Policy on the personal data protection

  1. WHO ARE WE

ENERO FURNIZARE SRL, with the registered office in Targu Jiu City, at the address: Str. Islaz no. 17, Gorj County, Sole Registration Code 14396666, tax attribute RO, having the registration number with the Trade Register J18/23/2017, e-mail office@enero-furnizare.com, tel. +40253212181, fax +40253212181 (hereinafter referred to as the „Company” or „Controller”) is a personal data controller.

This policy aims to inform the data subjects on the conditions under which the personal data are processed by the Controller.

The services supplied by the Company may be used only after taking note of such policies.

This site is not intended for minors under 16 years of age and such category of persons may not use this site.

  1. Definitions

Under this policy, the terms mentioned will have the meanings specified below:

  1. Personal data of the data subject” – any information on a person that may be identified directly or indirectly from this information (id est name, forename, e-mail address, bank account);
  2. Supervisory authority – means an independent public authority which is established by a Member State being competent for supervision of personal data protection within EU in whose jurisdiction it has its registered office and performs the processing of personal data, as controller;
  3. Processingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. Controller” – means the legal person, as it is in the present case the Company, or the natural person that, solely or jointly with others, determines the purposes and means of the processing of personal data;
  5. Consent” of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or to her;
  6. „Breach of the security of personal data” – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed, the unauthorized or access to such data;
  7. ”Regulation” – means the Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

 

  1. general provisions

Whereas we value the confidentiality of your information, the Controller undertakes to observe the provisions of this policy, as well as the provisions mentioned in the Regulation and the rules provided by the national law on the personal data processing, on their security and confidentiality.

In case that we will modify this policy, we will notify you on this page and publish an updated version.

 

  1. SUBJECT MATTER, term, nature, purpose, TYPE OF PERSONAL DATA PROCESSED

Personal data means any data or information that helps us identify you directly (example: your name, forename) or indirectly (example: data collected through cookie technology). Certain information is less obvious (such as the IP of your computer), but related to you and corroborated with other persons, might help us, at least in theory, to identify you. In this manner, all this is included to the notion of “personal data”.

Sensitive data refers to data including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, membership in labor unions, information on your health status and genetic and biometric data. We do not collect any information about beliefs, life or sexual orientation, political opinions, membership in unions, health information, genetic or biometric data or about any crimes.

Data we receive directly from you
When you contact us via the website or email for collaboration When you contact us through the contact section on our website, we will process the following data:

  • Name and forename;
  • e-mail;

 

The grounds of processing is the establishment of a contractual relationship.

 

The data retention period shall be 12 months, calculated as from 1st of January of the year following to collection.

 

When you pay an invoice for the services provided by us Every time you make a payment to us we may process the following data:

  • name and forename;
  • address;
  • bank account;

 

The grounds of processing is the execution of the contract.

 

In case of returns / order cancelling, we collect and process, in order to refund the money paid for the returned products / canceled orders:

  • the IBAN code corresponding to the bank account and the bank where you have the bank account opened

 

The grounds of processing is the execution of the contract.

 

The data retention period shall be 1 year as from the date of collection.

 

When you visit out registered office Every time you visit one of our locations, we may process the following data:

 

Every time you visit our registered office we may process your image captured through the video surveillance system that covers the common and access areas, in order to ensure the security of persons and goods, in order to check the compliance with the work procedures, to monitor the operation of the equipment and to prevent work accidents.

 

The grounds of processing is our legitimate interest to ensure the safety of people and goods.

 

The data retention period shall be maximum 30 days as from the date of collection.

 

Product delivery / Provision of services We may deliver the products /provide the services through our partners or employees with whom we will share the following data:

  • name, forename;
  • delivery address;
  • telephone;
  • value of the amount to be paid;
  • products ordered;
  • transport quotes.

 

The grounds of processing is the execution of the contract.

 

The data retention period shall be 5 years as from the date of collection.

Accounting and reporting We shall process your data (those specified in the tax invoices) in order to keep the accounting books, for the annual financial audit, as well as for filing the tax and accounting statements with the tax authorities.

 

The grounds of processing is the contractual relationship and the legal obligation.

 

The data retention period shall be 5 years as from the date of collection.

Defending the rights before the courts of law When we defend our rights before the courts of law in order to recover certain amounts due to us or when we protect our interests against unjustified pretentions/claims, we will process your data (provided to us by you) necessary to formulate certain actions in court, other specific applications and documents.

 

The grounds of processing is our legitimate interest.

 

The data retention period shall be 5 years as from the completion data of such proceeding (in litigation or not).

 

Procedures before authorities When we are bound according to certain legal provisions, we will provide to the competent authorities and institutions the data we hold and have been legally requested.

 

The grounds of processing is the legal obligation.

 

Aquatically collected data
Data collected through the cookie technology

 

When you visit our site as a visitor or when you log in to your client account, we also collect through cookies the data obtained from your computer, telephone, tablet or other device used by you (”the device”), information with which we can identify you online (”online identifiers”) and that we use in profiling for direct marketing purposes:

  • The IP address;
  • The Internet browser that you use and the operating system version of the device with which you connect;
  • The HHTP/HTTPS protocol data;
  • The duration of your visit / activity on the website;
  • The general location of the device (if geo-location is enabled) from which you log on to the Company’s website.

 

It is very important to know that on most devices you the option to disable the geo-location services right from the settings of the device used.

 

„Cookies” – are files that a server sends to your device, placed on the site or by downloading. The way we process cookies is detailed in the Policy on the use of cookies, available on the Company’s website.

 

The grounds of processing is the consent. It is important to note that you can withdraw your consent at any time.

 

The data retention period shall be detailed in the cookie policy.

Website security and maintenance In order to maintain and secure the Company’s website, we normally use the following online identifiers:

  • The IP address;
  • The Internet browser that you use and the operating system version of the device with which you connect;
  • The HHTP/HTTPS data protocol;
  • The location of the device (if geo-location is enabled) from which you log on to the Company’s website.

Such data is processed in order to ensure the proper operation of the website, that is to say:

  • the correct display of the content;
  • retaining your authentication data (when you request us);
  • improving the Company’s website;
  • configuring the device from which you connect/authenticate according toe the requirements of the Company’s website;
  • ensuring the website’s security and ensuring the protection against fraud or any breach of IT security of the website;
  • • identifying and remedying any malfunctions that would impede the use of our website or your customer account.

 

The grounds of processing is our legitimate interest for implementing, configuring and maintaining the security measures for the Company’s website.

 

The data retention period shall be 14 days

 

  1. FOR HOW LONG WE PROCESS YOUR DATA

The Company processes your data for the period necessary to achieve the purposes for which such data was collected and according to our policies on the personal data retention, as detailed in the table in item 4 above. In some cases, some legal provisions may require or allow us to keep the data for a longer period.

The retention period depends mainly on the following aspects:

  • on the period we need your data in order to provide you our services and to fulfill our obligations to you, as well as for the purposes mentioned above in this Policy
  • if you have expressed your consented for the data processing for a longer period, we will maintain the data throughout this period, unless you withdraw your consent in the meantime;
  • legal or contractual obligations require us to keep your data for a certain period of time, for example the periods provided by law for the defense of our rights in a court of law (generally, a period covering the prescription period).

For the purposes for which you gave us your consent on the data processing, highlighted in the table above, we shall process your data for that purpose until you withdraw your consent for the processing for that purpose, unless we are bound to maintain such data for a longer period of time, according to the law, for reporting to public authorities or to defend our rights in the courts of law.

 

  1. TO WHOM WE CAN DISCLOSE YOUR DATA
             1. Your personal data may be transmitted to and processed by our trusted partners to provide you our services.

We can share your data with our trusted partners. We select very carefully the partners and suppliers who perform support operations for our activity. We share with such partners only the personal data necessary to perform the specific activities entrusted to them.

When we outsource certain activities to our trusted partners, we make every reasonable effort to check, in advance, whether they ensure the protection of your data by strict data security measures and we will conclude with each of them a data processing agreement. In detail, we can forward some data in the future to third parties (our suppliers and partners) to perform the functions and services required to operate the Company’s activities, such as:

  • hosting site services.
  • third party couriers authorized  by us to deliver the purchased products;
  • Payment processors who are authorized by us to mediate payments;
            2. Transmission of data to public authorities and institutions or judicial bodies

We may transmit some of your personal data to the competent public authorities or institutions, when required by law (eg fraud investigation; money laundering prevention; filing of statements, financial statements with tax authorities, etc.) or we can transmit this data to the courts. when we defend ourselves in court or in front of other public authorities.

We may transmit some of your personal data to the competent public authorities or institutions, when required by law (id est fraud investigation; money laundering prevention; filing of tax statements, financial statements with tax authorities, etc.) or we can transmit such data to the courts of law when we defend us in the courts of law or before other public authorities.

    1. 3. Access of auditors and advisors

We may transmit some of your personal data to the accounting, legal, human resources, audit, bank service providers etc.

 

 

  1. INTERNATIONAL TRANSFERS

As a rule, your data shall not be stored in a country outside the European Union or outside the European Economic Area (“EEA”).

If we transferred your data to other categories of partners / suppliers of the Company located in states that do not provide an adequate level of protection of the transmitted data, we undertake to take all necessary measures to ensure that those partners / suppliers comply with the terms and conditions set out in this Policy.

Such measures may include the implementation of data protection standards, if certain standard contractual clauses adopted by the Commission of the European Union, as well as certain systems of direct control of such mechanisms.

  1. DATA SECURITY

The Company has implemented appropriate security measures in order to prevent your personal data from being accidentally lost, used or accessed, modified or disclosed in an unauthorized way. Moreover, we shall limit the access to your personal data to those employees, agents, contractors and other third parties who have a commercial need to know such data. They shall process your personal data at our instruction and are subject to the obligation of confidentiality.

We have implemented procedures to deal with any suspicious breach of your personal data and we will notify you and any competent regulatory authority on such a breach, when we are legally obliged to do so.

We may keep your data on hard-copy and soft-copy. In some circumstances, we may make anonym your personal data (so that it will no longer be associated with you) for research or statistical purposes, in which case we may use this unlimited information without informing you.

  1. YOUR RIGHTS

In completing most of the items mentioned on this Policy, in certain circumstances, the data subjects have certain rights in accordance with the laws on personal data protection. These rights include:

1. Right of access

You may request us:

  • – to confirm if we process your personal data;
  • to provide you a copy of such data;
  • to provide you other information on your personal data, such as the data we have, for what we use such data, to whom we disclose such data, if we transfer the data abroad and how we protect them, for how long we keep them, what rights do you have, how can you submit a complaint, where we have obtained your data from and whether we have made any automated decision making or profiling, as long as the information has not already been provided to you in this Policy.

2. Right to rectification

You may request us to rectify the inaccurate personal data. It is possible to seek to check the accuracy of the data before rectifying them.

3.Right to erasure (“right to be forgotten”)

You may request us to erase your personal data, but only in case that:

  • they are no longer necessary in relation to the purposes for which they were collected; or
  • you have withdrawn your consent (when the data processing was based on consent); or
  • as a result of a well-grounded right to object (see Objection below); or
  • they were illegally processed; or
  • – a legal obligation must be observed, the subject of which is the Company.

We are not obligated to respond to your request to delete your personal data if the processing of your personal data is required:

  • in order to comply with ah legal obligation; or
  • in order to establish, exercise or defend certain rights in the courts of law;

There are a few other circumstances in which we are not required to respond to your request for deletion, event of these two are probably the most common situations in which we will refuse this request.

4. Right of restriction

You may request us to restrict your personal date (namely to keep them without using them) only when:

  • the accuracy of the personal data is contested (see Rectification), in order to enable us to verify their accuracy; or
  • the processing is illegal, but you oppose the erasure of the personal data; or
  • the personal data are no longer necessary for the purposes for which were collected, but we continue to need them in order to establish, exercise or defend rights in the courts of law; or
  • you have exercised your right to object and the verification of the solid grounds is pending.

We may continue to use your personal data following a restriction request, in case that:

  • we have your consent; or
  • in order to establish, to exercise or to defend rights in the courts of law; or
  • in order to protect the rights of another natural or legal person.

5. Right of data portability

You are entitled to ask us to provide your personal data in a structured, commonly used format or which can be automatically processed or you can request that such data to be “ported” directly to another data controller, but in any case, only when:

  • the processing is based on your consent or on a contract signed with you.; and
  • the processing is made by automatic means.

6. Right to object

You may object to any processing of your personal data having as a legal basis “our legitimate interests” if you believe that your fundamental rights and freedoms take precedence over our legitimate interests.

Once you have objected, we have the opportunity to show you that we have conclusive legitimate interests, which take precedence over your rights and freedoms.

7. Right to lodge a complaint

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing. Please try to settle any issue by discussing with us first, although you have the right to contact the supervisory authority at any time.

8. Right to withdraw your consent

You have the right to withdraw your consent if the Company processes the personal data based on it.

The data subject shall not pay any commission or any other fee to access your personal data (or to exercise any of the other rights). However, the Company, in its capacity as controller, may impose a reasonable fee if the request made is manifestly unsubstantiated, repetitive or excessive. Alternatively, the Company may refuse to respond to a request received in such circumstances.

The Company shall be entitled to request certain information in order to confirm the identity of the data subject who made the request and to secure the personal data (or to exercise any of the other rights). This is a security measure to make sure that the personal data is not disclosed to persons who are not entitled to receive it. We may contact you to request further information about your request to speed up our response.

The Company shall take all the necessary steps to respond to all the legitimate requests within one month. Occasionally, it may take more than one month if the data subject’s request is very complex or the data subject has made several requests. In this case, the Company shall notify you and keep you updated.

  1. LET US KEEP IN TOUCH

We have designated a data protection officer. The first point of contact for all matters arising from this Policy, including the requests to exercise the rights of the subjects, is the Data Protection Department, which can be contacted in the following ways:

If you have a complaint or if you are concerned about how we use your personal data, please contact us first and we will try to solve the issue as soon as possible.