Privacy and Data Protection Policy

Last update: 27.07.2022

This policy details the practice of Eltrex SRL regarding the processing of visitors’ personal data https://www.eltrex.net (from here on generically referred to as the Site) and its purpose is to inform users about this topic.

By continuing to use the Site, you acknowledge that you have read and agree to this Privacy and Data Protection Policy, Cookies Policy of use and the Terms and Conditions, documents posted on the Site.

CONTENT:

  1. Data operator identification
  2. Contact details in the field of personal data protection
  3. Targeted person
  4. Personal data processed
  5. Processing the personal data
  6. Purpose
  7. Data processing recipients
  8. Legal basis of data processing
  9. Type of processing the data
  10. Duration of processing and storage of data
  11. Rights of the targeted person
  12. The main obligations of the targeted person
  13. The Company’s obligations. Security measures for processed data
  14. Liability of the Company
  15. Transfer to third countries/international organizations
  16. Final provisions

1.     Data operator identification

Name: Eltrex SRL (hereinafter referred to as “the Company” or Eltrex,)

Headquarters: Grigore Alexandrescu Street, no.180, Timișoara, Romania

J35 /396 /1999, CUI RO11738772

E-mail: info@eltrex.ro; hr@eltrex.ro

2.     Contact details in the field of personal data protection

The company collects information from users in the following ways: directly from the user, from the traffic reports recorded by the servers hosting the Site and cookies.

Information directly provided by the user:

  • When the user sends an email using the data from the “Contact” section, in addition to his email address, he will be able to communicate Eltrex other personal data, too(such as his name and surname, his telephone number, home address, position held within the employer he represents).

The transmission of requests using the data from the “Contact” section it is not mandatory neither for visiting the Site, nor for benefiting from the services of the Company. Moreover, all this information can be transmitted in another way (for example, presenting written addresses at the Company’s headquarters).

The Company also confirms that none of the personal data indicated above will be used for other purposes than those expressly indicated, in particular these will not be processed for marketing purposes without complying with legal provisions.

Information from the server’s traffic report:

When a website is visited, users disclose certain information about them, such as their IP address, time of visit, location from which the Site was accessed. The company, as well as other operators, records this information.

Information obtained using cookies:

All the details related to the way the data are processed in this context are indicated in the Cookie Policy existing on the Site.

The contact details that the visitor can use to send any requests, notifications or complaints regarding this Privacy and Data Protection Policy, the Terms and Conditions and the Cookie Policy, as well as any other information posted on the Site, policies or operations performed by the Company, are indicated in paragraph 1 above.

The company will send a response within 30 days from receiving the request.

3.     Targeted person

Considering that the Company processes personal data of the visitors/users from the Site, they have the quality of Targeted Person and they declare that they are over 18 years old.

If the information/requests submitted by users also concerns personal data relating to other persons (these persons also will have the status of Targeted Person), the Company will process their data in strictly order to be able to respond the information/request.

4.     Personal data processed 

Any information concerning an identified or identifiable person, respectively the targeting person, can be personal data.

The Company tries to minimize the personal data processed.

So, according to the Cookie Policy, the targeted person will be able to check the types of cookies applicable where their use is not done automatically, in order to ensure a more complete and better experience when browsing the Site.

The Company will processes the following data from the “Contact” section, in order to provide answers to the requests/notifications sent by the users:

  • User name and surname
  • E-mail
  • The IP
  • Optionally, depending on the information indicated to be used in the transmitted communication, other personal data may be processed, such as: phone number, fax number, the name of the employing company, position held within the employing company. So, other data than those absolutely necessary to provide an answer could be processed by Eltrex, so far as they are indicated by the targeted person, although they have not been requested. The company commits itself to respect the legislation in force of the personal data protection, without being obliged to obtain any separate consent in this regard.

Depending on the cookie settings, other data may be processed (especially those related to the user’s preferences and behavior on the Site).

5.     Processing the personal data

Represents the personal data processing, performing any operation or set of operations on personal data or personal data sets, with or without the use of automated resources.

The company accesses, collects, uses and carries out any other steps permitted by the applicable legislation on personal data provided by visitors, as indicated in point 4 above.

6.     Purpose

 The Site Visitor is the person who accesses this page (respectively you) and whose personal data are processed for various purposes, namely:

  • For data provided directly by the user:
  • providing answers, clarifications and remediation of problematic situations, reffered to the requests and notifications sent by the user by accessing the Eltrex data from the “Contact” section;
  • ensuring compliance with this Privacy Policy, the Terms and Conditions and the Cookie Policy, as well as the legal provisions in force, applicable to the protection of the rights, property or safety of the Site.
  • In the case of data obtained from traffic reports
  • identifying the sections of interest to the Site
  • more secure administration of the information system
  • In the case of data obtained through cookies:
  • the proper functioning of the Site (the cookies necessary for its operation)
  • depending on the user’s settings, the data may be used for the proper functioning of the Site, obtaining statistical information to improve the services provided, saving preferences, etc. All details related to this type of data processing can be found in the Cookie Policy.

If the Company intends to continue the personal data processing for other purposes than those indicated above, it will give the targeted person additional relevant information on this secondary purpose, before this further processing, with the completion of the legal formalities in force.

7.     Data processing recipients

The personal data of the targeted person are processed by:

  • the employees of the Company who manage the Site and those who are involved in the activities about which the user has questions/notifications – sent using Eltrex data through the “Contact” section;
  • support service suppliers contracted by the Company in order to fulfill its contractual or legal obligations, such as:
  • the company that offers IT services – can access all the data registered in the online records of the Company, including those of the users;
  • the Company’s lawyers – can access all the data registered in the Company’s records, including those of the users, in case of legal issues that require their involvement;
  • PR, communication and advertising companies for marketing activities. Such companies may collect data through cookies, event registration or feedback forms; in such cases, the Company will inform in advance the targeted persons and will obtain their consent, if necessary.

The list of suppliers named above is not exhaustive, but indicates the main such partner companies.

They will have the quality of independent operator, associated operator or authorized person in relation to the Company. Regardless of the quality held, they undertake to maintain the privacy and security of the personal data of the targeted person, adopting appropriate technical and organizational measures. The main clauses of these contracts can be communicated on request.

Public authorities (including National Authority for Consumer Protection and National Agency of Fiscal Administration) and courts, may process all/any of the data of visitors obtained through the Site, although they do not have the quality of recipients according to legal interpretations.

8.     Legal basis of data processing

  • 6 a. GDPR (General Data Protection Regulation) – the processing is performed based on the User’s consent –> when the data processing is done in the context of cookies accepted by the User and which are not necessary for the operation of the Site;
  • 6 b. GDPR – data processing is necessary in order to conclude or execute the contract –> applicable situation in the context of data processing transmitted by the user through communications, in order to send a response from Eltrex (usually contracting offers);
  • 6 c. GDPR – data processing is necessary in order to fulfill a legal obligation which is the responsibility of the operator –> applicable situation in the context of data processing in relation to the competent authorities or legal service providers;
  • 6 f. GDPR – data processing is necessary for the purpose of the legitimate interests pursued by the Company or by a third party –>applicable situation in the context of data processing for the normal operation and administration of the Site.

9.     Type of processing the data

The data processing activities performed by the Company mainly refer to:

  • collecting the data indicated by the user by sending requests using the data from the “Contact” section;
  • using of data to provide answers, respectively newsletters;
  • using of data for concluding and performing the contract;
  • using of data for the purpose of each category of cookies agreed by the User;
  • the collection of other not requested data provided by the user in a communication, request or complaint addressed to the Company, to be able to respond to and resolve the request or fix the incident;
  • storing the mentioned data according to the law and within the limits necessary achieving the goal, in the electronic and secure database owned by the Company;
  • allowing data access to certain employees and external collaborators which provides support services whose activity involves data processing under the condition of assuming the obligation of confidentiality
  • allowing data access for the competent authorities insofar as the law requires

10.  Duration of processing and storage of data

The storage period of the collected personal data is:

  • for 3 years from receiving the message using the data from the “Contact” field, in order to be able to prove the measures taken by the Company in its consideration, related to the duration of the general limitation period of the right to action in front of the courts provided by the Romanian Civil Code;
  • a longer period of time than those mentioned above, when provided by law or when there is a well-founded basis for this (for example: for exercising a right in front of the court in a dispute started before the expiry of the retention period provided for in this document).

At the expiration of the aforementioned periods, all data will be deleted from the Company’s records.

11.  Rights of the targeted person

  1. The right to be informed

The Company’s regulations and internal policies are available for the targeted person and are permanently available at the headquarters – see this policy in this regard, the Cookie policy and the Terms and Conditions.

The company reserves itself the right to modify/update the content of the Site, including the policies referred to, at his discretion, any time and for any reason (including but not limited when legislative or jurisprudential changes occur, which may affect the consequences of those published on the Site). Reviewing this policy in the future will be known by changing the date at the top at „Last update”.

However, if there are significant changes that could affect visitors’ rights and freedoms their consent it’s required; informing them about the respective changes will be done through easily visible indications posted on the Site (Pop-ups) or by sending emails to the provided addresses, if necessary. Such significant changes will take effect for visitors within 15 days of the pop-up in question or the e-mail transmission by the Company (the way in which the information will be made being decided by it, from case tot case).

However, regardless of the extent of the change, the responsibility to check the content of the Site and to be up to date with the latest versions, is entirely the responsibility of the user. (including the Terms and Conditions, and the policies displayed). So, the study of Privacy and Data Protection Policy, Terms and conditions, and Cookie Policy, represents a step to be taken by visitors every time when the Site is accessed and before performing any data recording or providing, because changes may occur.

The targeted person will be informed of the essence of the contracts concluded with the above recipients and of data source, when possible, on request.

  1. The right to access data

If the targeted person wants information about how the data is processed, he may submit a request to the Company and the Company will reply within 30 days from the date of its receipt.

  1. The right to data rectification

If the targeted person will wish to rectify/complete the incorrect/incomplete data, he may submit a request to the Company and the Company will reply within 30 days from the date of its receipt.

  1. The right to delete data

If the targeted person wishes to delete his/her personal data, this approach is possible:

  • at the end of the data processing period;
  • if data is no longer needed in relation to the purpose of the processing;
  • if the consent is revoked and there is no other basis for data processing;
  • if there are objections to data processing and there are no legitimate reasons to prevail;
  • if the data processing is illegal;
  • if deleting is required by the law.

The exception cases provided in art. 17.3 of the European Regulation no. 679/2016 are applicable.

Some data are part of Eltrex’s records, which it keeps in relation to its legal obligations or its legitimate interest. So, by the law, not all data can be deleted. Any deletion refusal, will be argued by the Company and will be based on a clear legal basis.

  1. The right to restrict or oppose data processing

The restriction of data processing may be applied if the targeted person finds that:

  • data accuracy is contested by the targeted person, in the necessary period for the operator to verify the situation of the respective data;
  • data processing its illegal and the targeted person is against deletion instead requesting a restriction on data processing;
  • The company needs data no longer, but these have not been deleted yet and the targeted person requests them for exercising, establishing or defending certain rights;
  • the targeted person is against data processing while it is verified whether the legitimate interest of the operator will prevail over the interest of the targeted person.

The company may continue to process restricted data if necessary for the establishment, exercise or defense of a right in court, or protecting/defending a person, but only with the consent of the targeted person.

Eltrex will notify the recipients of the rectification, deletion or restriction of the data, unless it is impossible or disproportionate.

  1. The data portability right

The targeted person or the person indicated by this one may receive on request, the data processed by the Company. Eltrex does not assume responsibility for the processing of data by that recipient.

The obligation to ensure the right to portability belongs to the Company only if the processing of that data is based on the consent of the targeted person or on concluding and performing the contract. Actions will be taken within a maximum of 30 days from receipt of the request.

  1. The right of opposition

The targeted person has the right to object at any time to the processing of his personal data on the basis of the legitimate interest of the Company (including profiling) – for reasons related to his particular situation.

Regardless of the above, data processing may continue if Eltrex demonstrates legitimate reasons for processing the data prevailing over the interests, rights and freedoms of the targeting person or for establishing, exercising or defending the legal rights held.

  1. The right to submit a complaint

The targeted person may submit:

  • complaint/request to the Company, indicated in point 1 above;
  • action in the competent court;
  • complaint to National Authority for the Supervision of Personal Data Processing (dataprotection.ro).

The company wants any conflict/dispute to be resolved amicably and is fully available in this regard.

  1. The right to withdraw consent

The targeted person may withdraw his or her consent at any time, without prejudice to the lawfulness of the pre-withdrawal processing or to any other ground.

  1. The right not to be subject to a decision based exclusively on automatic processing

The company does not take decisions based on automatic data processing.

12. The main obligations of the targeted person

  1. Confidentiality

The targeted person has the obligation to maintain the confidentiality of all personal information with which he comes into contact in his relations with the Company, for an unlimited period of time.

  1. Compliance with data security rules

The targeted person will not process any confidential or personal data of third parties, unless this is absolutely necessary; the privacy is ensured and specific legislation is fully respected. If targeted person brakes the above obligations (art. 12), the company can obtain from him the coverage of all the damages caused.

13.  The Company’s obligations. Security measures for processed data

The company respects data protection legislation and applies appropriate technical and organizational measures to ensure the security of the personal data processed and the rights of the targeted persons. So, the Company applied measures such as:

  • concluding contracts with collaborators, in which they have assumed the obligation of confidentiality about the information regarding the personal data processed, as well as compliance with applicable legislation in the field of personal data protection;
  • training employees and collaborators about the importance of personal data protection, as well as limiting their access to data according to their responsibilities;
  • establishing internal procedures for the protection of personal data;
  • indication of a contact address for personal data issues (that indicated in art. 1);
  • application of information security measures;
  • no structures are installed that allow access to the Site, unless the user account is created;
  • no cookies are installed in addition to those necessary for the operation of the Site, without giving the user the permanently available opportunity to choose

The Company will also inform the competent data protection authority about a data security incident, without unjustified delays and, if possible, within a maximum of 72 hours from the date took note of it, unless it is unlikely to produce a risk to the rights and freedoms of individuals. If the notification to the Authority does not take place within 72 hours, it shall be accompanied by a reasoned explanation for the delay.

Eltrex will also inform the targeted person without unjustified delay in case of an incident involving the security of personal data, if the violation of personal data security is likely to present a high risk to his rights and freedoms. However, the information of the above-mentioned targeted person is not required if any of the following conditions is fulfilled:

  • The company has applied appropriate technical and organizational protection measures and these measures have been applied to personal data affected by the breach of personal data security;
  • The company has taken further measures to ensure that the high risk to the rights and freedoms of the data subjects is no longer likely to materialize;
  • It would require a disproportionate effort. In this case, public information is performed immediately or will be taken similar measure to inform the data subjects in an equally effective manner.

Any statistics provided to third party advertising networks or to partner sites regarding the traffic of users of the Site/application are provided only as a set of data and do not include any identifiable information about any individual user.

Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, despite the Company’s efforts to protect users’ personal data, it cannot ensure or guarantee the security of the information submitted by them through the Site. Users are warned that any information sent through the online environment will be at their own risk.

In order to reduce this risk, Eltrex makes available to all interested parties the possibility of sending requests/ requests/addresses/messages in material form at the Company’s headquarters, so, it’s not necessary to send emails using the addresses indicated in the “Contact” section.

14.  Liability of the Company

The liability of the Company in relation to the targeted person will be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, security measures taken, incidents avoidance measures and compliance with other legal obligations.

15.  Transfer to third countries/international organizations

The Company does not transfer outside Romania personal data of the targeted person collected through the Site.

16.  Final provisions

This policy applies to the Company and visitors to the Site (including those who complete the forms on the Site).

This document is part of Eltrex’s security policy set. Other policies may apply to the topics covered in this document and will be reviewed as appropriate.