Privacy and Personal Data Protection Policy
In this Privacy Policy and Personal Data Protection, hereinafter referred to as the Policy, you will find specific answers on how your personal data is collected and processed. If you have any questions or concerns related to the matters presented herein, you can send your inquiries to the address info@belor.ro or to the contact details provided below.
Our objectives, in order of importance, regarding this Policy are as follows:
Respect your fundamental right to the protection of personal data and privacy.
Comply with legal provisions regarding the protection of personal data.
Provide you with complete and accurate information about who, what, why, where, until when, and how your personal data is processed so that you have control over your personal data entrusted to us for our purposes at any time.
This is the current and valid version as of this moment, last updated on 14.10.2020.
- How to Contact Us?
- What Does Our Policy Cover?
- What Personal Data Do We Collect from You, Why, and How Do We Process It?
- For What Purpose and How Do We Process Data Collected Online, Over the Phone, or Directly from You?
5.Who Is Responsible for the Collection and Processing of Your Personal Data?
- From Whom and How Do We Collect Your Personal Data?
- What Are the Legal Grounds for Processing Your Personal Data?
- Do We Process Personal Data for Profiling or Automated Decision-Making?
- How Long Do We Retain Your Personal Data?
- To Whom Do We Disclose Your Personal Data?
- Is Your Personal Data Secure?
- Are We Certified and Have We Adhered to a Code of Conduct?
- What Are Your Rights Guaranteed by GDPR?
- How Can You Exercise These Rights?
- How to contact us?
Data is collected and processed by BELOR ROMANIA S.A., a Romanian legal entity, with its headquarters in Mun. Galați, Str. Domnească, Nr. 49, Corp B, cam 8-16, tel: 40.336.401.964, email: info@belor.ro, website: www.belor.ro.
For any issues related to the protection of personal data, as well as for the exercise of your rights guaranteed by Regulation 679/2016 and current national legislation, you can contact the Data Protection Officer via email: andreea.banceanu@belor.ro.
- What does our Policy cover?
This Policy takes effect from the date of the last update. The last update of the Policy takes effect from 14.10.2020. Our policy applies to the website www.belor.ro and www.AirTek.ro.
- What personal data do we collect from you, why, and how do we process it?
For the conduct of our current activities through the website www.belor.ro and www.airtek.ro, you can contact us directly using the telephone numbers/email address, in which case we will process the data transmitted by you.
In the “Contact” section, you can communicate with us and request any information and clarifications related to us and our core activity. When you communicate with us, we process your email address and any other data you provide in the message content to respond appropriately to your requests or questions.
To promote our activity and stay in touch with you, we have created presentation pages on social media platforms (Facebook) where you can contact us through messages, likes, comments. When you communicate with us, we process your online identity and any other data you provide in the message content to respond appropriately to your requests or questions.
Through the cookies that you choose to activate from the cookie bar, we can process your preferences.
- For what purpose and how do we process data collected online, by phone, or directly from you?
We process your personal data for the purpose of transmitting messages through the Facebook page.
- Who is responsible for collecting and processing your personal data?
BELOR ROMANIA S.A. is the data controller responsible for collecting and processing personal data through the websites www.belor.ro and www.airtek.ro.
- From whom and how do we collect your personal data?
We collect your personal data directly from you, either through the forms you complete on the website, by the emails you send us, or by any other means of remote communication (mail, express courier, etc.), by phone, or directly at our headquarters.
- What are the legal grounds for processing your personal data?
For communicating with you through the contact section or any other message transmission forms to us, your personal data is processed based on Article 6, paragraph 1, letter b) of Regulation 679/2016 (request/contract) and Article 6, paragraph 1, letter f (legitimate interest).
- Do we process personal data to create profiles or make decisions through automated processes?
We do not process your personal data to create a profile for you, nor do we use exclusively automated processes without human intervention to make decisions about you.
- How long do we keep your personal data?
We store personal data in accordance with the relevant legislation for each processing purpose, limiting it to what is strictly and legally necessary. Personal data that becomes useless or expires, under the law, is irreversibly deleted/destroyed from any databases and from any storage/archiving media used for personal data processing.
By exception, personal data that has become useless or has expired, under the law, may be stored for longer periods if necessary for the defense of a right in court of the data subject or ourselves.
- To whom do we disclose your personal data?
Depending on the purposes for which we process your personal data, we may disclose data to state institutions and authorities in accordance with the law (ITM, ANAF) or to judicial/investigative authorities in accordance with the law.
In accordance with the Procedure for conducting investigations dated October 9, 2018, approved by Decision no. 161 of October 9, 2018, regarding the approval of the Procedure for conducting investigations by the National Authority for the Supervision of Personal Data Processing, ANSPDCP has complete and immediate access to any personal data processed by us and to any information we hold about you, without being able to object to the confidentiality of this information.
Additionally, we may share your data with our authorized representatives (IT, email hosting, cookie services).
- Is your personal data secure?
To process your personal data safely for your fundamental rights and freedoms, we have taken appropriate technical and organizational measures for the protection of personal data, including, but not limited to:
All our employees sign a confidentiality agreement regarding the protection of personal data processed by them in the performance of their duties.
All employees are adequately trained regarding the security measures implemented by us and which they must respect for the protection of personal data.
We use only external services provided by providers who demonstrate a high level of security for personal data processed on our behalf.
We implement technical and organizational security measures for the physical protection of the locations where we process personal data and the devices we use in our current activity.
All technical and organizational measures implemented by us are aimed at protecting your personal data against unauthorized or illegal processing and against accidental loss, destruction, or damage.
- Are we certified and have we adhered to a code of conduct?
In Romania, until the date of updating this Policy, no authorized certification body has been established to certify our compliance with current data protection legislation, and no Code of Conduct has been developed and approved for us to adhere to. Therefore, we adopt, as good practice measures, any possible security means to ensure the highest level of protection for the personal data we process.
- What are your rights guaranteed by GDPR?
To comply with the provisions of Regulation 679/2016, we guarantee the following rights:
- You have the right to withdraw your consent to the processing of personal data at any time when the processing is based on consent. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out before its withdrawal. Withdrawal of consent is as easy as giving it, by sending an email to info@belor.ro or, in the case of cookies, by adjusting the categories in the cookie bar.
- You have the right to access your personal data that we process, and we provide you with confirmation that we process your personal data, or not, and, if so, we provide you with all the mandatory information required by Article 15 of the GDPR, as well as a copy of this data, if requested, in the format you specify and via the communication method you specify in your request.
- You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, as well as the completion of incomplete personal data, including by providing a supplementary statement. We must communicate the rectification of your personal data to the recipients of your personal data (if any).
- You have the right to request the erasure of personal data we process. We are obliged to erase your personal data without undue delay if the following conditions set out in Article 17, paragraphs 1 and 2 of the GDPR are met:
Personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw the consent on which the processing is based, and there is no other legal ground for the processing.
You object to the processing for reasons related to your particular situation, and there are no legitimate grounds for the processing (Article 21, paragraph 1 of the GDPR) or you object to the processing for direct marketing purposes (Article 21, paragraph 2 of the GDPR).
Your personal data has been unlawfully processed.
Your personal data must be erased for compliance with a legal obligation to which we are subject under Union or Member State law.
Your personal data has been collected in relation to the offer of information society services directly to a child.
If we have made your personal data public and are required to erase it, taking into account available technology and the cost of implementation, we will take reasonable steps, including technical measures, to inform data controllers processing your personal data that you have requested the erasure of any links to, or copies or reproductions of, that personal data.
We will refuse to erase your personal data in the following cases explicitly provided for in Article 17, paragraph 2 of the GDPR:
Where the processing of personal data is necessary for the exercise of the right to freedom of expression and information.
Where the processing of personal data is necessary for compliance with a legal obligation that requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, as the case may be.
Where the processing of personal data is necessary for reasons of public interest in the area of public health, in accordance with Article 9, paragraphs (2)(h) and (i) and Article 9, paragraph (3) of the GDPR.
Where the processing of personal data is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89, paragraph (1), to the extent that the right referred to in Article 17(1) is likely to render impossible or seriously impair the achievement of the objectives of that processing.
Where the processing of personal data is necessary for the establishment, exercise, or defense of legal claims.
- You have the right to request the restriction of processing of your data in the following cases:
You contest the accuracy of the data, and we will restrict the processing for a period that allows us to verify the accuracy of the data.
The processing is unlawful, and you oppose the erasure of the personal data and request instead the restriction of their use.
We no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims.
You have objected to processing under Article 21, paragraph 1 of the GDPR, pending the verification whether our legitimate grounds override yours.
Where processing has been restricted based on the reasons mentioned above, your personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained a restriction of processing, you will be informed by us before the restriction of processing is lifted.
- You have the right to data portability. You can request at any time to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
The processing is based on consent.
The processing is necessary for the performance of a contract between us and you.
The processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right to data portability is without prejudice to Article 17 of the GDPR (the right to erasure), as that right will not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Your right to data portability shall not adversely affect the rights and freedoms of others.
- You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, and we will cease to process the personal data for that purpose.
In the context of the use of information society services, you may exercise your right to object to automated decision-making, including profiling, by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), on grounds relating to your particular situation, you have the right to object to processing of personal data concerning you, except where processing is necessary for the performance of a task carried out for reasons of public interest.
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Your right not to be subject to a decision based solely on automated processing, including profiling, does not apply if the decision:
Is necessary for entering into, or performance of, a contract between you and us.
Is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests.
Is based on your explicit consent.
In the cases referred to in points (a) and (c), we shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
- You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPCP). The contact details of the National Supervisory Authority for Personal Data Processing are as follows: 28-30 General Gheorghe Magheru Blvd., Sector 1, postal code 010336, Bucharest, Romania, Email: anspdcp@dataprotection.ro, Landline phone: +40.318.059.211, +40.318.059.212, Fax +40.318.059.602.
- How can you exercise these rights?
You can exercise all of these rights by submitting a request to our headquarters or by email using the contact details provided in the preamble.