SECURITY POLICY OF PERSONAL DATA PROCESSING OF THE COMPANY SC DELTA SAGUL SRL
This security policy was created considering:
The fact that SC DELTA SAGUL SRL, with LOC SAGU NR 194 – JUD ARAD – ROMANIA
(hereinafter referred to as "SC DELTA SAGUL SRL") carries out an activity that involves the processing of some categories of personal data,
The entry into force starting on May 25, 2018 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95/46/CE (hereinafter referred to as "GDPR"),
The obligation imposed by the GDPR to ensure adequate technical and organizational security measures for all personal data processing activities.
COMMITMENT
SC DELTA SAGUL SRL processes personal data for legitimate purposes, in compliance with all principles imposed by GDPR and ethical business practices. Protecting the safety and security of personal data is important for SC DELTA SAGUL SRL and this policy describes the organizational framework implemented to ensure processing compliance.
The main objective of this Security Policy is to contribute to the development of the company's activity in compliance with specific legal provisions and to minimize risks by preventing incidents and, in the unlikely event of such incidents, reducing their impact on the person concerned.
We aim to have a relationship based on trust, transparency, good faith and ethics in the relationship with all our partners, collaborators and employees.
DEFINITIONS
"Personal data" means any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
"Processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use , disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure or destruction.
"Pseudonymization" means the processing of personal data in such a way that they can no longer be attributed to a specific person concerned without using additional information, provided that this additional information is stored separately and is subject to measures of the technical and organizational nature that ensures the non-attribution of the respective personal data to an identified or identifiable natural person.
"Operator" means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law.
"Person authorized by the operator" means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator.
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, the operator, the person authorized by the operator and the persons who, under the direct authority of the operator or the person authorized by the operator, is authorized to process data with personal character.
"Recipient" means the natural or legal person, public authority, agency or other body to whom (to whom) personal data is disclosed, regardless of whether it is a third party or not. However, public authorities to whom personal data may be communicated within a certain investigation in accordance with Union law or internal law are not considered recipients; the processing of this data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing.
"Consent" of the data subject means any manifestation of free, specific, informed and unambiguous will of the data subject by which he/she accepts, through a statement or through an unequivocal action, that the personal data concerning him/her will be processed .
"Restriction of processing" means the marking of stored personal data in order to limit their future processing.
PRINCIPLES OF SECURITY POLICY
SC DELTA SAGUL SRL processes the personal data it comes into contact with in compliance with the following principles:
Protecting the fundamental rights and freedoms of the persons concerned;
Legality, fairness and transparency – personal data are processed in good faith and in accordance with the legal provisions in force, in a fair and transparent manner towards the data subject;
Determined, explicit and legitimate purposes – The processing of personal data by SC DELTA SAGUL SRL is done for determined, explicit and legitimate purposes and they are not subsequently processed in a way incompatible with these purposes;
Legal basis – SC DELTA SAGUL SRL will ensure that any processing of personal data will have a well-defined basis, such as legal provisions, the consent of the person concerned, the execution of contracts, the legitimate interest of SC DELTA SAGUL SRL (which will not contravene the superior interests of the person concerned);
Limitation by reference to the purpose – SC DELTA SAGUL SRL processes personal data only if they are appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Limitation by timely reporting – SC DELTA SAGUL SRL keeps the data of the persons concerned for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed;
Accuracy and accuracy – SC DELTA SAGUL SRL processes personal data in a precise manner and takes reasonable measures to ensure that inaccurate data it becomes aware of is deleted or rectified;
Security SC DELTA SAGUL is dedicated to ensuring the security of all personal data that it processes and takes constant steps to achieve this goal, including through the training of its employees and partners.
CATEGORIES OF TARGETED PERSONS
SC DELTA SAGUL SRL processes personal data of the following categories of data subjects:
Our clients, legal entities;
Own employees;
Employees of commercial partners;
As the case may be, other natural persons who interact with the company in the course of its activity.
DATE COLLECTED
Depending on the specifics of each relationship, SC DELTA SAGUL can process the following categories of data regarding the persons concerned:
Name and surname;
Contact details: Telephone, e-mail address;
Professional data: workplace, position;
Data provided directly by e-mail or by other means by the persons concerned;
Data collected about employees and their families, in order to comply with the employment contract and the legal provisions in the field of work;
Location data through GPS systems;
Image and voice.
The personal data mentioned above are exemplary in nature.
This data can be collected from the following sources:
From the clients of SC DELTA SUL SRL;
From contracts and their auxiliary documents, including in the execution of labor relations;
As a result of providing them directly by the person concerned – with obtaining consent in the cases provided by law;
As a result of the interaction of our employees with the persons concerned (eg business cards);
From public sources;
PURPOSES AND BASIS OF PROCESSING
Our clients are mainly legal entities and we are dedicated to treating their personal data to the highest ethical and professional standards, just as we do when we offer them our products and services.
Thus, we collect personal data for the following purposes:
Selling our products and services to customers;
Promotion of DELTA SAGUL SRL products and services;
Execution of contracts with suppliers and partners;
In the process of recruiting and managing our employees;
We collect personal data on the following grounds:
The consent of the persons concerned. In some cases, the consent will be considered granted by the fact that the data subject will have the initiative to transmit some personal data to us, for example, in the case of contacting the company on his own initiative by the data subject in, by phone or through the e-mail address e-mail of SC DELTA SGUL SRL when placing orders;
Execution of contracts. Our company offers services to legal entities, thus processing personal data in the execution of contracts with them;
Fulfillment of legal obligations;
Fulfilling the legitimate interests of SC DELTA SAGUL SRL that will not oppose the superior rights of the person concerned.
ADDRESSEES
SC DELTA SAGUL SRL does not transfer personal data to recipients outside the European Union.
SC DELTA SAGUL SRL does not sell, offer or make available to third parties for commercial purposes the personal data it processes.
If DELTA SAGUL SRL is requested to disclose the information of the persons concerned by a court order or to comply with other legal or regulatory requirements, the company will comply with these requests in accordance with the legal provisions in force.
THE RIGHTS OF THE PERSONS CONCERNED
According to the GDPR, all natural persons whose personal data we process have specific rights, among which we mention:
The right to information: the right to find out what data is being processed, the purposes and grounds of the processing, the recipients of the data, the storage period, the existence of the rights of the data subjects, the right to address the supervisory authority, etc.;
The right of access: the right to obtain from the operator a confirmation that personal data is being processed or not and, if so, access to the respective data and to the previously detailed processing information;
The right to rectification: the right to obtain the correction of inaccurate data or the completion of missing data;
The right to delete data: the right to request the deletion of processed data, in the situations provided by law;
The right to request the restriction of processing, within the limits provided by law.
Other rights that can be exercised within the limits provided by law: the right to data portability, the right to object to data processing, the right to oppose automatic decision-making processes, the right to address the competent authorities with requests regarding the processing carried out by Ret Utilaje, etc. .
SECURITY OF COLLECTED DATA
In accordance with the legal provisions in force, in our activity we primarily aim to prevent any security incidents, such as unauthorized access to data, leaks of information, accidental deletion of data and the like, the entire structure of data processing being built around the principle of prevention.
GENERAL RULES
To ensure adequate protection of personal data to which SC DELTA SAGUL SRL has access, we have implemented organizational and technical measures, such as:
Implementation of staff training programs regarding GDPR requirements.
SPECIFIC RULES
SC DELTA SAGUL SRL has implemented the following specific rules for the protection of personal data:
Technical security rules
Prohibition of the use by system users of unlicensed software programs or that come from unreliable sources;
Implementation of an authentication system based on users and secure passwords, unique for each authorized user
. Implementation of appropriate security measures for IT equipment and software used in our activity, as follows:
the obligation of employees to secure access to their own terminals when they are not using them and to close the terminals at the end of the work schedule;
limiting access rights to remote databases (ie from outside the company) / with the use of devices other than those provided by the company;
prohibiting the use of public (open access) internet connection networks.
Organizational security rules
Limiting the number of recipients / users who have access to personal data and correlating access rights with the need justified by each user – eg by dividing the information about the concerned persons into geographical areas, by transmitting to the authorized persons only the data necessary for the execution of the contract, etc.;
The introduction of additional conditions and obligations of confidentiality and protection of personal data for employees, suppliers and partners;
The introduction of specific rules regarding the copying and dissemination of documents to prevent the spread and access of unauthorized persons to personal data;
The introduction of rules by which our employees and partners have access only to those personal data necessary to fulfill the job description or, as the case may be, the obligations assumed towards SC DELTA SAGUL SRL;
Restricting the access of unauthorized persons to the spaces where personal data are stored or the equipment on which they are stored, except with the provision of appropriate confidentiality conditions;
Prohibition of copying personal data on mobile storage media, without the prior consent of the company's management, with the exception of the situation when this is necessary for the fulfillment of contractual obligations towards clients;