The protection of your personal data is very important to S.C. Aquaproiect S.A (hereinafter referred to as “Aquaproiect” or the “controller”), a Romanian legal entity, headquartered in Bucharest, Splaiul Independentei 294, sector 6, fiscal registration code RO 448510, registered with the Trade Register of the Municipality of Bucharest under no. J40/2518/1991. We want you to be properly informed about the manner and purposes for which Aquaproiect processes your personal data.
Purpose
The purpose of this Personal Data Processing Security Policy (hereinafter referred to as the “Security Policy”) is to establish the necessary measures and responsibilities of Aquaproiect employees with responsibilities for processing personal data and/or, where applicable, of persons empowered by Aquaproiect, to fulfill the obligations relating to the guarantee and protection of fundamental rights and freedoms of natural persons, in particular the right to intimate, family and private life, with regard to the processing of personal data.
Scope
This policy applies to all Aquaproiect employees with responsibilities for processing personal data and/or, where applicable, persons empowered.
Terms and definitions
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for his designation may be laid down in Union or national law;
‘processor’ means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be communicated in the context of a specific investigation in accordance with Union or national law shall not be considered recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules, in accordance with the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data;
“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear action, signifies agreement to personal data relating to him or her being processed.
Principles of personal data processing
– Personal data are processed by Aquaproiect in good faith and in accordance with the legal provisions in force.
– Personal data are collected by Aquaproiect for well-determined, explicit and legitimate purposes, and further processing will not be incompatible with these purposes.
– Personal data are adequate, relevant and not excessive in relation to the purpose for which they are collected and subsequently processed.
– Personal data are not stored by Aquaproiect for a longer period than is necessary to achieve the purposes for which they were collected.
– Aquaproiect has taken appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing, as well as with regard to the deletion or rectification of inaccurate or incomplete data in terms of the purpose for which they are collected and for which they will be subsequently processed.
Data categories and purpose of use of personal data
The personal data referred to in this Security Policy include identification elements such as name and surname, name and surname of legal representatives, telephone/fax, home/residence address, e-mail address, personal identification number, series and number of the identity document/passport, place of employment, profession, professional training – diplomas – studies, bank details or other similar, which serve to identify you or the persons who represent you or whom you represent.
Aquaproiect collects, uses, processes and provides the personal data provided by you for the purpose of executing or concluding contracts and fulfilling legal obligations.
Personal data is intended for use by Aquaproiect and is collected by persons designated for this purpose. Part of this data (only the necessary ones) may be communicated to contractual partners of Aquaproiect.
General rules
-
- This Security Policy establishes technical and organizational measures implemented by Aquaproiect, to fulfill the obligations regarding the confidentiality and security of the processing carried out within the framework of its activity. Minimum security requirements are considered a complex of technical, IT, organizational, logistical and procedural measures that ensure a minimum level of security of the processing, according to art. 20 of Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and the free movement of such data (“Law no. 677/2001”) and in accordance with the minimum security requirements for the processing of personal data, approved by Order no. 52/2002 issued by the People’s Advocate (“Order no. 52/2002”).
- Aquaproiect has adopted appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing.
- In order to comply with the relevant legal provisions and in order to meet the requirements for the safe storage of data and information, Aquaproiect has developed and implemented organizational and technical measures focused on certain directions of action:
- user identification and authentication;
- access type;
- data collection;
- backup execution;
- computers and access terminals;
- access files;
- staff training;
- telecommunications systems;
- computer use;
- data printing.
The rights of individuals whose personal data are collected and/or processed
According to Law No. 677/2001, you have the following rights regarding the processing of personal data concerning you:
- The right to be informed
- The right to access your data
- The right to intervene on your data
- The right to oppose
- The right tot not to be subject to an individual decision
- The right to seek justice
To exercise these rights, you may submit a written, dated and signed request, using the contact details indicated in this Security Policy.
Disclosure of personal data to third parties
The collected data is disclosed to third parties only if Aquaproiect is subject to a legal obligation in this regard. Any disclosure to third parties under other conditions of personal data will be made only at the request of management.
Contact
For requests or questions regarding this Security Policy, please contact Aquaproiect, using the following contact details:
Address: 294 Splaiul independenței, sector 6, Bucharest 060031, Romania
Tel.: +40 021 316 00 35
Fax: + 40 021 316 00 42
E-mail: office@aquaproiect.ro