Serar.ro
The company SERAR DIGITAL, with registered office in Bucharest, Emanoil Ionescu Street, (ex str. Tamponului), No. 25, parter, Ap. 1, Sector 1, as a personal data controller we wish to inform you about the processing of your personal data and the rights you have under the General Data Protection Regulation ("GDPR").
This Privacy Policy applies to the processing of the personal data of website visitors, including for marketing purposes, if we have your consent or if in some cases we rely on legitimate interest.
For more information on our policies on personal data protection and security, please contact the Data Protection Officer at contact@serar.ro
Please take a look at our new privacy policy to find out all the relevant information about the data we collect, how we use your data, and how we keep it safe. We promise to respect the following data protection principles:
- Processing is legal, fair, and transparent. Our processing activities are based on legal grounds. If you would like more information on the lawfulness of processing personal data, you can find more information here, in Article 6 of GDPR
- We always consider your rights before processing personal data.
- We will provide you with information on Processing on Request.
- The processing is limited to processing purposes only.
- Our processing activities serve the purpose for which the personal data was collected.
- Processing is done with minimal data. We collect and process only the minimum amount of personal data necessary for any purpose.
- Processing is limited by time. We will not store your personal data longer than necessary.
- We will do our best to ensure the accuracy of the data.
- We will do our best to ensure the integrity and confidentiality of the data.
- What is personal data?
According to the GDPR, "personal data" means any information relating to an identified or identifiable natural person (the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, genetic, mental, economic, cultural or social identity.
- What personal data do we process?
We process your personal data when you interact with us (e.g. the information you provide to us through correspondence with us by phone, email, or otherwise, through the conclusion of contracts, through requests for quotations, and through the completion of forms such as consent forms).
We collect both direct personal information such as name, postal address, and e-mail address, as well as indirect information such as "cookies", IP, connection, or system information.
The data we process is only the data you provide us with and may include your first and last name, email address, and telephone number.
Customers and other contractual partners who provide us with the personal data of contact persons (such as name, surname, position, e-mail, telephone) guarantee to our company that they have obtained in advance the express and unequivocal consent for the processing of the other natural persons whose personal data become available to us or that these data have been provided on another legal basis recognized by the GDPR, and that our company is thus exempted from any liability.
We do not process sensitive personal data about you, for example, information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life, or sexual orientation.
We do not use your data to send you marketing communications unless you explicitly opt-in to such communication. Even in such cases, we ensure that you have a user-friendly option to unsubscribe (withdraw consent) at any time, either in the communication itself or by contacting us at the contact details provided.
At the same time, our company does not process the data of minors under 16 years of age without the consent of their parents or guardians. Any personal data provided by minors under the age of 16 without parental or guardian consent will be deleted immediately.
- The purpose and legal grounds for which we process the data processing
We process your personal data for well-defined, explicit, and legitimate purposes in compliance with Article 6 of the GDPR for:
- to perform the contract concluded with you or to take steps at your request prior to the conclusion of the contract in accordance with Article 6(1)(b);
- the performance of activities carried out by us on your behalf by virtue of the consent you have given to us under Article 6(1)(a);
- fulfilment of the legal obligations incumbent on us and which are based on the applicable laws in the fields of accounting, taxation, auditing, health and labour relations. For example, we need to process your data as required by law to complete invoices for services you have ordered from us or when you wish to apply for a position within our company, as per Article 6(1)(c).
- where it is necessary for your vital interests or those of another natural person; or for our legitimate interests or those of a third party (e.g. to detect and prevent fraud or to ensure IT and network security for the purposes of enforcing our rights or claims in the event of litigation), unless your interests, fundamental rights and freedoms override those interests, as set out in Article 6(1)(d);
- where necessary for the performance of a task carried out in the public interest as referred to in Article 6(1)(e).
Where we require personal data to comply with legal or contractual obligations, your provision of such personal data is mandatory. This means that if such personal data is not provided, we will not be able to manage contractual relationships or comply with obligations imposed on us. In all other cases, the provision of personal data is optional and you are under no obligation to provide it.
- Access to personal data and data security
We comply with the legal provisions on the protection of personal data and implement technical and organisational measures to protect all operations directly or indirectly relating to personal data, which prevent unauthorised or unlawful processing and accidental or unlawful loss or destruction. We will not sell your personal data to third parties and will only disclose your personal data for the purposes set out above.We work hard to protect your personal data from unauthorised access or unauthorised modification, disclosure or destruction of the information we hold. In particular:
- We encrypt much of our data and services using advanced computer network communication encryption software.
- We review our information collection, storage and processing practices, including physical security measures, to prevent unauthorised access to systems and physically stored data.
- We restrict access to personal data to employees and contract partners who need to know this information in order to process it for us.
Within our company, staff have access to your personal data on a need-to-know basis. Our colleagues are subject to confidentiality obligations regarding personal data. Appropriate technical and organisational measures are taken to protect personal data. Employees have the right to handle personal data only on instructions from our company and, if necessary, in connection with their job responsibilities.
Your data may also be disclosed to companies that provide products and services to us if we believe it is in our legitimate interest to do so for internal administrative purposes, for the lawful operation of our business or for auditing and monitoring our internal processes.
Even so, we guarantee that we will not grant access to your personal information except where strictly necessary, and such access will always be limited to those employees who need to know your personal information and may include employees in outsourced departments such as human resources, audit, information technology and cybersecurity, other parties such as public authorities and institutions, accountants, lawyers and other external consultants whose work involves a need to know such data or where we are required by law to make this disclosure.
We always ensure that these service providers process personal data in accordance with European data protection legislation to guarantee a high level of protection for your data.
We may also disclose personal data to third parties if you give us your express consent to such disclosure and to persons who demonstrate that they are lawfully acting on your behalf or if we are required by law to disclose a particular type of information, in response to lawful requests by government officials or where we are required to comply with national security or law enforcement requirements or to prevent illegal activity.
- Transfer of data outside the European Union
Your personal data that we process is stored in the European Union.
Personal information may be processed by one of our processors operating outside the EU, but only with your consent. If you expressly consent to the transfer of this data from your country to another country, the laws and rules protecting your personal data in the country to which your information is transferred may be different.
We are committed to ensuring that the third country to which the data will be transferred has adequate protections for your data, including: (i) an adequacy decision issued by the European Commission with respect to the country or countries of destination; (ii) appropriate binding corporate rules; (iii) an approved code of conduct, together with binding and enforceable commitments by the data controller or processor in the third country; (iv) an approved certification mechanism, together with binding and enforceable commitments by the data controller or processor in the third country to apply adequate safeguards; or (v) EU standard contractual clauses approved by the European Commission.
- Your rights
The GDPR contains the following rights that are guaranteed to data subjects: the right to be informed (Art. 13 and Art. 14), the right of access (Art. 15), the right to ratification (Art. 16), the right to erasure (Art. 17), the right to restriction of processing (Art. 18), the right to data portability (Art. 20), the right to object (Art. 21) and the right not to be subject to profiling campaigns (Art. 22).
- Right to information: Allows you to know who the data controller is, the fact that the controller has the right to process the data, the purpose for which the data will be processed, what data is used, the period for which it will be processed, the rights guaranteed, how to exercise the rights and who third parties the controller will disclose the data to, if any.
- Right of access: This refers to your right to obtain from the controller the information mentioned above and to receive a copy of the data being processed.
- Right to rectification of data: allows you to obtain from us, without undue delay, the rectification or completion of inaccurate personal data concerning you.
- Right to be forgotten/right to erasure: You can request at any time the erasure of your data when the data is no longer needed, you withdraw your consent, you object, in case of unlawful processing or to comply with a legal obligation imposed by national or EU law.
There are, however, exceptions to this rule, such as the idea that some data are processed to provide the public with the right to information, that they are processed for statistical or archiving purposes, that they are processed for the fulfilment of a legal obligation or that they are processed for the establishment or defence of a legal claim.
- Right to restrict processing: This is a temporary right and you can request the controller to restrict the processing of your data when you contest the accuracy of the data and until rectification, when the processing is unlawful and you object to erasure, when the processing is no longer necessary but you request retention for the establishment, defence or exercise of a right in court, when you object for the period of time during which it is verified whether the controller's rights prevail over those of the data subject.
- Right to portability: In order to exercise the right to portability, you can ask us to transfer your data to another controller, without the first controller objecting, if the data have been processed following a contract or your consent and if they have been processed by automated means.
- Right to object: may be exercised at any time, and the controller is obliged to stop processing if there are no legitimate and compelling grounds for objecting to the processing, except where the processing is for advertising purposes, in which case the controller will stop the processing without exception.
- Right not to be subject to profiling campaigns: You have the right not to be subject to automatic processing for profiling purposes, unless the automatic processing is necessary for the performance of a contract entered into with you, there is an authorisation obtained under EU or national law or you have given your express consent.
Duration of data retention
We will keep your personal data only for as long as necessary, for a period not exceeding the period that is optimal to fulfil the purposes for which the data was processed.
If the data is processed under a contract, it will be kept until the contractual relationship is terminated, and if the data is processed on the basis of your consent, it will be kept for the duration indicated in the consent form or until consent is withdrawn.
The exception is when we are required by law to keep data for a minimum legal period and to comply with the period required by law and when their retention is necessary to exercise our or others' legitimate rights.
- Contact
As a data subject for exercising your rights, you can contact us at any time and free of charge by notification using the contact details in this information notice.
We will respond to your requests within 30 days and there is a possibility to extend this period only for justified reasons and for an absolutely reasonable period depending on the complexity of your request. In any case, if this period is extended, we will inform you of the deadline and the reasons for the extension.
Also, if you are not satisfied with our response and you consider that your rights have been violated, you can file a complaint with the National Authority for the Supervision of Personal Data Processing, located in B-dul G-ral. Gheorghe Magheru 28 - 30, sector 1, postal code 010336, Bucharest, tel/fax +40.318.059.211/+40.318.059.212, e-mail anspdcp@dataprotection.ro.
If you have any questions about the information we have presented to you in this information notice or if you wish to send us a request exercising your rights under the GDPR, you can contact us by email, or post at the following addresses:
E-mail: contact@serar.ro
Headquarters: Emanoil Ionescu street, (ex str. Tamponului), No. 25, parter, Ap. 1, Sector 1, Bucharest.
This information notice is an update to our privacy policy and has been sent to you to inform you of the new personal data protection regulations adopted by Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR), in force since 25 May 2018.
Serar.ro reserves the right to update this Privacy Policy. Your access to the Site and/or use of the Service following these changes signifies your binding acceptance of the changes and the Terms and Conditions. This Privacy Policy provides you with all the information you need (in an accessible way) to form an opinion and decide whether or not you want to use this Site .
By accessing and using this Service and communicating electronically with us, you acknowledge and agree to allow us to process your personal information in the manner set forth in this Privacy Policy.