We thank you for your interest shown in our company and / or our services.
Being fully aware that your personal information belongs to you, we do our best to store it securely and process it carefully. We do not provide information to third parties without informing you in accordance with legal provisions. We do not make exclusively automatic decisions that have a significant impact on you.
1.1. „GDPR”, „RGPD” or „Regulation” means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL as of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
1.2. “The operator” or “We” means The company PETRO ACTIVE INVESTIMENTS COMPANY S.A.., with its registered office located in the way to Doljului Street No. 16, Craiova, Dolj county, registered with the Trade Register Office under no. J16/2367/2021, with Unique Identification Code – RO44952720.
1.3. “Data subject” means any identified or identifiable natural person whose data are processed by us as an operator, such as customers, potential customers or visitors on the website.
1.4. “Processing” means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, limiting, removing or destroying;
1.5. “Consent” means any manifestation of the free, specific, informed and unambiguous will of the data subject by which they consent, by an unequivocal statement or action, that their personal data be processed by the Operator;
1.6. “Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The other terms used in this document have the meaning provided by the GDPR and other applicable legal provisions.
3 OTHER FACILITIES
4 WHO ARE WE?
PETRO ACTIVE INVESTIMENTS COMPANY S.A. , headquartered in the way to Doljului Street No. 16, Craiova, Dolj County, registered with the Trade Register Office under no. J16/2367/2021 with Unique Identification Code – RO44952720, is responsible for the processing of your personal data that we collect directly from you or from other sources.
According to the law, our company is a personal data controller. In order for your data to be processed securely, we have made every effort to implement reasonable and appropriate, technical and organizational measures to protect your personal data.
5 WHO ARE YOU?
According to the law, you, the natural person benefiting of our services / products, the representative or contact person of a company that is our customer or potential customer, our website visitor or the person engaged in a relationship of any kind with us, are a “data subject” meaning an identified or identifiable natural person. In order to be completely transparent about the processing of data and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate the exercise of your rights.
6 OUR COMMITMENT
The protection of your personal information is very important to us. Therefore, we are committed to complying with the European and national legislation on personal data protection, in particular with the Regulation (EU) 679/2016, also known as the GDPR and the following principles:
✓ Legality, fairness and transparency
We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.
✓ Control is yours
Within the limits of the law, we offer you the opportunity to review, modify, delete personal data that you have shared with us and to exercise your other rights.
✓ Data integrity and purpose limitation
We use the data only for the purposes described upon collection or for new purposes compatible with the original ones. In all cases, our purposes are compatible with the law. We take reasonable steps to ensure that the personal data is accurate, complete and up to date.
We have implemented reasonable security measures for the processing of personal data so that we can protect your personal information as best we can. However, please be aware that no website, no application, and no internet connection is completely secure.
8 YOUR INFORMATION PURPOSES. LEGAL GROUNDS.
When you browse our website, send us a request by e-mail, or contact us for any other purpose and through any other communication media, you may provide us with the following personal information, which we collect directly from you, or from other sources, as explained in the table below.
|Personal data processed*||Purpose/Purposes*||Legal Grounds/Grounds|
|Name Address|| || |
| || |
|Address IP|| |
We collect most of the information directly from you (for example, by filling out a form on the website). Most of the information is as described above, but there may be situations where we collect data from third parties (i.e. partners, platforms).
In addition to the information listed above, we may also collect the following information, as necessary:
The content of messages sent through messaging and email systems.
In addition to the purposes listed in the table above, we also process personal data for the following purposes:
To answer your questions and requests and provide you with customer support;
For marketing purposes, but only if we have your prior consent or when there is a legal exception from obtaining consent;
To provide and improve the services we provide;
To diagnose or remedy technical problems;
To protect us from cyber attacks;
O comply with the law, such as compliance with tax law which obliges us to keep the accounting documents for a period of 10 years;
In the unlikely event of a dispute, for objecting against or claiming a right in the court.
8.1 OTHER INFORMATION ON LEGAL GROUNDS
(a) Legitimate interest. Should we make use of the legitimate interest, we perform a legitimate interest analysis (balancing test) through which we can balance our interest and your interests. If our interests prevail, we will use the legitimate interest. In the event that your interests prevail, we will not use the legitimate interest, and we will not perform that processing activity unless we are able to identify another proper legal basis.
(b) Consent. Please note that consent is not required, and we will only proceed to obtaining your consent if we are unable to use another legal basis. We currently only use consent for email marketing.
(c) Vital interest. In the unlikely event of a medical emergency or other exceptional event, processing may be necessary to protect your or another individual’s vital interests.
9 STORAGE PERIOD
We only store your personal data for the period necessary for the fulfillment of the purposes, but not more than 5 years upon the termination of the contract or the last interaction with us.
At the end of the period, personal data will be destroyed or deleted from computer systems or transformed into anonymous data to be used in scientific, historical or statistical research.
Please note that in certain expressly regulated situations, we store data for the period required by law.
10 DATA TRANSFERS
We may disclose your data in compliance with applicable law to business partners or other third parties. We make constant efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual terms concluded with these third parties so that your data is protected. In these situations, we will ensure that any transfer is legitimate under the law.
We may also transfer the data to other parties with your consent or in accordance with your instructions, such as when you request portability.
We may also provide your personal information to the public prosecutor’s office, the police, the courts and other competent state bodies, on the basis and within the limits of legal provisions and as a result of express requests.
The transfer of personal data to a third country may take place only if the state to which the transfer is intended provides an adequate level of protection.
The transfer of data to a state whose legislation does not provide a level of protection at least equal to that provided by the General Data Protection Regulation is possible only if there are sufficient guarantees regarding the protection of the data subject’s fundamental rights. These guarantees will be established by us through contracts concluded with the service suppliers/providers to whom the transfer of your personal data will be made.
Each time we transfer your personal data outside the EEA, we will ensure that there is a similar level of protection through one of the following safeguard mechanisms:
we will transfer your personal data to countries where the European Commission has shown to provide an adequate level of security for your personal data.
when we call on certain service providers, we will be able to use certain model contracts provided and approved by the European Commission that give personal data the same protection that they have in Europe.
11 DATA SECURITY
We understand the importance of the security of personal data and take the necessary measures to protect our customers and other individuals whose data we process against unauthorized access to personal data, as well as against unauthorized modification, disclosure or destruction of data we process in the course of our business.
We have implemented the following technical and organizational measures for the security of personal data:
a) Dedicated policies. We constantly adopt and review internal practices and policies for the processing of personal data (including physical and electronic security measures) in order to protect our systems against unauthorized access or other possible threats to their security. These policies are subject to constant scrutiny to ensure that we comply with legal requirements and that the systems operate properly.
b) Data minimization. We ensure that your personal data that we process is limited only to what is necessary, appropriate and relevant for the purposes stated in this Policy.
c) Restrict access to data. We try to restrict as much as possible access to the personal data that we process to the minimum necessary: employees, collaborators and other people who need to access these data in order to process them and perform a service. Our partners and collaborators are subject to strict privacy duties (either contractual or legal).
d) Specific technical measures. We use technologies to ensure the security of our customers, always trying to implement the best solutions for data protection. We also back up data regularly so that we can recover it in the event of an incident, and we have regular audit procedures to ensure the safety of the equipment used. However, no website, no application, no internet connection is completely secure and untouchable.
e) Ensuring the accuracy of your data. Sometimes we may ask you to confirm the accuracy or timeliness of your data to make sure they depict reality.
f) Personnel training. We constantly train and test our employees and collaborators on the legislation and best practices in the field of personal data processing.
g)Anonymization of data. Where we can, we try as much as possible to anonymize / pseudo-anonymize the personal data that we process, so that we can no longer identify the persons to whom they refer.
However, although we make every effort to ensure the security of the data you provide to us, we may also experience less fortunate events and security incidents / breaches. In such cases, we will strictly follow the security incident reporting and notifying procedure and take all necessary steps to restore the situation to normal as soon as possible.
12 DIRECT MARKETING
Provided that we have obtained your prior consent or you are already a customer of the company, we may use direct marketing technologies based on the information we collect about you. We currently send commercial e-mail messages to people who have previously given their consent.
13 YOUR RIGHTS
Your rights under the GDPR are as follows:
(a) The right to be informed about the processing of your data
(b) The right to access data. You have the right to obtain from us a confirmation that we process or not personal data concerning you and, if so, you have access to those data and to the information provided by art. 15 para. (1) of the GDPR;
(c) The right to rectify inaccurate or incomplete data. You have the right to obtain, from us, without undue delay, the adjustment of inaccurate personal data concerning you;
(d) The right to be erased (“the right to be forgotten”). In the situations provided under art. 17 of the GDPR, you have the right to request and obtain the removal of personal data;
e) The right to restrict processing. In the cases provided by Article 18 of the GDPR, you have the right to request and obtain the restriction of processing;
f) The right to transmit the data we hold about you to another data controller (“right to portability”). The right to transfer the available data about you to another data controller (“right to portability”);
g) The right to object to the processing of data. In the cases provided by Article 21 of the GDPR, you have the right to object to the processing of data;
h) The right not to be subject to a decision based solely on automatic processing, including the creation of profiles with legal or similar significant effects on you.;
i) The right to approach the court for the protection of your rights and interests;
j) The right to lodge a complaint with a Supervisory Authority.
|Name||National Authority for the Supervision of Personal Data Processing|
|Address||B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania|
|Phone:||+40.318.059.211 or +40.318.059.212|
(1) You may withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email.
(2) The rights listed above are not absolute. There are exceptions, so each request received will be analyzed so that we can decide whether it is well-founded or not. To the extent that the application is well-founded, we will make it easier for you to exercise your rights. If the request is unfounded, we will reject it, but we will inform you about the reasons for refusal and about the rights to lodge a complaint with the Supervisory Authority and to go to court.
(3) We will try to respond to the request within one month. However, the deadline may be extended depending on various issues, such as the complexity of the request, the large number of requests received, or the inability to identify you in a timely manner.
(4) If, despite our best efforts, we are unable to identify you and you do not provide us with additional information in order to identify you, we are not required to comply with the request.
14 QUESTIONS, REQUESTS AND EXERCISE OF RIGHTS
If you have any questions or concerns regarding the processing of your information or you wish to exercise your legal rights or have any other concerns regarding the confidentiality of the information you provide to us, you may contact us at the company address.
Last update: 09.03.2022