Respecting the right to the protection of personal data, as well as the right to private life, is one of the fundamental missions of SYSTEMA CERTIFICĂRI S.R.L., registered at the Mures Trade Registry, under number J26/431/2014, tax code RO 33095759, on Str. Madach, No. 8, Târgu-Mureș, Jud. Mureș, Romania, phone: (+4) 0365 882 352, email: office@systemaglobal.ro.

Thus, we take all the necessary steps to process your personal data in accordance with the principles established by the data protection legislation applicable in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in regarding the processing of personal data and regarding the free movement of such data and the repeal of Directive 95/46/EC (“GDPR”).

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, an identification number, location data, an online identifier, or to an or more specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

This personal data processing policy presents the following sections:

What kind of personal data do we process?

  • Sensitive data
  • For what purpose and on what grounds do we process your personal data?
  • To whom do we share your personal data?
  • Do we collect personal data from third parties?
  • Do we transfer your data outside the EU/EEA?
  • Your provision of personal data of other natural persons
  • How long do we keep your personal data?
  • What are your rights?
  • Is your data safe?
  • Links to other websites
  • Questions or complaints
  • Policy Changes

WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are his potential customer

We collect personal data from most interactions with you, as well as in other aspects of our business. The categories of data we collect are as follows:

  1. name and surname, e-mail address, series and number of identity card, personal numerical code, telephone number and your address, signature, other data entered in the identity card.
  2. your account data (total or partial IBAN code, transaction code, payer’s bank, etc.) and/or bank card data (card type, credit/debit card number, holder’s name, expiration date and security code);
  3. civil status data (inscribed in the birth certificate, marriage, etc.), data related to studies and qualifications.
  4. information you provide regarding your marketing preferences or in the course of participating in the certification process or courses;
  5. information about the motor vehicles you may bring onto our property;
  6. the location of the cars owned by the company, monitored by the GPS system;
  7. data related to internet traffic from the location;
  8. the time and date of accessing the website and the IP address from which the company’s website was accessed;
  9. reviews and opinions about the services provided by our company;
  10. any other types of information you choose to provide us or any other public information about you.

Also, surveillance cameras and other security measures on our properties may capture or record images of guests in public places (such as entrances to the company’s premises) as well as your location data (through the images captured by the surveillance cameras , access cards, data traffic and/or other technologies).

You can always choose which personal data you want to provide to us. However, if you choose not to provide certain personal data, where the basis of our request is to comply with a legal obligation, contractual obligations or obligations necessary to enter into a contract, we will be unable to provide you with certain services.

If you are a potential employee

We collect the information from the CV sent by you as well as any other information submitted together with the CV and/or during the interviews you attended.

If you are a visitor within our company

We collect your first and last name, as well as information regarding the purpose of the visit.

Surveillance cameras can also capture or record images of visitors in public places.

If you are a user of our website

Simply accessing our website will not lead to the collection of your personal data unless you voluntarily enter certain data.

However, we collect the time and date of the website access and the IP address from which our website was accessed. (see Cookie Policy).

If you are a representative contact person of our suppliers or business partners

We collect the name, first name, function as well as any other data provided by you or the company you represent.

If you are employed

Please read the Employee Privacy Policy, made available at the time of employment and available at any time from the Human Resources Department

SENSITIVE DATA

The term “sensitive data” refers to racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership and the processing of genetic data, biometric data, health data or data on sex life or sexual orientation.

We generally do not collect sensitive information unless you choose to provide it to us. We may use the health data you provide to provide better services and respond to your special requirements.

FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

If you are his client potential client

  1. Presentation of a service offer:
    Purpose: We process your personal data to be able to make you a price and service offer according to your requirements.
    Legal basis: art. 6 paragraph 1 lit. a of the General Data Protection Regulation

Execution of a contract:
Purpose: We process your personal data for the conclusion and execution of a contract.
Legal basis: art. 6 paragraph 2 of the General Data Protection Regulation.

  1. Feedback:
    Purpose: We process your personal data to ensure that you had a pleasant experience with the services offered by our company.
    Legal basis: 6 paragraph 1 letter f of the General Data Protection Regulation, considering our legitimate interest to constantly improve the services we offer and to offer services that are as suitable and compliant as possible with the standards of our customers
  2. Marketing:
    Purpose: We process your Personal Data for marketing purposes, such as commercial newsletters and marketing communications about new products and services or other offers that we believe may be of interest to you.
    Legal basis: art. 6 paragraph 1 letter f of the General Data Protection Regulation, meaning that we rely on the legitimate interest to promote our services by sending offers that we consider to be of interest to you.
    If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we inform you that you will be able to withdraw your consent for marketing processing at any time, in which case you will no longer receive any marketing communications from us.
    We will include an unsubscribe link that you can use if you no longer want us to send you messages.
    Also, on the occasion of organizing certain events within our company, it is possible to take some photos, and some of these could also be distributed online to show others what our events are like. In any case, because we take into account your right to privacy, we take care that the photos do not highlight certain people and we will do our best to inform you that photos will be taken (for objections to the photos our see “Right to oppose” in the “Your rights” Section).
  3. Other Communications: By email, post, phone or SMS
    Purpose: these communications will be made for a specific reason such as: to inform you about our offers and promotions, to respond to your requests, to inform you about the way in which the complaints and/or incidents you have experienced have been resolved , etc.
    Legal basis: 6 paragraph 1 letter f of the General Data Protection Regulation, given our legitimate interest in providing services at the highest standards by resolving any requests/complaints and to assure you of our full availability.
  4. Analysis, improvement and research:
    Purpose: to ensure the constant qualitative evolution of our services, we take care to analyze every complaint/suggestion from you, so we draw up statistical reports to identify problems, the degree of repetition and to find the best solutions to fix them .
    Legal basis: 6 paragraph 1 letter f of the General Data Protection Regulation, in which we rely on our legitimate interest to provide services that meet your and our company’s standards.

If you are a visitor within our company

Scope: we process your personal data to ensure the protection of people and assets within our company.
Legal basis: art. 6 paragraph 1 letter f of the General Data Protection Regulation, given our legitimate interest in ensuring both the protection of individuals and the protection of the assets of customers/company/staff within the company.

If you are a user of our website

Scope: traffic monitoring in order to identify errors and/or any other dysfunction of the site

Legal basis: art. 6 paragraph 1 letter f of the General Data Protection Regulation, meaning that we base this data processing activity on our legitimate interest, namely making a fully functional website available to you by fixing any error, as well as by continuously improving it.

If you are a representative contact person of our suppliers or business partners

Scope:

performance of contractual relations with our suppliers or business partners.

Legal basis: art. 6 paragraph 1 letter b of the General Data Protection Regulation, for the execution of a contract.

If you are a potential employee

Scope:

assessment of your employment application.

Legal basis: art. 6 paragraph 1 letter b of the General Data Protection Regulation, for the conclusion of a contract

If you are employed

Please see the employee privacy policy, made available at the time of employment and available at any time from the Human Resources Department.

For all the categories of people above, we may also process your data in the context of the following activities:

  1. Restructuring or internal reorganizations or sales of assets or shares/shares:
    Purpose: we process your data to carry out the operations mentioned above
    Legal basis: art. 6 paragraph 1 letter f of the General Regulation on Data Protection, given the legitimate interest to carry out the operations, especially in the conditions where they would be impossible to carry out without a processing of your data.
    However, we assure you that this possible processing will be carried out in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.
  2. Security:
    Purpose: We process personal data for the security of assets and the physical integrity of individuals.
    Grounds: 6 paragraph 1 lit. f of the General Data Protection Regulation, we rely on our legitimate interest to ensure the protection of your assets and the company, as well as the protection of people within its perimeter.
  3. Legal reasons:
    Purpose: in certain cases, we need to process the information provided, which may include personal data, to resolve legal disputes or complaints, for investigations and to comply with applicable legal regulations, to enforce an agreement or to comply with requests from on the part of public bodies to the extent that these requests meet the conditions imposed by law.
    Grounds: the reasons for the processing can be represented by the legal obligation (if we have the legal obligation to disclose certain personal data to public authorities) or by our legitimate interest to resolve any disputes and/or complaints.

TO WHOM WE TRANSMIT YOUR DATA. PERSONAL?

In order to provide you with high-quality services, we may share your personal information with our service providers and other third parties, as detailed below:

  1. Suppliers: in order to provide the requested services, in some cases, we will need to pass on some of your personal data to suppliers, and they have the capacity of proxies and process the data on our behalf, on behalf of and in accordance with our instructions (such as suppliers of software, IT, accounting services, medical services, etc.).
  2. Business Partners: In some cases, we partner with other companies to provide you with products, services or offers.
  3. Co-Sponsors of Promotions: In certain cases, we co-sponsor promotions, sweepstakes, sweepstakes, contests or contests with other companies or may provide prizes for sweepstakes and contests sponsored by other companies. If you participate in these sweepstakes or contests, we may share your personal information with the collaborating sponsor or a third party sponsor.
  4. Authorities and/or public institutions for: (i) compliance with legal provisions, (ii) to respond to their requests, (iii) for reasons of public interest.

The privacy of your data is important to us, which is why, where possible, the transmission of personal data in accordance with the above is only carried out on the basis of a confidentiality undertaking from the recipients, guaranteeing that this data is kept safe and that the provision of this information is done in accordance with applicable law and policies. In any case, each time we will transmit to the recipients only the information strictly necessary to achieve the respective purpose.

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?

In order to provide you with high-quality services, we may collect information about you from our business partners and other third parties, as detailed below:

  1. Business partners: such as providers and recipients of training or ISO certification services.
  2. Co-Sponsors of Promotions: In certain cases, we co-sponsor promotions, sweepstakes, sweepstakes, contests or contests with other companies or may provide prizes for sweepstakes and contests sponsored by other companies. If you participate in these sweepstakes or contests, we may collect your personal data from the collaborating sponsor or a third-party sponsor. In any case, we assure you that your data collected from the third parties will be processed under the same conditions as if collected directly from you. We will also only collect what is necessary to fulfill our purposes. (see Section “FOR WHAT PURPOSE AND ON WHAT BASIS ARE YOUR PERSONAL DATA PROCESSED?”).
    In addition, when we contact you for the first time, we will first inform you of the source from which we obtained your personal data.

 

DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE EU/EEA?

We do NOT transfer your data outside the European Union or the European Economic Area.

 

SUPPLY BY YOU OF THE PERSONAL DATA OF OTHER NATURAL PERSONS

If you provide us with the personal data of other natural persons, please obtain their consent before providing us with their personal data and let them know how it will be processed, as described in this privacy policy.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Your personal data is kept for as long as the purposes detailed in this policy are carried out, unless a longer retention period is required or permitted by applicable law.

We constantly review the need to retain your personal data, and to the extent that processing is no longer necessary and there is no legal obligation to retain the data, we will destroy your personal information as soon as possible and in a way that does not can still be recovered or reconstructed (for example, we will delete/destroy all data of people who were not hired following interviews, if there is no serious prospect of employment in the future).

If personal information is printed on paper, it will be securely destroyed by shredder, and if it is saved on electronic media, it will be deleted by technical means to ensure that the information cannot be recovered or reconstituted later.

WHAT ARE YOUR RIGHTS?

As a data subject, you benefit from the following rights provided by the GDPR:

  1. Right of access: you can request from us (i) a confirmation of whether or not personal data is being processed and, if so, access to that data and information about it, as well as (ii) a copy of your data personal data we hold (art. 15 of the GDPR);
  2. The right to rectification: you can inform us about any changes to your personal data or ask us to correct the personal data we hold about you (art. 16 GDPR);
  3. The right to erasure (“the right to be forgotten”): in certain situations (such as (i) if the data was collected illegally, (ii) the deadline for data storage has expired, (iii) you have exercised your right upon opposition or (iv) the data processing is based on consent and you have withdrawn your consent, you can ask us to delete the personal data we hold about you (art. 17 of the GDPR);
  4. The right to restrict processing: in certain situations (such as the case where the accuracy of this data or the legality of the processing is disputed), you can ask us to restrict the processing of your data for a certain period (art. 18 of the GDPR);
  5. The right to data portability: ask us to send your personal data to a third party or directly to you (Art. 20 GDPR);
  6. The right to opposition: in certain situations (such as processing that has as its legal basis the legitimate interest), you can ask us to stop processing your data (art. 21 of the GDPR);

If we use your personal data based on your consent, you have the right to withdraw this consent at any time. In this situation, your data will no longer be processed by us, unless a legal provision obliges us to keep and archive them. In any case, we will inform you if there is such a legal provision and we will indicate it expressly.

IT’S YOUR DATA. IN SAFETY?

We take your personal security seriously, which is why we take important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data. This involves internal reviews of data collection, retention and processing practices and security measures, as well as physical security measures to protect against unauthorized access to the systems where we store personal data.

We also require our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data.

LINKS TO OTHER WEBSITES

Our website contains links to third party websites. Please note that we are not responsible for the collection, use, retention, sharing or disclosure of data or information by such third parties. If you use or provide information on third-party sites, the terms and privacy policy of those sites apply. We advise you to read the privacy policy of the websites you visit before submitting personal data.

The use of internet services offered by SYSTEMA CERTIFICĂRI S.R.L. it is subject to the terms of use and privacy policy of the internet providers. You can access those terms and policies by using the links on that service’s login page or by visiting your Internet provider’s website.

QUESTIONS OR COMPLAINTS

If you have any questions or concerns about the processing of your personal data or if you wish to exercise any of the rights mentioned above, you are welcome to contact our Personal Data Protection Officer at our company headquarters or by sending an e-mail to the following address: office@systemaglobal.ro, and we will respond to you within 30 days of receiving the request.

Also, to the extent that you do not have electronic means or do not want to use them, you can make a written request that you submit to SYSTEMA CERTIFICĂRI S.R.L., Târgu-Mureș, Str. Madach Imre, No. 8, Jud. Mureș, Romania. For any other additional information, you can call us on (+4) 0728 288 035.

To the extent that you are not satisfied with the way in which your request was resolved, you can submit a complaint to the National Supervisory Authority for the Processing of Personal Data.

POLICY CHANGES

This privacy policy may change in accordance with changes in data policy legislation or based on changes to our services or organization. If we make material changes to it, we will post a link to the revised policy on the home page of our website. If we make significant changes that will have an impact on your rights and freedoms (for example, when we start processing your personal data for purposes other than those specified above), we will contact you before we start this processing.

To help you keep track of the most important changes, we will include a change history below to acknowledge changes to this policy.

Last update: 03.10.2022