General information regarding the processing of personal data

Last update / Effective date: 08.02.2023

Version 2.

  1. Introduction

DATAWARE CONSULTING SRL, based in Bucharest, 9A Bilciuresti St., 3rd floor, District 1, CIF 27895927, No. Reg. Com. J40/260/2011, in accordance with the requirements of EU Regulation no. 679/2016 on the protection of persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) is a Personal Data Operator and processes data of a personal nature transmitted to Dataware Consulting SRL by commercial partners or indicated by them for the purpose of conducting commercial relations.

The security of personal data is an important factor for Dataware Consulting SRL that we take into account in the relations with non-social operators, proxies, third parties and all interested parties.

The rules of good practice regarding the processing and security of personal data, presented below, are periodically reviewed and contain our commitment to protect the confidentiality, integrity and availability of the personal data of our partners.

Dataware Consulting SRL allocates resources to ensure the confidentiality, integrity and availability of personal data that it collects physically and electronically necessary to provide the services.

  1. What personal data does Dataware Consulting SRL process

For us, "personal data" means any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, email address, telephone, physical address, place of work, an online identifier, etc.

Any data that does not fall within this definition constitutes "non-personal data".

Dataware Consulting SRL obtains personal data in various ways, including the following: direct contact during business meetings, e-mail, telephone, WhatsApp, fax, mail, as a result of sending messages, requests, filling in online forms, contracts and of other commercial documents, filling out online forms, making online payments, visiting our website (www.dataware.ro), through our pages on social networks (facebook, google+, linkedin, twitter), visiting the headquarters or sending your CV -s for employment on vacant positions within the company.

Dataware Consulting SRL processes the personal data of the persons concerned, respectively personal data relating to natural persons: customers or potential customers, representatives (for example: directors, administrators, associates, proxies, contact persons) of customers or potential customers, suppliers of products and services or other business partners, employees, potential employees and collaborators.
These types of personal data, depending on the situation, may include the following types: name of the data subject, position, workplace, e-mail address, telephone, physical address, image, car registration numbers, training data and professional experience.

In accordance with the requirements of Law 333/2003 regarding the protection of goods and valuables, to ensure the security of people and goods and to collect data for the purpose of investigating security incidents, the premises of the company are monitored by video.
We do not normally process personal data of a special nature. If we have to process such data, we will do so under the following conditions:

    there is an explicit consent of the data subject in this respect;

    the processing is necessary for the purpose of fulfilling the obligations and exercising specific rights of the company or the person concerned in the field of employment and social security;

    the processing is necessary to protect the vital interests of the data subject or another natural person.

  1. How we process personal data

We only process the data necessary to provide the necessary support for the provision of services and the fulfillment of legal obligations.

  1. The legitimate basis for the processing of personal data

We base our personal data processing on the following legitimate grounds:

  • the processing is necessary for the conclusion or execution of a contract;
  • the processing is necessary in order to fulfill a legal obligation that falls to us;
  • legitimate business purpose - we process personal data of individuals in order to provide services to our customers.
  • the consent of the person concerned.
  1. For what purpose we process personal data

Processing means any operation or set of operations performed on personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying.

The main situations in which personal data are collected are listed below:

  • commercial communications by email, post, telephone, through contact forms, Whatsapp, fax, post;
  • execution of an invoicing/payment operation;
  • the conclusion and execution of contracts (for example, for the conclusion of a contract for the sale of products/services);
  • administration and maintenance of own website;
  • recruitment activities and selection of qualified candidates, able to fill the vacant positions within the company;
  • recruitment activities and selection of candidates for practice within the company;
  • hiring staff;
  • improving the navigation on our sites and adapting the content to the user's requests (see the cookie policy);
  • for internal analyzes intended for the improvement and development of products and services;
  • fulfillment of legal obligations.
  • Dataware Consulting SRL processes personal data to support the service provision process and to comply with the applicable legal requirements.
  1. To whom and when can Dataware Consulting SRL transfer personal data

We may transfer personal data to authorities when regulatory requirements require us to do so. We comply with legal regulatory requirements whenever we receive requests about you from authorities or in the event of a lawsuit. We will inform you when we are required to provide your personal data in this way, unless we are prohibited from doing so by law. When we receive such requests, we release personal data only if we believe in good faith that the law requires us to do so. Nothing in this notice is intended to limit your legal remedies or objections you may have to a third party's request to disclose your personal data.

  • when we believe it is necessary to prevent harm to you or others.

We will share information with you in this manner only if we reasonably believe, in good faith, that it is necessary to protect the rights, property and safety of you, others and Dataware Consulting SRL partners.

  • we may communicate personal data to third parties in order to improve the quality of the services we provide. Some of these are third parties who do not intend to process the data, but may have access to it in the performance of their tasks or in their interactions with us, such as: IT infrastructure service providers, communication systems, financial, legal or system auditors of management, certification bodies, state authorities, etc.

These third parties, in turn, have obligations similar to those of Dataware Consulting SRL regarding the protection of personal data to which they have access.

  • if the status of Dataware Consulting SRL, our organizational structure changes (if we initiate a restructuring process, if we are acquired or if we become insolvent or declare bankruptcy), we may transmit your data to a successor or affiliated company or other partners according to applicable regulatory requirements.
  1. Transfer of personal data outside the European Economic Area (EEA)

We do not transfer personal data outside the EEA.

  1. Personal data retention period

We will store personal data only for the period of time necessary to achieve the processing purposes set out above, while respecting the legal requirements in force and the interest in protecting the rights of the data subjects. As soon as we no longer need them, we initiate actions to delete and anonymize them, unless the legislation requires us to keep them for a longer period of time.
Dataware Consulting SRL will determine if it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be properly informed in this regard.

  1. The rights of data subjects

As a data subject, you benefit from all the rights mentioned in Chapter III, Rights of data subjects in Reg. EU 679/2016. The rights of data subjects conferred by Reg. EU 679/2016 can be exercised at any time.
The rights of data subjects resulting from the application of Regulation EU/679/2016:

  • Right of Access - you can request access to your personal data;
  • Right to Rectification or Update: – you can ask the company to correct your personal data that is inaccurate or incomplete;
  • Right to Erasure – you can ask Dataware Consulting to erase your personal data if one of the following grounds applies:
    • When the personal data are no longer necessary in connection with the purposes for which they were collected or processed;
    • You withdraw the consent on which the processing is based and if there is no other legal basis for the processing;
    • You object to automated decision-making and there are no legitimate overriding legal grounds for the processing or you object to processing for direct marketing purposes;
    • Personal data have been processed illegally;
    • Personal data must be deleted to comply with a legal obligation under Union or domestic law applicable to the company;
    • Personal data were collected in connection with the offer of information society services.
  • Right to Restriction – you can ask Dataware Consulting to restrict the way it processes your personal data if one of the following applies:
    • Dispute the accuracy of your personal data, for a period that allows Dataware Consulting to verify the accuracy of your personal data;
    • The processing is unlawful and you object to the deletion of the personal data and instead request the restriction of its use;
    • Dataware Consulting no longer needs the personal data for the purpose of processing, but they are requested by you to establish, exercise or defend a legal right;
    • You have objected to processing in accordance with the right to object and automated decision-making pending verification that the company's legitimate grounds override your grounds.
  • Right to Portability – you can ask Dataware Consulting to receive your personal data in a structured, commonly used, automatically processable format or, to the extent technically possible, to transfer your personal data personnel to another organization;
  • The right to obtain confirmation as to whether or not your personal data is processed and communicated in an intelligible form;
  • The right to change or withdraw your consent. This right only applies if your consent has been collected – you can withdraw your consent at any time for the processing of your personal data for which you have given your consent, without prejudice to the legality of the consent given before the revocation;
  • The right to object – you may object to the processing of your personal data concerning you, unless Dataware Consulting demonstrates that it has legitimate grounds justifying the processing;
  • The right to be notified of any rectification or deletion or restriction of processing;
  • The right to be notified in the event of a data breach;
  • The right to lodge a complaint with the National Supervisory Authority for the Processing of Personal Data.

To exercise these rights, we encourage you to send us a written, dated and signed request to the following contact details: Dataware Consulting srl, Bucharest, 9A Bilciuresti St., 3rd floor, District 1, email: dpo@dataware.ro.

You have the right to apply to the National Authority for the Protection of Personal Data or to justice for the defense of any rights guaranteed by the legislation on the protection of personal data that have been violated, at the address B-dul G-ral. Gheorghe Magheru, no. 28-30, sector 1, Bucharest, Romania or by e-mail at anspdcp@dataprotection.ro.

  1. What security measures does Dataware Consulting SRL use to protect personal data

We are committed to protecting data subjects' personal data as soon as it is in our possession. We implement organizational and technical security measures. Despite our best efforts, if we identify a security breach that affects you, we will inform you and initiate appropriate protective measures.
To protect the personal data of the persons concerned, Dataware Consulting uses encryption and pseudonymization technologies. Although we use these technologies and other security measures to protect confidential information and provide adequate security, we do not guarantee 100% security.

Dataware Consulting SRL uses security procedures and guarantees that it considers adequate to protect the processed personal data. Dataware Consulting SRL requires security measures for all authorized representatives and partners. Our goal is to ensure the confidentiality, integrity and availability of the personal data of the data subjects under the control of Dataware Consulting.

The information security management system and IT services Dataware Consulting SRL is certified by the RINA certification body (www.rina.org) in relation to the requirements of ISO 27001:2018, ISO 20000-1 standards, a surveillance audit is carried out annually.

  1. Cookie Policy

The cookie is a small file, consisting of letters and numbers, which will be stored on the computer, mobile terminal or other equipment of a user from which the Internet is accessed. The cookie is installed through the request issued by a web server to a browser (eg: Internet Explorer, Chrome, etc.) and is completely "passive" (it does not contain software programs, viruses or spyware and cannot access the information on the user's hard disk) .
Limiting the use of cookies may affect certain functionalities of the web page.
Cookies represent the central point of the efficient functioning of the Internet, helping to generate a friendly browsing experience adapted to the preferences and interests of each user.
Refusing or disabling cookies may make some sites unusable.
Please see the cookie policy posted on our website.

  1. What happens if we change this information regarding the processing of personal data

We may need to change this information. Updates will be published on the www.dataware.ro page or can be consulted at the company headquarters. To ease your review effort, we will publish the version and effective date at the beginning of the document.

How to contact Dataware Consulting SRL
If you want to correct your personal data, change the way we process this data or if you want to ask questions about the technical and organizational measures applicable to the processing and security of the processing of your personal data, please contact us at the dates below:
>Dataware Consulting SRL
9A Bilciuresti St, 3rd floor, District 1, Bucharest
dpo@dataware.ro