We consider securing the right to personal data protection as a fundamental BRANDION commitment, so we will devote all the resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or ” GDPR “), as well as any other applicable legislation. Since one of the key principles of this legal framework is transparency, we have prepared this document through which we want to inform you about how we collect, use, transfer, and protect your personal data when interacting with us and our products and services including our website.
Who we are and how to contact us
SC CRIS DIGITAL BRANDING SRL is a juridical person of Romanian nationality, having its registered office in Satu Mare, street George Cosbuc no 60, with the serial number in the Trade Register J30/1143/2018 unique tax registration code 37943436 (hereinafter “us” ). For the purpose of data protection law, we are an operator and a processor when we process your personal data.
Since we are always open to your views and we wish to provide you with any further information you may need regarding the processing of your data, we encourage you to contact the BRANDION Data Protection Officer at the [email protected] or by post or courier at Cluj-Napoca, 26, Alexandru Xenopol str., with the mention: ATTN: BRANDION Data Protection Officer.
Which categories of personal data we process
In general, we collect your personal data directly from you, so you have control over the type of information you give us. For example, we receive information from you as follows:
We can also collect and then process certain information about your behavior while you visit our website, personalize your online experience, and make offers tailored to your profile. We invite you to learn more details in this regard by consulting the section on the purposes of processing below.
We do not collect or otherwise process sensitive data included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data for minors who are under the age of 16.
What are the purposes and bases of the processing
We will use your personal data for the following purposes:
1. To provide BRANDION’s services for your benefit
This general purpose may include, as appropriate, the following:
The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between BRANDION and you. Certain processes underlying these purposes are also required by applicable law, including tax and accounting legislation.
2. To improve our services
We always want to offer you the best experience. For this, we may collect and use certain information about our Customer’s behavior, we may invite you to fill in satisfaction queries subsequent to the completion of a service, or we can conduct research and market research directly or through partners.
We base these activities on our legitimate interest in doing business, always taking care that your fundamental rights and freedoms are not affected.
3. For marketing purposes
In certain situations, we can base our marketing activities on our legitimate interest in promoting and developing our commercial activity. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may, at any time, request us, by the means described above, to stop processing your personal data for marketing purposes, and we will follow up your request as soon as possible.
4. To defend our legitimate interests
There may be situations in which we use or transmit information to protect our rights and commercial activity. These may include:
The general focus of these types of processing is our legitimate interest in defending our commercial activity, being understood that we ensure that all the measures we take guarantees a balance between our interests and your fundamental rights and freedoms.
Also, in some cases, we base our processing on legal provisions such as the obligation to safeguard the goods and values provided by applicable legislation in this field.
How long do we keep your personal data
As a general rule, we will store your personal data as long as you have an account on the BRANDION platform. You may request us at any time to delete certain information or to close your account, and we will respond to these requests, subject to the storage of certain information, including after the account has been closed, in cases where applicable law or legitimate interests impose it.
If you do not have an account on the BRANDION platform, the general rule is to keep information on the services we’ve done for a period of 5 years after completing the service. Similar to the previous situation, we may keep certain dates after the expiration of this period, in accordance with applicable law or our legitimate interests.
Who we send your personal data to
As the case may be, we may transmit or give you access to certain personal data of the following categories of recipients:
If we have a legal obligation, or if it is necessary to defend our legitimate interest, we can also disclose certain personal data to public authorities.
We ensure that access to your data by third parties private legal entities is done in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
In which countries transfer your personal data
We currently store and process your personal data on the Romanian territory.
However, from time to time, it is possible to transfer some of your personal data to entities located outside of Romania. These entities may be located in the European Union or outside the Union, including in countries where the European Commission has not recognized an adequate level of protection of personal data.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, by other safeguards, such as standard European Commission standard contracts or certification schemes, such as Privacy Shield for Personal Data Protection transferred from within the EU to the United States of America.
You can contact us at any time, using the contact details listed above, to find out more about the countries where we transfer your data, the pairs, and the safeguards that we have applied to these transfers.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
We keep your personal data on secure servers securing redundancy.
Despite the steps taken to protect your personal data, we note that the transmission of information via the Internet in general or via other public networks is not entirely secure, with the risk that data may be seen and used by third parties unauthorized. We can not be responsible for such vulnerabilities of systems that are not under our control.
What rights do you have
The General Data Protection Regulation recognizes a series of rights in regards to your personal data. You may request access to your data, correct any mistakes in our files, and / or you can oppose the processing of your personal data. You can also exercise your right to complain to the competent oversight authority or to court. As the case may be, you may also have the right to request the deletion of your personal data, the right to restrict your data processing and the right to data portability.
More information about each of these rights can be obtained by reviewing the table below.
In order to exercise your rights, you may contact us using the contact details listed above. Please note the following if you want to exercise these rights:
Identity: We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such records using the email address of the BRANDION account or, as the case may be, the e-mail address communicated in the service request to extend the warranty. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees: We will not charge a fee to exercise any right with respect to your personal data unless your request for access to information is groundless, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before you resolve your request.
Processing time: We plan to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We’ll let you know if we’ll need more than a month. We may ask if you can tell us exactly what you want to receive or what you are worried about. This will help us to act faster and shorten the response time to your request.
Rights of third parties: We do not have to respect an application if it negatively affects the rights and freedoms of other targeted persons.
|Access||You can ask us:|
|Correction||You may ask us to rectify or complete your inaccurate or incomplete personal data.|
We may try to verify the accuracy of the data before correcting it.
|Data removal||You may ask us to delete your personal data, but only if:|
We do not have to comply with your request for deletion of your personal data if processing of your personal data is required:
There are certain other circumstances in which we are not obliged to comply with your request for data deletion, although these are the most likely circumstances in which we may decline your request
Please be aware that before exercising this right, make sure that you have all the documents relating to BRANDION’s service on your products. If you do not do so before exercising your right of removal, you will lose all these documents and BRANDION will be unable to provide them because the data erasure process is an irreversible process.
|Restriction of data processing||You may ask us to restrict the processing of personal data, but only if:|
We may continue to use your personal data following a restriction request if:
|You may ask us to provide your personal data in a structured, commonly used and readable form, or request that it be “ported” directly to another data operator, but in each case only if:|
|Opposition||You may oppose at any time, for reasons related to your particular situation, the processing of your personal data on our legitimate interest if you believe that your fundamental rights and freedoms prevail over this interest.|
You can also oppose any time processing your data for direct marketing (including profile creation) without any reason, in which case we will cease processing as soon as possible.
Making automated decisions
|You can ask that you not be the subject of a decision based solely on automatic processing, but only when that decision:|
This right shall not apply if the decision taken following automatic decision-making:
|Claims||You have the right to file a complaint with the supervisor regarding the processing of your personal data. In Romania, the data protection supervisory authority’s contact data is as follows:|
The National Supervisory Authority for Personal Data Processing
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will do our best to resolve any issues amicably.
We remind you that you can contact the BRANDION Data Protection Officer at any time by submitting your request in any of the following ways: