CONFIDENTIALITY POLICY

Confidentiality Policy of DARIAN DRS S.A.

Updated on 25.05.2018

Darian respects the right to the protection of personal data of each person and took steps to comply with the legal provisions of EU Regulation 679/2016 (“GDPR”) and the other regulations in force in the field of personal data protection.

Among the measures that Darian adopted to comply to GDPR is the present Privacy Policy, that presents Darian’s practice regarding the processing of personal data. Darian is the entity which determines the means and purposes of processing personal data and is therefore is the data controller (as defined in EU Regulation 679/2016).

Darian (the data controller) is a group of companies to which belong the following:

  • DARIAN DRS SA, a Romanian company, headquartered in Cluj- Napoca, 25 Nicolae Cristea Street, Cluj County, Romania;
  • DARIAN DRS EVALUARE SRL, a limited liability company, headquartered in Cluj-Napoca, 25 Nicolae Cristea Street, Cluj County, Romania;
  • DARIAN DRS TAX SRL, a limited liability company, headquartered in Cluj-Napoca, 25 Nicolae Cristea Street, 2nd floor, Cluj County, Romania;
  • DARIAN DRS AUDIT SRL, a limited liability company, headquartered in Cluj- Napoca, 25 Nicolae Cristea Street, ground floor and 1st floor, Cluj County, Romania;
  • DARIAN DRS PROJECT MANAGEMENT SRL, a limited liability company, headquartered in Cluj- Napoca, 25 Nicolae Cristea Street, Cluj County, Romania;
  • MIC, ILIE ȘI ASOCIAȚII S.P.A.R.L, a professional limited liability company, headquartered in Bucharest, 33 Aviatorilor Boulevard, 4 th floor, District 1, Bucharest, Romania;

hereinafter referred to as Darian.

This Policy is, in fact, one of the ways by which we want to show you that the trust you give us is not unilateral, and that we, in our turn, take all necessary measures so that your visit to our site be as pleasant as possible.

Please, read carefully this Policy, and in order to have a complete understanding of how Darian processes personal data through this Site, please consult also The Cookies Policy.

Throughout this document you will understand:

  1. The definition of personal data, data processing, data controller, data subject;
  2. What type of information do we collect from you and how?
  3. When and how the information collected is used?
  4. How do we protect your personal data?
  5. Who has access to the information collected from you (your personal data)?
  6. Data transfer outside the EU or the EEA Area
  7. Retention period of the collected information
  8. Data subject rights
  9. How you can you exercise your rights and what our contact is?
  1. Definitions
  • “Personal data” means any information relating to an identified or identifiable natural person;
  • “Data Processing” means any operation or set of operations carried out on personal data or personal data sets, with or without the using of automatic means, such as collecting, recording, organizing, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, deletion or destruction;
  • “Data controller” means a natural or legal person, the public authority, agency or other institution which, alone or together with others shall determine the purposes and means of processing personal data;
  • “Data subject” means an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification item, such as name, identification number, location data, an online identifier, or to one or more specific items, physical identity, physiological, genetic, psychic, economic, cultural or social;

For the extensive definition of these terms and of other terms specific to the field of data protection, please refer to EU Regulation 679/2016.

  1. What information do we collect from you and how?

Darian collects information from you, as a user, in the following ways:

  • directly;
  • from traffic reports recorded by servers hosting the site;
  • by cookies.

A. Information supplied directly by the user

In order to establish a future collaboration and to ensure efficient communication, we process the following personal data, which you give us voluntarily:

  • Name;
  • Email address;
  • Other dates you gave us voluntarily, in the message you addressed us;

As soon as there is an agreement on a collaboration, we will process other personal data, such as a bank account, your address, required for executing consultancy activities, which constitutes our object of activity. All that information will be collected only after we have established a professional relationship, in respect to which you have expressed your consent. The processing of these data is not carried out through the site, but by other means of electronic communication.

Darian uses your email address to send you notifications about our services, as well as the news in the legislative area that may be of interest to you or may be useful to you. The transmission of emails with this purpose is made only after your consent has been obtained for this purpose.

B.  Information from traffic reports recorded by servers hosting the site

When you visit a website, you reveal certain information about you, such as your IP address, the time of your visit, the place where you accessed our site. Darian, same as other data controllers, records this information.

C. Information obtained by cookies

The use of cookies is a current standard in many of the important sites you visit. Most browsers are set to accept cookies. Darian, and other websites use cookies for the proper working of the site and to give you a personalized experience. For cookies on which the https://www.darian.ro/ use website and details on how you can manage your Cookies Policy.

It is important to remember that whenever you voluntarily reveal personal information into the online communications environment, online forums, e-mail program, FTP program, discussion groups, chat services, or other such information could easily be collected and used by unauthorized people. Iven if, Darian makes every effort to protect your personal information, we cannot ensure or guarantee the security of any type of information you transmit to us, so that the transmission of information into an unsuitable environment is at your own risk. You must also understand that you are solely responsible for maintaining the secrecy of the information (passwords, username, etc.) regarding the accounts you have acquired as a result of the use of our services.

  1. When and how the information collected is used

The purposes for which Darian processes your personal data are:

  • cooperation (with the purpose to provide our services);
  • to perform the consultancy services which are the object of Darian activities;
  • to provide you with a personalized experience on the site and an efficient navigation;
  • fulfilling our legal obligations;
  • improving site’s functions;
  • monitoring and compliance with our policies and standards, in order to identify the authorized persons to conclude transactions on behalf of our clients, beneficiaries, suppliers and/or service providers;
  • marketing purposes, only with your express and prior consent;

The processing of your personal data for the purposes mentioned above is carried out by Darian, based on the following legal grounds, provided by article 6 paragraph 1 from EU Regulation 679/2016 (“The lawfulness of the processing”):

  1. In the performance of the contract you are a party to (art. 6 paragraph (1) (a) GDPR);

This processing is performed, when following your decision to resort to our services, a contract has been concluded, and Darian is processing your data, either on the conclusion of the contract or in the execution of the contract.

  1. Based on your prior and express consent (Article 6(1)(b) GDPR);

In addition, Darian also processes, as needed, your personal data when:

  1. Is necessary for compliance with a legal obligation to which the controller is subject;
  2. Is necessary in order to protect your vital interests or of other persons;
  3. Is necessary for the performance of a task carried out in the public interest;
  4. In the interest of the legitimate interests pursued by Darian or a third party, unless your interests or your fundamental rights and freedoms are predominant.
  1. How do we protect the information?

Darian respects your right to data protection, making all reasonable efforts and taking all technical and administrative measures, so that we can ensure the confidentiality of your personal data.

The confidentiality and the protection of the data collected from you are a priority for us.

Darian does not disclose the information collected, to third parties without your express and prior consent (except the cases indicated in point 5- Who has access to the information collected from you?). Any traffic statistics on our users, that we will provide to third-party advertising networks or to partner sites, is only provided as a set of data, and does not include any personally identifiable information about any individual user.

In order to establish a direct contact between you and the Darian team, you must insert your email address and to send us a message. In this message, you can reveal personal data such as your phone number, your name, a brief description of the situation your requesting Darian services for, as well as other data which you voluntarily reveal us.

We kindly recommend you to limit the personal data that you reveal us, in the content of the email or the message, to your name, following that the rest of the personal data, that is necessary for the performance of our services to be disclosed later, on of conclusion of the contract.

Unfortunately, no data transmission via the Internet can be guaranteed to be 100% secure. Therefore, despite our efforts to protect your personal information, Darian cannot ensure or guarantee the security of the information you provide to us, to and from our online services or our products.

When we receive the information you send, we assure you that we will make every effort to ensure its security in our systems, according to the security standards imposed by the applicable legislation.

In this respect we have implemented adequate technical and organizational measures to preserve the confidentiality and security of your personal data, according to internal procedures concerning the storage, transmission and access to personal data. Personal data can be stored on our technology systems or in printed format.

Regarding cyber security, data-processing operations, including data storage, shall be achieved by means of systems which ensure the security of processing, and the operations shall be carried out by competent persons who have been informed and instructed on the obligations regarding data protection.

  1. Who has access to the information we collect from you?

Your personal data is processed for the purposes indicated in point 3- When and how is the collected information used?. This processing is carried out by one or more of the group’s companies (as they were identified in the introduction of this document). The processing shall be carried out by the group’s companies themselves or by a processor. Therefore, other natural or legal persons (except those indicated above and exceptional circumstances indicated below), will not have access to your personal data.

Darian is making every effort and has taken the necessary measures to ensure that third parties do not have access to your data, unless we are in the presence of an exceptional situation. Thus, there are situations in which, the access to your data is required by legal provisions or the carrying out of the company’s activity, or the proper working/maintenance of the site.

Therefore, in certain circumstances, we may disclose your personal data to:

  • persons who, under a contract, provide the maintenance of the site;
  • external advisors (e.g. auditors or solicitors);
  • public authorities or institutions;
  • other natural or legal persons who contribute to/ ensure the fulfilment of Darian’s object of activity;
  1. Data transfer outside the EU or the EEA

Darian does not reveal and submit personal data collected from you to third countries outside the European Union or the European Economic Area.

  1. Retention period of the information collected

Your personal data will be processed as follows:

  • during our contractual terms;
  • during your subscription to the news seller;
  • if legal provisions force us to keep data within a certain period, we will process the data for that period (the accounting records shall be kept in accordance with the accounting law for a period of 10 years).

If your personal data is longer required for the purpose of compliance with legal provisions or contractual obligations, these data shall be deleted regularly.

  1. Your rights as a data subject

In accordance with Article 15 of the EU Regulation 679/2016 (GDPR), you have the following rights as the data subject:

  1. The right of accessaccording to this right you can obtain from us a confirmation regarding the processing of personal data, as well as access to that data. For any other copy you require, we have the right to charge a reasonable fee, based on administrative costs. If you send the request in electronic format and unless you request another format, the information will be provided in an electronic format that is used currently;
  2. Right to rectification- according to this right you may obtain correction of your personal data, which is inaccurate, as well as the right to obtain completion of personal data which is incomplete;
  3. Right to erasure (‘right to be forgotten’)- You have the right to obtain the erasure of personal data that concerns you, without undue delay, and we are obliged to delete that data, when:
    1. personal data is no longer necessary for the purposes for which it was collected or processed;
    2. you withdraw the consent, when the processing is based on your previous consent and there are no other legal grounds for processing;
    3. you object to data processing, and there are no other legal grounds for the processing;
    4. the processing was performed against legal provisions;
    5. personal data must be erased for complying with a legal provision, that we have to respect, according to European Union legislation.
  4. Right to restriction of processing- according to this right, provided in art. 18 from GDPR, you have the right to obtain from us the restriction of processing;
  5. Right to data portability- according to this right you can receive your personal data, in the form send to us, in a structured format, currently used and which can be read automatically and send this data to another controller under certain conditions;
  6. Right to object- according to this right you can object, on grounds relating to your situation, at any time, to the processing of personal data, including profiling;
  7. Automated individual decision-making, including profiling– you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you;
  8. The Right to complain, according to article 77 from GDPR Regulation, to The National Supervisory Authority for Personal Data Processing;
  9. Right to withdraw the consent in any moment, without affecting the legality of data processing, made by us based on your consent, before the consent was withdrawn.

If you wish to exercise any of the above rights, please contact us in one of the ways we will describe below, in point 9- How can you exercise your rights and what our contact is? .

Darian Team works to ensure a faster response to your requests, but the reply term varies depending on the complexity of your request. The deadline for processing applications shall be 30 days.

  1. How can you exercise your rights and what our contact is?

For your personal data processing requests please contact us in one of the following ways:

  • Contact person: Livia Ban;
  • Phone number: +4 0726 755 612;
  • Email: ban@darian.ro;
  • Address: 6 Gheorghe Lazar Street, 400183, Cluj-Napoca;