Privacy Policy

Agreement regarding the processing of personal data

Since ensuring your protection with regard to the processing of personal data is an extremely important objective for us, we have submitted all the necessary diligence to comply with the standards imposed by EU Regulation 2016/679 (https://eur-lex . europa.eu/legal-content/ro/TXT/PDF/?uri=CELEX:32016R0679 ) and by any other normative act in force on the territory of Romania 

An important step for achieving this objective is the information regarding how your data will be processed (processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use by automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying ).

We reserve the right to modify and update the Privacy Policy and Cookie Policy.

1. Who we are and how we can be contacted:

The data operator is Grampet SA ("Grampet").
Main office: Calea Victoriei, no. 114, sector 1, postal code 010092
Tel.: 0040.21.317.30.90
Fax: 0040.21.317.30.91
E-mail: protectiadatelor@grampet.ro
Fiscal Code: R11412694, no. Reg. Trade Register: J40/1305/1999

2. Data collection/ types of data

  1. Collected automatically after access (of the type)
    • IP address
    • Date and time of access
    • Time zone difference from Greenwich Meridian (GMT)
    • Content of the request (specific website)
    • Access status/HTTP status code
    • The amount of data transferred
    • Requested access to the website
    • Browser, language settings, browser version, operating system and surface
  2. Data collected after completing the contact form:
    1. Name surname;
    2. E-mail;
    3. Phone number;

3. Cookie files

1. What are they?

  1. This Website uses so-called "cookies". Cookies are small text files that are stored in the memory of your terminal via the browser. They store certain information (e.g. preferred language or website settings) that the browser can retransmit to us (depending on the lifetime of the cookie file) the next time you visit our Website.

2. What cookies do we use?

  1. Google Analytics cookies (site analysis cookies)
  2. Name: CookieConsent
      1. Duration – 1 year
      2. Purpose: Used to store user preferences

For the complete list of cookies and to change the settings click here.

3. Cookies from third parties

  1. Within our Website, we use Google Analytics, an analysis service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (Hereafter referred to as "Google").
    1. Google will analyze the use of our Website on our behalf. For this purpose we use cookies. The information collected by Google in connection with your use of our Website (e.g. related URL, our web pages you visit, your browser type, your language settings, your operating system, screen resolution, etc. ) will be transmitted to a Google server in the USA, where they will be stored and analyzed. Those results will then be made available to us in a pseudonymised form. Google also complies with  the EU-US Privacy Shield , which ensures that an adequate level of protection is maintained in relation to data processing by Google in the US.
    2. You can withdraw your consent to the use of web analytics at any time by downloading and installing the  provided Google Browser Plug-in  .
    3. More information regarding Google Analytics is available in  the Google Analytics Terms of Use , the  Google Analytics Data Protection and Privacy Guidelines,  and the  Google Privacy Policy .

4. Purpose of data processing

  1. In order to communicate with you
  2. To be able to offer you services specially configured to your needs
  3. For marketing purposes
    1. We can use that information to improve the products and services we offer you.
  4. To defend our legitimate interests
    1. To defend our legitimate interests (In the event of exceptional situations such as cyber attacks that may endanger the safety of our platform or in the event that the information is requested by the competent public institutions in order to resolve ongoing investigations, we reserve the right to process the information in question)

5. How long we keep your personal data

The period of time for which your data will be kept is limited and will be determined by the period necessary to fulfill the purposes for which the data is processed.

6. Third parties 

A: Google Analytics

    1. Purpose: Web analytics
    2. Policies:  https://www.google.com/analytics/terms/gb.html ,  https://support.google.com/analytics/answer/6004245 

Mention

      1. If we are under a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

7. Territoriality: 

Data processing is done only on the territory of Romania. With the exception of  the pseudonymized data used in the site analysis function described in point 3.1 "Cookies from third parties" which is made in the USA according to the procedure described and is regulated by the  US-EU Privacy Shield 

8. Your rights

The data subject's right of access

(1)    The data subject has the right to obtain from the operator a confirmation as to whether or not personal data concerning him or her is being processed and, if so, access to the respective data and the following information:

    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients from third countries or international organizations;
    4. where possible, the period for which the personal data is expected to be stored or, if this is not possible, the criteria used to establish this period; 
    5. the existence of the right to request the operator to rectify or delete personal data or restrict the processing of personal data relating to the person concerned or the right to oppose the processing; 
    6. the right to lodge a complaint with a supervisory authority;

The right to rectification

(1)    The data subject has the right to obtain from the operator, without undue delay, the rectification of inaccurate personal data concerning him. Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of personal data that are incomplete, including by providing an additional statement.

Right to erasure ("right to be forgotten")

(1)    The data subject has the right to obtain from the operator the deletion of the personal data concerning him, without undue delay, and the operator has the obligation to delete the personal data without undue delay if one of the following reasons applies :

(a) the personal data are no longer necessary to fulfill the purposes for which they were collected or processed;

(b) the data subject withdraws the consent on the basis of which the processing takes place, in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing ;

(c) the data subject objects to the processing under Article 21(1) and there are no overriding legitimate grounds for the processing or the data subject objects to the processing under Article 21(2);

(d) personal data have been processed illegally;

(e) personal data must be deleted to comply with a legal obligation incumbent on the operator under Union law or the internal law to which the operator is subject;

(f) personal data were collected in connection with the provision of information society services referred to in Article 8 paragraph (1).

(2)    If the operator has made personal data public and is obliged, under paragraph (1), to delete it, the operator, taking into account the available technology and the cost of implementation, takes reasonable measures, including technical measures, to inform operators processing personal data that the data subject has requested the deletion by these operators of any links to the respective data or any copies or reproductions of such personal data.

(3)    Paragraphs (1) and (2a) do not apply to the extent that the processing is necessary:

(a) for the exercise of the right to free expression and information;

(b) for complying with a legal obligation that provides for the processing under Union law or the internal law that applies to the operator or for the performance of a task performed in the public interest or in the exercise of an official authority with which the operator is vested;

(c) for reasons of public interest in the field of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3);

(d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with Article 89 paragraph 1, to the extent that the right referred to in paragraph 1 is likely to make it impossible or to seriously affect the achievement of the objectives of the respective processing; or

(e) for the establishment, exercise or defense of a right in court.

The right to restriction of processing

(1)    The data subject has the right to obtain from the operator the restriction of processing if one of the following cases applies:

(a) the data subject contests the accuracy of the data, for a period that allows the operator to verify the accuracy of the data;

(b) the processing is unlawful and the data subject opposes the deletion of personal data, requesting instead the restriction of their use;

(c) the operator no longer needs the personal data for the purpose of processing, but the data subject requests them for establishing, exercising or defending a right in court; or

(d) the data subject has objected to the processing in accordance with Article 21 paragraph (1), for the period of time in which it is verified whether the legitimate rights of the operator prevail over those of the data subject.

(2)    If the processing has been restricted pursuant to paragraph (1), such personal data may, with the exception of storage, be processed only with the consent of the data subject or for the establishment, exercise or defense of a right in court or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

(3)    A data subject who obtained restriction of processing pursuant to paragraph (1) is informed by the operator before lifting the restriction of processing.

The right to data portability

(1)    The data subject has the right to receive the personal data concerning him and which he has provided to the operator in a structured, commonly used and machine-readable format and he has the right to transmit this data to another operator, without obstacles from the operator to whom the personal data was provided, if:

(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and

(b) the processing is carried out by automated means.

(2)    In exercising his right to data portability under paragraph (1), the data subject has the right to have his personal data transmitted directly from one operator to another where this is technically feasible.

(3)    The exercise of the right mentioned in paragraph (1) of this article does not affect article 17. This right does not apply to the processing necessary for the performance of a task performed in the public interest or within the exercise of an official authority with which the operator is vested.

(4)    The right mentioned in paragraph (1) does not affect the rights and freedoms of others.

The right to be notified in connection with the rectification, deletion or restriction of the processing of personal data

(1)    The operator communicates to each recipient to whom personal data has been disclosed any rectification or deletion of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18, unless where this proves impossible or involves disproportionate efforts. The operator shall inform the data subject of the respective recipients if the data subject so requests.

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows:
National Authority for the Supervision of Personal Data Processing
B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
E-mail: anspdcp@dataprotection.ro
Without affecting your right to contact the supervisory authority at any time, you can contact us in advance ( protectiadatelor@grampet.ro ), and we will make every effort to solve any problem .