Personal data processing policy

Respecting the right to protection of personal data, as well as the right to privacy is one of the fundamental missions of SC URS CERTIFICĂRI SRL, registered at the Mureș Trade Register, under number J/26/1948 / 02.11.2007, Fiscal Code RO 22685444, with headquarter in Tîrgu-Mureș, 8 Madách Imre Street, Romania, phone: (+4) 0265 267 017, email: info@urscertificari.ro.

Thus, we take all the necessary steps to process your personal data in accordance with the principles established by the data protection legislation applicable in Romania, including (EU) Regulation 2016/679 of the European Parliament and the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

Personal data means any information relating to an identified or identifiable individual (“Data Subject”); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, forename, identification number, location data, an online identifier, or one or several particular elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

This personal data processing policy has the following sections:

  • What kind of personal data do we process?
  • Sensitive data
  • For what purpose and on what basis do we process your personal data?
  • With whom do we share your personal data?
  • Do we collect personal data from third parties?
  • Are we transferring your data outside the EU/EEA?
  • Provision by you with the personal data of other individuals
  • How long do we store your personal data?
  • What are your rights?
  • Is your data safe?
  • Links to other websites
  • Questions or complaints
  • Policy changes

WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are a customer or potential customer

We collect personal data as a result of our most interactions with you, as well as in other aspects of our activity. The categories of data we collect are the following:

  1. name and forename, email address, serial number and Identity Card number, Personal Identification Number, telephone number and your address, signature, other data entered in the Identity Card;
  2. your bank account details (IBAN code in full or in part, transaction code, payer’s bank, etc.) and/or bank card (card type, credit/debit card number, cardholder name, expiration date and security code);
  3. Marital Status Data (entered in the Birth Certificate, Marriage Certificate, etc.), data related to studies and qualifications;
  4. the information you provide regarding your marketing preferences or while attending the certification process or training courses;
  5. information regarding the vehicles you may bring to our property;
  6. the location of the vehicles owned by the company, monitored by GPS system;
  7. data regarding internet traffic from the location;
  8. the time and date of accessing the website and the IP address from which the company’s website was accessed;
  9. reviews and opinions regarding the services provided by our company;
  10. any other types of information you choose to provide to us or any other public information about you.

Surveillance cameras and other security measures on our properties may also capture or record images of guests in public places (such as company headquarters entrances), as well as your location data (through images captured by the surveillance cameras), access cards, data traffic and/or other technologies).

You can choose at any time what personal data you want to provide us. However, if you choose not to provide certain personal data, in the event the basis of our request is compliance with a legal obligation, contractual obligation or obligations required to conclude a contract, we will be unable to provide you with certain services.

If you are a potential employee

We collect information from the Curriculum Vitae submitted by you, as well as any other information submitted with your CV and/or in the interviews you attended.

If you are a visitor to our company

We collect your name and forename, as well as information about the purpose of the visit.

Surveillance cameras can also capture or record images of visitors in public places.

If you are a user of our website

Simply accessing our website shall not lead to the collection of your personal data unless you voluntarily enter certain data.

However, we collect the time and date of access to the website and the IP address from which our website was accessed.  (vezi Politica de utilizare a cookie-urilor).

If you are a representative or contact person of our suppliers or business partners

We collect your name and forename, position and any other data provided by you or the company you represent.

If you are an employee

Please read the Employee Privacy Policy, made known at the time of employment and available at any time to the Human Resources Department.

SENSITIVE DATA

The term “sensitive data” refers to racial or ethnic origin, political opinions, religious denominations or philosophical beliefs or trade union membership and the processing of genetic data, biometric data, health data or data regarding sexual life or sexual orientation.

In general, we do not collect sensitive information unless you want to provide it to us. We may use the health data you provide in order to offer better services and meet your special requirements.

FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR DATA?

If you are a customer or potential customer

  1. Submission of a service provision offer:

Purpose: We process your personal data so that we can make you a price quotation and service provision offer, according to your requirements.

Legal basis: art. 6 para. 1 let. of the General Data Protection Regulation

  1. Performance of a contract:

Purpose: We process your personal data for the conclusion and performance of a contract.

Legal basis: art. 6 para. 2 of the General Data Protection Regulation.

  1. Feedback:

Purpose: we process your personal data to ensure that you have had a pleasant experience with the services provided by our company.

Legal basis: art.6 para. 1 let. f of the General Data Protection Regulation, considering our legitimate interest in constantly improving the services we provide and in providing services that are as appropriate and in line with our customers’ standards as possible.

  1. Marketing:

Purpose: We process your personal data for marketing purposes, such as business newsletters and marketing communications about new products and services, or other offers that we believe may be of interest to you.

Legal basis: art.6 para. 1 let. f of the General Data Protection Regulation, in the sense that we rely on the legitimate interest of promoting our services by submitting offers that we consider to be of interest to you.

If necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we shall inform you that you will be able to withdraw your consent for processing for marketing purposes at any time, in which case you will not receive any marketing communication from us.

We shall include an unsubscribe link that you may use if you do not want us to send you any more messages.

Also, when organizing certain events in our company, it is possible to take several photographs, and some of them could be distributed online to show others how our events are. In any case, because we take into account your right to privacy, we take care that the photographs do not highlight certain people and we will do our best to inform you that photographs shall be taken (for objections regarding the photographs see “Right to Object” in the “Your Rights” Section).

  1. Other communications: by e-mail, post, telephone or SMS

Purpose: these communications shall be made for a specific reason such as: to inform you about our offers and promotions, to respond to your requests, to inform you about the way in which the complaints and/or incidents proven by you, etc.

Legal basis: art. 6 para. 1 let. f of the General Data Protection Regulation, considering our legitimate interest in providing services to the highest standards by resolving any requests/complaints and to assure you of our full availability.

  1. Analysis, improvement and research:

Purpose: to ensure the constant evolution of the quality of our services, we make sure to analyse every complaint / suggestion from you, so we prepare statistical reports to identify problems, the degree of repetitiveness and to find the best solutions to their remediation.

Legal basis: art. 6 para. 1 let. f of the General Data Protection Regulation, in the sense that we rely on our legitimate interest in providing services that meet your and our company’s standards.

If you are a visitor to our company

Purpose: we process your personal data to ensure the protection of persons and property within our company.

Legal basis: art. 6 para. 1 let. f of the General Data Protection Regulation, given our legitimate interest in ensuring both the protection of persons and the protection of the assets of customers / company / staff within the company.

If you are a user of our website

Purpose: traffic monitoring in order to identify errors and/or any other malfunction of the website

Legal basis: art. 6 para. 1 let. f of the General Data Protection Regulation, in the sense that we base this data processing activity on our legitimate interest, namely to provide you with a fully functional website by repairing any errors, as well as by continuously improving it.

If you are a representative or contact person of our suppliers or business partners

Purpose: to develop contractual relations with our suppliers or business partners.

Legal basis: art. 6 para. 1 let. b of the General Data Protection Regulation, for the performance of a contract.

If you are a potential employee

Purpose: the evaluation of your employment application.

Legal basis: art. 6 para. 1 let. b of the General Data Protection Regulation, for the conclusion of a contract

If you are an employee

Please see the employee Privacy Policy, made known at the time of employment and available at any time to the Human Resources Department.

For all the above-mentioned categories of persons, we may also process your data in the context of the following activities:

  1. Internal restructuring or reorganization or sales of assets or shares:

Purpose: we process your data to perform the above-mentioned operations

Legal basis: art. 6 para. 1 let. f of the General Data Protection Regulation, considering the legitimate interest in carrying out the operations, especially given the fact that they would be impossible to carry out without processing your data.

However, we assure you that any such processing shall be carried out in accordance with this policy and by implementing a measure to ensure the confidentiality of your data.

  1. Security:

Purpose: we process personal data for the security of property and the physical integrity of persons.

Basis: art. 6 para. 1 let. f of the General Data Protection Regulation, we rely on our legitimate interest to ensure the protection of your assets and the company assets, as well as the protection of persons within its perimeter.

  1. Legal reasons:

Purpose: in certain cases, we must process the information provided, which may include personal data, in order to resolve legal disputes or complaints, for investigations and compliance with applicable legal regulations, to implement an agreement or to comply with requests from public bodies insofar as these requests meet the conditions imposed by law.

Basis: the reasons for processing may represented by a legal obligation (in the event we have the legal obligation to disclose certain personal data to public authorities) or our legitimate interest in resolving any disputes and/or complaints.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In order to provide you with high quality services, we may share your personal information to our service providers and other third parties, as detailed below:

  1. Providers: In order to provide the requested services, in some cases, we will need to share some of your personal data with providers, who are authorized and process the data on behalf, for the account of and in accordance with our instructions (such as software, IT, accounting services, medical services providers, etc.).
  2. Business partners: In some cases, we partner with other companies to provide you with products, services or offers.
  3. Co-sponsors of promotions: in some cases, we co-sponsor promotions, lotteries, raffles, competitions or contests with other companies or we may provide prizes for lotteries and contests sponsored by other companies. If you participate in these lotteries or contests, we may share your personal data with the collaborating sponsor or a third-party sponsor.
  4. Public authorities and/or institutions for: (i) complying with legal provisions, (ii) responding to their requests, (iii) for reasons of public interest.

The confidentiality of your data is important to us, wherefore, where possible, the sharing of personal data in accordance with the above is carried out only on the basis of a confidentiality commitment from the recipients, which guarantees that this data is stored securely and that the provision of this information is made in accordance with applicable law and applicable policies. In any case, each time we will share with the recipients only the information strictly necessary to achieve the respective purpose.

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?

In order to provide you with high quality services, we may collect information about you from our business partners and other third parties, as detailed below:

  1. Business partners: such as providers and beneficiaries of ISO training or certification services.
  2. Co-sponsors of promotions: in some cases, we co-sponsor promotions, lotteries, raffles, competitions or contests with other companies or we may provide prizes for lotteries and contests sponsored by other companies. If you participate in these lotteries or contests, we may collect your personal data from the collaborating sponsor or a third-party sponsor.

In any case, we assure you that your data collected from third parties shall be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary to achieve our purpose. (see Section “FOR WHAT PURPOSE AND ON WHAT BASIS IS YOUR PERSONAL DATA PROCESSED?”).

Furthermore, when we will contact you for the first time, we will inform you, first of all, of the source from which we obtained your personal data.

ARE WE TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EU/EEA?

We do NOT transfer your data outside the European Union or the European Economic Area.

PROVISION OF THE PERSONAL DATA OF OTHER INDIVIDUALS BY YOU

If you provide us with the personal data of other individuals, please obtain their consent before providing us with their personal data and communicate to them how they are to be processed, as described in this privacy policy.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

Your personal data is stored throughout the period for carrying out the purposes detailed in this policy, unless a longer storage period is required or permitted by applicable law.

We constantly review the need to store your personal data, and to the extent that processing is no longer necessary and there is no legal obligation to store data, we shall destroy your personal information as soon as possible and in a manner that can no longer be recovered or reconstituted (for example, we shall delete / destroy all data of individuals who were not hired after the interviews, if there is no serious prospect of employment in the future).

If personal information is printed on paper, it shall be destroyed, and if it is saved on electronic media, it shall be deleted by technical means in order to ensure that the information can no longer be recovered or reconstituted later.

WHAT ARE YOUR RIGHTS?

As Data Subject, you have the following rights under the GDPR:

  1. Right of access: you may request (i) for confirmation of whether or not personal data are processed and, if so, access to and information regarding such data, as well as (i) a copy of your personal data that we hold (art. 15 of the GDPR);
  2. Right to rectification: you may inform us in regards to any change in your personal data or you may request the correction if the personal data we hold about you (art. 16 of the GDPR);
  3. Right of deletion (“right to be forgotten”): in certain situations (such as (i) in the event that the data was collected illegally, (ii) the deadline for storage of the data has expired, (iii) you have exercised the right to object or (iv) the processing of data is carried out on the basis of consent and you have withdrawn your consent, you can request the deletion of the personal data we hold about you (art. 17 of the GDPR);
  4. Right to restrict the processing: in certain situations (such as the case where the accuracy of such data or the legality of the processing is disputed), you can request the restriction of your data processing for a certain period (art. 18 of the GDPR);
  5. Right to data portability: to request us to send your personal data to a third party or directly to you (art. 20 of the GDPR);
  6. Right to object: in certain situations (such as processing that has a legitimate interest as a legal basis), you can require us not to process your data (art. 21 of the GDPR);

In the event we use your personal data by virtue of your consent, you have the right to withdraw this consent at any time. In this situation, your data shall no longer be processed by us, unless a legal provision requires us to store and archive such data. In any case, we shall inform you if there is such a legal provision and we shall expressly indicate it.

ARE YOUR DATA SAFE?

We take your personal security seriously, which is why we take important security measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data. This involves internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to protect against unauthorized access to the systems where we store personal data.

We also request our service providers as well as business partners to take all necessary measures in order to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data.

LINKS TO OTHER WEBSITES

Our website contains links to third party websites. Please note that we do not assume any responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information on third party websites, the terms and privacy policy of those websites apply. We advise you to read the privacy policy of the websites you visit before submitting personal data.

The use of the internet services provided by SC URS CERTIFICĂRI SRL falls under the terms of use and the privacy policy of internet providers. You can access the respective terms and policies by using the links on the login page of such service or by visiting the website of your internet provider.

QUESTIONS OR COMPLAINTS

If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the rights above mentioned, you are welcome to contact our Personal Data Protection Officer at the headquarters of our company or by sending an e-mail to the following address: info@urscertificari.ro, and we will reply you within 30 days from the receipt of the request.

Also, insofar as you do not have electronic means or do not want to use them, you can make a written request which you submit to SC URS CERTIFICĂRI S.R.L., Tîrgu-Mureș, Strada Madách Imre 8, România. For any other additional information, you can contact us at (+4) 0265 267 017.

To the extent that you are not satisfied with the manner in which your request has been solved, you may submit a complaint to the National Authority for the Supervision of Personal Data Processing.

POLICY CHANGES

This privacy policy is subject to change in accordance with changes in data policy legislation or based on changes in our services or the organization manner. In the event we shall make any material changes hereto, we shall post a link to the revised policy on the home page of our website. In the event we shall make significant changes that will affect your rights and freedoms (for example, when we begin processing your personal data for purposes other than those specified above), we will contact you prior to starting such processing.

To help you keep track of the most important changes, we shall include a change history below to recognize the changes to this policy.

Last update: 01.03.2021

cum te putem ajuta?

Pentru orice intrebări sau nelămuriri nu ezitaţi să ne contactaţi

URS Certificări = promptness, reasonable costs, prestigious certification.

Adina Ionescu – November 2021
Reprezentative, SPITALUL MONZA ARES

Professional services provided according to standards, through experience and professionalism.

Dana Lup – November 2021
Reprezentative, VIDYA PROJECT SRL

Performance is the only option.