The scope of use of personal data by SC G-A NUTRITIE ANIMALA SRL
SC G-A NUTRITIE ANIMALA SRL collects, records, organizes, stores and uses to administer, maintain, improve and obtain feedback on the services it provides, as well as to prevent errors and leaks through its IT network, violations of law or contractual terms.
Marketing
SC G-A NUTRITIE ANIMALA SRL collects and updates information about the clients of its services and users of its websites, as well as about the suppliers with whom it interacts on a regular basis, and may obtain this information either directly from you or from third parties, or automatically with the use of the services of SC G-A NUTRITIE ANIMALA SRL through cookies and through traffic reports generated by the servers hosting the evialis.ro website.
Users’ rights
In the context of processing personal data, users have the following rights:
Right to be informed:
(1) Where personal data are obtained directly from the data subject, the controller is obliged to provide the data subject with at least the following information, unless the data subject already possesses that information:
- identity of the operator and its representative, if any;
- the scope of data processing;
- additional information, such as: the recipients or categories of recipients of the data; whether the provision of all requested data is mandatory and the consequences of refusing to provide them; the existence of the rights provided by this law for the data subject, in particular the right of access, the right to intervene on the data and the right to object, as well as the conditions under which they can be exercised;
- any other information the provision of which is required by order of the supervisory authority, taking into account the specific nature of the processing.
(2) If the data are not obtained directly from the data subject, the controller is obliged, at the time of collection or, if disclosure to third parties is intended, at the latest by the time of first disclosure, to provide the data subject with at least the following information, unless the data subject already possesses that information:
- identity of the operator and its representative, if any;
- the scope of data processing;
- additional information, such as: the categories of data concerned, the recipients or categories of recipients of the data, the existence of the rights provided by this law for the data subject, in particular the right of access, the right to intervene on the data and the right to object, as well as the conditions under which they can be exercised;
- any other information the provision of which is required by order of the supervisory authority, taking into account the specific nature of the processing.
(3) The provisions of para. (2) shall not apply where data are processed for statistical, historical or scientific research purposes, or in any other situation in which the provision of such information proves impossible or would involve a disproportionate effort compared with the legitimate interest that might be prejudiced, and in situations where the recording or disclosure of data is expressly provided for by law.
Right of access to data
(1) Any data subject shall have the right to obtain from the controller, on request and free of charge for one request per year, confirmation as to whether or not data relating to him or her are being processed by the controller. The controller is obliged, where it processes personal data relating to the applicant, to communicate to the applicant, together with the confirmation, at least the following:
- a) information on the purposes of the processing, the categories of data concerned and the recipients or categories of recipients to whom the data are disclosed;
- b) communication in an intelligible form of the data undergoing processing and of any available information on the origin of the data;
- c) information on the principles of operation of the mechanism by which any automatic processing of data concerning the data subject is carried out;
- d) information on the existence of the right of access to data and the right of objection, and the conditions under which they may be exercised;
- e) information on the possibility to consult the register of personal data processing, to lodge a complaint with the supervisory authority and to appeal to the court against the decisions of the controller, in accordance with the provisions of this law.
(2) The data subject may request from the controller the information referred to in para. (1) by means of a written request, dated and signed. In the request, the applicant may indicate whether he wishes the information to be communicated to him at a specific address, which may be an e-mail address, or by a mail service which ensures that delivery is made only in person.
(3) The operator is obliged to communicate the requested information within 15 days from the date of receipt of the request, subject to the applicant’s option, if any, expressed in accordance with para. (2).
Right to intervene on data
(1) Any data subject shall have the right to obtain from the controller, on request and free of charge:
- if necessary, rectification, updating, blocking or deletion of data whose processing does not comply with this Act, in particular incomplete or inaccurate data;
- where applicable, the transformation into anonymous data of data whose processing does not comply with this law;
- notifying third parties to whom the data have been disclosed of any operation carried out under a) or b), unless such notification proves impossible or involves a disproportionate effort compared with the legitimate interest that might be harmed.
(2)To exercise the right provided for in para. (1) the data subject shall submit to the controller a written request, dated and signed. In the request, the applicant may indicate whether he/she wishes the information to be communicated to him/her at a specific address, which may be an e-mail address, or by a mail service which ensures that the information is delivered to him/her in person only.
(3) The operator is obliged to communicate the measures taken pursuant to para. (1) and, where applicable, the name of the third party to whom personal data relating to the data subject have been disclosed, within 15 days from the date of receipt of the request, subject to the applicant’s possible choice expressed under paragraph (3). (2).
Right of opposition
(1) The data subject shall have the right to object at any time, on compelling legitimate grounds relating to his or her particular situation, to data relating to him or her being processed unless otherwise provided for by law. In case of justified objection, the processing may no longer concern the data concerned.
(2) The data subject shall have the right to object at any time, free of charge and without justification, to processing of data relating to him or her for direct marketing purposes on behalf of the controller or of a third party, or to disclosure to third parties for such purposes.
(3) In order to exercise the rights provided for in para. (1) and (2), the data subject shall submit to the controller a written request, dated and signed. In the request, the applicant may indicate whether he/she wishes the information to be communicated to him/her at a specific address, which may be an e-mail address, or by a mail service which ensures that delivery is made only in person.
(4) The operator shall be obliged to communicate to the data subject the measures taken pursuant to para. (1) or (2) and, where applicable, the name of the third party to whom personal data relating to the data subject have been disclosed, within 15 days of receipt of the request, subject to any choice made by the applicant in accordance with paragraph (1) or (2). (3).
The right not to be subject to an individual decision
(1) Everyone has the right to demand and obtain:
- withdrawal or annulment of any decision which produces legal effects concerning him/her, taken solely on the basis of the processing of personal data by automatic means intended to evaluate certain aspects of his personality, such as professional competence, credibility, conduct or other such aspects;
- reassessing any other decision taken concerning him/her which significantly affects him/her, if the decision was taken solely on the basis of data processing which meets the conditions laid down in a).
(2)With due regard to the other guarantees provided for in this Law, a person may be subject to a decision of the nature referred to in para. (1), only in the following situations:
- the decision is taken in the context of the conclusion or performance of a contract, provided that the data subject’s request for the conclusion or performance of the contract has been complied with or that appropriate measures, such as the opportunity to present his point of view, guarantee the defence of his legitimate interest;
- the decision is authorised by a law that specifies the measures that guarantee the defence of the data subject’s legitimate interest.
Right to data erasure
(1) The data subject shall have the right to obtain from the controller the erasure without undue delay of personal data relating to him or her, and the controller shall have the obligation to erase personal data without undue delay if one of the following grounds applies:
- personal data are no longer necessary for the purposes for which they were collected or processed;
- the data subject withdraws the consent on the basis of which the processing is carried out and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no compelling legitimate grounds for objecting to the processing;
- personal data have been processed unlawfully;
personal data must be deleted in order to comply with a legal obligation incumbent on the controller under Union law or the national law to which the controller is subject; - personal data was collected in connection with the provision of information society services.
(2) Where the controller has made personal data public and is obliged under paragraph 1 to erase it, the controller shall, taking into account the technology available and the cost of implementation, take reasonable steps, including technical measures, to inform controllers processing personal data that the data subject has requested the deletion by those controllers of any links to that data or of any copies or reproductions of that personal data.
Right to seek justice
(1)Without prejudice to the possibility of lodging a complaint with the supervisory authority, data subjects shall have the right to apply to the courts for the defence of any rights guaranteed by this Act which have been violated.
(2) Any person who has suffered damage as a result of unlawful processing of personal data may apply to the competent court for compensation.
(3) The competent court is the one in which the claimant is domiciled. The application is exempt from stamp duty.
In order to implement the technical and organisational measures necessary to preserve the confidentiality and integrity of personal data, the controller shall comply with the minimum security requirements for the processing of personal data drawn up by the supervisory authority in accordance with the state of the art of the processing and the cost, so as to ensure an adequate level of security with regard to the risks represented by the processing and the nature of the data to be protected. In this regard, the minimum security requirements for personal data processing cover the following aspects:
Staff training
The operator is obliged to inform/instruct users on the following aspects during the training courses:
- the provisions of Law No. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, the minimum security requirements for the processing of personal data;
- the risks involved in processing personal data, depending on the specifics of the user’s activity.
- the confidentiality of personal data, in which sense they will be warned by messages that will appear on the monitors during the activity, users also having the obligation to close the work session when they leave the workplace.
Computer usage
To maintain the security of personal data processing (especially against computer viruses) the controller will take the following measures:
- prohibiting users from using software that comes from external or dubious sources;
- informing users about the danger of computer viruses;
- implementation of automated systems for the antivirus and security of information systems;
- disabling, as far as possible, the “Print screen” key, when personal data are displayed on the monitor, thus prohibiting their printing.
Contact
For any further information regarding the collection, archiving and protection of personal data, please email us at office@evialis.ro
Update
These Privacy Terms are updated whenever necessary. Please read these terms periodically to be aware of what information SC G-A NUTRITIE ANIMALA SRL collects, uses and discloses.