Privacy policy

1. Introduction

The purpose of this Privacy Policy is to explain to you what data we process, why we process it and what we do with it. We take your privacy seriously and never sell lists or e-mail addresses. Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not give information to third parties without informing you.

2. Other services

This Privacy Policy does not cover the apps and websites of other third parties that you may reach through links on our website. This is beyond our control. We encourage you to review the Privacy Policy of any website and/or app before providing any personal data.

3. Who are we?

PRODFER CONSTRUCT SRL, a limited liability company, incorporated and operating in accordance with the laws of Romania, with registered office in Cluj Napoca, Tiberiu Popoviciu 6, Clădirea Team, Cluj County, with unique registration code no. 28098376 and Registration number in the Trade Register J12/1335/2018 (hereinafter referred to as “PRODFER CONSTRUCT SRL”) is responsible for processing your personal data that it collects directly from you or from other sources.

According to the law, our company is a personal data controller. In order for your data to be processed securely, we have made every effort to implement reasonable measures to protect your personal information.

4. Who are you?

According to the law, you, the individual who is a beneficiary of our products or a person in any relationship of any kind with us, are a “data subject”, i.e. an identified or identifiable natural person. In order to be fully transparent about our data processing and to enable you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller, and you, the data subject.

5. Changes

We may change this Privacy Policy at any time. All updates and changes to this Policy are effective immediately upon notice, which we will provide by posting on the website and/or notifying you by e-mail.

6. Questions and requests

If you have any questions or concerns about the processing of your data or if you wish to exercise your legal rights in relation to the data we hold about you, or if you have concerns about how we handle any privacy issues, you can write to us at office@parapet.ro

7. Our commitment

The protection of your personal information is very important to us. That is why we are committed to the following principles:

Lawfulness, fairness and transparency – We process your data lawfully and fairly. We are always transparent about the information we use, and you are properly informed.

Control is yours – Within the limits of the law, we give you the possibility to review, amend, delete the personal data you have shared with us and to exercise your other rights.

Data integrity and purpose limitation – We use data only for the purposes described at the time of collection or for new purposes compatible with the original purposes. In all cases, our purposes are consistent with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

Security – We have reasonable security and encryption measures in place to protect your information as best we can. However, keep in mind that no website, no app and no internet connection is completely secure.

8. What information do we collect about you?

You can use the Platform without disclosing personal data. However, if you wish to benefit from our products, you will be asked to provide your data during a registration process.

Data requested may include: full name, telephone number, e-mail address, home address.

We may collect data through cookies or other similar technologies, such as your IP address, your internet browser, the ads you clicked on, your location, the web pages you access on our website.

9. Why do we collect this information?

We collect your information for specified and legitimate purposes including but not limited to the following:

  • To conclude or perform a contract between you and us;
  • Account registration;
  • To answer your questions and requests;
  • For marketing purposes, but only if we have your prior consent;
  • To provide and improve the services and products we offer;
  • To diagnose or fix technical problems;
  • To provide you with customized advertising and content;
  • To defend against cyber attacks;
  • For creating and/or maintaining accounts;
  • To comply with the law;
  • To establish or claim a right in court.

10. What are the legal grounds for data collection?

You have consented to the processing of your personal data – Please note that you can withdraw your consent at any time by following the unsubscribe instructions in each e-mail or by sending a written request to office@parapet.ro

The processing is necessary for the conclusion or performance of a contract between you and us – Such as the performance of a Contract regarding the sale or purchase of one or more products on the Platform, by placing an Order by the Customer and its acceptance by PRODFER CONSTRUCT SRL, in compliance with the legal provisions and terms and conditions for the online sale of PRODFER CONSTRUCT SRL products, or to take action, at your request, before entering into a Contract.

The processing is necessary for the fulfillment of a legal obligation – e.g. keeping accounting records for 10 years.

11. How do we disclose your data?

PRODFER CONSTRUCT SRL may transfer the Data, by disclosing or granting remote access rights only through secure applications, to third parties, such as affiliated entities and other business partners of PRODFER CONSTRUCT SRL, acting as processors, processing Personal Data for and on behalf of PRODFER CONSTRUCT SRL (e.g. Data storage on cloud servers, legal and financial consultants, technical service providers or dispatch support service providers), with whom PRODFER CONSTRUCT SRL has entered into the necessary contractual agreements in accordance with EU and national regulations.

We may also disclose your data to business partners as part of a joint effort to provide a product or service.
We will transfer Data to third parties only to the extent necessary to fulfill the applicable Processing Purposes for which your Data is collected and processed.

Personal Data collected and processed for the Purposes of Processing described in this Privacy Policy may be stored on servers located abroad or transferred to affiliated entities based outside the territory of the European Union. In the event of transfer of Data to third countries, PRODFER CONSTRUCT SRL will communicate the intention to transfer as well as the third countries concerned, the purpose of the transfer and the request for consent, when such consent is required under the applicable legal provisions.

PRODFER CONSTRUCT SRL may disclose Data in order to comply with legal provisions or in response to a request from a court or other public authority.

12. How long do we store the data?

Personal data collected and used for the provision of the Products by PRODFER CONSTRUCT SRL will be stored for a period of 5 years after the termination of the contractual relationship or any longer period required by law, regulations or applicable rules on record keeping obligations or requests from public authorities.

Immediately after the end of the applicable storage period, the data will be:

  • deleted or destroyed;
  • or anonymized;
  • or transferred to an archive (unless prohibited by applicable law or regulation on record retention).

Personal data collected and used to create your Account will be deleted immediately if you close your Account.

To ensure that the Data is not kept longer than necessary, PRODFER CONSTRUCT SRL will periodically review the Data and, if necessary, delete it.

13. What security measures have we taken?

As part of the administration of the Platform, we have taken technical and organizational measures to ensure a level of security appropriate to the risks that the processing of the Data entails, in particular through misuse, accidental destruction, unlawful or unauthorized access, loss, alteration, disclosure, intentional or accidental manipulation, access by third parties, deletion and modification. To that end, we have developed and implemented data security policies and other privacy practices. In addition, our security procedures are continually reviewed based on new technological developments.

For further information about our security practices, please fill in the contact form in the Contact section of the Platform.

You will be notified of a data breach within a reasonable period of time after the discovery of such a breach, unless an authorized public body determines that notification would impede a criminal investigation or otherwise prejudice national security. In such a case, notification will be delayed, as directed by such body. We will respond promptly to your questions regarding such a data breach.

14. What are your rights?

The right to withdraw consent
The data subject has the right to withdraw consent where consent is used as the legal basis for processing (e.g. where the processing is not based on a different justification permitted by the GDPR such as a legal or contractual obligation). Before we exclude the data subject’s data from processing, we must confirm that the request for consent is indeed the legal basis for processing. If not, the request may be rejected on the grounds that the processing does not require the data subject’s consent. In many cases, giving and withdrawing consent will be available electronically – online and this procedure will not be necessary.

Where the consent concerns a child (defined by the GDPR Regulation as a person up to the age of 16), the expression and withdrawal of consent must be authorized by the holder of parental responsibility over the child.

The right to be informed about the processing of your data
When personal data is collected from the data subject or obtained from other sources, there is a requirement to inform the data subject about the purpose of the use of such data and about the rights he/she has over it.

Right of access to data
The data subject has the right to ask the company what data it processes about him/her, to have access to that data and to the following information:
1. The purpose of the processing
2. The categories of personal data involved
3. The recipients or categories of recipients of the data if any, in particular third countries or international organizations
4. The length of time the personal data is stored (or the criteria used to determine this period)
5. The data subject’s rights to rectification or erasure of his or her personal data and to restrict or object to its processing
6. The data subject’s right to lodge a complaint with a supervisory authority
7. Information on the source of the data if not obtained directly from the data subject
8. Whether personal data will be subject to automated processing, including profiling and, if so, the possible consequences involved
9. If the data are transferred to a third country or an international organization, information on the safeguards that apply. In most cases, the decision-making process for such requests will be straightforward unless it is concluded that the request is manifestly unfounded or excessive. However, compiling the information may require the help of the data owners.

The right to rectify inaccurate or incomplete data
Where personal data are inaccurate, the data subject has the right to request that incomplete personal data be corrected and completed on the basis of the information he or she provides.
 If necessary, we will take steps to validate the information provided by the data subject to ensure that it is correct before we amend it.

Right to erasure (“right to be forgotten”)
We offer the data subject the right to request us to delete personal data without delay, in connection with one of the following circumstances:

– the personal data is no longer necessary for the purposes for which it was collected or processed;
– the data subject withdraws the consent on the basis of which the processing is taking place and there is no other legal basis for the processing;
– the data subject objects to the processing and there are no legitimate grounds for the processing;
– the personal data has been processed unlawfully;
– the personal data must be erased in order to comply with the law;
– the personal data was collected in connection with offering online services to children.
We will make a decision in each case of such requests as to whether the request can or should be refused for one of the following reasons:
– the data is necessary for the exercise of the right to free expression and information;
– the data is necessary for the performance of a legal obligation;
– for reasons of public interest in the field of public health;
– for archiving purposes in the public interest;
– for the establishment, exercise or defense of a legal claim.

Right to restrict processing
The data subject may exercise the right to restrict processing in the following situations:

– the data subject contests the accuracy of the data, for a period allowing the controller to verify the accuracy of the data;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;
– the controller no longer needs the personal data for the purpose of the processing, but the data subject requests them for the establishment, exercise or defence of legal claims; or
– the data subject has objected to the processing for the period of time during which it is verified whether the legitimate rights of the controller prevail over those of the data subject. If the data will be restricted, the data will remain stored but cannot be processed without the consent of the data subject. By way of exception, they may be processed for the establishment, exercise or defense of legal claims or for the protection of the rights of another individual or legal entity or for reasons of substantial public interest of the Union or of a Member State (provided that the data subject is informed thereof). Other organizations that process personal data on our behalf must also be informed of the restriction.

Right to transfer the data we hold about you to another controller
The data subject has the right to request that personal data be provided in a “structured, commonly used and machine-readable format” (Article 20 of the GDPR Regulation) and to transfer that data to another party, for example to another service provider. This applies to personal data where the processing is based on the data subject’s consent, the legal basis of the contract or where the processing is carried out by automated means.

The right to object to data processing
The data subject has the right to object to processing that is based on the following legal grounds:
– For the performance of a task carried out in the public interest or in the exercise of official authority of the controller
– For the purposes of the legitimate interests of the controller. Once the objection has been made, the organization must justify the grounds on which the processing is based and suspend the processing until the decision has been taken (the rule). The organization shall no longer process the personal data unless it can demonstrate compelling legitimate grounds justifying the processing which override the interests, rights and freedoms of the data subject, or the purposes are the establishment, exercise or defence of legal claims. If personal data are used for direct marketing, the organization shall cease processing.

The right not to be subject to a decision based solely on automated processing, including profiling
The data subject has the right not to be subject to an automated decision, including profiling, if the decision has a significant or legal effect on him or her. The data subject also has the right to express his or her point of view, to request human intervention and to contest the decision. There are exceptions to this right where the decision:
1. Is necessary for the conclusion or performance of the contract;
2. Is authorized by national or European law;
3. It is based on the data subject’s explicit consent; In the situations under points (1) and (2), the organization shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right of the data subject to obtain human intervention by the controller, to express his or her point of view and to contest the decision.

 

Right to take legal action
The data subject also has the right to take legal action when he/she considers that his/her rights have been violated.

The right to a complaint to a Supervisory Authority
It is important to know that:
– If you have given your consent to direct marketing, you can withdraw it at any time by following the unsubscribe instructions in each e-mail/sms or other electronic message.
– If you wish to exercise your rights, you may do so by sending a written, signed and dated request to office@parapet.ro
– The rights listed above are not absolute. There are exceptions, therefore each request received will be analyzed in order to decide whether or not it is well-founded. If your request is justified, we will facilitate the exercise of your rights. If your request is unfounded, we will reject it, but we will inform you of the reasons for the refusal and of your rights to lodge a complaint with the Supervisory Authority and to go to court
– we will try to respond to your request within 30 days.  However, the deadline may be extended depending on various aspects, such as the complexity of the request, the large number of requests received or the inability to identify you within a reasonable time.
 – If, despite our best efforts, we are unable to identify you, and you do not provide us with additional information to enable us to identify you, we are not obliged to comply with your request.

15. Questions, requests and exercising rights

If you have any questions or concerns about the processing of your information or wish to exercise your legal rights or have any other privacy concerns, you can email us at office@parapet.ro