Privacy-policy

In effect from May 25, 2018.

Data protection declaration of SC IAMU SA – BLAJ, in the sense of the General Data Protection Regulation (GDPR)

 

We are very pleased that you have shown interest in our enterprise. Data protection has a special priority for the management of IAMU SA - BLAJ. The use of the Internet pages of IAMU SA - BLAJ is possible without indicating personal data; however, if a person wants to use our services either through the site or directly, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject's consent.

The processing of personal data, such as an individual's name, address, email address or telephone number, must always be carried out in accordance with the General Data Protection Regulation (GDPR) and national data protection legislation. Through this data protection statement, our company wishes to inform the general public about the nature, purpose and object of the personal data we collect, use and process. Furthermore, data subjects are informed, through this data protection declaration, of the rights to which they are entitled.

As an operator, we constantly implement numerous technical and organizational measures to ensure the most complete protection of personal data processed through the Internet and the commercial activity we carry out. However, data transmissions via the Internet may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, each data subject has the freedom to transfer personal data to us by alternative means, e.g. by phone.

1. Definitions

The data protection declaration of IAMU SA - BLAJ is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy statements, policies, notices and agreements must be readable and easy to understand for the general public as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection statement, we use, among others, the following terms:

Personal data

"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity; Special categories of personal data enjoy enhanced protection under the General Data Protection Regulation (GDPR) and represent personal data that refers to: a) data regarding racial or ethnic origin, political opinions, religious confession or philosophical beliefs; b) data on union membership; c) data regarding the physical or mental health or data regarding the sexual life or sexual orientation of a natural person; d) committing or presuming the commission of a crime by the person concerned or; e) any proceedings for an offense committed or alleged to have been committed by the person concerned, the dismissal of such proceedings or the sentence of any court in such proceedings. Data subjects have additional rights in relation to the processing of this data.

The person concerned

"Data subject" is any identified or identifiable natural person, whose personal data is processed by the operator responsible for the processing.

Processing

"Processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modify, extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy;

Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of limiting its future processing;

Creating profiles

"Profiling" means any form of automatic processing of personal data which consists in the use of personal data to assess certain personal aspects relating to a natural person, in particular to analyze or predict aspects of workplace performance , the economic situation, health, personal preferences, interests, reliability, behavior, the place where the respective natural person is or his movements;

Pseudonymisation

"Pseudonymisation" means the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to security measures technical and organizational nature that ensures the non-assignment of said personal data to an identified or identifiable natural person;

Operator or operator responsible for processing

"Operator or operator" responsible for processing means the natural or legal person, public authority, agency or other body that, alone or together with others, determines the purposes and means of processing personal data; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law;

The person authorized by the operator

"Person authorized by the operator" means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator;

Consignee

"Recipient" means the natural or legal person, public authority, agency or other body to whom (to whom) personal data is disclosed, whether or not it is a third party. However, public authorities to whom personal data may be communicated in the context of a specific investigation in accordance with Union or national law are not considered recipients; the processing of this data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing;

Third party

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, the operator, the person authorized by the operator and the persons who, under the direct authority of the operator or the person authorized by the operator, are authorized to process data with personal character;

Consent

"Consent of the data subject" means any manifestation of the data subject's free, specific, informed and unambiguous will by which he accepts, through a statement or an unequivocal action, that personal data concerning him be processed ;


2. Name and address of operator

Operator within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions relating to data protection is: Name: IAMU SA -
BLAJ
Address: str. Gheorghe Barițiunr. 38
City: Blaj
Country: Romania
Phone: 0258 711907
E-mail: ioana.flore@iamu.ro – Ioana Angela Flore – data protection officer;
Website: www.iamu.ro

3. Cookies

The internet pages of IAMU SA – BLAJ do not use cookies.

4. Collection of data and general information

The website of IAMU SA - BLAJ collects a series of general data and information when a subject or automated system requests the website. This data and general information is stored in server log files. (1) browser types and versions used, (2) the operating system used by the access system, (3) the website from which an access system reaches our site (so-called referrences) may be collected ) (5) date and time of access to the website, (6) IP address, (7) Internet service provider of the access system and (8) any other similar data and information that can be used in case of attacks on the systems our IT. When using this data and general information, IAMU SA - BLAJ does not create a profile of the data subject. Rather, this information is needed to: (1) provide the content of our website correctly, (2) optimize the content of our website as well as its advertising; (3) ensure the long-term viability of our information technology systems, and (4) provide law enforcement authorities with information necessary to prosecute a cyber attack. Therefore, IAMU SA - BLAJ statistically analyzes the data and information collected anonymously, with the aim of increasing the security of our data and company data and ensuring an optimal level of protection of the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject. as well as its advertising; (3) ensure the long-term viability of our information technology systems, and (4) provide law enforcement authorities with information necessary to prosecute a cyber attack. Therefore, IAMU SA - BLAJ statistically analyzes the data and information collected anonymously, with the aim of increasing the security of our data and company data and ensuring an optimal level of protection of the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject. as well as its advertising; (3) ensure the long-term viability of our information technology systems, and (4) provide law enforcement authorities with information necessary to prosecute a cyber attack. Therefore, IAMU SA - BLAJ statistically analyzes the data and information collected anonymously, with the aim of increasing the security of our data and company data and ensuring an optimal level of protection of the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject. IAMU SA - BLAJ statistically analyzes the data and information collected anonymously, with the aim of increasing the security of our data and company data and ensuring an optimal level of protection of the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject. IAMU SA - BLAJ statistically analyzes the data and information collected anonymously, with the aim of increasing the security of our data and company data and ensuring an optimal level of protection of the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

5. The possibility to contact through the website

The website of IAMU SA - BLAJ contains information that allows a quick electronic contact with our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts us by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data voluntarily transmitted by a subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of personal data to third parties.

6. Routine deletion and blocking of personal data

The data administrator processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or, to the extent that this is granted by the European legislator or other legislators in the laws or regulations that apply to the operator. If the purpose of storage is not applicable or if a storage period stipulated by the European or other competent legislator expires, personal data is normally blocked or deleted in accordance with legal requirements.

7. The rights of the data subject
a) The right of confirmation

 

Each data subject has the right guaranteed by the European legislator to obtain from the operator a confirmation as to whether or not his personal data is being processed. If a data subject wishes to make use of this right of confirmation, he or she may, at any time, contact our data protection officer or another employee of the operator with specific duties.

b) The right of access

 

Each data subject has the right guaranteed by the European legislator to obtain from the operator free information about his personal data stored at any time, together with a copy of this information. In addition, European directives and regulations grant data subjects access to the following information:

  • - the purpose of the processing;
  • - the categories of personal data in question;
  • - recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients from third countries or international organizations;
  • - if possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to establish this period;
  • - the existence of the right to request the operator to rectify or delete personal data or to restrict the processing of personal data relating to the data subject or to oppose such processing;
  • - the existence of the right to file a complaint with a supervisory authority;
  • - if the personal data are not collected from the data subject, any available information regarding their source;
  • - the existence of an automatic decision-making process, including the creation of profiles (profiling), within the meaning of article 22, paragraphs (1) and (4), of the General Data Protection Regulation, and, at least in these cases, significant information regarding the logical reasoning applied, as well as the meaning and consequences considered in the case of such processing towards the data subject.

 

In addition, the data subject will have the right to obtain information regarding the transfer of personal data to a third country or to an international organization. In this case, the data subject has the right to be informed about the appropriate guarantees regarding the transfer.

If a data subject wishes to exercise this right of access, he or she may at any time contact our data protection officer or another employee of the operator with specific duties.

c) The right to rectification

Each data subject has the right guaranteed by the European legislator to obtain from the operator, without undue delay, the rectification of his inaccurate personal data. Taking into account the purposes of the processing, the data subject has the right to complete incomplete personal data, including by providing an additional statement.

If a data subject wishes to exercise this right to rectification, he may, at any time, contact our data protection officer or another employee of the operator with specific duties.

d) Right to erasure (Right to be forgotten)

Each data subject has the right guaranteed by the European legislator to obtain from the operator the deletion of personal data concerning him, without undue delay, and the operator has the obligation to delete, without delay, the personal data in the event that one of the following reasons apply, as long as the processing is no longer necessary or lawful:

  • - Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • - The data subject withdraws the consent on which the processing is based in accordance with Article 6, paragraph (1), letter (a) of the General Data Protection Regulation (GDPR) or Article 9, paragraph (2), letter (a) of General Data Protection Regulation (GDPR) and if there is no other related basis for processing;
  • - The data subject objects to the processing in accordance with Article 21, paragraph 1 of the General Data Protection Regulation (GDPR) and there are no imperative legal grounds for the processing or the data subject objects to the processing in accordance with Article 21, paragraph (2) of GDPR.;
  • - Personal data were processed illegally;
  • - Personal data must be deleted to comply with a legal obligation of Union law or of the member state to which the operator is subject;
  • - Personal data were collected in connection with the offer of information society services referred to in Article 8 paragraph (1) of the GDPR.

If one of the reasons mentioned above applies and a data subject wishes to request the deletion of personal data stored by IAMU SA - BLAJ, he or she may at any time contact our data protection officer or another employee of the operator with specific duties. The data protection officer of IAMU SA - BLAJ or the respective employee must promptly ensure that the deletion request is resolved promptly.

If the operator has made the personal data public and is obliged, in accordance with Article 17, paragraph (1), to delete the personal data, he, taking into account the technology at his disposal and the costs of implementation, takes reasonable measures, including technical measures, to inform all other operators who process the data, that the data subject has requested the deletion by the operators of any links, copies or replicas of this personal data, to the extent that the processing does not is still needed. The data protection officer of IAMU SA - BLAJ or another employee, with specific duties, will establish the necessary measures for each individual case.

e) The right to restrict processing

Each data subject has the right guaranteed by the European legislator to obtain from the operator the restriction of processing if one of the following situations applies:

  • - The processing is illegal and the data subject opposes the deletion of personal data and instead requests the limitation of their use.
  • - The operator no longer needs the personal data for the purpose of processing, but they are requested by the data subject to establish, exercise or defend some legal claims.
  • - The accuracy of the personal data is disputed by the data subject, for a period that allows the operator to verify the accuracy of the personal data.
  • - The data subject has objected to the processing in accordance with Article 21(1) of the General Data Protection Regulation (GDPR), pending verification that the legitimate bases of the controller overlap with those of the data subject.

If one of the conditions mentioned above is met and the data subject wishes to request the restriction of the processing of personal data stored by IAMU SA - BLAJ, he can always contact our data protection officer or another employee of the operator, with specific duties. The data protection officer of IAMU SA - BLAJ or the respective employee will schedule the restriction of processing.

f) The right to data portability

Each data subject has the right, guaranteed by the European legislator, to receive the personal data provided to him by an operator, in an electronic format with a usual/intuitive structure. He has the right to transmit this data to another operator without being hindered by the operator to whom the personal data were provided, as long as the processing is based on the consent provided for in Article 6 paragraph (1) letter (a) of the General Regulation on Data Protection (GDPR) or of Article 9 paragraph (2) letter (a) of the General Data Protection Regulation (GDPR) or of a contract based on Article 6 (1) letter (b) of the General Data Protection Regulation ( GDPR), and the processing is done by automatic means,

In addition, in exercising his right to data portability, in accordance with Article 20(1) of the GDPR, the data subject has the right to transmit personal data directly from one controller to another, if this is feasible from the point of view of technically and when this procedure does not adversely affect the rights and freedoms of others. In order to exercise the right to data portability, the data subject can at any time contact the data protection officer designated by IAMU SA - BLAJ or another employee with specific duties.

g) The right to object / to oppose

Each data subject has the right guaranteed by the European legislator to object, at any time, for reasons related to his particular situation, to the processing of personal data concerning him, based on letter (e) or (f) of Article 6 paragraph (1) of the Regulation (GDPR). This also applies to profiling based on these provisions. IAMU SA - BLAJ will no longer process personal data in the event of an opposition, unless we can demonstrate justified reasons regarding the processing, consideration for the interests, rights and freedoms of the data subject if they are necessary for the establishment, exercising or defending legitimate claims.

If IAMU SA - BLAJ processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing. This applies to profiling insofar as it is related to such direct marketing. If the data subject objects to IAMU SA - BLAJ regarding the processing for direct marketing purposes, IAMU SA - BLAJ will no longer take over the personal data for these purposes.

In addition, the data subject has the right, for reasons related to his particular situation, to object to the processing of his personal data by IAMU SA - BLAJ for scientific or historical research purposes or for statistical purposes, in accordance with Article 89 paragraph (1) of the GDPR, unless the processing is necessary for the performance of a task in the public interest. To exercise the right to object, the data subject can directly contact the data protection officer of IAMU SA - BLAJ or another employee with specific duties. In addition, the data subject is free in the context of the use of information society services and, without prejudice to Directive 2002/58 / EC, to use his right to object by automated means through the use of technical specifications.

h) The automated decision-making process, including the creation of profiles (profiling)

Each data subject has the right guaranteed by the European legislator not to be the subject of a decision based exclusively on automated processing, including the creation of profiles (progiling), which would produce legal effects on him or significantly affect him, as long as the decision (1) is not necessary for the conclusion or execution of a contract between the data subject and a data controller or (2) is not authorized by the legislation of the Union or the Member State of which the controller is a part and also provides for the adoption of appropriate measures for to protect the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is necessary for the conclusion or execution of a contract between the data subject and a data controller or (2) is based on the explicit consent of the data subject, IAMU SA - BLAJ will implement the appropriate measures to protect the rights, freedoms and the legitimate interests of the data subject and ensure at least the right to obtain a human intervention from the operator, to express his point of view and to challenge the decision.

If the data subject wishes to exercise his rights regarding the automated decision-making process, he can contact, at any time, directly, the data protection officer of IAMU SA - BLAJ or another employee of the operator, with specific attributions .

i) The right to withdraw data protection consent

Each data subject has the right granted by the European legislator to withdraw his consent to the processing of his personal data at any time. If the data subject wishes to exercise the right to withdraw consent, he or she may at any time directly contact our data protection officer of IAMU SA - BLAJ or another employee of the operator.

8. Legal basis for processing

Art. 6, paragraph (1) letter of the General Data Protection Regulation (GDPR) serves as the legal basis for processing operations for which we obtain consent for certain processing purposes. If the processing of personal data is necessary for the conclusion and, subsequently, the performance of a contract to which the data subject is a party, as is the case, for example, when the processing operations are necessary for the supply of goods or for the provision of any other service, the processing it is done on the basis of article 6, para. (1) lit. b of the General Data Protection Regulation (GDPR). The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the accounting archive and other archives, registers and opis required by law and specific nomenclature, the processing is done based on art. 6, para. (1) lit. c of the General Data Protection Regulation (GDPR). In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a data subject, regardless of relationship, was injured at our company's premises and their name, age, health insurance details or other vital information should be provided to a doctor, hospital or other third party. Then, the processing will be based on Art. 6, para. (1) lit. d of the General Data Protection Regulation (GDPR). Finally, processing operations could be based on Article 6 para. (1) letter f. from the General Data Protection Regulation (GDPR). This legal basis is used for processing operations that are not covered by any of the legal grounds mentioned above, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, unless these interests are superseded by interests or fundamental rights and freedoms of the data subject, which require protection of personal data. Such processing operations are specifically permitted because they have been specifically mentioned by the European legislator.

9. Provision of personal data as a legal or contractual requirement; Necessary requirement to conclude a contract; Obligation of the data subject to provide personal data; the possible consequences in case of refusal to provide this data

We clarify that the provision of personal data is partly required by law (e.g. fiscal, accounting regulations, labor legislation, archiving rules) or may also result from contractual provisions (e.g. information regarding the contractual partner and/or its representative ). Sometimes it may be necessary to conclude a contract according to which the data subject provides us with personal data, which must be further processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. Refusal to provide personal data would result in the fact that the contract could not be concluded with the data subject or the company he represents. Before the data subject provides personal data, the data subject must contact our data protection officer. Our data protection officer clarifies for the data subject whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data and the consequences of refusing to provide personal data.

10. Legitimate interests pursued by the operator or a third party

If the processing of personal data is based on Article 6 paragraph (1) lit. f. of the General Data Protection Regulation, our legitimate interest is to conduct our business in favor of the well-being of all our employees and shareholders.

11. The period for which the personal data will be stored

The criteria used to determine the storage period of personal data are, in principle, the legal retention period. After the expiry of the respective period, the corresponding data are routinely deleted, as long as they are no longer necessary for the performance of the contract or the initiation of a contract. Also, IAMU SA - BLAJ has adopted a document retention policy, which can be made available to any person concerned through the Data Protection Officer.

12. CCTV (closed circuit video surveillance)

IAMU SA - BLAJ has a closed-circuit video monitoring system, installed in the exterior spaces and inside the production spaces, both for security reasons (against the theft or destruction of production equipment of significant value) and to prevent disputes in occupational health and safety, with the purpose of its use prominently displayed. Captured images are retained for a limited period of time, except where the image identifies a problem and is specifically retained in the context of an investigation into that problem .Data is stored in a secure environment and access is limited to authorized personnel.

The storage period is 30 days, after which the recordings are automatically deleted from the system.

 

13. Persons authorized by the operator

There are times when IAMU SA – BLAJ, wants to outsource a service to an external provider. If the service involves the processing of personal data on behalf of IAMU SA - BLAJ, there must be a written agreement between the data operator and the service provider, which imposes data protection standards on the person authorized by the operator, respectively the person who processes them.

14. Existence of an automated decision-making process.

As a responsible company, we do not make automated decisions, nor are profiles created automatically.