Privacy policy

Information note about the Somaco Group's personal data processing policy

1 How to contact us

2 What does our Information Note cover?

3 Why and how do we process your personal data?

4 From whom and how do we collect your personal data?

5 What are our legal bases for the processing of your personal data?

6 In what situations do we process your personal data?

7 Do we use automated profiling processes and automated decisions?

8 About the purposes for which we process personal data

9 How long do we keep your personal data?

10 Do we reveal your personal data?

11 Do we transfer your personal data outside the EU or the EEA?

12 Is your personal data safe?

13 What are your rights?

14 How can you exercise your rights?

15 Do you have the right to file a complaint?

16 Explanations of the terms and expressions used in this information note

1 How to contact us

SC Somaco Group Prefabricate

Bucharest, 67-77 Biharia Street, Metav Complex, building I, 2nd floor.

ROMANIA

office@somaco.ro

2 What does our Information Note cover?

2.1 Our information note takes effect from: 25.05.2018

2.2 Our information note applies on our website: somaco.ro

3 Why and how do we process your personal data?

3.1 For applicants for a job and/ or internship within Somaco

3.1.1 From applicants for a job or internship within the company we collect the following personal data in the legitimate interest of recruiting and selecting candidates who express their interest in this regard by submitting the application: contact details, qualifications, specializations, employment history, citizenship, age, address). These data are used strictly in the interest presented above and are kept for a maximum of three months from the date of completion of the selection process.

3.2. For visitors to the Somaco site, other than those specified in 3.1.

3.2.1 We collect your email for registering an account within the somaco.ro website. We also collect your email to keep you up to date with news related to Somaco's activity, to send you offers or informative notes, to carry out various marketing projects (satisfaction studies, events, Easter / Christmas / birthday wishes) etc.)

3.2.2 We collect your telephone number to keep you up to date with news related to Somaco's activity, to send you offers or informative notes, to carry out various marketing projects (satisfaction studies, events, Easter / Christmas wishes/ birthdays etc).

3.2.3 We collect your job position for the personalization of invitations or content of information sent by Somaco, to send you offers or informative notes, for the realization of various marketing projects (satisfaction studies, events, Easter / Christmas / birth wishes etc).

3.2.4 We collect your professional headquarters for marketing campaigns that involve the sending of informative and promotional materials.

3.2.5 We use the content of messages written or telephoned by you in satisfaction studies to improve Somaco's work (we use data internally). Your feedback on certain Somaco projects can be used as testimonials to your experience with Somaco.

3.2.6 We collect the date of birth to wish you many happy birthdays, electronically, by telephone and / or email.

3.2.7 We collect your ID from the strictly necessary cookies placed by somaco.ro to allow you to authenticate, to keep your authentication as you navigate the pages of our site.

3.2.8. We collect video, audio or photo material from events in order to create a photo / audio / video material that can be distributed to Somaco participants and employees or can be used to promote the company's image. By registering for the event and, implicitly, by accepting this set of terms and conditions, the participant agrees that Somaco may use the folographs, video or audio materials created by staff or contractors during the courses / events, without the need for a special request for acceptance. of the participant.

3.2.9 We collect your name, your first name for the personalization of the invitations or the content of the information sent by Somaco, to send you offers or informative notes, for the realization of different marketing projects (satisfaction studies, events, Easter / Christmas / birthdays etc).

4 From whom and how do we collect your personal data?

4.1 We collect your personal data directly from you.

4.2 We collect your personal data using a web form.

4.3 We collect your data electronically by storing information on your equipment, or accessing information stored on your equipment, or reading information issued by your equipment.

4.4 When you provide us with your personal data, your provision is permitted and voluntary. You can provide them to us freely: name, email, telephone, content of messages written in the forum, professional headquarters, address, profession, date of birth, professional history, qualifications, specializations

5 What are our legal bases for the processing of your personal data?

We only process your "insensitive" personal data. The processing of data is necessary for the legitimate interests we pursue.

Our legitimate interests can be removed by your interests and your fundamental rights.

We adequately protect your interests and rights and freedoms.

6 In what situations do we process your personal data?

We process your personal data, provided directly, as a buyer, customer or candidate for the legitimate interest of commercial collaboration, employment or internship within the company.

7 Do we use automated profiling processes and automated decisions?

We do not use your personal data to automatically assess aspects of your personality or for automatic decisions.

8 About the purposes for which we process personal data

8.1 We process your personal data for the purposes described in Section 3.

Our purposes for which we process personal data are: real, present, legitimate.

8.2 We do not process your personal data for secondary purposes that are incompatible with the main purposes for which your personal data is originally collected, without your prior consent, without a legitimate interest in this regard, without a legal basis.

9 How long do we keep your personal data?

9.1.We limit the storage time of your personal data to what is necessary for our processing purposes.
9.2. We review the need to keep your personal data: Every year we analyze the data collected and processed, in order to filter, sort and maintain processing only for data for which the purpose of processing is current.
 

9.3. We delete your personal data within a specified time:

9.3.1 For applicants for a job and/ or internship within Somaco, we delete your personal data within a maximum of three months from the completion of the selection process, if we do not decide to conclude an Employment Contract and it does not become legitimate to process your personal data for the execution of employment contract.


9.3.2 For other categories of persons than those specified in point 9.3.1, we delete your data at the time five years from the date on which your relationship with us ends (the clause applicable in the case of newsletters, from the moment when the reader does not also access the content of our newsletters).

9.4.We delete your data at the time you request it from us, if it does not contravene a legal obligation.

9.5. If the retention of your personal data is necessary for the purposes specified by law, we may still retain your personal data.

 

10 Do we reveal your personal data?

10.1 We do not reveal your personal data to recipients.

11 Do we transfer your personal data outside the EU or the EEA?

11.1 We do not transfer your personal data in non-EU or EEA countries, or to international organizations.

12 Is your personal data safe?

We keep your personal data safe:

with appropriate technical measures,
with appropriate organizational measures,
with an adequate level of security,
against unauthorized processing,
against illegal processing,
against accidental or unlawful loss,
against accidental or illegal destruction;
against accidental or illegal damage.

13 What are your rights?

13.1 We respect your rights regarding the protection of your personal data.

13.2 You have the right to access your personal data.

If you ask us to confirm whether or not we process your personal data, then you have a right that obliges us to confirm that we process your personal data or do not process your personal data.

Your right to obtain confirmation from us that we process (or do not process) your personal data

does not include anonymous data.
includes only personal data about you.
includes pseudonymous data that may be clearly related to you

 

We need to give you access to your personal data if you ask us to confirm whether or not we process your personal data and process your personal data and request access to your personal data.

We must provide you with a copy of your personal data if you ask us to confirm whether or not we process your personal data and process your personal data and request a copy of your personal data.

13.3 You have the right to the rectification of your personal data.

The right to obtain the rectification of your personal data that are inaccurate:

does not include anonymous data.
includes only personal data about you.
includes pseudonymous data that may be clearly related to you

We need to rectify your personal data if we process your personal data, and your personal data is inaccurate, and you request that your personal data be rectified.

We must complete your personal data if we process your personal data, and your personal data is incomplete, and you request to have your personal data completed.

You have the right to provide us with an additional statement.

We must communicate the rectification of your personal data to the recipients of your personal data (if any).

13.4 You have the right to have your personal data deleted.

We must delete your personal data without undue delay if you request the deletion of it, and the processing of your personal data is illegal.

13.5 You have the right to obtain from us the restriction of the processing of your personal data.

Your right to obtain restrictions on the processing of your personal data:

does not include anonymous data.
includes personal data about you.
includes pseudonymous data that may be clearly related to you

We must restrict the processing of your personal data if: you request to obtain a restriction on the processing of your personal data and we do not need your personal data for the purpose of our processing and request your personal data to establish a legal claim or request your personal data to file a legal complaint or you need your personal data to defend yourself against a legal complaint.

We must restrict the processing of your personal data if you request a restriction: processing of your personal data and object to the processing of your personal data which are necessary for the performance of a task which we perform in the public interest, or oppose the processing of your personal data which are necessary in the exercise of an official authority entrusted to us;
you object to the processing of your personal data which is necessary for the purpose of the legitimate interests we pursue and wait to verify whether the processing of your personal data has a legitimate reason that does not exceed your objection.

 

13.6 If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for this purpose.

Your right to object to the processing of your personal data for direct marketing purposes:

it is a right you have at all times.
does not include anonymous data.
includes personal data about you.
does not include personal data that does not concern you.
includes pseudonymous data that may be clearly related to you

If you object to the processing of your personal data for direct marketing purposes, then we must omit the processing of your personal data for this purpose.

If we process your personal data for direct marketing purposes, then we must explicitly inform you of this right, at the latest at the time of the first communication with you, and we must present this right to you clearly and separately from any other information.

14 How can you exercise your rights?

14.1 We invite you to contact us about the exercise of your rights regarding the protection of your personal data.

14.2 We accept only written requests, sent to datepersonale@somaco.ro; Because we cannot deal with verbal requests immediately, without first analyzing the content of the request and without first identifying you.

Your application must contain a detailed and accurate description of the right you wish to exercise.

14.3. We inform you of how we handle your request (by which you exercise your rights) regarding the protection of your personal data within one month from the date of receipt of the request.

15 Do you have the right to file a complaint?

15.1 You can lodge a complaint with a supervisory authority:

at your usual place of residence in the EU and the EEA.
at your place of work in the EU and the EEA.
at the site of the alleged infringement in the EU and the EEA.

The supervisory authority must inform you within a reasonable time: the progress of the complaint and the result of the complaint.

15.2 You may mandate an organization to lodge a complaint on your behalf with a supervisory authority.

The supervisory authority must inform you within a reasonable time of the progress of the complaint and the result of the complaint.

15.3 You have the right to sue in the EU and in the EEA: an operator, to a proxy and a Supervisory Authority.

15.4 You may mandate an organization to exercise, on your behalf, the right to a judicial appeal, 
to compensation for damage resulting from a breach of the law on the protection of personal data.

16 Explanations of the terms and expressions used in this information note

16.1 All terms and expressions used in this Information Note shall have the meaning set forth below, unless otherwise stated in the Information Note.

Personal data means any information concerning an identified or identifiable natural person ("data subject").

An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as:

a name
an identification number
location data
an online identifier
the physical identity of an individual
the physiological identity of an individual
the genetic identity of an individual

the psychic identity of an individual
the economic identity of an individual
the cultural identity of an individual

the social identity of an individual

16.2 Sensitive personal data are - according to GDPR - called special categories of personal data.

Personal data is sensitive if the processing of such personal data reveals: racial origin,
ethical origin, political opinions, religious beliefs, philosophical beliefs, union membership.

Personal data is also sensitive if: genetic data are processed for the purpose of uniquely identifying a natural person, biometric data are processed for the purpose of uniquely identifying an individual.

Sensitive personal data also includes: health data, data concerning the sexual life of an individual, data concerning the sexual orientation of an individual.

16.3 Ordinary personal data are - in the GDPR - personal data that are not special categories of personal data. There is no exhaustive list of this personal data.

16.4 Pseudonymisation of Personal Data means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to measures. of a technical and organizational nature to ensure that those personal data are not assigned to an identified or identifiable natural person.

16.5 Processing means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as: collect, register, organization, structuring, storage, the adaptation, alteration, extraction, consultation the use, deletion or destruction and so on.

16.6 Restriction of processing means the marking of stored personal data in order to limit their processing in the future.

16.7 The purpose of the processing means the reason for which the processing of personal data is carried out.

16.8 Profiling

(1) must be an automatic form of processing, which includes: exclusively automatic processing (referred to in Art. 22 of the GDPR) and partially automatic processing (if a natural person is involved in the processing of personal data does not necessarily mean that the processing does not constitute profiling).

(2) must be carried out with regard to personal data;

(3) the objective of profiling must be to assess personal aspects related to a natural person, in particular to analyze or make predictions about persons.
 

Keep in mind that simply evaluating or classifying people automatically based on characteristics such as their age, gender, and height could be considered automatic profiling, regardless of the predictive purpose.

16.9 Decisions based exclusively on automatic processing

(1) means making decisions by technological means without human involvement; and which
(2) is based on personal data provided directly by the persons concerned (such as the answers to a questionnaire); or observed with respect to persons (such as location data collected through an application) or derivatives or deductions, such as the profile of the person who has already been created (eg a credit score). can be made with or without profiling; profiling can take place without making automatic decisions.

16.10 Operator means the natural or legal person, public authority, agency or other body which, alone or in association with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law.

16.11 Power of attorney means the natural or legal person, public authority, agency or other body that processes personal data in the name and on behalf of the controller.

16.12 Recipient means the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the course of a particular investigation in accordance with Union or national law shall not be considered as recipients; the processing of such data by the public authorities concerned shall comply with the applicable data protection rules, in accordance with the purposes of the processing.

16.13 Third Party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the controller or the persons who, under the direct authority of the controller or the controller, are authorized to process data personal.

16.14 Representative means a natural or legal person established in the Union, appointed in writing by the controller or the person authorized by the controller under Article 27, who represents the controller or the person empowered in respect of their respective obligations under this Regulation.

16.15 Supervisory authority means an independent public authority established by a Member State under Article 51 GDPR.