RCI-Logo
Menu

Privacy policy

The purpose of this document is to inform you about the processing of your personal data and your personal rights as a data subject, in accordance with Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1. The identification and contact details of the operator.

S.C. ROMCAPITAL INVEST S.A.  with registered office in Bucharest, 15 Dacia Blvd., district 1, having CUI RO 12938213, Trade Register Registration Number J40/3856/2000, hereinafter referred to as the "Controller".

Your personal data is processed lawfully, fairly and transparently, in a responsible manner and in accordance with the personal data protection legislation that is applicable.

The personal data we process are the data received from third parties or data that you provide to us during visits to our offices or by email, visiting the LinkedIn social media platform, during the course of the economic activity, the performance of the contractual and business relationship, the payment of the services provided or events held at our headquarters.

 

2. Principles of personal data processing

Principles of personal data processing
2.1. Personal data is processed by the Controller in good faith and in lawfulness, accordance with the legal provisions in force, fair and transparent ("legality, fairness and transparency").
2.2. Personal data is collected by the Controller for well-defined, explicit and legitimate purposes, and further processing will not be incompatible with these purposes ("purpose limitation").
2.3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is collected and subsequently processed ("data minimisation").
2.4. The personal data is accurate and up-to-date as appropriate ("accuracy").
2.5. Personal data is not stored by the Controller for a longer period than is necessary for the fulfillment of the purposes for which they were collected ("storage limitation").
2.6. The processing of personal data shall be carried out in such a way as to ensure adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures ("integrity and confidentiality"). 
2.7. The Controller is responsible for compliance with the GDPR rules and can demonstrate it ("accountability").

S.C. ROMCAPITAL INVEST S.A. implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing, as well as with regard to the deletion or rectification of data that is inaccurate or incomplete in terms of the purpose for which they are collected and for which they will subsequently be processed.

3. Contact details of the Data Protection Officer

The person responsible for the protection of personal data can be contacted by email at [email protected] or by post at the address mentioned above.

4. Purposes and legal basis of processing

In accordance with the national (Law 190/2018) and European (EU Regulation 679/2016) legislation in force, S.C. ROMCAPITAL INVEST S.A. has the obligation to manage securely and only for the specified purposes, the personal data provided to it.

S.C. ROMCAPITAL INVEST S.A. processes your personal data in accordance with the provisions of the GDPR, as a controller, through the services/offices/compartments, for the purpose of carrying out specific economic activities, for the performance of the following activities:

  • public relations

  • organizing/running events

  • fulfilling the legal, accounting and legal duties related to the economic activity carried out

  • conclusion of contracts for the supply of goods/services

  • information through the means of communication 

  • carrying out economic and related activities

If S.C. ROMCAPITAL INVEST S.A. intends to subsequently process the personal data for a purpose other than that for which it was obtained, prior to such further processing, we will communicate to the data subject information regarding that secondary purpose and any relevant additional information.

5. Legal basis for processing

The Controller processes personal data for the purposes mentioned above, based on the following lawfulness of processing: 

  1. based on the consent granted by selecting the communication options (art. 6.a) of the GDPR); 

  2. for the performance of a contract concluded with you or to take steps at your request before the conclusion of a contract; 

  3. based on a legal obligation incumbent on the Controller (keeping accounting records, legal reports to the authorities, protecting the patrimony, personnel security, guarding and protecting the Controller's premises, etc.); 

  4. based on the legitimate interest of the Controller (carrying out current operations for carrying out the activity, preventing and investigating fraud, developing and improving the Controller 's services, ensuring a high level of security in our premises etc.);

  5. the protection of the vital interests of the data subject or of other persons.

Given that the provision of personal data by the data subject represents a legal or contractual obligation or an obligation necessary for the conclusion of a contract, failure to comply with this obligation leads to the impossibility of carrying out economic activities in relation to you. as well as related ones.

6. Types of personal data we process

S.C. ROMCAPITAL INVEST S.A.  personal data protection and security policy is to collect only the personal data necessary for the aforementioned purposes and to request the data subjects to communicate to us only those personal data strictly necessary to fulfill these purposes:

  • name, surname, name and surname of legal representatives, CNP, payment and bank details, contact details, telephone number, email address, home address, series and ID number, age, photos, signature, position, etc.

  • data resulting from video recording where outdoor spaces are used, data such as visual images, facial images, photographs, screenshots; These data are processed for reasons of security and safety of persons and goods, fraud prevention, according to legal obligations. 

We specify that the personal data mentioned above are collected depending on the purpose for which the economic relationship between the Data Subject and ROMCAPITAL INVEST S.A.  is carried out respecting the principles of ”data minimization” and ”purpose limitation”.
The processing carried out by the Controller is not subject to a decision based exclusively on automated processing and is not aimed at creating profiles.

7. Recipients or categories of recipients of personal data

Your information may be shared with third-party companies that have the status of supplier of S.C. ROMCAPITAL INVEST S.A. Where necessary, we will contract with other companies and individuals to perform certain tasks that contribute to our services on our behalf. We may, for example, provide personal data to couriers, agents, contractors or partners, suppliers or customers. The data provided will be transmitted to the state institutions according to the legislation in force.

8. The controller's intention to transfer personal data to a third country or an international organization

S.C. ROMCAPITAL INVEST S.A. may transfer personal data to third countries, outside the European Economic Area, recognized by the European Commission with an adequate level of protection of personal data or, if there is no such assessment, we will transfer the personal data to third countries, based on consent or as a result of the contract.

Your personal data will be transferred to third countries or international organizations outside the E.U. to the extent that you are part of the Controller's projects that have as their object commercial contracts with partners outside the E.U. according to the personal professional skills necessary to support such projects.

9. Storage period

The storage term is determined by law or by internal decisions. Your personal data are stored for the period necessary to carry out all the steps taken to support economic activities according to the legislation in force.

10. Your rights and how you can exercise them

  • Right to information
    You have the right to receive information from the controller regarding the processing of your personal data. personal information.

  • The right of access to data. 
    You have the right to obtain access to your data that we process or hold or copies thereof; you also have the right to obtain information from us regarding the nature, processing and disclosure of this data.

  • The right to rectification of data. 
    You have the right to obtain rectification of inaccuracies in your data that we process or hold.

  • The right to erasure of data. 
    You have the right to obtain from us the deletion of your data that we process or hold.

  • The right to restrict data processing. 
    You have the right to restrict the processing of your data that we process or hold.

  • The right to object. 
    You have the right to object to the processing of your data by us or on our behalf, including for the purpose of direct marketing.

  • The right to data portability. 
    You have the right to receive, in a structured, commonly used format, the transfer to another controller of your data that we process or hold, provided that the processing is based on your consent. or be necessary for the performance of a contract.

  • The right to withdraw consent. 
    Where we process your data on the basis of your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you initially gave us your consent; the withdrawal of consent will not affect the lawfulness of the processing of your data that we carried out before the withdrawal.

  • The right not to be subject to automated decisions including profiling.
    The data subject has the right not to be subject to a decision based solely on automated processing, including profiling.

  • The right to be notified of security incidents that have or could impact the personal data of the data subject.

  • The right to lodge a complaint with the supervisory authority. 

  • The right to bring an effective judicial remedy against a controller or processor.

How you can exercise your rights
To exercise one or more of these rights (including the right to withdraw your consent, where we process your data on the basis of it) or to address any questions about any of these rights or any provision of this Privacy Notice or any other aspects of our processing of your data, please use the contact details in the section above (Our Contact Details) at any time.

S.C. ROMCAPITAL INVEST S.A. undertakes to protect the confidentiality of the information brought to its attention. Within the framework of this fundamental obligation, the Controller undertakes to protect and properly use the personal data that have been collected directly at our premises or through its email. S.C. ROMCAPITAL INVEST S.A. collects only personal data that is voluntarily provided directly at our premises or by email and that is minimally necessary to be able to provide information on the Operator's services.

11. Meaning of terms used under Regulation (EU) No 679/2016

For the purposes of this Information Notice, the terms below have the following meanings:
"Personal data", "Controller", "Data subject", "Processing", "Processor" – have the meaning assigned by the General Data Protection Regulation no. 679/2016.

11.1. "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity; 

11.2. "processing" means any operation or set of operations performed on personal data or on sets of personal data, with or without the use of automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  alignment or combination, restriction, erasure or destruction;

11.3. "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 

11.4. "processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

12. Final provisions

The content of this information notice is informative and does not affect the rights conferred on you by law. 

This Information Note may be updated based on the dynamics of economic activity, improved communication and compliance with the legislation in force and is an integral part of the Controller's compliance policy with the rules of Regulation (EU) 679/2016.
Please inform yourself periodically about the content of the Information Notice, making sure that we will adapt it as soon as changes in the processing of personal data processed by the Controller make it necessary.