Personal Data Processing Notice
1. What Company Manages the www.cona.ro Website?
1.1 The company CON-A S.R.L (named in the following sections ‘CON-A’, ‘The company’, ‘us’ or other similar expressions) is a construction company with its headquarters in Șelimbăr, Mihai Viteazu St., no. 2B, Sibiu county that is registered in the National Trade Register Office as J32/586/1991, CUI 792555.
1.2 www.cona.ro is a website that promotes CON-A’s services and projects in a detailed manner. To achieve this, we collaborate with natural people or companies that are interested in buying one or more of our products or services. For this reason, we have created a platform through which you can get all the information you need. Even though our webpage’s purpose is purely informative, it can collect the personal data from a natural person (for instance, natural people who want to apply for a job in our company or other natural people/potential clients who want to get information on the projects and services offered by our company). To minimize the quantity of the collected personal data, we did not include an option to log in/sign up to our webpage, nor an option to sign up for a newsletter.
1.3 This document is essential because it explains the reason why we need certain personal data in order to be able to properly offer some of our services. Before sending us any of your personal data or before using our webpage, please read carefully and thoroughly this Information Note on the Processing of Personal Data, because it includes a series of principles and concepts that are extremely useful not only when using this website, but also for your interaction with other websites. In accordance with the General Data Protection Regulation – GDPR [1], we will also discuss issues related to the type of personal data collected from you, the purpose and the legal ground of the personal data processing, who do we reveal the data to, the storage period, what are your rights related to the personal data we process and the things you can do in order to understand and better control the amount of your personal data that are being processed online.
[1] No. 679 REGULATION from April 27th, regarding the protection of natural people as far as the personal data processing is concerned, as well as the data circulation and the abrogation of the 95/46/CE Directive (General Data Protection Regulation – GDPR).
2. Targeted People
2.1 www.cona.ro collects some of its visitors’ personal data. These data are either directly from our visitors through the forms from the ‘Contact’ or ‘Career’ sections or are provided by the traffic and cookies reports.
3. Personal Data that are Being Processed
3.1 General Information
3.1.1 According to the General Data Protection Regulation – GDPR, ‘personal data’ means any information related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
3.1.2 www.cona.ro collects personal data from its visitors in two important ways:
a). Information directly provided by submitting forms from the sections `Contact` (when you’re requesting one of CON-A’s services or when you’re sending a message to us), or `Careers` (if you’re applying for a job in our company).
b). Information obtained through the traffic reports registered by the server and through cookies when you use our webpage.
3.2 Personal Data Collected through the `Contact` Section of the Webpage
3.2.1 www.cona.ro contains instructions, sections and forms about the simplified contact with us. When establishing a contact with us via e-mail or a contact form, the data given by you (for instance, e-mail, name, phone number or other data related to your request of establishing a contract) are saved by us in order to reply to your question or request. By establishing such a contact with us, you agree to have the personal data you have sent collected to solve the said situation, question or request.
3.3 Personal Data Collected through the `Careers` Section of the Website
3.3.1 www.cona.ro includes a `Careers` section and a form regarding the recruitment procedure of our company. If a potential job candidate (for a vacancy or, in the absence of a vacancy, for a speculative job application) sends us through an e-mail or a recruitment form data for the recruitment process, the data will be collected by us with the purpose of recruitment for a vacancy.
3.3.2 In order to process your job application, we are collecting and processing data necessary for your recruitment, sent by you, such as: general identification data (first name, last name, sex), your correspondence data (address, e-mail address, phone number, fax number), the data included in your CV, as well as other information directly provided by you related to the purpose of the processing (for instance, data relating to your driving license, studies and professional qualifications). For more details about the recruitment process, please see the Information Note on the Processing of Personal Data in the Recruitment Process.
3.4 Information Automatically Given by Traffic Reports
3.4.1 www.cona.ro automatically collects, every time you visit it, certain data and information that are stocked in its traffic reports, which may include: your device’s IP address, the region or the location from where you’re accessing our website, your browser type, your operating system and a history of the pages that you access, the page from where you’ve been redirected to our website.
3.4.2 We use this information on the basis of our legal interest to ensure the safety of our webpage, to manage it, to ensure our webpage is working properly, to observe whether our website’s pages correspond to your device’s display requirements, to diagnose possible issues of our servers when they deliver pages to certain types of devices, to analyze trends, to observe the way in which users can navigate better on our pages, to improve our services and the information provided by the webpage. www.cona.ro uses external services of traffic analysis (Google Analytics only). These data previously mentioned are anonymously collected by our website, and we do not use traffic data that identifies the users behind the IP addresses.
3.5 Information Given by Cookies and Similar Technologies
3.5.1 We also collect statistical demographic information that helps us identify the preferences of the www.cona.ro users. These use cookies. Cookies have been invented to allow users to access services such as authentication at the moment when they access a site or an online shop. These are small text files, placed on a reader’s terminal and they become the website’s memory. Each time a person accesses a site, the website can write or read in the cookie placed in the terminal information that the user has already sent to the website, directly or indirectly. Subsequently, this was the point from which other similar technologies were developed. We use cookies and similar technologies on our website. These technologies are thoroughly detailed in the section entitled Cookies.
3.6 Links to Other Webpages
3.6.1 Our webpage contains links to other webpages, and there can be other pages that are linked to our webpage (external webpages). We are not responsible for your interaction with these external webpages, nor for the content, usability or the degree to which these pages comply to the data protection laws, reason for which we strongly recommend you acquire through information related to these aspects of the said pages before visiting them.
4. The Purpose of the Data Processing and its Legal Ground
4.1. The Contact Form
a) When establishing a contact with us through e-mail through a contact form from www.cona.ro, we are saving the data provided by you to reply to your question or request.
b) In this case, the data processing will be based on your agreement to process the personal data sent in order to solve the said situation, question, complain or request, or in order to prepare and create a contract you are a part of (if you want to become our client, or if you are already our client), or to fulfill a statutory obligation of our company (that can be a part of, for instance, tax legislation), or in our legitimate interest regarding the purpose of the processing (for instance our interest in answering a question, request or complaint received from you), or to protect one of our legitimate interests in an administrative, judiciary or arbitrary manner.
4.2 The Recruitment Process
a) With the purpose of recruitment of potential employees, in order to evaluate their qualifications, to communicate with them matters related to the recruitment process, to carry out the precontractual measures necessary for the conclusion of the employment contract (if the recruitment process was successful), or to fulfill our legal interest regarding the purpose of the data processing, we use personal data contained by the CVs, diplomas and the documents we receive from you, with the purpose of recruiting (data obtained by e-mail or the form in the `Careers` section).
b) In this case, the data processing will be based on your agreement, on the fact that we’re carrying out the procedures before finalizing the employment contract, on fulfilling a legal obligation of our company, on our legal interest related to the purpose of the data processing, on protecting the interests of the individual or the interests of another natural person, or on protecting our company in an administrative, judiciary or arbitrary manner.
4.3 Traffic Analysis
a) We collect certain data when you access our webpage (for more details, please go to point 3.4) and we use cookies and similar technologies (for more details see 3.5) in order to generate various analysis reports and statistics regarding the way our webpage works, to ensure its administration and security, to improve the information on our website as well as the user experience provided by our website.
b) In this situation, the data processing will be based on your agreement (providing certain data is optional, and you can adjust certain confidentiality aspects from the browser, according to the information form the Cookies page), or in our legal interest to ensure the functionality of the webpage, or to protect in an administrative, judiciary or arbitrary manner our company’s legal interests concerning the purpose of the data processing.
4.4 Your Agreement
4.4.1 The personal data processing can be based on your agreement in the case in which the law provides for the obligation to obtain consent (for instance, for marketing purposes). Our company will send you information or personalized offers about the projects, products and our services that might be of interest to you, but only if you request for this feature. Even if you gave your consent to receive our marketing offers, you can easily choose to stop this service later, and you are entitled to withdraw your consent at any time through a written request at the address from article 7.2. However, this does not affect the legal ground of the data processing activities carried out before the withdrawal of your consent.
5. Revealing your Personal Data
5.1 Depending on the purpose of the data collection, if it’s necessary, it could be required to disclose your personal data to the following:
a) State authorities (in order to carry out legal duties, for instance, obligations related to taxes);
b) Service providers, contributors, legally authorized individuals and our employees or business partners (for instance, our IT providers and the services providers that manage our website (service providers and the support team of our IT systems, including the e-mail archive, telecommunications services providers, back-up and recovery in the case of a calamity services providers and cybernetic security services providers);
c) Judicial or administrative authorities for the establishment, exercise and defense of our legal rights in judiciary, arbitrary or administrative manners;
d) People that prove on legal grounds that they act on your behalf;
e) Other companies and/or natural people in Romania, for instance, in the case of a reorganization, merger, division of the company, acquisition of another company, association with another company, sales, transfer, liquidation, bankruptcy, assignment of receivables or to other companies in the CON-A Group, with internal administrative, auditing, recruitment purposes etc. Your personal data are not transferred to another country or international organization. Such transfers, if needed, will be carried out in compliance with the GDPR law and the secondary laws on personal data protection.
6. The Length of the Data Processing Period. Technical Security Measures
6.1 The Length of the Data Processing Period
6.1.1 Your personal data are stocked in order to be processed during the period of time that is necessary in order to fulfill the goals previously mentioned and/or during the period required by the legislation and ultimately in order to meet certain legal obligations of our company, or for our company’s policy, or for documenting and exercising the right to defend our company in an administrative, judiciary or arbitrary manner, or to fulfill the legal archiving obligations.
6.1.2 In the case of job applications, as far as stocking and deleting personal data are concerned, we recommend you read the Information Note on the Processing of Personal Data in the Recruitment Process.
6.1.3 If providing personal data is a legal or contractual requirement or an obligation necessary in order to finalize a contract, refusing to provide personal data may lead to the inability to complete or execute the contract or to our company’s inability to carry out the aim for which the personal data was necessary (for instance, we cannot process your job application).
6.2 Technical Security Measures
6.2.1 CON-A S.R.L undertakes to protect your personal data against loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction and takes all the precautions to protect the confidentiality of such data, including using appropriate organizational and technical measures. Organizational measures include controlling the physical access to our headquarters, training for our employees and blocking physical files in storage spaces. Technical measures include the use of encryption, protecting our systems with passwords, using SSL security certificates, encryption of transit data etc.
6.2.2 While you are providing us with your personal data, these can be transferred on the internet. Although we strive to protect the personal data you are providing us with, transmitting your data through the internet is not entirely secure (for instance, the terminal you are using could be monitored by third-party applications, which makes us unable to take any security measures). As a result, we cannot guarantee the security of your personal data that are being transferred on the internet. Therefore, such personal data transfer is carried out at your own risk. Once we receive the personal data, we will use strict procedures and security measures to prevent any unauthorized access to them.
7. What Rights do www.cona.ro Users Have?
7.1 As a data subject, GDPR offers you certain rights, such as:
a) The right to be informed (Art. 13 and 14 GDPR): the data subject has the right to acquire from the controller concise, accessible and transparent information regarding the data processing;
b) The right of access by the data subject (Art. 15 GDPR): allows you to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to that data and other useful information;
c) The right to erasure (`right to be forgotten` Art 17 GDPR): allows you to obtain from us the erasure of personal data concerning you without undue delay. There are, however, exceptions from this rule, such as the fact that some data are being processed in order to offer the audience the right to be informed, or that the data are being processed in static or archiving purposes, or that the data are being processed to fulfill a legal obligation or that we are processing the data to defend one of our rights in court;
d) The right to rectification (Art. 16 GDPR): allows you to obtain from our company, without undue delay, the rectification of inaccurate data, as well as the right to have incomplete data completed;
e) The right to restriction of processing (Art. 18 GDPR): you have the right to obtain from us restriction of processing in some cases (for instance, when the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data);
f) The right to data portability (Art. 20 GDPR): you have the right to receive personal data concerning you, which you have provided to the controller (on the basis of a contract by technological means) in a structured, commonly used machine-readable format and you have the right to transmit those data to another controller without hindrance from us. In other words, your personal data will be offered to you in a structured format, so that you can decide whether you will download them or if you want to send them to another controller.
g) The right to object (Art. 21 GDPR): the data subject has the right to object to having their personal data processed at any time, within certain conditions and limitations established by GDPR (including objecting to having their personal data processed for direct marketing purposes).
h) The right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them (Art. 22 GDPR): www.cona.ro does not use profiling which produces legal effects concerning the data subjects. If we engage in such profiling, we will let you know and modify the current Information Note on the Processing of Personal Data;
i) In addition, if you would like to make a complaint about the processing of your personal data, you can write to us at the address presented at point 7.2. What is more, you have the right to write a complaint to the National Supervisory Authority for Personal Data Processing, G-ral. Gheorghe Magheru Blvd 28-30, Sector 1, postal code 010336, Bucharest, Romania +04.318.059.211/+40.318.059.212, anspdcp@dataprotection.ro;
7.2 If you would like to exercise one of your rights or if you have any questions relating this Information Note on the Processing of Personal Data or the processing of your personal data, you can write to our Data Protection Specialist to the following address: Șelimbăr, Mihai Viteazu St, 2B, Sibiu County, e-mail: dataprotection@con-a; fax: 0269/560306.
8. Changes to the Information Note on the Processing of Personal Data
8.1 The date when the Information Note on the Processing of Personal Data was last revised is written down below. If necessary, for instance as a consequence of law changes, we reserve the right to change our Information Note on the Processing of Personal Data, update and change the current Information Note on the Processing of Personal Data at any given moment in the future, without previously sending a notification. In such a case, we will present on our webpage the updated version of the Information Note on the Processing of Personal Data, which is why we strongly suggest you check this section regularly.