The protection of personal data is one of the major concerns within ITH Management Office S.R.L, a Romanian company, part of the Țiriac Group.
This Privacy Policy (“Policy”) details when and why
The operator: The company ITH Management Office S.R.L., headquartered in Bucharest, Şoseaua Nordului, no. 24 – 26, sector 1, registered at the Trade Register with the no. J40 / 20487/1994, Tax Identification Code 6435918, as an operator, together with the associated operators:
• FERGUS CONSTRUCT INTERNATIONAL S.R.L, with its headquarters on Șoseaua Nordului, no. 24-26, sector 1, Bucharest, tax registration code 6435888, registered at the Trade Register with the no. J40/20491/1994
• MASTERANGE ROMANIA S.R.L., with headquarters in the Șoseaua Nordului, no. 24-26, sector 1, Bucharest, registered at the Trade Register with the no. J40/3330/2003; Tax Registration Code RO15262492;
• Other companies in Țiriac Group,
we process personal data, how we use the date, the conditions according to which we can disclose the data to others, how we store it safely, what your rights as data subjects are and how you may exercise your rights.
When processing your personal data, we also act responsibly and in compliance with European and national legislation regarding the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC.
I. PURPOSES AND REASONS ACCORDING TO WHICH WE PROCESS YOUR PERSONAL DATA
1. Taking into consideration your position as a client or potential client, including when acting as a representative or contact person for a client or potential client, we will process your relevant personal data (including but not limited to identification data such as last name, first name, contact details, data regarding your position within the business partner) for the steps prior to the conclusion of a contract, when we provide the requested services or for the purpose of implementing the contract.
In these situations, the legal basis for the processing of your personal data is the need to implement the contract, this basis also covering the measures taken, at your request, before the conclusion of this contract.
ITH Management Office S.R.L. must comply with the legal obligations for the processing of personal data, imposed to the companies by different legal provisions. For example, we specify the main legislation, which includes subsequent amendments, additions and re-publishing:
a) Accounting Law no. 82/1991,
Law no. 656/2002 on the prevention and sanctioning of money laundering, as well as for establishment of measures for the prevention and fight against terrorism financing,
c) Law no. 16/1996 of the national archives,
d) Labor Code and G.D. no. 905/2017 regarding the general register of employees,
e) Fiscal code, Fiscal procedure code,
f) Law no. 333/2003 regarding the protection of objectives, assets, values and protection of persons,
g) Civil Code and Civil Procedure Code,
h) EU Regulation no. 679/2016.
In this case, the legal basis for processing your personal data is the need to fulfill a legal obligation.
2. If you are a candidate and apply for one of the positions available within Țiriac Group and ITH Management Office S.R.L. we will process your personal data (including, but not limited to identifying data such as last name, first name, contact details, training data, professional experience data and any other data in your CV, including legal and medical capacity (for carrying out your activity) to evaluate your application.
In this case, the legal basis for the processing of your personal data is the need to implement the employment contract, this basis also covering the measures taken, at your request, before the conclusion of this contract.
3. For security reasons, when you are a visitor of ITH Management Office SRL, we will process your personal data (including, but not limited to your identification data, such as last name, first name, representative or contact person, the photo-video image captured by the surveillance cameras, the company you represent, the signature applied to documents) in order to protect the premises in which we operate, our goods, but also our own staff, employees, or our visitors and collaborators that are on the premises.
In this case, the legal basis of processing is our legitimate interest in protecting ourselves.
4. As a visitor to our website, www.tiriacgroup.ro, we will process your personal data (including, but not limited to, IP address, date and time of access) for the purpose of traffic monitoring and to improve the informative content of our website.
In this case, the legal basis for the processing of your personal data is our legitimate interest in ensuring the functioning and efficiency of our website.
To achieve these objectives we use cookies-type modules. For more details you can access our Cookies Policy available at the following link: _______.
When you visit our website, you can send us messages, and in this case we need to know: identification data such as first name, last name, e-mail address, telephone, so that we can respond to the sent message and to facilitate communication with you regarding the clarifications that may be needed, depending on the request you have made for us.
In this case, the legal basis for the processing of your personal data is your consent, given when the message is sent voluntarily by means of the site. You may withdraw the consent thus granted by sending a new message with this request or with any request for exercise of rights, as we will detail below.
5. When you are participating in an event organized by our company, we will process your personal data (including, but not limited to identification data such as first name, last name, representative status, photo / video image) for the purpose of organizing the event, but also for its popularization.
In this case, the legal basis for the processing of your personal data is our legitimate interest in promoting the services of the companies in the Țiriac Group or the interest in implementing the contracts concluded with our partners, as the case may be.
6. As a collaborator or service provider we will process your personal data (including, but not limited to identification data such as first name, last name, representative status, professional training, professional experience) for the purpose of implementing the contract concluded with you. We will also process your personal data when you ask us to take certain measures before concluding such a contract.
In these situations, the legal basis for the processing of your personal data is the need to implement the contract concluded with you, this basis also covering the measures taken, at your request, before the conclusion of this contract.
In addition to the above, we will process your personal data in order to satisfy our legitimate interests, respectively:
a) the exercise and defense of our rights, including in the relation with public authorities;
b) evaluation and improvement of our services.
II. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
In duly justified situations, ITH Management Office S.R.L. may disclose your personal data to third parties, respectively:
a) the companies within Țiriac Group;
b) courts or arbitrators and / or other public authorities;
c) lawyers, legal specialists, tax consultants and / or third-party experts, external administrators, data protection officer;
d) third parties expressly specified by you;
e) Our service providers (for example, translation service providers, insurance services, cloud services, IT services and IT systems maintenance) may have access to your data.
As a rule, we will not transfer your personal data outside the European Economic Area. In exceptional situations and only if necessary, the transfer of your personal data outside the European Economic Area will be done only with the application of adequate protection measures according to the specific legal provisions regarding the protection of personal data and with your appropriate notification.
III. YOUR RIGHTS RELATED TO PERSONAL DATA
Unless the law stipulates otherwise, you have the following rights:
a) the right of access and the right to obtain a confirmation from us that we process your personal data, as well as the access thereto and the provision of information regarding the processing method;
b) the right to rectification which refers to the correction, without undue delays, of the inaccurate personal data and/or to supplementing of incomplete data;
c) the right to deletion/the right to be forgotten, namely the right to delete, without undue delays, your personal data collected in case when such data are no longer necessary for the fulfillment of the purposes for which they have been collected and there is no other legal basis for processing, the data have been unlawfully collected or the data must be deleted in order to fulfill a legal obligation;
d) the right to restriction of processing, which applies in the case when (i) you contest the accuracy of the personal data, (ii) the processing is unlawful and you oppose the deletion of the personal data, requesting the restriction of processing instead, (iii) we no longer need your personal data, but you request them for the establishment, exercise or defense of legal claims, (iv) you have objected to processing for the period of time necessary in order to verify whether our legitimate interests in personal data processing override your rights;
e) the right to object processing, unless we demonstrate that we have legitimate reasons to process your data, reasons which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;
f) the right to portability, namely your right to receive the personal data which you have provided to us for the purposes indicated herein, in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another operator;
g) The right to lodge a complaint with the supervisory authority
h) the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon you or similarly affects you, except for the case when such processing is necessary for the implementation of the contract or it is permitted by law.
Except for the right to file a complaint to a supervisory authority, according to the above mentioned principles, these rights can be exercised by sending a written request using any of the following methods:
a) by post, to the address from Şoseaua Nordului, no. 24-26, sector 1, Bucharest, Romania;
b) by email, to the address: office@tiriacgroup.ro.
c) To the address of the data protection officer: dataprotection@tiriacgroup.ro, phone 021.4312149, from Monday to Friday, between 10am and 5pm, except for public holidays.
IV. DURATION OF THE PROCESSING OF YOUR PERSONAL DATA
In the case of fulfilling the legal obligations, we will keep your personal data for the entire duration specified and imposed by the law.
If the legal basis of processing is the contractual interest, we will keep your personal data for the entire duration of the contract, plus the limitation period of any right to act, plus one year.
If your personal data is processed based on your consent, the processing will continue for a period of 5 years, but not after the withdrawal of the consent, unless there are legitimate and compelling reasons that justify the further processing by us (including a legal obligation in this regard) and which prevail over your interests, rights and freedoms. The processing may continue if the data are necessary for us to establish, exercise or defend a right in court.
In all cases, we will keep your personal data for as long as necessary to fulfill the purpose of processing this data.
V. SECURITY OF YOUR PERSONAL DATA
ITH Management Office S.R.L. will make all reasonable efforts to protect your personal data that are in our possession or under our control by establishing reasonable security measures in order to prevent the unauthorized access, collection, use, disclosure, copying, alteration or disposal, as well as other similar risks.
Our data protection policy does not apply to services provided by other companies or individuals, including products or web pages that may be displayed in search results, web pages that may include our services, or other connected internet pages included in our services. Our data protection policy does not include practices related to the processing of personal data of other companies and organizations that advertise our services and may use cookies, pixel tags and other technologies to display and deliver relevant ads.
This Policy is effective as of May 25, 2018 and may be updated or modified at any time, depending on the requirements and changes existing in the company.