We inform you that the definitions used therein possess the same meaning as defined in Article 4 of GDPR, therefore we avoid the separate presentation thereof.
II. The principles of data processing
XAPT takes all appropriate measures to ensure that the personal data of the visitors (hereinafter: Visitors) of the Website are at all times:
- processed in a lawful and fair manner in compliance with the appropriate legal basis (lawfulness, fairness, transparency);
- collected for a specified, explicit and legitimate purpose and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
- accurate and, where necessary, kept up to date; and if possible, the inaccurate personal data are erased or rectified without delay (accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for statistical purposes which is subject to implementation of the appropriate technical and organisational measures (storage limitation);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
III. The purpose and basis for processing, the data collected and processed by XAPT
The legal basis for XAPT for the processing of the personal data of the Visitor shall be at all times the consent of the Visitor, therefore only those data are exclusively registered, to which you expressly gave your consent in advance and in such extent, that is strictly necessary for the providing of the service that is requested. The processing shall be carried out until the consent is given by the Visitor or until the withdrawal of the consent. The rules of withdrawal are to be found in section X. below.
XAPT keeps records of business related, corporate data, however some data may be related to the contact person of a given economic, budgetary or social entity. The data related to such persons, in case they are provided by the person, are processed by XAPT. XAPT processes the following personal data:
- name (data strictly necessary for the identification of the Visitor);
- phone number (the data strictly necessary for reaching the Visitor later on);
- e-mail address (the data strictly necessary for reaching the Visitor later on).
The processing of these personal data are necessary for customer relationship, i.e. might be relevant regarding the adoption of business decisions. By providing the data necessary to contact, you give your consent that XAPT can contact you and to maintain such contact. The subscription to the Website is exclusively possible by providing accurate company e-mail address, therefore we ask you not to provide private e-mail address during the subscription.
By subscribing to our website, you expressly give consent and indicate your agreement to XAPT to send you informative and promotional purpose newsletters to the company e-mail address provided by the form for the given economic, budgetary or social entity or to contact you via phone on the provided company phone number.
XAPT reserves the right – not including the corporate contact data provided for the carry out of the performance of services – to terminate the processing of the possibly provided personal data and to delete them without notifying you.
IV. Recipients of the personal data and categories of recipients
XAPT generally shares the personal data of the Visitors with the following third parties:
- within the company group of XAPT, including the mother companies and subsidiaries of XAPT;
- organisations to whom the Visitor carries out contact services regarding XAPT and other companies;
- supervising authorities and other regulatory authorities and bodies.
The Visitors as the data subjects of the processing can request personalized information of their personal data processed by XAPT (the purpose and the legal basis of the processing, the scope of data, the transfer of data, the term of processing, the logic of profiling).
V. The collection and usage of the data
Only such corporate data is recorded which has been voluntarily provided by the visitors of the website. In this case you simultaneously accept the below conditions. In case you provide corporate contact data through our website or by using any of the e-mail addresses to be found there, then you give your consent to XAPT to keep records and process them for the purpose of the necessary communication in compliance with the effective statutory requirements, especially the provisions of the GDPR. By providing your data, you give your consent to the storing, the transmission and the treatment of the data and to the treatment and analysis for statistical purposes by the inner administration of XAPT. We shall only transfer your personal data to third parties without your consent, if it is required by statutory requirements, authorities or courts. In such cases the data provided by you shall be processed confidentially and we ensure that only those persons can access thereto, who directly participate in the sales and the providing of services in close connection with the activity of sales and the providing of services and we ensure that unauthorised third parties shall not have access to your personal data without your prior, express approval consent.
VI. International Transfer
- by the standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2) of the GDPR;
- by the standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
- an approved code of conduct pursuant to Article 40 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights; or
- an approved certification mechanism pursuant to Article 42 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights. Within this framework, XAPT endeavours make its third country partners accept the contractual data protection sample clauses approved by the European Commission / The National Supervisory Authority For Personal Data Processing (ANSPDCP).
XAPT keeps the personal data provided by you in safe custody and by appropriate technical and organizational measures it takes precautionary measures to secure them by using technical, physical, administrative and computer based equipment. Safety measures with appropriate protection level were introduced in order to avoid accidental data losses, processing, unauthorized accessibility, modification or publishing.
An appropriate procedure is applied for handling any presumed data protection breaches and we notify you and the affected authority about the data protection breach, if such notification is mandatory based on statutory requirements.
VIII. The term of processing
The term of the processing is five (5) years reckoned from the termination of the opportunity to use the service, with regards to the fact, that within this term a civil proceeding claim of XAPT can occur reckoned from the expiry of the service due to your activity and by this term it ensures that your personality remains retraceable, so XAPT can enforce its damages or other civil proceeding claims towards you.
IX. Your rights in connection with processing
In connection with the processing of your personal data, with regards to the provisions of the GDPR, you have the hereby listed rights, based on which you are entitled:
(a) To request access to your personal data (generally known as: ‘right of access by the data subject’). Based on this you are entitled to obtain copies of your personal data processed by us and you are entitled to monitor whether our processing is lawful.
(b) To request rectification of your personal data processed by us. Based on this you are entitled for the rectification of your inaccurate or incomplete personal data processed by us, however in such case it may be necessary to inspect the credibility of the newly provided data.
(c) To request the erasure of your personal data. This entitles you for the erasure or the removal of your personal data by us, if there is no reasonable cause for further processing. You can also request the erasure or removal of your personal data if you successfully objected against the processing of your personal data (see below), in case the information was processed unlawfully or in case we are obliged to erase your personal data based on the local law. Please take into consideration that we cannot fulfil your request for erasure at all times based on other legitimate interest, of which, if applicable, we inform you at the time of addressing your request.
(d) To object against the processing of your personal data if the processing is based on the enforcement of our legitimate interest (or the legitimate interest of a third party) and you object against the processing based on reasons in connection with your personal situation, since you feel like that it has an effect on your fundamental rights and freedoms. You can also object, if your personal data is processed by us for direct marketing purposes. In certain cases, we are entitled to prove that our compelling legitimate interest prevails against your fundamental rights and freedoms.
(e) To request the restriction of processing of your personal data. This entitles you to have the processing of your personal data ceased by us in the following cases: (a) if you request us to ensure the accuracy of your data; (b) where our processing is unlawful, but you do not intend to have your data deleted by us; (c) if you request us to store your data even if we do not need them anymore, but you need them for presenting, enforcing and protecting legal claims; or (d) in case you object the processing of your data, but inspection of the existence of the overriding lawful legal basis is necessary.
(f) To request the transfer of your personal data to yourself or to a third party. We transfer your personal data to you or to a third party chosen by you in a structured, generally used machine readable format. Please take into consideration that this right only covers such personal data which is processed by the carry out of automated means, to the usage of which your consent was given previously and which was used for the performance of the contract.
(g) To withdraw your consent at any times, when the processing of your personal data is carried out based on your consent. However, this does not affect the lawfulness of processing prior to the withdrawal of your consent. In case you withdraw your consent, it is possible that we cannot provide certain products or services to you. Of the above, we notify you at the time of the withdrawal of your consent.
All data subject rights listed under the present section IX. can be exercised through the request delivered to the above contacts of XAPT. In compliance with Article 12 of the GDPR, XAPT shall provide information on action taken on the request of the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended where necessary in compliance with the GDPR. Any actions taken based on the request shall be provided free of charge, however where the request is manifestly unfounded or excessive (in particular because of their repetitive character), then XAPT may either charge a reasonable fee taking into account the administrative costs or refuse to act on the request.
X. Modification and erasure of your data
XAPT erases the recorded data from its registries, if the conditions of storing based on statutory requirements or other legal titles are not existing. Naturally, you can also request the modification and / or rectification or erasure of your personal – or corporate – data any time in compliance with the provisions laid down in the above section IX.
XI. Declaration of the user
XII. Right to submit complaints
In case the Visitor considers, that its rights were infringed, then XAPT suggests that the Visitors shall initiate consultations with the data controller in a way that it can directly contact the above appointed contact person. If such consultations do not lead to results, or the data subject does not intend to participate in such activity, then it can turn to the court or to The National Supervisory Authority For Personal Data Processing (ANSPDCP). In case of the initiation of court proceedings, the data subject can decide whether it initiates the proceedings before the competent court based on its address or based on its residence.
The contacts of ANSPDCP (The National Supervisory Authority For Personal Data Processing) are the followings: 28-30 G-ral Gheorghe Magheru Bld., District 1, post code 010336, Bucharest, Romania; website: https://www.dataprotection.ro.