POLICY REGARDING THE PROCESSING OF PERSONAL DATA AND DATA CONFIDENTIALITY – S.C. HT DESIGN STAND BUILDERS S.R.L.

As of May 25, 2018, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the GDPR (General Data Protection Regulation), becomes applicable.

We, S.C. HT DESIGN STAND BUILDERS S.R.L., treat the protection of your data with utmost seriousness and aim to ensure your comfort when visiting our premises. The protection of confidentiality concerning the collection, processing, and use of your personal data is an important concern for us, which we take into careful consideration in our business processes, fully complying with all applicable legal requirements.

  1. General Information

1.1 Data Controller

The data controller responsible for processing personal data is:

S.C. HT DESIGN STAND BUILDERS S.R.L.
Aleea Borsec, No. 3, Block 602A, Staircase A, Apartment 3, 310298, Arad, Romania.
Tax Identification Number (CUI): 19049234
Registration Number: J2/1752/29.09.2006
Email: protectiadatelor@htdesign.ro

1.2 Data Protection Officer (DPO)

You may contact the Data Protection Officer at:

Paul Stoica
Phone: +40 748 309 925
Email: paul.stoica@gdprarad.ro

  1. What are Personal Data?

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”), particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  1. What is meant by the Processing of Personal Data and which data does S.C. HT DESIGN STAND BUILDERS S.R.L. process?

“Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

S.C. HT DESIGN STAND BUILDERS S.R.L. collects the following data (for information purposes only):

– Identification data: name, surname, personal numerical code (CNP), series and number of identity document and other information contained therein, correspondence address, email address, phone number;

– Signature of the client and employee;

– Personal data of employees in the context of employer-employee relations: salary certificates, medical leave certificates, medical attestations, employment records, professional evaluation sheets;

– Other information resulting from processing activities carried out by S.C. HT DESIGN STAND BUILDERS S.R.L., such as: unique identifier generated by S.C. HT DESIGN STAND BUILDERS S.R.L. for each client, contractual history, financial history, specific information concerning the services contracted from S.C. HT DESIGN STAND BUILDERS S.R.L. and the manner in which the client has used them;

– Electronic correspondence with the client, IP/MAC address at the time of accessing the website or digital services of S.C. HT DESIGN STAND BUILDERS S.R.L.;

– Design cookies (WordPress cookies necessary for the website to function) and optional analytics cookies (Google Analytics cookies: _ga and _gid used to identify users).

What Are Cookies and How Are They Used?

Cookies are small data files, generally consisting of a sequence of characters or parts of a file, which, when accessing a website, are saved by the browser used on the computer, phone, tablet, or any other device through which the website is accessed online. Upon each subsequent visit to the website, the browser sends this file back to the server of the respective website to enable the identification of a returning visitor.

Generally, websites use cookies to facilitate providing visitors with functionalities that cannot be ensured in the absence of cookies due to the HTTP protocol, a text-based protocol most commonly used for accessing information online from web servers (www). Such functionalities include managing user sessions, maintaining an authenticated session, preserving preferences on a visited page (e.g., aspects related to the functionality or graphical display of pages), storing products in a shopping cart, and others.

When a person accesses the website as a visitor, a cookie is sent to their internet browser and saved on the hard drive of their computer; however, the visitor may block the saving of cookies by adjusting their browser settings.

Cookies may store information of a personal nature (for example, visitor identification codes, personalized preferences, or a history of visited pages). Such information is not generated by cookies themselves but by the visitor at the time they fill in online forms, register on the site, use electronic payment systems, etc. Although cookies are stored in the memory of the computer, phone, tablet, or any other device used to access a website, cookies cannot access or read other information stored on that device.

Cookies are not viruses, they are not compiled in the form of code, and they cannot be executed. Consequently, they cannot self-replicate, spread across networks to perform certain actions, or be used to distribute viruses.

Depending on their duration, cookies may be session cookies or persistent cookies.

Session cookies have a temporary storage duration limited only to the session during which a particular visitor accesses the website. Upon closing the session or browser, all stored information is deleted.
Persistent cookies are stored on the visitor’s device and are not deleted when the session or browser is closed.

Web browsers provide functionalities for setting the level of information security, allowing visitors to choose not to have their preferences recorded, thereby enabling the blocking of any cookie through browser settings modification. To use cookie acceptance setting options, in most cases, the visitor accesses the “Settings” / “Internet Options” section, under the “Privacy and Security” submenu from the browser menu (depending on the browser used).

Disabling cookie acceptance may result in the inability to access some of the website’s most important sections. For this reason, it is recommended to accept cookies from websites you trust. At any time, you may delete cookies stored on the device you use by accessing the “Settings” / “Safety” section, under the “Privacy and Security” / “Delete Browsing History” submenu from the browser menu (depending on the browser used).

  1. Source of Personal Data Processed by S.C. HT DESIGN STAND BUILDERS S.R.L.

S.C. HT DESIGN STAND BUILDERS S.R.L. processes personal data relating to the Client, the Client’s authorized representatives (whether legal or contractual), as well as to individuals whose data is provided by the Client to S.C. HT DESIGN STAND BUILDERS S.R.L. for the purpose of obtaining a product or the performance of an operation/service. The natural persons whose personal data is processed are referred to as “Data Subjects.”

S.C. HT DESIGN STAND BUILDERS S.R.L. addresses the following Data Subjects: its own employees, clients (including after termination of the contractual relationship), prospective clients, and candidates seeking employment with S.C. HT DESIGN STAND BUILDERS S.R.L.

Data are obtained directly from the Client and/or the Client’s authorized representative (at the time of completing forms or documents of S.C. HT DESIGN STAND BUILDERS S.R.L.). Additionally, S.C. HT DESIGN STAND BUILDERS S.R.L. may obtain the above data by consulting external sources (institutions and public authorities, public registers, electronic databases, publicly available online information, or authorized third parties).

  1. Purposes for Which S.C. HT DESIGN STAND BUILDERS S.R.L. Processes Personal Data

S.C. HT DESIGN STAND BUILDERS S.R.L. processes personal data for the following purposes:

– Provision of services through all available channels (physical locations, telephone, etc.);

– Conducting economic, financial, and/or administrative management activities within S.C. HT DESIGN STAND BUILDERS S.R.L.;

– Consolidation of operations and maintenance of an internal database containing information regarding Data Subjects, to be used by the departments and structures of S.C. HT DESIGN STAND BUILDERS S.R.L. in their activities;

– Contacting the Client or other Data Subjects via communication means to inform/notify them about contracted services;

– Providing support services for Client/Data Subject requests at S.C. HT DESIGN STAND BUILDERS S.R.L. physical locations and via communication means (telephone);

– Creation or analysis of profiles regarding employees or clients;

– Conducting internal analyses (including statistical analyses) related both to products/services and client portfolios;

– Archiving documents in both physical and electronic formats;

– Resolving disputes, investigations, or any other petitions/complaints/requests involving S.C. HT DESIGN STAND BUILDERS S.R.L.;

– Managing communication and IT systems (including security audits, reporting to competent authorities, and fixing system errors);

– Compliance with legal obligations (such as payroll documentation and reporting to authorized public institutions).

  1. Legal Grounds for Processing Personal Data by S.C. HT DESIGN STAND BUILDERS S.R.L.

S.C. HT DESIGN STAND BUILDERS S.R.L. processes personal data for the above-mentioned purposes based on the following legal grounds:

  • Based on the explicit consent of the Client;
  • For the performance of a contract to which the Client/Data Subject is a party (provision of services/products), to undertake pre-contractual measures at the Client’s request, or to provide the Client with information regarding products and services offered by S.C. HT DESIGN STAND BUILDERS S.R.L.;
  • Based on a legal obligation incumbent upon S.C. HT DESIGN STAND BUILDERS S.R.L. (e.g., fraud detection and prevention, reporting medical conditions and patient status);
  • Based on the legitimate interest of S.C. HT DESIGN STAND BUILDERS S.R.L. (e.g., consolidating operations, maintaining an internal database, carrying out routine operations for business activities, developing and improving services, ensuring a high level of security both in IT systems and physical locations, especially regarding the identification and mitigation of risks affecting S.C. HT DESIGN STAND BUILDERS S.R.L.).
  1. Consequences of Refusing to Provide Personal Data

The processing of personal data requested by S.C. HT DESIGN STAND BUILDERS S.R.L. through forms or other communication channels is mandatory, except where the processing is based solely on the Client’s consent. In such cases, the Client will be informed that the provision of data and consent is optional. In all other cases, refusal to provide the requested data will result in the inability of S.C. HT DESIGN STAND BUILDERS S.R.L. to provide services or products.

  1. Recipients of Personal Data Processed by S.C. HT DESIGN STAND BUILDERS S.R.L.

Recipients of personal data may include:

  • Service providers: IT services (maintenance, software development), physical/electronic archiving, courier services;
  • Service providers with whom contractual relationships exist;
  • Providers of accommodation and road transport services within Romania, the EU, and non-EU countries;
  • Accounting firms, legal representatives, authorities, and judicial courts;
  • Central and/or local public authorities;
  • Any person, agency, or relevant court in Romania or other states, as necessary for the establishment, exercise, or defense of rights in court;
  • Natural or legal persons acting as authorized representatives of S.C. HT DESIGN STAND BUILDERS S.R.L. in various areas (e.g., payment services, document archiving or destruction), from anywhere worldwide, who are contractually obligated to comply with the legislation protecting your rights;
  • Our partners with whom we maintain contractual relationships.
  1. To Whom and Under What Conditions Will We Transfer Your Data to a Third Country or International Organization?

As a result of the activities carried out by S.C. HT DESIGN STAND BUILDERS S.R.L., it is possible that data identifying the execution of a service may be transferred to contractual partners located in countries within the European Union.

  1. Duration of Processing and Storage of Personal Data

For the purposes stated above, personal data will be processed by S.C. HT DESIGN STAND BUILDERS S.R.L. throughout the duration of the contractual relationship and after its termination, in order to comply with applicable legal requirements in the field, including but not limited to archival provisions.

Information collected by cookies is stored for a period of 26 months for the purpose of performing analyses and reports related to website performance. After this period, such data will be deleted.

  1. Security of Personal Data

We work diligently to protect our clients, other individuals whose data we process, and ourselves from unauthorized access, alteration, disclosure, or unauthorized destruction of the data we process.

Specifically, we have implemented the following technical and organizational measures to ensure the security of personal data:

  • Dedicated Policies: We adopt and regularly review our data processing policies and practices concerning our clients and other individuals, including physical and electronic security measures to protect our systems from unauthorized access and other security threats. We constantly verify how these policies are applied and ensure compliance with data protection legislation.
  • Data Minimization: We ensure that the personal data we process is limited to what is necessary, adequate, and relevant for the purposes declared in this notice.
  • Restricted Access: We strictly limit access to personal data to employees, collaborators, and other persons who need such access to process data on our behalf. All such persons and companies are subject to strict confidentiality obligations, and we do not hesitate to hold them accountable or terminate cooperation if they do not treat your data with the utmost seriousness.
  • Specific Technical Measures: Within S.C. HT DESIGN STAND BUILDERS S.R.L., we use technologies to assure our clients and other individuals that the security of their data is protected.
  • Control over Service Providers: Contracts with our service providers (processors or joint controllers) include clauses ensuring data protection that meets at least the minimum requirements imposed by law.

Although we take all reasonable measures to ensure the security of your data, S.C. HT DESIGN STAND BUILDERS S.R.L. cannot guarantee that security breaches or system penetrations will never occur. In the unlikely event of such a breach, we will follow legal procedures to limit the effects and inform the affected data subjects.

  1. Rights of Data Subjects and How to Exercise Them

Data Subjects have the following rights:

  • Right to Information: To receive detailed information about the data processing activities performed by S.C. HT DESIGN STAND BUILDERS S.R.L., as described in this document.
  • Right of Access: To request and obtain confirmation whether their personal data is processed by S.C. HT DESIGN STAND BUILDERS S.R.L. and, if so, access to such data along with specific information. Upon request, S.C. HT DESIGN STAND BUILDERS S.R.L. will provide a copy of the personal data processed. Additional copies may be subject to fees based on actual costs.
  • Right to Rectification: To obtain the correction of inaccurate personal data and completion of incomplete data.
  • Right to Erasure (“Right to be Forgotten”): In cases expressly provided by law (especially upon withdrawal of consent or if data processing is unlawful), the Data Subject may request erasure of their data. Following such a request, S.C. HT DESIGN STAND BUILDERS S.R.L. may anonymize the data and continue processing it for statistical purposes.
  • Right to Restrict Processing: In legally defined cases (e.g., when contesting accuracy or when processing is unlawful but erasure is not desired), the Data Subject may request restriction of processing.
  • Right to Object: The Data Subject may object at any time, based on their particular situation, to processing based on the legitimate interest of S.C. HT DESIGN STAND BUILDERS S.R.L. (including profiling) or processing carried out in the exercise of a public interest or official authority.
  • Right to Data Portability: The Data Subject may receive personal data in a structured, commonly used, machine-readable format or request that such data be transmitted to another controller. This right applies only where data was provided by the Data Subject, the processing is automated, and the legal basis is contract execution or consent.
  • Right to Lodge a Complaint: The Data Subject may file a complaint regarding data processing by S.C. HT DESIGN STAND BUILDERS S.R.L. with the National Supervisory Authority for Personal Data Processing.
  • Right to Withdraw Consent: Where processing is based on consent, this may be withdrawn at any time. Withdrawal affects only future processing; prior processing remains lawful.
  • Additional Rights Related to Automated Decisions: In cases where S.C. HT DESIGN STAND BUILDERS S.R.L. makes automated decisions concerning personal data, the Data Subject has the right to request human intervention, express their point of view, and contest the decision.

The Data Subject may exercise their rights individually or collectively by submitting a written, dated, and signed request to: S.C. HT DESIGN STAND BUILDERS S.R.L. Aleea Borsec, Nr.3, Bl 602A, Sc. A, Ap.3, 310298, Arad, Romania.

S.C. HT DESIGN STAND BUILDERS S.R.L. has appointed a Data Protection Officer who can be contacted for any queries regarding data protection by submitting a written, dated, and signed request to:

Stoica Paul
Arad, Str. Calimanesti, nr. 14, Bl. 36, Ap. 11
Email: paul.stoica@gdprarad.ro

Absence of Automated Decision-Making

Our respect for your data includes giving it the necessary human attention through our personnel. As a user of our services, you will not be subject to any decision based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly significantly affects you.

Changes to This Privacy Notice

We may update this privacy notice from time to time. In such cases, we will inform you in advance and will not reduce the rights you have regarding your data through any changes we make to this notice.

Definitions of Terms Used in This Notice

  • Supervisory Authority for Personal Data Processing: An independent public authority that, according to law, is responsible for supervising compliance with data protection legislation. In Romania, this authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).
  • Special Categories of Personal Data (Sensitive Data): Personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for uniquely identifying a natural person; data concerning health, sex life, or sexual orientation of a natural person.
  • Collaborators: Natural or legal persons who have concluded a collaboration contract with us and provide services to our clients.
  • Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). A natural person is identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity. Examples include name and surname, home or residence address, email address, telephone number, personal numeric code (CNP), medical diagnosis (sensitive data), genetic data (sensitive data), biometric data (sensitive data), geolocation data. The categories of personal data we process about you are listed above.
  • Controller: A natural or legal person who determines the purposes and means of personal data processing. According to the law, responsibility for complying with data protection legislation primarily lies with the controller. In relation to you, we are the controller, and you are the data subject.
  • Processor: Any natural or legal person processing personal data on behalf of the controller, other than the controller’s employees.
  • Data Subject: The natural person to whom the personal data refers (to whom the data “belongs”). In relation to us (the controller), you are the data subject.
  • Processing of Personal Data: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data or sets of personal data. These are examples; in practice, processing means any operation on personal data, whether manual or automated.
  • Third Country: A country outside the European Union and the European Economic Area.

Declaration of Compliance

S.C. HT DESIGN STAND BUILDERS S.R.L. declares under its own responsibility that it has taken all measures deemed necessary to comply with the provisions of EU Regulation 2016/679 (GDPR) regarding the collection, use, and storage of personal data within the member states of the European Union.

S.C. HT DESIGN STAND BUILDERS S.R.L. certifies that it adheres to the notification, choice, transfer, security, integrity, access, and enforcement requirements of the EU Regulation 2016/679 (GDPR) concerning the collection, use, and storage of personal data within the member states of the European Union.

Date: 25.05.2018