RENFIELD SOFTWARE S.R.L. knows the importance of personal data processing and is committed to protecting their confidentiality and security by complying with Regulation 2016/679, hereinafter GDPR.
- The preamble
- Third party services
- Who are we?
- Who are you?
- Principles of data processing
- Questions and requests
- Processing of personal data
- What kind of information do we collect about you?
- Why do we collect this information?
- What is the legal basis for processing?
- Where do we get the data from?
- How long do we store the data?
- How do we share your information with others?
- What kind of data do we collect for marketing?
- Marketing partners
- How can you give up direct marketing?
- What are your rights
- Security of personal data
- Lack of an automated decision-making process
- Meaning of terms used
We, RENFIELD SOFTWARE S.R.L., take the protection of your data seriously and we want you to feel comfortable when you visit us at our offices. The protection of confidentiality regarding the collection, processing and use of your personal data is an important concern for us, which we consider very carefully in our economic processes, respecting, of course, all legal requirements. We do not provide information to third parties without informing you. We do not make exclusively automatic decisions with a significant impact on you. This information is important. We hope you read them carefully.
Third party services
Who are we?
RENFIELD SOFTWARE S.R.L. Data protection officer can be contacted by email at firstname.lastname@example.org
Who are you?
According to the law, you, the individual beneficiary of our services or the person in a relationship of any kind with our company, are a “target person”, is an identified or identifiable individual. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller and you, the data subject.
Principles of data processing
The protection of your personal information is particularly important to us. Therefore, we are committed to complying with European and national legislation on personal data protection, in particular Regulation (EU) 679/2016, also known as the GDPR and the following principles:
Legality, fairness, and transparency
We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.
The control is yours
Within the limits of the law, we offer you the possibility to examine, modify, delete the personal data that you have shared with us and to exercise your other rights. For more information, see Sections 7, 10 and 11 of this document.
Data integrity and purpose limitation
We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that our personal data is accurate, complete, and up to date.
We have implemented reasonable security and encryption measures to protect your personal information as best we can. However, keep in mind that no website, no application, and no internet connection is completely secure.
Questions and requests
If you have any questions or concerns regarding the processing of your data or you wish to exercise your legal rights in relation to the data we hold or if you have any concerns about how we treat any privacy issues, you may write to us at e-mail. mail: email@example.com
What does data processing mean
“Processing” means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
What kind of information we collect about you?
When you browse our site, when you send us a request by e-mail or contact us for any other purpose and on any other communication channel, you can communicate to us the following personal data, which we collect directly from you or from other sources, such as:
- Name and surname.
- Email Address.
- Phone number.
In addition to the information indicated above, we may also collect the following information, depending on the circumstances:
- How you interact with our site or ads (for example, information about how and when you access our site or what device you use to access our site).
- Information provided when completing forms or questionnaires.
- The content of messages sent through messaging and e-mail systems.
- Interactions between you and us on social networks (for example, appreciations, distributions, comments).
Information we collect about you from other group or third party companies that have obtained your consent or have another legal right to share this information with us (including partners / publishing or advertising platforms and data aggregators who have obtained the right respectively).
When you browse our website, we collect:
- IP address.
- Internet browser.
- The web pages you access on our site.
If you are employed (former, current, or future), certain information related to the execution of the employment contract will be collected. These may be by way of example:
- Name and surname,
- Contact details (address, phone number, email address),
- Financial data (bank account).
- Various documents in original or copy (certificates of seniority, leave, salary, medical conditions, dependents, family situation, workbook, evaluation sheets, CVs, various applications, delegations, timesheets, information notes and minutes, internal documents, employment documents), employee code;
For health care services will be collected:
- Contact details (name, address, telephone, email).
- Medical data (medical history, medical history, medication, data on possible allergies).
- Biometric data (radiographs, molds, implant elements).
- Data required by epidemic prevention legislation.
- Yes, regarding the scheduling for performing medical services.
- Electronic and written correspondence with us.
Anonymous data for statistical reporting required by legally competent authorities:
- Electronic data from our internal records system.
- Data provided by the CCTV video system installed to prevent crime.
- Holographic signature.
- Data regarding the holder of parental responsibility.
- Data on financial operations (invoices, receipts, payments, notifications) which may include, by way of example, bank card number, bank account, billing address.
For marketing services will be collected based on consent:
- Contact details (email), telephone and name.
- Personal image for advertising materials on the website.
Why do we collect this information?
We collect personal information for the following purposes:
- To conclude or execute a contract between you and us.
- To answer your questions and requests and provide you with customer support.
- For marketing purposes, but only if we have your prior consent or when there is a legal exception to obtaining consent.
- To provide and improve the services and products we offer.
- To diagnose or remedy technical problems.
- To defend us against cyber-attacks.
- For the creation and / or maintenance of accounts.
- To comply with the legislation, such as compliance with tax law that requires us to keep accounting documents for a period of 10 years, or the law of archives that requires us to keep documents of employees for a period of 50 years;
- To establish or claim a right in court.
- For analytical and research purposes.
- For conducting promotions and contests.
- To prevent crimes, deceptions, or fraud.
What is the legal basis for processing?
We can use the following legal grounds, depending on the specific case:
- Processing is required to conclude or perform a contract between you and us.
- The processing is necessary for the purpose of our legitimate interests or those of another party, unless your interests, rights or freedoms prevail.
- If we use the legitimate interest, we perform an analysis of the legitimate interest (balancing test) through which we balance our interest and your interests. If our interests prevail, we will use the legitimate interest, and if your interests prevail instead, we will not use the legitimate interest, and to the extent that we fail to identify another correct legal basis, we will not carry out that processing activity.
- The processing is necessary in order to fulfill some legal obligations (for example the compliance with the fiscal legislation that obliges us to keep the accounting documents for a period of 10 years, or the provision of certain information to the competent public bodies and institutions).
In some cases, processing may be necessary to protect the vital interests of you or another individual.
Please note that consent is not required, and we will only obtain consent from you if we are unable to use another legal basis.
Consent for the processing of personal data.
However, please note that if you are a customer of ours, we may send promotional messages (direct marketing) regarding similar goods and services, without the need for consent, pursuant to art. 12 para. (3) of Law no. 506/20014, in certain specific situations legally regulated.
However, in all cases, you may object to direct marketing and / or withdraw your consent at any time by following the unsubscribe instructions in each email or by sending a written request to the email address firstname.lastname@example.org.
Where do we get the data from?
We collect most of the information directly from you (for example, by filling out a form on the website or upon arrival at our headquarters). Most of the information is as described above, but there may be situations where we collect data from third parties (for example, partners, advertising platforms), such as information about purchases and interests.
RENFIELD SOFTWARE S.R.L., also processes personal data from contracts with employees, as well as those from contracts with partners and other service providers.
How long do we store the data?
We store your personal data only for the period necessary to fulfill the purposes, but not more than 10 years from the termination of the contract or the last interaction with us. After the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data for use in scientific, historical, or statistical research. Please note that in certain expressly regulated situations, we store data for the period required by law.
The data provided by the CCTV video system is stored for a period of 30 days and then deleted by overwriting.
The data provided by cookies are stored for a period specified in the Cookies Policy.
How do we share your information with others?
We may disclose your data in compliance with applicable law to business partners or other third parties. We make constant efforts to ensure that these third parties have implemented adequate protection and security measures. We have contractual clauses with these third parties so that your data is protected.
In these situations, we will ensure that any transfer is legitimate, based on your consent or other legal basis.
For example, we may provide your data to other companies, such as IT or telecommunications service providers, accounting, legal services, transport, and courier service providers, and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that your data is processed only for the purposes we indicate.
We collaborate with contractual partners in the medical field to perform the medical service such as dental offices, dental radiography offices, doctors, and nurses.
We may also share your data with business partners because of a joint effort to provide a product or service. Although unlikely, we may sell the business or part of the business in the future, which will include the transfer of your data.
We may also transmit the data to other parties with your consent or in accordance with your instructions, for example if you exercise a portability request.
We may also provide your personal information to the prosecutor’s office, police, courts, and other competent state bodies, based on and within the limits of legal provisions and because of express requests. We will ensure, within reasonable limits, that your data does not leave the European Economic Area, but to the extent that we transfer data to non-EEA countries, we will ensure, in all cases, that the transfers are legitimate, based on your consent. explicit or another legal basis.
To the extent that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies and targeted advertising, using the information collected about you regarding interests, preferences, purchases, age, location, etc. For example, we may send emails, display ads within our site or on social media, or place ads on third-party sites, applications, or other devices connected to the Internet. If we have your consent, we may use your image in promotional articles on our website or social networks.
What kind of data do we collect for marketing?
To carry out direct marketing activities or targeted advertising, we may use the following information:
- Information collected through cookies and other similar technologies (location, device, browser, age, etc.).
- Your purchases, how you interacted with our services, and the feedback you received.
- Age, country, region, sex.
- Personal image, medical situation.
- Other information obtained from our third-party marketing partners, information they have obtained with your consent.
Our marketing partners, such as Dental Marketing, Facebook, Google and / or other agencies, help us deliver marketing to you based on the information they collect directly from you and with your consent. In some cases, we even share new information that we collect from you. We make sure, in all cases, that these transfers are legal as we explained in point 8.6.
Our partners may place advertisements regarding our services and products, based on data previously collected from you (interests, preferences) on other sites and / or services. Our marketing partners may also use the information we collect about you to improve services and / or algorithms (including artificial intelligence algorithms).
What are your rights?
Your rights under the GDPR Regulation are as follows:
- The right to withdraw consent. You may withdraw your consent to the processing of your data at any time by sending a request to this effect to the e-mail address email@example.com
Please note, however, that to the extent that we have identified another legal basis for the processing of your data, we will continue to process your data based on that legal basis. We have the legal possibility to use one or more grounds for the processing of your data.
- The right to be informed about the processing of your data.
- The right of access to data. You have the right to obtain from us a confirmation that personal data concerning you are processed or not and, if so, access to the respective data and to the information provided by art. 15 para. (1) of the GDPR.
- The right to rectify inaccurate or incomplete data. You have the right to obtain, from us, without undue delay, the rectification of inaccurate personal data concerning you.
- The right to be erased (“the right to be forgotten”). In the situations provided in art. 17 of the GDPR, you have the right to request and obtain the deletion of personal data.
- The right to restrict processing. In the cases provided in art. 18 of the GDPR, you have the right to request and obtain the restriction of processing.
- The right to transmit the data we have about you to another operator (“right to portability”). In the cases provided in art. 20 of the GDPR, you have the right to request and obtain data portability.
- The right to object to the processing of data. In the cases provided in art. 21 of the GDPR, you have the right to object to the processing of data.
- The right not to be subject to a decision based solely on automatic processing, including the creation of profiles with legal effects or similar significant effects on you.
- The right to go to court to defend your rights and interests.
- The right to lodge a complaint with a Supervisory Authority.
Please note that:
You may withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email / SMS or other email message.
If you want to exercise your rights, you can do so by sending a written request, signed, and dated to the e-mail address: firstname.lastname@example.org.
The rights listed above are not absolute. There are exceptions, so each request received will be analyzed so that we can decide whether it is justified or not. To the extent that the request is substantiated, we will facilitate your exercise of your rights. If the claim is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of the rights to lodge a complaint with the Supervisory Authority and to go to court;
We will try to respond to your request within one month. However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the inability to identify you in a timely manner.
If, although we make every effort, we are unable to identify you and you do not provide us with additional information in order to identify you, we are not required to comply with the request.
Security of personal data
We work hard to protect our customers, or others whose data we process, and ourselves from unauthorized access and unauthorized modification, disclosure, or destruction of the data we process. We have implemented the following technical and organizational measures to ensure the security of personal data:
We adopt and review our data processing practices and policies for our customers or others, including physical and electronic security measures, to protect our unauthorized access systems and other potential security threats. We constantly check how we apply our own personal data protection policies and how we comply with data protection legislation.
We have ensured that your personal data that we process is limited to what is necessary, appropriate, and relevant for the purposes stated in this note.
Restricting access to data
We strictly restrict access to personal data that we process to employees, collaborators and other people who have security guarantees and who strictly need to access them to process them for us. All these companies and individuals are subject to strict confidentiality obligations and we will not hesitate to hold them accountable and stop working with them if they do not treat the protection of your data and that of others with the utmost seriousness.
Specific technical measures
At RENFIELD SOFTWARE S.R.L., we use technologies to ensure our customers and others that the security of their data is protected.
Control of our service providers
We introduce in the contracts with those who process for us (authorized persons) or together with us (other operators – associated operators) clauses to ensure the protection of the data we process, this protection goes at least to the minimum required by law. Although we take all reasonable steps to ensure the security of your data, RENFIELD SOFTWARE S.R.L. cannot guarantee the absence of any security breach or the impossibility of penetrating security systems. In the unfortunate and unlikely event that such a breach occurs, we will follow the legal procedures to limit the effects and inform the data subjects.
Lack of an automated decision-making process
Our respect for your data includes the fact that we give them the necessary human attention, through our staff. Under the current terms, as a user of our services, you will not be subject to a decision of ours based solely on the automatic processing of your data (including the creation of profiles) that would produce legal effects on you or affect you. a similar way to a significant extent.
Meaning of terms used
Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has attributions regarding the supervision of the observance of the personal data protection legislation. In Romania, this authority for supervising the processing of personal data is the National Authority for the Supervision of Personal Data Processing (ANSPDCP).
Special categories of personal data (sensitive personal data / sensitive data): personal data which: disclose racial or ethnic origin, political opinions, religious denominations or philosophical beliefs or trade union membership; genetic data; biometric data for the unique identification of a natural person; data on the health, sexual life or sexual orientation of an individual.
Employees: natural or legal persons who have concluded a collaboration contract with us and who provide services to our clients.
Personal data: any information concerning an identified or identifiable natural person (referred to as “data subject”). A natural person is identifiable if he can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one / more specific elements, specific to the physical identity , physiological, genetic, mental, economic, cultural or social of that person. Thus, for example, the notion of personal data includes the following: name and surname; home or residence address; Email Address; phone number; personal numerical code (CNP); established diagnosis (sensitive data); genetic data (are sensitive data); biometric data (sensitive data); geolocation data. The categories of personal data about you that we process are listed above.
Operator: the natural or legal person who decides why (for what purpose) and how (by what means) personal data are processed. According to the law, the responsibility for compliance with the legislation on personal data lies primarily with the controller. In the relationship with you, we are the operator, and you are the person concerned.
Power of attorney: any natural or legal person who processes personal data on behalf of the controller, other than the employees of the controller.
Data subject: the natural person to whom certain personal data refer (to whom “they belong”). In the relationship with us (the operator), you are the person concerned.
Processing of personal data: any operation / set of operations performed on personal data or on personal data sets, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmitting, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying such data personal / personal data sets. These are just examples. Practically, the processing means any operation on personal data, whether by automatic or manual means.
Third country: a state outside the European Union and the European Economic Area.
Declaration of conformity
RENFIELD SOFTWARE S.R.L., declares on its own responsibility that it has taken all the measures it deems necessary in order to comply with the instructions of EU Regulation 2016/679 (GDPR) on the collection, use and storage of personal data in the Member States of the European Union.
RENFIELD SOFTWARE S.R.L., certifies that it adheres to the requirements of notification, option, transfer, security and data integrity, access and implementation of the instructions of EU Regulation 2016/679 (GDPR) on the collection, use and storage of personal data in Member States of the European Union.
© Renfield Software, 2022 - 2023. All rights reserved.