GENERAL POLICY OF ROSSMANN GROUP ROMANIA FOR THE PROCESSING OF PERSONAL DATA

 

Legal grounds

Please be advised that as from 25 May 2018, all member states of the European Union will apply the Regulation 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR“).

The primary purpose of GDPR is to increase the level of protection of personal data and create a trustworthy climate that allows each person to control their own data.

ROSSMANN GROUP ROMANIA (AMBRO SA and ROMCARTON SA) is in line with the European standards regarding the processing of personal data provided in GDPR. Data protection is of special importance to us and we want to be open and transparent with regard to the processing of personal data.

 

We therefore consider it a good time to inform you about the way we protect your personal data and the way we appropriate the GDPR provisions.

 

Who is processing your personal data?

ROSSMANN GROUP ROMANIA, through the companies:

  • AMBRO S.A. based in Suceava, Calea Unirii nr. 24, Suceava County, phone no. 0230.205.000

And / or

  • ROMCARTON S.A, based in Popeşti-Leordeni, Şos. Olteniţei nr. 249, Ilfov County, phone no. (+40) 21.203.63.00.

The two companies act as data operators acting independently, i.e. each one is responsible for your personal data collected and processed by each of them separately.

 

What are the categories of data subjects?

The personal data processing policy is addressed to legal representatives and / or employees responsible for or involved in the conclusion and execution of contracts or in the course of the collaboration with one or both companies of ROSSMANN GROUP ROMANIA, potential clients or suppliers, employees, trainees or collaborators, as well as other people who contact or visit us.

 

What are the types of personal data processed, the purpose and the grounds for processing, the recipients?

 

If you are representatives / delegates of different collaborator companies (legal entities).

We process your personal data, such as your surname, first name, phone number, email address, position held, employer’s name and other contact data for the purpose of executing the contract or entering into a new contract and fulfilling the legal obligations arising from the contract / collaboration. The collection of personal data on contact persons can be made from electronic messages, contracting offers or directly from the data subject.

Categories of recipients for such data:

  • Supervisory and control authorities / institutions, criminal prosecution bodies, courts, etc., according to the law;
  • Transport / courier providers in order to pick-up/dispatch the goods/correspondence, technical maintenance companies, IT service providers, auditors or other specialist consultants, other third parties authorized to obtain disclosure of personal data, in accordance with the law;
  • Companies belonging to ROSSMANN GROUP ROMANIA.

 

If you are visitors of our premises or transport service providers

Under Annex 2d) of GD no. 301/2012 – Implementation rules for the application of Law no. 333/2003, the data of visitors of the premises of the two companies in the Group, namely their surname, first name, series and no. of the identity card / passport are processed in order to ensure the security of the premises, by completing the Register of the access of persons within the premises by the security company, according to the contract concluded between us and this one.

Your image is also processed as a consequence of its recording by the security camera system that continuously monitors the premises of ROSSMANN GROUP ROMANIA companies, based on the legitimate interest in ensuring the security of the premises and under Law no. 333/2003.

Categories of recipients to whom the data above is disclosed:

  • Supervisory and control authorities / institutions, criminal prosecution bodies, courts, etc., according to the law;
  • Companies belonging to ROSSMANN GROUP ROMANIA, technical maintenance companies, IT service providers, auditors or other specialized consultants, other third parties authorized to obtain disclosure of personal data, according to the law.

 

For the delegated drivers of carriers, we process the identification data for the purpose of preparing accounting documents (invoices, delivery notes) and transport documents (CMR), in accordance with the tax law and for the execution of the transport contracts and the sale – purchase of goods.

Categories of recipients to whom the data above is disclosed:

  • Supervisory and control authorities / institutions, criminal prosecution bodies, courts, etc., according to the law;
  • Companies that have contracts with us for the carriage of goods or their purchase, only in relation to the contractual relationship executed by the delegated persons;
  • Insurers of transport carriers;
  • Companies belonging to ROSSMANN GROUP ROMANIA, technical maintenance companies, IT service providers, auditors or other specialized consultants, other third parties authorized to obtain disclosure of personal data, according to the law.

 

If you are delegates of other companies that execute works within the premises of our company

Personal data, namely the surname, first name, serial and no. of the identity card, position, education, qualification, employer, belonging to natural persons who are delegated for the execution of different works within the premises of ROSSMANN GROUP ROMANIA companies are processed in order to ensure the collective occupational health and safety training, according to the Law no. 319/2006, and to have access to the premises during the respective work in order to execute the contract.

Categories of recipients for these data:

  • Supervisory and control authorities / institutions, criminal prosecution bodies, courts, etc., according to the law;
  • Employer of trained personnel;
  • Companies belonging to ROSSMANN GROUP ROMANIA, technical maintenance companies, IT service providers, auditors or other specialized consultants, other third parties authorized to obtain disclosure of personal data, according to the law.

 

If you are candidates for our vacancies

Your data: surname, first name, personal identification number, date of birth, parents’ names, address, serial and no. of the identity card, position, studies, qualification, civil status, telephone, e-mail are processed in the recruitment process in order to conclude an individual employment contract.

Your data are transmitted to the following recipients only related to the selected person:

  • The Employment Agency in order to obtain the assignment, according to the law,
  • The medical service provider for the purpose of checking the work capacity at employment, according to the contract.

 

If you are persons who contact us for other requests

We collect personal data when someone contacts us about a question, request, complaint (such as name, contact details, and communication content). In such cases, that person has control over the personal data transmitted, and we will only use this data for the purpose of responding to the request.

 

How do we ensure the security of personal data?

ROSSMANN GROUP ROMANIA is constantly concerned with improving the technical and organizational measures implemented to ensure the security of your personal data in order to protect them against destruction, modification, disclosure or unauthorized access. We have a framework of policies and procedures relating to the protection of personal data and periodically review the adequacy of the measures in force.

 

Within the two companies of ROSSMANN GROUP ROMANIA, access to your personal data is limited to the personnel involved in fulfilling the contractual obligations or communicating with business partners, being trained on the confidentiality of the data, and access is made based on authentication and user login procedures.

 

How long do we save your personal data?

We will store your personal data only for the time necessary to achieve the processing purposes as outlined above and in compliance with the applicable legal regulations.

 

Thus, depending on the purposes of the processing, your data are kept:

  • for the duration of the contractual or collaboration relationship, and, if applicable, after its termination for the period required by the applicable legal provisions, for the prescription period, including, but not limited to, the rules on archiving.
  • footage of the security video system shall be kept for maximum 30 days, except for security incidents, for which footage shall be kept beyond that duration, depending on the time required to investigate it further.
  • candidates’ data are kept until the recruitment process is completed, being deleted/destroyed when occupying the post, except: (i) expression of consent for retention and (ii) data of the candidate who has been employed;
  • data of the visitors of our premises are kept in accordance with legal provisions and archiving rules.
  • Under certain circumstances, we may retain your personal data for longer periods of time in the event of any complaints or problems that may arise, as well as for the purpose of ascertaining, exercising or defending our rights before dispute settlement bodies.

 

What rights do you have for data processing?

As data subjects, GDPR gives you a number of rights. Here’s the full list of the rights you have:

  • the right of access – allows you to obtain confirmation that your personal data is processed by us as well as relevant details of these processing activities and for what purpose;
  • the right to rectification – allows you to modify in case of inaccurate personal data;
  • the right to erasure (“right to be forgotten”) – allows you to obtain erasure of your personal data if they are no longer necessary for the purpose for which they were collected, if you have withdrawn your consent and there is no other legal basis for processing, if the data have been illegally collected, if the data should be erased for compliance with a legal obligation;
  • the right to restriction of processing – allows you to restrict the processing of your personal data in some cases (for example, when you dispute the accuracy of your personal data, changing the time period for which they are collected);
  • the right to oppose – allows you to oppose the processing of your personal data on the grounds of our legitimate interest or a public interest on grounds of your particular circumstances;
  • the right to data portability – allows you to transfer the personal data we provide to another data operator;

 

How can you exercise your data processing rights?

You may exercise your rights, submit a complaint or request for clarification on the way we process your personal data or the content of this document by submitting a written request to the email address: [email protected], or at the premises of AMBRO SA or ROMCARTON SA, as the case may be, indicated above.

 

Also, if you believe that we have violated any of your rights in this matter, you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing, based in Bucharest, Bd G-ral Gheorghe Magheru nr. 28-30, sector 1, postal code 010336 or refer to the competent courts.

 

Changes to this Policy

We admit that transparency is a continuing responsibility, so we will review this document periodically.

 

 

Prentru a vizualiza aceasta pagina este nevoie de un browser modern.


Google Chrome
Mozilla Firefox
Internet Explorer