logo mobile

RO | EN

Confidentiality Policy

 

Confidentiality Policy

 

IDENTIFICATION DATA:

Company EXPUR S.A., J21/261/1991, VAT number RO22991354, registered office: Sos. Amara no.3, Ialomita County, e-mail: office@expur.ro 

 

PROCESSING OF PERSONAL DATA

Company EXPUR S.A. registered office in Sos. Amara no.3, Ialomita County, guarantees that the processing data of personal data shared by its customers shall be performed in compliance with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

 

Company EXPUR S.A. uses advanced security methods and technologies intended for the protection of personal data, data which are processed in compliance with the legal provisions in force.

 

Company EXPUR S.A. adopted organizational technical measures required for the protection of personal data made available by the site’s users against: accidental or unlawful destruction, against accidental loss, destruction or damage and against unlawful storage, processing, access to or disclosure of such data.

 

DEFINITIONS

1.“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

2.”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

3.”Storing of personal data” represents keeping of personal data on hardcopy or on the computer. 

 

4. “Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.

 

5.”Third party” means a natural or legal person, public authority, agency or body, other than the data subject, controller, processor and persons, who, under the direct authority of the controller or processor, are authorized to process personal data;

 

Company EXPUR S.A. in its capacity of Operator is legally bound to process the personal data you provide under safety conditions and solely to the specified purposes.

 

THE PURPOSES OF PERSONAL DATA COLLECTION

Expur SA processes the personal data for the following purposes:

  1. management of the recruitment process;

  2. collection of orders and establish a business relationship and by reference to their management with the aim of entering into business contracts;

  3. in relation with a legal obligation on part of the Company as provided by the law or order of a public authority;

  4. marketing purposes, intended for the information and promotion of the Expur SA shares, in accordance with the Company’s main line of business, supply of products and/or services.

  5. Resolution of requests, questions and/or of complaints filed by us.  

 

For the fulfillment of the purposes specified above, Company Expur SA conducts the following activities:

  • assessment of products and services offered;

  • business activities intended for the promotion of products and services, activities of marketing, advertising, media, administrative, development, market research, statistics, follow-up and monitoring of sales and of the consumer’s behaviour.

 

LAWFULNESS OF PERSONAL DATA PROCESSING

The lawfulness of personal data by Diplomat Media Events is as follows:

-article 6 paragraph 1 (b) of GDPR “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”;

-article 6 paragraph 1 (c) of GDPR “processing is necessary for compliance with a legal obligation to which the controller is subject”;

-legitimate interest of the Company for compliance with the provisions of article 5 GDPR.

 

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

EXPUR SA guarantees that the collected personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);

  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);

  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);

  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);

  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

 

CATEGORIES OF PERSONAL DATA PROCESSED by EXPUR SA are as follows:

-first name, last name/surname, maiden name;

-phone number;

-email address;

-other personal data provided by the data subject when filling in field “Message”

-IP address

-when sending a CV/resume, alongside with the personal data above listed, we also collect the following data: date of birth, photo, and education-related data.

 

RECIPIENTS OF THE PERSONAL DATA ARE:

-public authorities;

-suppliers of EXPUR SA

 

YOUR RIGHTS

By reading the Terms and Conditions herein you are aware that the following rights are guaranteed:

-right of access to your personal data;

-right to request rectification of inaccurate personal data;

-right to request erasure of personal data in certain circumstances (for example when personal data are no longer necessary for the above purposes);

-right not to be subject to an individual decision-making;

-right to restriction of processing;

-right to object to processing and to request data erasure;

-right of notification in case of personal data breach;

-right to withdraw your consent;

-right to file a complaint before the Supervisory Authority.

 

Based on a written request, dated and signed, sent to the address of Company EXPUR S.A. or sent by email to: office@expur.ro you may, free of charge, exert the rights above.

 

Thus, EXPUR SA may notify users/clients of current offers by newsletter and may send greetings, gift vouchers or other special messages.

 

PERIOD OF PERSONAL DATA STORAGE

EXPUR SA shall store your personal data until you request for their erasure. At any time, you may request erasure of certain information or closing of your account and we shall comply with your request, subject to storing certain information when provided for by the applicable law or required by our legitimate interests. Then when we no longer need your personal data, we will proceed to safe data erasure and destruction.     

 

SECURITY OF PROCESSING

EXPUR SA adopted technical and organizational measures for data processing in compliance with the GDPR requirements in order to safeguard your personal data against any action of unauthorized access, improper use or transmission, unauthorized alteration, accidental destruction or loss. All our employees and collaborators as well as any third parties acting on our name and on our behalf are legally bound to comply with the privacy of your personal data and with the GDPR requirements, in accordance with the provisions of this Policy. 

We ensure that our business contract partners with access to personal data we are processing are legally bound in compliance with the legal provisions and we verify compliance with such obligations.

They shall process personal data on our name and behalf solely on instructions received from the controller and solely by compliance with the security and confidentiality requirements within the imposed limits.