ASG

CRM Demo

Privacy policy

INFORMATION NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

WHAT THIS INFORMATION NOTE COVERS.

 

This Information Notice is designed to inform you of the aspects regarding the processing of your personal data and your rights regarding this processing in accordance with the General Data Protection Regulation 2016/679 ("GDPR") and the national legislation in force.

 

We, ALEMAN CONSULTING SRL ("Company"), would like to inform you about the processing of your personal data in connection with certain operations carried out by the Company.

In this information note we explain how the processing of your personal data by ALEMAN CONSULTING SRL takes place and how we ensure that your personal data is processed responsibly and in accordance with the applicable personal data protection legislation.

This note contains important information. Therefore, please take the time to read it fully and carefully and ensure that you fully understand it, as we want it to be clear to you how we use your data and how we protect it.

In order to facilitate the reading of the document, we have included at the end of this note a glossary explaining the main notions used (e.g. "personal data", "processing", etc.).

HOW TO CONTACT US

The content of this information notice is purely informative and does not affect your rights under the law. We will do our best to make it easier for you to exercise them. If you have any comments, suggestions, questions regarding any information in this notice or about any other aspects relating to the processing of your data that we carry out, please do not hesitate to contact our Data Protection Officer at any time. Depending on your preferences, you can contact us through any of the communication channels below:

Full name: ALEMAN CONSULTING SRL

Headquarters address: SIBIU, Sibiu Business Center, 5 Nicolaus Olahus Street, Building A, Sibiu, Romania

Phone Number: +40 376 448 208

Email address: office@asgcrm.com

Contact details of our Data Protection Officer (this is the person you need to contact in relation to any issues relating to the protection of your personal data):

Our information notice is public starting with December 10, 2024 and applies to our website: www.asgcrm.com and our e-mail.

 

CATEGORIES OF PERSONAL DATA WE PROCESS

Your data that we will process is ordinary personal data obtained directly from you or from third parties who were permitted to exchange information with us and may include the following categories of data:

  • name; first name; sex; date of birth/age; Citizenship; home/residence address, mobile/landline phone number, fax number; email address;
  • video recordings (in our premises where we have CCTV video surveillance cameras installed – where they exist, they are indicated by visible signs); personal numeric code (CNP); the rest of the information in your identity document (including the date of issue, the date of expiry of the document, the place of birth);
  • Your contact with us such as requesting an offer, email, or other records of a contact with us;
  • payment data: billing address, bank account or bank card number/IBAN code, name and surname of the bank account or bank card holder (it can be other than you if someone else has made the payment of an invoice in the name and for you); the date from which the bank card is valid; Bank card expiration date
  • professional data: employer; Position.
  • opinions and views (may include sensitive data), such as: any opinions and views you convey to us or any opinions and views you publicly post about us on social media or make known on other public channels;
  • data relating to purchases and interaction with us, such as: records of your interactions with us; details of your purchase history from us;

We will collect your usual personal data when, for example:

  • Buy or use any of our products and services (maintenance and upkeep);
  • Subscribe to newsletters, alerts, or other services offered by us;
  • Contact us through various channels, or request information about a product;
  • Visit or browse our website;
  • You have given permission to other companies, such as our business partners or our associates, as well as in the event that we transmit such data to our third-party suppliers or contractors, insofar as we have legal grounds, for example: banking financial institutions, accounting service providers, public authorities or institutions, notaries, lawyers, etc.;
  • When your data is are public;
  • We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, transparent image files used to track your movements on our website).

Our respect for your data includes giving it the necessary human attention through our staff. Under current conditions, you will not be subject to a decision by us based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly affects you.

THE GROUNDS ON WHICH WE PROCESS YOUR DATA

ALEMAN CONSULTING S.R.L. will process your personal data. on the following grounds:

  • Performance or conclusion of the contract with you For example, in order to initiate, conduct and complete negotiations in order to be able to conclude a contract with you, at your request, or to perform a contract concluded with you;
  • Consent you give. For example, in relation to our marketing communications, we process your data on the basis of consent to processing for this specific purpose.
  • Compliance with an overriding legal requirement. For example, accounting and tax requirements that are subject to strict internal policies, such as the retention period for tax/accounting documents. We may process your data for the fulfilment of our archiving obligations, obligations to communicate certain information to public authorities upon request or other legal obligations.
  • Our legitimate interest. There are also cases where we process your data to maintain network security, improve our services.

THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

The purposes for which we process personal data relating to you are as follows:

  • For the provision of our service. To provide the products and services you have purchased from us, as well as to keep you informed of the purchase process;
  • Billing and customer service. To bill you for your purchase of our products and services, to contact you if the billing details you have provided to us are incorrect, about to expire or we are unable to collect payment, to respond to any questions or concerns you may have in relation to our products and services;
  • Marketing communications. To the extent that you have given your consent, we will be able to keep you informed by various means (e.g. email, mobile or landline, telephone messages (SMS), post, messages sent on social media platforms or in person) about news about products, available services, offers about them, subscribe to the newsletter or provide you with other information that may be of interest to you. You can control your permissions. and the data we use to individualise these communications at any time on our website or by using the contact details in the "How to Contact Us" section above.
  • Management of our communication and IT (information technology) systems. Managing our communication systems; managing our IT security; conducting security audits on our IT networks, issuing reports to the competent institutions or repairing system errors;
  • Compliance with our legal obligations. Fulfilling our legal obligations regarding archiving, security, record-keeping and other obligations that the law imposes on us.
  • Improving products and services. Identifying potential problems with our existing products and services in order to improve them, resolving your complaints;
  • Surveillance of the premises according to the legal provisions. CCTV systems installed for the surveillance of the spaces related to the access roads, the areas with values, for the monitoring and efficiency of the activities carried out and for the protection of the goods and personnel located in those office spaces, etc.
  • Research and analysis. We use analysis methods for:
  • market research and for carrying out research and statistical analyses;
  • providing reports to third parties (these reports do not contain information that can identify you as an individual). They may be provided to third parties, such as content providers and entities that advertise the products and services offered by us.

We have strict rules that ensure the anonymization or removal of identifiers from personal data.

WHO WE WILL DISCLOSE YOUR DATA TO

As a general rule, we do not disclose your data to other companies, organizations or individuals in any country (including Romania). There are certain situations, however, in which, according to the law, we must communicate your data to other individuals or legal entities.

However, we try to be as transparent and specific as possible, and below we will present the categories of such recipients:

  • If you request or give us your consent to do so;
  • Individuals who can demonstrate that they have the legal authority to act on your behalf;
  • Other group companies – for legitimate reasons related to our activity according to applicable law;
  • Public authorities: at their request or on our initiative, in accordance with applicable law;
  • Accountants, auditors, solicitors and other external professional consultants, contractual partners, service providers of ours acting as processors or joint controllers – they will be obliged by law or by the contract concluded with us to keep your data confidential, e.g. archiving, accounting, storage, destruction, surveillance of premises.
  • An agency, bailiff or court in Romania – to the extent necessary for the establishment, exercise or defense of a legal right;
  • where it is our legitimate interest to do so in order to administer, expand or develop the business, for example where we sell or transfer all or part of our shares, assets or business (including in the event of our reorganisation, dissolution or liquidation) in which case personal data held by us will constitute one of the assets transferred - in which case potential acquirers will be bound by an obligation of confidentiality.

When we use a natural or legal person as a processor for the processing of your personal data, we will ensure that they have entered into a Personal Data Processing Agreement whereby they assume, among other obligations that personal data protection legislation provides, the obligations to (i) process the personal data only in accordance with our written instructions that we have provided to them in advance and to (ii) effectively implement measures to protect privacy and ensure the security of personal data. We will also ensure that this contract between us and the processor provides for it at least all other obligations that the applicable legislation provides for the protection of personal data.

HOW LONG WE WILL STORE YOUR DATA

We will store your data for as long as we are required to do so by law. If there is no legal requirement, we will only store it for as long as necessary for the processing of the data for the purposes mentioned above.

Unless otherwise provided by law, we will usually process your data for the duration of a contract or agreement between you and ALEMAN CONSULTING SRL, plus a period of 3 years from its termination, for example for granting the lifetime warranty on bathtubs purchased by you.

For the storage of your data in electronic format, we use our own servers or those of other companies specialized in electronic archiving.

SECURITY OF YOUR DATA

We have implemented the following technical and organizational measures to ensure the security of personal data:

  • Dedicated policies. We adopt and review our practices and policies for processing the data of our customers and others, including physical and electronic security measures, to protect our systems from unauthorized access and other possible threats to their security. We constantly check how we apply our own personal data protection policies and how we comply with data protection legislation.
  • Data minimization. We have ensured that your personal data that we process is limited to that which is necessary, appropriate and relevant for the purposes stated in this notice.
  • Restrict access to data. We strictly restrict access to the personal data we process to employees, collaborators and others who need access to it in order to process it for us. All of these companies and individuals are subject to strict confidentiality obligations, and we will not hesitate to hold them accountable and terminate our collaboration with them if they do not comply with your and others' data protection policies.
  • Specific technical measures. We use technologies that assure our customers and others that the security of their data is protected. To protect the security of your data, we recommend that you do not use public (unsecured) workstations or multiple access workstations and also do not hand over the paper document on which your data or passwords are written to other people.
  • Back-ups and security audits. We make daily archives (back-ups), which we keep secure for a minimum of six (6) months. All the technical equipment we use to process your data is secure and up-to-date to protect the data. We also conduct, at regular intervals, security audits of the IT systems we use to process the personal data of our customers and others.
  • Ensuring the accuracy of your data. From time to time, we may ask you to confirm the accuracy and/or timeliness of the personal data we process about you.
  • Staff training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
  • Data anonymization. In compliance with the law, we anonymize / pseudonymize the personal data we process, so that the persons to whom they refer cannot be identified.
  • Control of our service providers. We introduce clauses in the contracts with those who process for us (processors) or together with us (other controllers – associated controllers) to ensure the protection of the data we process, in accordance with what is required by law.

WHAT YOUR RIGHTS ARE AND HOW YOU CAN EXERCISE THEM

We treat your rights in relation to the processing we carry out on your data with seriousness and full involvement. Your rights are as follows:

  • Right of access to data. You have the right to request information about the personal data we hold about you, including information about the categories of data we hold or control, what it is used for, the source from which we collected it if we obtained it indirectly, and to whom this data is disclosed, if any. We will provide you with a copy of your personal data upon request.
  • Right to rectification of data. You have the right to obtain rectification of your data that we process, if they are not correct.
  • The right to erasure of data ("right to be forgotten"). You have the right to obtain from us the deletion of your data that we process or control. ALEMAN CONSULTING SRL aims to process and keep your data only for as long as this is necessary. We must comply with this request if we are processing your personal data, and if:
  • the personal data are no longer necessary for the fulfillment of the purposes for which they were collected;
  • you object to the processing on grounds relating to your particular situation;
  • your data has been unlawfully processed;
  • the personal data must be deleted in order to comply with a legal obligation incumbent on us;

Unless your data is still required:

  • for the exercise of the right to free expression and information
  • to comply with a legal obligation we have;
  • for archiving purposes in the public, scientific or historical or statistical interest; or
  • for the establishment, exercise or defense of a right in court.
  • The right to restriction of data processing. You can obtain from us the restriction of the processing of your personal data, if:
  • contest the accuracy of your personal data, for the period we need to verify the accuracy,
  • the processing is unlawful, but you object to the erasure of your personal data, requesting instead that its use be restricted,
  • it is no longer necessary to retain your personal data but you request it for the establishment, exercise or defence of legal claims, or
  • you object to the processing for the period of time during which it is verified whether the processing of the data is legally necessary.
  • The right to object to the use of personal data. You have the right to object to the processing of your data by us or on our behalf. Where the processing is not based on your consent but on our legitimate interests or those of a third party, you can object at any time to the processing of your personal data on grounds relating to your particular situation. In this case, we will no longer process your personal data unless: (a) we can prove compelling legitimate grounds for the processing or (b) where the purpose is to establish, exercise or defend legal claims.

If you object to the processing, please specify whether you also want your personal data to be deleted, otherwise we will only restrict it.

You can always object to the processing of your personal data for marketing purposes, whatever your reason. If the marketing was based on your consent, you can withdraw your consent.

  • The right to data portability. You have the right to receive your personal data that you have provided to us, and where technically feasible, to request that we transmit your personal data (that you have provided to us) to another organisation.

These two rights are rights you have if, cumulatively: (a) we process your personal data by automated means, (b) we rely on your consent in processing your personal data or our processing of your personal data is necessary for the conclusion or performance of a contract to which you are a party; (c) your personal data is provided to us by you, and (d) the transmission of your personal data does not adversely affect the rights and freedoms of others.

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

Your right to receive personal data must not have a negative effect on the rights and freedoms of other people. This could happen if a transfer of your personal data to another organisation also involves the transfer of personal data to other persons (who do not give their consent to this transfer).

The right to have your personal data transmitted by us to another organisation is a right you have if such transmission is technically feasible.

  • The right to withdraw consent. Where we process your data on the basis of your consent, you have the right to withdraw your consent; You can do this at any time, at least as easily as you initially gave us your consent. The withdrawal of consent will not affect the lawfulness of the processing of your data that we carried out before the withdrawal.
  • The right to lodge a complaint with the supervisory authority. If you have a significant dissatisfaction with the way we process your data, please contact us directly so that we can resolve your issue. If you still have any complaints, you can contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):

Address: G-ral Blvd. Gheorghe Magheru, Bucharest, Romania;

Phone: 40.318.059.211/ +40.318.059.212

Fax: +40.318.059.602;

E-mail: anspdcp@dataprotection.ro

Please note

To exercise one or more of these rights or to ask any questions about any of these rights or other aspects of our processing of your data, please use the contact details in the "How to contact us" section above and the support form available on our website at any time www.asgcrm.com. At the same time, printed forms are also available at our headquarters that you can fill in to request the exercise of one or more of the above rights.

We will try to respond to your request within one month, which period may be extended by two months due to specific reasons related to the specific right invoked or the complexity of your request. In any case, if this period is extended, we will inform you of the extension period and the reasons for this extension.

In certain situations we may not be able to grant you access to all or part of your personal data due to legal restrictions. If we deny your request for access, we will tell you the reason for this refusal.

In certain cases, we may not be able to identify your personal data because of the identifiers you provide to us in the request. In such cases, if we cannot identify you as a data subject, we cannot comply with your request in accordance with this section unless you provide us with additional information that allows us to identify you. We will inform you and give you the opportunity to provide us with such additional details.

WHAT CAN HAPPEN IF YOU DO NOT PROVIDE US WITH THE DATA

You are under no obligation to provide us with your personal data that we have mentioned in this document. In this case, we may not be able to provide you with the services you request.

CHANGES REGARDING THE INFORMATION NOTE

We reserve the right to change, improve where necessary, our data protection practices and update and amend this notice at any time to ensure that your data is secure. For this reason, we encourage you to check this information notice periodically.

MEANING OF SOME TERMS USED IN THIS NOTICE

What does personal data processing mean?

Processing of personal data means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  alignment or combination, restriction, erasure or destruction.

What does personal data mean?

Personal Data means any information relating to an identified or identifiable natural person ("data subject"); An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

What does the personal data controller mean?

Personal Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

What does Authorized Person mean?

The natural or legal person, authority or other body that alone or jointly with others decides why (for what purpose) and how (by what means) personal data is processed. According to the law, the responsibility for complying with the legislation regarding personal data lies primarily with the controller. In relation to you, we are the controller, and you are the data subject.

What does Data Subject mean?

The data subject is the natural person to whom certain personal data refers (to whom it "belongs"). In relation to us (the controller), you are the data subject.

What is the Supervisory Authority?

An independent public authority which, according to the law, has powers related to the supervision of compliance with the legislation on the protection of personal data. In Romania, this supervisory authority for personal data processing is the National Supervisory Authority for Personal Data Processing (ANSPDCP)