Personal Data Processing Policy
1. IDENTIFICATION DATA
The data operator is SC VOLSPED SRL, with registered office in Drobeta-Turnu Severin, Str. Aurelian Nr. 1, Mehedinti county, Zip Code 220097, registered with the Trade Register Office under number: J25/744/2007, Tax Identification Number RO22885418, phone (+4) 0740 029 300, fax (+4) 021 780 51 12, legally represented by Mr. Capraru Ovidiu Ciprian, postal address: Soseaua Berceni 96, Monaco Towers, Corp A, Etaj 8, Ap. 803, Zip Code 041918, Sector 4, Bucuresti, Romania, hereinafter referred to as “Company”.
2. ABOUT THE PERSONAL DATA PROCESSING POLICY
Company wishes to inform you with regard to the way the processing of your personal data is made in the context of the activity it runs and with regard to the rights you have in your quality of person concerned, starting with May 25th, 2018 (when GDPR - General Data Protection Regulation - comes into force).
Protecting your personal data security and safety is very important to us, therefore the activities we run are in accordance with the applicable law with regard to the protection of your personal data safety and security. The purpose of this Personal Data Processing Policy is to set up the proper technical and organisational measures and the responsibilities of the employees of the Company who have tasks to process the personal data, for accomplishing the obligations related to the guarantee and protection of the fundamental rights and freedom of the natural persons, especially the right to private and family life, with regard to processing the personal data.
By accessing our website, www.volsped.ro , all visitors agree to respect the usage terms and the legislation in force.
In accordance with the legal provisions for protecting the natural persons with regard to personal data processing and the free movement of such data, the Company processes personal data, for legitimate purposes, for direct marketing communication and tender purposes, for research, analysis, customer satisfaction studies and customer feedback, for automatic decision making and automatically profiling, and for running the activities for delivering the transportation and moving services.
Personal data processing is made by mixed means (manual and automated), in accordance with the legal requirements and on terms that provide security, confidentiality and respect for the rights of the persons concerned.
The Company certifies the fact that meets the minimum requirements for personal data security and obeys the general rules from this Personal Data Processing Policy.
3. WHERE DO WE GET YOUR PERSONAL DATA FROM AND HOW WE COLLECT IT
We process the personal data that you provide to us, directly or indirectly (for example through empowered persons or other persons who represent you in your relationship with the Company), or that we generate or deduct following the interactions with you through any of the communication channels with the Company.
We may collect your personal data in the following moments:
- When you or your company request a commercial offer from us or you use any of our services
- When we send you a call for tender, a request received from a Company’s Customer
- When you contact us or we contact you through phone, email, chat or other electronic or written means or when you provide us other data, including during the conversations you have with our employees
- When you or your company browse the Internet, fill in a form or send a request or you interact in another manner on our website or on other online platforms
- When you participate at the events organized by the Company
- For recruitment and screening purposes
We may also get and process your personal data from external sources, such as:
- Online platforms (social media and Internet) that are accessible to the public
- Commercial partners , especially services suppliers (for example companies that sell databases or companies that offer access to freight exchange)
- Natural persons - for example if certain natural persons recommend our services to you and they provide us your personal data
Your refusal to provide the Company your personal data may determine, in certain situations, the impossibility of entering a relationship with the company or contracting the desired service.
4. PERSONAL DATA CATEGORIES PROCESSED
In the management process of this website, the Company will collect and process certain information (“personal data”) about identified natural persons or that may drive to the identification of the natural persons, that are provided directly or indirectly by the users or this website, such as:
- Identification and contact data, including the first name the last name, gender, postal address, email address, birthday, social security number, series and serial number of the identity card, copy of the identity card, signature, the owned goods, photos and other personal data about your preferences relevant in relation to our services;
- Financial and payment data, including your bank account number, the currency, the bank where the account is opened and other data necessary to process the payment and to prevent fraud;
- Business information, including the information provided during the contractual relationship or provided in a voluntary manner by you or by your company;
- Your profile and usage data including your preferences in receiving marketing information from us, your communication preferences and information about the manner in which you are using our website;
- Technical data, including the data we collect while you are browsing our website: the IP (Internet Protocol) address, the type and version of your browser, the operating system, the device type, the time zone settings and other details about your visit on our website and about the resources you access;
- Data obtained through the audio recording of the phone calls (content and metadata).
5. PURPOSES AND LEGAL BASE OF THE PERSONAL DATA PROCESSING
We process your personal data with the following purposes: sales through the orders you sent to the Company (receive, confirm, deliver, invoice, cancel and other), internal or market research, measuring the efficiency of the promotional campaigns, other business purposes, advertising, marketing, for running marketing communications as newsletter, through email, SMS, phone, online marketing platforms, involving customers / potential customers profiling depending upon their interests, maintaining the relationship with current / potential customers through phone and email including but not limited to: questions about our services, complaints, general questions).
Research, analysis, customer satisfaction studies and customer feedback
We will process your personal data when you decide to participate at our market studies, at customer satisfaction analysis or when you provide your feedback regarding our services. The personal data will be processed with this purpose only according to your consent, also considering our legitimate interest to help us to understand the customer needs regarding our services. Your participation at these studies is voluntary, being your choice if you provide us or not your personal data, through filling in the participation forms from our website or other similar forms provided during such studies.
Statistics and other internal studies
We are concerned to permanently improve the quality of our services and to monitor the contractual relationship of the Company’s customers. Based on our legitimate interest, we use the data we collect from customers or other data that we generate from the data we receive for various statistics, analysis and internal studies in anonymised manner.
Direct marketing communication
We will process your personal data in order to send you information about our services, our promotions and in order to subscribe to our newsletters. As a general rule, the personal data will be processed for marketing communication purposes only according to your consent and by using the communication channels (for example email, phone, postal address etc.) that you agreed with when you sent your consent. In every marketing message that we send to you, we will offer you the option to oppose to the use of your email address (we will include the “Unsubscribe” option).
Automatic decision making and automatically profiling
Your personal data are subject to automatic decision making processes, including profiling. The purpose of this type of processing is to send you customized messages according to the Company’s legitimate interest. The criteria and the algorithms the Company is considering to be relevant may vary over time.
In order to quickly send your application for a vacancy within the Company, you may use our section from our website developed in this respect and available at the following link: https://volsped.ro/cariera/?lang=en
Your data and documents will be used solely for processing your application, namely in order to identity a proper available job inside the Company. These are saved in our database, are protected against unauthorised access and are process according to the legislation in force regarding personal data processing.
6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The Company uses the services of several contractual partners, both for the main services and for additional services. Some of these partners are empowered persons and activate in fields / industries such as transportation, marketing, information technology, market studies, courier services, legal, consultancy, accounting services etc. and we may send your personal data to them in order to use it within the limits of the obligations they have towards the Company. The personal data that we disclose to the empowered persons are limited to the minimum personal data needed in order to deliver the services and we ask them not to use your personal data for any other purpose.
Your personal data may also be disclosed to third parties in the following situations:
- Public authorities, audit companies or competent institutions that run inspections and controls towards the Company’s activity and assets, that ask the Company to provide data, according to the legal requirements of the Company
- In order to obey a legal requirement or in order to protect the rights and the assets of the Company or other entities or persons, such as courts of law.
The persons and the entities to which we can disclose your personal data are the following:
- For the purpose of delivering the transportation or moving services, we may send your personal data to subcontractors / transportation or moving services suppliers.
- In order to browse the website and for purposes related to the usage of cookies, we may send your personal data to the suppliers of analysis services and search engines, in order for them to deliver website maintenance services;
- In order to run promotional campaigns and in order to assess their results, we may send your personal data to promotion and marketing agencies or digital media agencies or social media agencies;
- For direct marketing communication, we may send your persona data to promotion / advertising and marketing agencies that run the communication activities on behalf of the Company;
- In order to run research, analysis, customer satisfaction studies or in order to get feedback from our customers regarding our services, we may send your personal data to the suppliers or market studies regarding the customers.
7. PERSONAL DATA CROSS-BORDER TRANSFER
Personal data cross-border transfer is made, as a general rule, when it is necessary for the performance of a contract between the person concerned and the Company or for the performance of pre-contractual measures or when the transfer is necessary for entering into a contract or for the performance of a present or future contract, in the interest of the person concerned, between the Company and a third party.
8. TIMINGS FOR STORAGE OF THE PERSONAL DATA
We will store your personal data during the period of time needed to accomplish the above mentioned processing purposes, in compliance with the legal requirements in force.
If you are our customer, we will store your personal data, as a general rule, during the whole contractual relationships with the Company, to which an additional period of 10 (ten) years is added.
In the case in which the Company will decide it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be informed in a proper manner in this respect. Once this period will expire and the Company will not have legal or legitimate reasons to process your personal data, the data will be deleted in accordance with the procedures that involve archiving, anonymisation or destroying the data.
9. PROCESSING THE PERSONAL DATA OF CHILDREN UNDER 16 YEARS OLD
All the personal data processing activities mentioned in this Policy refers solely to persons that have the age of at least 16 years old. The usage of the systems and of the results of the processing is forbidden regarding the children that do not have this age, without the consent of their parents / legal representatives. In the situation in which, despite our reasonable efforts for preventing, such a processing takes place, we will stop it as soon as we notice that those persons do not have 16 years old.
10. DATA BACKUP
The software applications runs at certain determined time periods, automatically, a database backup, for a potential data recovery, in the case of loss, damage or in case of software application dysfunction.
The Company decides the time frame when the backup of the databases including personal data will be made, also for the software applications used for automatic processing. The users who make these backup activities are appointed by the Company, in a limited number.
11. PERSONS CONCERNED RIGHTS
In the context of your personal data processing, unless otherwise specified by law, you have the following rights:
- The right to be informed - the right to be informed regarding the data and the characteristics of the data processing in your relationship with the Company
- The right of access - The Company is required, following the request sent through any channel by the persons concerned (customers, employee, other natural persons) to confirm them what data is processed and under which conditions
- The right to rectification - The Company is required to comply with the right of persons concerned to immediately get the rectification of any inaccurate (wrong or incomplete) regarding these persons
- The right to erasure - The Company is required to immediately delete the personal data, when the persons concerned send a request in this respect. Furthermore, when the Company disclosed the data for which the erasure is requested and the person concerned is requesting the erasure of that data from all the recipients, the Company is required to inform all the data recipients regarding this request
- The right to restrict processing - The person concerned has the right to get from the Company the restriction of processing or the limitation of processing (except the storage itself) strictly to the processing operations that the person concerned agrees with and / or strictly to the processing operations required in order to determine, exercise or defend a right in court or in order to protect the rights of another natural person or a legal person or from reasons related to important public interest of the Union or of a member state
- The right to data portability - The Company is required to ensure:
- Sending the personal data received from the person concerned in an accessible format, when the person concerned submits a request
- Sending the personal data to another data operators when the person concerned submits a request, applicable when the following cumulative conditions are met:
- The processing is made according to the consent or is necessary for the performance of a contract to which the person concerned is a party or in order to work towards following the request of the person concerned before entering into a contract and
- Is made through automatic means (not in physical format / paper, but through any automated means)
- The right to object - The persons concerned may object anytime to their personal data processing:
- For reasons related to their specific situation, to the processing operations runned based on the necessity of processing in order to accomplish a duty that serves a public interest assigned to the Company and / or to the processing operations runned based on the legitimate interests followed by the Company or a third party of the personal data, including profiling;
- With no reason and justification, when the personal data processing is made for direct marketing communication purposes.
- The right not to be subject to a decision based solely on automated processing, including profiling - The persons concerned have the right that their personal data is not subject to processing in the context of automated decision making.
In case you consider there is an issue in the way the Company is processing your personal data, you have the right to make a complaint at the National Supervisory Authority for Personal Data Processing (ANSPDCP).
Your rights related to your personal data processing may be exercised in any moment. In order to exercise these rights, we encourage you to send a request by mail to the postal address: Soseaua Berceni 96, Monaco Towers, Corp A, Etaj 8, Ap. 803, Zip Code 041918, Sector 4, Bucuresti, Romania or by email at firstname.lastname@example.org.
In case you want to withdraw your consent regarding your personal data processing for direct marketing communication purposes, you have in any moment the option to use the “Unsubscribe” option that is included in all the direct marketing communication.
12. CONSENT WITHDRAWAL
You may withdraw your consent at any time, by sending a written request to us, through email at email@example.com or at the following postal address: Soseaua Berceni 96, Monaco Towers, Corp A, Etaj 8, Ap. 803, Zip Code 041918, Sector 4, Bucuresti, Romania.
13. PERSONAL DATA SECURITY
The Company will make all the reasonable efforts in order to protect your personal data that we own or control and takes all the proper technical and organisational measures in order to ensure a security level according to the risk with various probability and gravity levels for the rights and freedom of the natural persons.
Personal data breaches mean data breaches that drives, in an accidental or illegal manner, to:
- Damage (it refers to the situation in which the data does not exist anymore or it does not exist anymore in a format that makes it usable by the Company)
- Loss (it concerns the situation in which the data may exist but the Company has lost the control or the access to the data)
- Change (the case in which data is corrupted or changes in any other manner, so that the data is not complete anymore)
- Unauthorised disclosure of the personal data sent, stored or processed in another manner (the situation in which the data were sent to or accessed by unauthorised persons to receive or to access personal data) or at
- Unauthorized access to personal data.
If the presence of a security incident has been documented, the Company will assess the risks that this incident has for the rights and freedom of the persons concerned.
If there is such an obvious risk, the Company will notify the Supervisory Authority.
If the identified risk is high, the Company will also inform the person concerned regarding that security incident.
14. CHANGES OF THE PERSONAL DATA PROCESSING POLICY
The present Personal Data Processing Policy may be changed over time. If the changes are significant, you will receive an information note regarding these changes, to the email address you provided to us.
15. CONTACT DETAILS
All the questions you might have regarding the present Personal Data Processing Policy may be sent to the attention of the Data Protection Responsible, to the following email address: firstname.lastname@example.org or at the following postal address: Soseaua Berceni 96, Monaco Towers, Corp A, Etaj 8, Ap. 803, Zip Code 041918, Sector 4, Bucuresti, Romania.
Last update: August 17th, 2018