GDPR
Privacy Policy
Privacy Policy
Introduction
In personal data processing operations on the www.roxana-axini.com website the following data is used:
The processing of these data types is subject to the legislation on the processing of personal data: REGULATION (EU) 2016/679 OF THE PARLIAMENT EUROPEAN PARLIAMENT AND THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of of these data and repealing Directive 95/46 / EC (General Data Protection Regulation - GDPR), which explicitly regulates personal data processing activities, the qualities of legal entities processing personal data, roles and responsibilities them.
Protection of personal data
The General Privacy Policy (GDPR) is one of the most important legal acts that directly affect the processing of personal data of the company SELF LEADERSHIP SRL.
Definitions
"PDP legislation" means any law, ordinance, decree, regulation or secondary legislation issued by the Surveillance Authority on the processing, confidentiality and use of Personal Data applicable to services provided under the Agreement, including:
a. Law no. 677/2001 on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of such Data ("Law 677/2001"); Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector ("Law 506/2004") and any other normative acts in Romania implementing these laws, Directive 95/46 / EC (Data Protection Directive) and Directive 2002/58 / EC (the "e-Privacy Directive"); and / or
b. starting with 25 May 2018, Regulation No 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation data protection ("GDPR"), from the date on which it will be applicable; and any other national normative acts given in the application of GDPR;
c. any judicial or administrative interpretation of any of the above, any guidelines, guidelines, codes of practice, codes of conduct or certification mechanisms approved or issued by any relevant Supervisory Authority throughout the period in which they are in force and enforceable, and any acts amending, supplementing or replacing them over time.
controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
supervisory authority means an independent public authority which is established by a Member State pursuant to Article 51, in Romania represeted by ANSPDCP.
Principles relating to the processing of personal data require that personal data be:
The Company makes every effort to align with these principles all existing personal data processing activities and any new processing that it intends to carry out.
The physical person accessing this site under GDPR has the following rights:
The deadlines set by the GDPR for exercising the rights of the data subjects and / or responding to their requests and / or responding are varied as follows:
Right of the individual |
Deadline for obtaining consent / informing / exercising the right and / or providing answer |
The right to be informed |
When data is collected |
The right to access personal data |
It can be exercised at any time during processing and a response is given within 30 calendar days |
The right to update your personal information |
It can be exercised at any time during the processing, is immediately implemented and a response is provided within 30 calendar days |
Right to request the deletion of personal data |
It can be exercised at any time during the processing, is immediately implemented and a response is provided within 30 calendar days |
The right to request the restriction of the processing of personal data |
It can be exercised at any time during the processing, is immediately implemented and a response is provided within 30 calendar days |
The right to portray personal data |
It can be exercised at any time during processing and provide an implementation response / solution within a reasonable time (as soon as possible) |
The right to oppose the processing of personal data |
It can be exerted at any time during processing and is immediately deployed |
Rights regarding the automatic processing of personal data |
Not specified |
The company processes your personal data on this site only under the following conditions:
a. If the data subject has consented to the processing of his or her personal data for one or more specific purposes;
b. Where processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of a contract;
c. Where processing is necessary to fulfill a legal obligation incumbent upon the operator;
d. Where processing is necessary to protect the vital interests of the data subject or other natural person;
e. Where processing is necessary for the performance of a task which is in the public interest or which results from the exercise of the public authority with which the operator is invested;
f. Where processing is necessary for the legitimate interests pursued by the operator or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, in particular where the data subject is a child.
Proccesors
The Company will ensure at all times that all transactions involving personal data processing are regulated by written contracts between the operator and the authorized persons or between the associated operators, as the case may be. All such contracts will comply with the GDPR express requirements and clauses.
In the event of a personal data security incident:
a. will notify you of the occurrence of any security incident involving your personal data;
b. investigate the data security breach;
c. will take reasonable steps to mitigate the effects and reduce any damage resulting from the Security Incident as well as reasonable measures to prevent the recurrence of such a breach of data security;
d. will develop and execute a response plan to counteract the Security Incident;
e. shall inform the relevant regulatory authority within 24 hours of the occurrence of the security incident.
The following actions are used by the Company to comply with the GDPR principles. All actions below are frequently reviewed to meet all GDPR requirements: