by the staff or contractors during the course/event, without the need for a special request for a participant's acceptance.

3.2.9 We collect your name, surname in order to personalize the invitations or content of Somaco's information,  to send you informative offers or notes for various marketing projects (Satisfaction Studies, Events, Easter / Christmas / birthdays) etc.).

4 From whom and how do we collect your personal data?

4.1 We collect your personal data directly from you.

4.2 We collect your personal data using a web form.

4.3 We collect your data electronically.

  • by storing information on your equipment, or
  • accessing information stored on your equipment, or
  • reading information from your equipment.

4.4 When you provide us with your personal data, your provision is also allowed voluntarily. You can provide them freely: name, email, phone, content of forum posts, business registered office, address, profession, date of birth, professional history, qualifications, specializations

5 What are our legal grounds for processing your personal data?

We only process your “non-sensitive” personal data. Data processing is necessary for the legitimate interests we pursue.

Our legitimate interests can be removed by

  • your interests and your fundamental rights.
  • We adequately protect your interests and rights and freedoms.

6 In what situations do we process your personal data?

 We process your personal data directly provided as a buyer, customer, or candidate in the interests of legitimate business collaboration, employment, or internship at the company.

7 Do we use automated profiling processes and automated decisions?

We do not use your personal data to automatically evaluate aspects of your personality or automated decisions.

8 About the purposes for which we process personal data

8.1 We process your personal data for the purposes described in Section 3.

Our purposes for which we process personal data are

  • real,
  • present,
  • legitimate.

8.2 We do not process your personal data for secondary purposes that are incompatible with the primary purposes for which your personal data is originally collected,

  • without your prior consent,
  • without being a legitimate interest in this
  • without a legal ground.

9 How long do we keep your personal data?

  • 9.1. We limit the length of time that your personal data is stored to what is required for our processing purposes.
  • 9.2. We review the need to keep your personal data up to date: Every year, we analyse data collected and processed to filter, sort and maintain processing only for data where the purpose of the processing is current.
  • 9.3. We delete your personal information within a specified time frame:

9.3.1     For Somaco job / internship applicants, we delete your personal data within max three months of completing the selection process if we do not decide to conclude an Employment Contract and it is not legitimate to process your personal data for execution employment contract.

 

9.3.2     For other categories of persons than those specified in paragraph 9.3.1, we will delete your data at five years from the date when your relationship with us ends (the applicable clause for newsletters, from the moment the reader no longer accesses the content of our newsletters).

9.4. We delete your data at the time you request this unless it is in breach of a legal obligation.

  • 9.5. If the retention of your personal data is required for purposes specified by law, we may retain your personal data.

10 Do we reveal your personal data?

10.1 We do not disclose your personal data to recipients.

11 Do we transfer your personal data outside the EU or EEA? 

11.1 We do not transfer your personal data

  • in countries outside the EU or EEA, or
  • to international organizations.

12 Are your Personal Data safe?

We keep your personal data safe

  • with appropriate technical measures,
  • with appropriate organizational measures,
  • with an adequate level of security,
  • against unauthorized processing,
  • against unlawful processing,
  • against accidental or illegal loss,
  • against accidental or illegal destruction;
  • against accidental or unlawful damages.

13 What are your rights?

13.1 We respect your rights regarding the protection of your personal data.

13.2 You have the right to access your personal data.

If you ask us to confirm whether we process your personal data or not, then you have a right that requires us to confirm that we

  • process your personal data or
  • do not process your personal data.

Your right to obtain confirmation from us that we process (or do not process) your personal data

  • does not include anonymous data.
  • includes only the personal data that concerns you.
  • includes pseudonym data that may be clearly related to you.

We need to give you access to your personal data If you ask us to confirm whether we process your personal data and process your personal data and request access to your personal data.

We need to provide you with a copy of your personal data if you ask us to confirm whether we process your personal data and process your personal data and request a copy of your personal data.

13.3 You have the right to rectify your personal data.

The right to get the rectification of your personal data that is inaccurate

  • does not include anonymous data.
  • includes only the personal data that concerns you.
  • includes pseudonym data that may be clearly related to you.

We need to rectify your personal data if we process your personal data, and your personal data is inaccurate, and request that you rectify your personal data.

We need to complete your personal data if we process your personal data and your personal data is incomplete and request that you complete your personal data.

You may provide us with an additional statement.

We need to communicate the rectification of your personal data to recipients of your personal data (if any).

13.4        You have the right to delete your personal data.

We need to delete your personal data without undue delay if you require the deletion of your personal data and the processing of your personal data is illegal.

13.5 You may obtain from us the restriction of the processing of your personal data.

our right to obtain restrictions on the processing of your personal data

  • does not include anonymous data.
  • includes only the personal data that concerns you.
  • includes pseudonym data that may be clearly related to you.

We need to restrict the processing of your personal data if

  • You request to restrict the processing of your personal data and
  • We do not need your personal data for our processing purposes and
  • You request your personal data to make a legal complaint or
  • You request for your personal data to exercise a legal complaint or
  • You need your personal data to defend yourself against a legal complaint.

We need to restrict the processing of your personal data if you are requesting a restriction

  • processing your personal data and
  • you object to the processing of your personal data that is necessary for the performance of a task we perform in the public interest or you oppose the processing of your personal data that is necessary in the exercise of an official authority entrusted to us and
  • you oppose the processing of your personal data that is necessary for the legitimate interests we pursue and you expect to verify that the processing of your personal data has a legitimate reason that does not exceed your objection.

13.6 If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for that purpose.

Your right to object to the processing of your personal data for direct marketing purposes

  • is a right that you have at all times.
  • does not include anonymous data.
  • includes only the personal data that concerns you.
  • does not include personal data that does not concern you.
  • includes pseudonym data that may be clearly related to you.

If you object to the processing of your personal data for direct marketing purposes then we must omit the processing of your personal data for that purpose.

If we process your personal data for direct marketing purposes, then

  • we must explicitly notify you of this right, at the latest at the time of your first communication with you, and
  • we must present this right in a clear and separate way from any other information.

14 How can you exercise your rights?

14.1 We invite you to communicate with us about the exercise of your rights to protect your personal data.

14.2         

  • We accept only written requests, sent to the email datepersonale@somaco.ro; Because we cannot deal with verbal requests right away, without first looking at the content of the request and without identifying you first.

Your application must contain a detailed and precise description of the right you wish to exercise.

14.3.     We inform you about how we deal with your application (exercising your rights) with regard to the protection of your personal data within one month of receiving your application.

15 Do you have the right to file a complaint?

15.1 You can file a complaint with a supervisory authority

  • at your usual domicile in the EU and the EEA.
  • at your place of work in the EU and the EEA.
  • at the place of the alleged violation in the EU and the EEA.

The supervisory authority must inform you within a reasonable time regarding

  • the progress of the complaint and
  • the result of the complaint.

15.2 You can mandate an organization to file a complaint on your behalf with a supervisory authority.

The supervisory authority must inform you within a reasonable time limit regarding

  • the progress of the complaint and
  • the result of the complaint.

15.3 You have the right to take legal action in the EU and the EEA against

  • an operator,
  • an empowered person and
  • a Supervisory Authority.

15.4 You may mandate an organization to exercise, on your behalf, the right

  • to a judicial remedy.
  • to compensation for damage resulting from a personal data breach.

16 Explanations of the terms and phrases used in this information note

16.1         All terms and expressions used in this Information Note will have the meaning given below, unless otherwise specified in the Information Note.

Personal data means any information relating to an identified or identifiable natural person ("the data subject”).

An identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as:

  • a name
  • an identification number
  • location data
  • an online identifier
  • the physical identity of a natural person
  • the physiological identity of a natural person
  • the genetic identity of a natural person
  • the physical identity of a natural person
  • the economic identity of a natural person
  • the cultural identity of a natural person
  • the social identity of a natural person

16.2 Sensitive personal data are - according to GDPR - called special categories of personal data.

  • Personal data is sensitive if processing of such personal data reveals:
  • racial origin,
  • ethical origin,
  • political opinions,
  • religious beliefs,
  • philosophical beliefs,
  • membership of a trade union.
  • Personal data is also sensitive if:
  • Genetic data is processed for the purpose of uniquely identifying a natural person,
  • Biometric data is processed for the purpose of uniquely identifying a natural person.
  • Sensitive personal data also includes:
  • data related to health,
  • data that relate to a person's sexual life,
  • data relating to the sexual orientation of an individual.

16.3 The usual personal data is - in GDPR - personal data that does not include special categories of personal data. There is no exhaustive list of these personal data.

16.4 Pseudonymization of Personal Data means the processing of personal data in such a way that it can no longer be attributed to a particular data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational nature to ensure that such personal data are not attributed to an identified or identifiable natural person.

16.5 Processing means any operation or set of operations performed on personal data or on personal data sets with or without the use of automated means such as

  • collecting,
  • registering,
  • organization,
  • structuring,
  • storage,
  • adaptation,
  • alteration,
  • extraction,
  • consultation,
  • use,
  • deletion or destruction
  • etc.

16.6 Restricting processing means storing personal data stored in order to limit their processing in the future.

16.7 The purpose of the processing is the reason why personal data is processed.

16.8 Profiling

  • (1) must be an automatic form of processing, including
  • Automatic exclusively processing (referred to in Article 22 of GDPR) and
  • Partially automatic processing (if a person is involved in processing personal data does not necessarily mean that processing is not profiling)
  • (2) must be done with respect to personal data; and
  • (3) the goal of profiling should be to evaluate the personal aspects of a person, in particular to analyse or make predictions about individuals.
  • Keep in mind that simply rating or categorizing people automatically based on characteristics such as their age, gender and height could be considered automatic profiling, no matter what the predictive purpose.

16.9 Decisions based solely on automatic processing

  • (1) means making decisions by technological means without human involvement; and which
  • (2) is based on personal data
  • provided directly by the persons concerned (such as answers to a questionnaire); or
  • observed about people (such as location data collected through an application), or
  • derived or deducted, such as the profile of the person who has already been created (e.g., a credit score). can be made with or without profiling; profiling can take place without making automated decisions.

16.10 Operator means the natural or legal person, public authority, agency or other body which, alone or with others, establishes the purposes and means of processing personal data; where the purposes and means of processing are laid down by Union or national law, the operator or the specific criteria for designating it may be laid down in Union or national law.

    16.11 Empowered person means the natural or legal person, public authority, agency or other body that processes personal data in the name and on behalf of the operator.

16.12 Recipient means the natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not a third party. However, public authorities to whom personal data may be communicated in a particular investigation under Union or national law shall not be considered as recipients; the processing of such data by the respective public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.

16.13 Third Party means a natural or legal person, a public authority, an agency or body other than the data subject, the operator, the person empowered by the operator and the persons under the direct authority of the operator or the person empowered by the operator to process personal data.

16.14 Representative means a natural or legal person established in the Union, designated in writing by the operator or the person empowered by the operator pursuant to Article 27, representing the operator or the person empowered to do so in respect of their respective obligations under this Regulation.

16.15 Supervisory authority means an independent public authority set up by a Member State under Article 51 of the GDPR.

 

Confidentiality

    Serviciu Clienti Confidentiality
     
 
SOMACO GRUP PREFABRICATE S.R.L.
Head Office: 67-77 Biharia Street, 2nd floor, Bucharest 1
Tel: 031 425 45 77, Fax: 031 425 46 29, office@somaco.ro