Please be advised that as from 25 May 2018, all member states of the European Union will apply the Regulation 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR“).
The primary purpose of GDPR is to increase the level of protection of personal data and create a trustworthy climate that allows each person to control their own data.
ROSSMANN GROUP ROMANIA (AMBRO SA and ROMCARTON SA) is in line with the European standards regarding the processing of personal data provided in GDPR. Data protection is of special importance to us and we want to be open and transparent with regard to the processing of personal data.
We therefore consider it a good time to inform you about the way we protect your personal data and the way we appropriate the GDPR provisions.
Who is processing your personal data?
ROSSMANN GROUP ROMANIA, through the companies:
And / or
The two companies act as data operators acting independently, i.e. each one is responsible for your personal data collected and processed by each of them separately.
What are the categories of data subjects?
The personal data processing policy is addressed to legal representatives and / or employees responsible for or involved in the conclusion and execution of contracts or in the course of the collaboration with one or both companies of ROSSMANN GROUP ROMANIA, potential clients or suppliers, employees, trainees or collaborators, as well as other people who contact or visit us.
What are the types of personal data processed, the purpose and the grounds for processing, the recipients?
If you are representatives / delegates of different collaborator companies (legal entities).
We process your personal data, such as your surname, first name, phone number, email address, position held, employer’s name and other contact data for the purpose of executing the contract or entering into a new contract and fulfilling the legal obligations arising from the contract / collaboration. The collection of personal data on contact persons can be made from electronic messages, contracting offers or directly from the data subject.
Categories of recipients for such data:
If you are visitors of our premises or transport service providers
Under Annex 2d) of GD no. 301/2012 – Implementation rules for the application of Law no. 333/2003, the data of visitors of the premises of the two companies in the Group, namely their surname, first name, series and no. of the identity card / passport are processed in order to ensure the security of the premises, by completing the Register of the access of persons within the premises by the security company, according to the contract concluded between us and this one.
Your image is also processed as a consequence of its recording by the security camera system that continuously monitors the premises of ROSSMANN GROUP ROMANIA companies, based on the legitimate interest in ensuring the security of the premises and under Law no. 333/2003.
Categories of recipients to whom the data above is disclosed:
For the delegated drivers of carriers, we process the identification data for the purpose of preparing accounting documents (invoices, delivery notes) and transport documents (CMR), in accordance with the tax law and for the execution of the transport contracts and the sale – purchase of goods.
Categories of recipients to whom the data above is disclosed:
If you are delegates of other companies that execute works within the premises of our company
Personal data, namely the surname, first name, serial and no. of the identity card, position, education, qualification, employer, belonging to natural persons who are delegated for the execution of different works within the premises of ROSSMANN GROUP ROMANIA companies are processed in order to ensure the collective occupational health and safety training, according to the Law no. 319/2006, and to have access to the premises during the respective work in order to execute the contract.
Categories of recipients for these data:
If you are candidates for our vacancies
Your data: surname, first name, personal identification number, date of birth, parents’ names, address, serial and no. of the identity card, position, studies, qualification, civil status, telephone, e-mail are processed in the recruitment process in order to conclude an individual employment contract.
Your data are transmitted to the following recipients only related to the selected person:
If you are persons who contact us for other requests
We collect personal data when someone contacts us about a question, request, complaint (such as name, contact details, and communication content). In such cases, that person has control over the personal data transmitted, and we will only use this data for the purpose of responding to the request.
How do we ensure the security of personal data?
ROSSMANN GROUP ROMANIA is constantly concerned with improving the technical and organizational measures implemented to ensure the security of your personal data in order to protect them against destruction, modification, disclosure or unauthorized access. We have a framework of policies and procedures relating to the protection of personal data and periodically review the adequacy of the measures in force.
Within the two companies of ROSSMANN GROUP ROMANIA, access to your personal data is limited to the personnel involved in fulfilling the contractual obligations or communicating with business partners, being trained on the confidentiality of the data, and access is made based on authentication and user login procedures.
How long do we save your personal data?
We will store your personal data only for the time necessary to achieve the processing purposes as outlined above and in compliance with the applicable legal regulations.
Thus, depending on the purposes of the processing, your data are kept:
What rights do you have for data processing?
As data subjects, GDPR gives you a number of rights. Here’s the full list of the rights you have:
How can you exercise your data processing rights?
You may exercise your rights, submit a complaint or request for clarification on the way we process your personal data or the content of this document by submitting a written request to the email address: [email protected], or at the premises of AMBRO SA or ROMCARTON SA, as the case may be, indicated above.
Also, if you believe that we have violated any of your rights in this matter, you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing, based in Bucharest, Bd G-ral Gheorghe Magheru nr. 28-30, sector 1, postal code 010336 or refer to the competent courts.
Changes to this Policy
We admit that transparency is a continuing responsibility, so we will review this document periodically.