1. Introduction
The purpose of this letter is to provide the data subjects with the information required by the applicable regulations and in particular by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection and confidentiality of individuals with regarding the processing of personal data and the free movement of such data (General Data Protection Regulation or "GDPR").
As you are part of our company business partners and contacts whose personal data we save, we would like to inform you about various aspects of the upcoming GDPR implementation.
2. Processing of personal data
The entity that is responsible for the processing of your personal data is :
ROMSAN INTERNATIONAL COMPANY SRL
Bucuresti-Magurele Street, No. 25 C
051431 Bucureşti Sectorul 5 ,Romania
J40/5237/1999, C.U.I 11833936
By “personal data”, we understand any information that can identify you, both directly and indirectly.
By “processing”, we refer to anything we do with such personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. How personal data are collected
Primarily, we collect personal data that you provide to us, e.g. when you leave us a message via our website’s contact page, when you send us your C.V., when you enter into an agreement with us, when you get a work-contract and became an employee.
Furthermore, we might be provided with your personal data via other sources, e.g. if you act as contact person for a legal entity, through the use of cookies when you visit our website, when you attend events as exhibitions.
4. Wich personal data are processed
We restrict the processing of personal data to avoid excessive processing of personal data. At ROMSAN INT we will therefore process your personal data in a way that is adequate, relevant and limited to what is necessary in accordance with the law.
Typically, the types of personal data we process are:
- Identification data: Name, surname, address, registration number, phone number, e-mail address
- Information about your purchases of our trusted partners’ products and services
- Information about your use of our website and/or App
- The communications you exchange with us via letters, e-mails,and phone calls
We do not process sensitive personal data such as data relating to health, religious, political or philosophical beliefs, sexual orientation or ethnicity, except when we would have a legitimate interest or legal obligation like for health and safety purposes, to adapt the workplace to specific health-related circumstances, for the prevention and investigation of fraud or other criminal activity; or otherwise when this would be required by law enforcement.
5. Purposes of processing personal data
We process personal data only for specific and well-defined purposes and will not process your personal data for purposes which go beyond what you could reasonably expect us to do with it.
In particular, we may process your personal data for the following purposes for which we have a legal basis as indicate below:
- Performance of a contract: Processing of your personal data might be required in order to take the necessary steps at your request prior to entering into a contract, or in order to execute it when a contract is already in place;
- Incident management: We may process your personal data if you are affected by an incident, e.g. at the work floor.
- Legitimate interest: Your personal data might be processed when required for our legitimate interests to prevent fraud and protect vital interests
- Legal obligation: We may have to process your personal data for compliance with a legal obligation to which we are subject;
- To establish statistics and reporting
- To improve the security of our network and our information systems;
- To better understand the interaction of users with our websites;
- To determine the effectiveness of promotional campaigns and advertising
- For any other specific purpose you have consented to.
6. Sharing your personal data
Where required for the purpose for which your personal data were collected (cf. section 5 above), we may transfer personal data to other entities within the OSG Group .
ROMSAN INT has taken appropriate safeguards and measures to ensure that if personal data are exchanged or shared within the OSG Group, they are duly protected in line with applicable legislation.
Your personal data might be transferred to third parties, trusted service providers we are using to run our business such as transporters, e-mail marketing service providers assisting our marketing team.
We ensure that third parties only have access to personal data when they need them to carry out the specific tasks necessary and commit to process the data in a secure and confidential manner as well as use them in line with our instructions.
Please note that we do not sell your personal data to any third party for commercial purposes.
Where personal data are transferred out of the European Economic Area (EEA) and where the level of personal data protection is not the same as in the EEA, we provide appropriate safeguards in the form of standard contractual clauses and with adequate decisions.
In this way, we ensure that your personal data transferred to third parties outside of the EEA is processed with the same degree of care as in Romania .
If you wish to receive more information on the third parties to whom we may communicate your personal information to according to the law or as part of a service we have entrusted to them, or on the appropriate or suitable safeguards we use in case of international data transfer referred to before, please contact gdpr.privacy@osgeurope.com.
7. Retaining your personal data
At ROMSAN INT we are not willing to store personal data for longer than is necessary for the purpose(s) for which they were collected.
As the retention period depends on the purpose for which the personal data were initially collected, we use the purpose as criterion to determine such retention period in compliance with legal and contractual obligations.
After expiry of the retention period, we are committed to securely erase, destroy or anonymize personal data that is no longer required in relation to the purpose for which they were collected.
8. Keeping your data secure
At ROMSAN INT we are committed to keeping your data secure. To that end, we have adopted appropriate technical and organizational measures to duly protect your personal data.
- Maintenance of an information security policy;
- Definitions of functions and obligations of every member of our personnel with access to your personal data, as appropriately documented;
- Strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage;
- Back-up copying and data recovery procedures;
- Training of our personnel on company’s data protection and information security standards and policies.
9. The use of cookies on our website
ROMSAN INT uses cookies on its websites, for example to help it perform better, remember your preferences, and present you with information that we think is of interest or use to you.
In general terms, cookies are small data files sent by a web server that are stored on your computer. They can perform different functions but typically keep a record of websites visited. They contain a small amount of information regarding website visits that can be used to remember you and your preferences for later visits.
Cookies can be either ‘functional’ containing, for example, the choice of language or region chosen by the website visitor enabling you to not repeat entering the same data when visiting our website. Those functionalities are for instance provided by session cookies that store information about user page activities allowing them to easily pick up where they left off on ROMSAN INT ’s webpage.
We also process data recorded through non-functional cookies to draw up statistics or studies relevant to the ROMSAN INT website and to ensure that its content and performance is improved.
Most web browsers are automatically configured to accept cookies. However, you can configure your browser to inform you of each cookie sent, or to prevent them being saved on your hard drive. If you refuse cookies we cannot guarantee you full access to our website; you may experience it running at reduced speed or be unable to access to all services.
For more information on the use of cookies by ROMSAN INT, please consult the www.osgeurope.com cookie notice.
For more general information on the use of cookies, please see www.allaboutcookies.org.
10. Your rights
At ROMSAN INT, we aim to be transparent, not only about how we process personal data about you, but also about your rights that are linked to such processing. Therefore, we want to remind you of the existence of the following rights:
- Right to request access to the personal data we hold about you;
- Right to rectification or erasure of such data;
- Right to obtain restriction of processing or to object to such processing;
- Right to data portability; and
- Right to withdraw your consent at any time, where the processing is based upon such consent
You can exercise these rights by contacting us at gdpr.privacy@osgeurope.com. In order to avoid unlawful access to your personal data, ROMSAN INT will request you to provide a proof of your identity.
If you have any queries about this privacy notice or experiencing any other privacy issue, we are committed to promptly dealing with any privacy-related complaints and as such have procedures that enable us to efficiently respond to any issue you may have.
If you have a complaint related to the processing of your personal data by ROMSAN INT including a data breach, please contact us via :
Letter to the address: ROMSAN INTERNATIONAL COMPANY SRL
Bucuresti-Magurele Street, No. 25 C
051431 Bucureşti Sectorul 5 ,Romania
Phone nr : (+4) 021 322.07.47
E-mail : gdpr.privacy@osgeurope.com
If you are not satisfied with the way your complaint relating to personal data protection has been dealt with, you can also report your complaint to commission@privacycommission.be
11. About the privacy notice
This privacy notice, dating from 23.05.2018, may be adapted in order to ensure that its content accurately reflects regulatory developments, as well as changes that may occur at ROMSAN INT.
The latest applicable version will be available on the website and we will inform you of changes via the website and other communications.
