NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

CERTSIGN S.A. (hereafter referred to as “certSIGN”), with the registered office in Bucharest, 107A, Olteniței Road, building C1, 1st floor, room 16, 4th Sector, registered with the Trade Register under the no. J40/484/17.01.2006, CUI 18288250, phone: 0311 011 870, fax: 021 311 9905, e-mail: office@certsign.ro, processes the personal data of users of the website www.certme.ro, in its capacity of personal data controller, in accordance with the provisions of art. 4, para. 7 of the GDPR.

1. Grounds and purposes for processing personal data

The purposes for processing your personal data are:

1.1. initiating the contractual relationship, negotiating, concluding and running contracts with certSIGN’s contractual partners, including the provision of services, delivery and payment of contracted products or supplying information regarding the development status of contracted services or creating user accounts on the website www.certme.ro with the aim to contract services, in accordance with Article 6 (1) (b) of GDPR;

1.2. fulfilling legal obligations of CERTSIGN in the context of conducting contractual relations, according to article 6 (1) (c) of GDPR, such as: drawing up and keeping of financial and accounting documents; keeping personal data throughout the contractual relationship and archiving documents; conducting audits; transmission of information representing personal data at the request of the competent state authorities; ensuring the security of systems and databases (including by backing up); other applicable legal obligations depending on the nature of the contractual relationship and / or the quality of the contractual partner;

1.3. to pursue the legitimate interests of the Data Controller or a third party in accordance with Article 6(1) (f) of the GDPR, such as: for the internal reporting of the controller or for streamlining the company’s processes; for the management of contracts or supporting accounting documents; for communicating with the representatives of contractual partners, for solving complaints; for auditing or verifying internal processes; fraud prevention; for the protection of the operator’s rights such as the recovery of his claims and the formulation of defense actions in the event of a dispute;

1.4. transmission of newsletters, promotional materials, marketing communications, commercial offers or any relevant information on certSIGN products and services if you have given your consent to this, according to art. 6 (1) (a) of GDPR.

The legal grounds for data processing operations refer to Article 6 (1) (a), (b), (c) and (f) of the GDPR, as detailed above.

2. Categories of personal data

The categories of personal data that CERTSIGN processes for the purposes mentioned above may be but not limited to:

  • name, surname;
  • name of company represented;
  • e-mail address;
  • data from logs such as IP address, data about your actions on the www.certme.ro website;
  • cookies;
  • other data that the users may supply to certSIGN in the messages they send.

3. Transmission of data and the consequences of non-compliance

The provision of the aforementioned personal data is necessary to achieve the purposes specified above. Your refusal to provide the data will make it impossible to provide the services or products covered by the contracts.

Should you no longer want to receive promotional materials and marketing communications regarding our products and services, we will no longer process your data for this purpose.

4. Duration of personal data processing

CERTSIGN S.A. processes all information and personal data provided by the contractual partners throughout the negotiation and conduct of the contractual relationship. Upon termination of these relations, personal information and data will be archived for a period of 10 years. After this period, your personal data will be destroyed in accordance with Law 16/1996 on National Archives.

Also, should you no longer want to receive newsletters, promotional materials, marketing communications, commercial offers or any other relevant information about our products and services, certSIGN will no longer process your data for this purpose.

5. Transmission of personal data for achieving the processing purposes of certSIGN

Your personal data may be disclosed to: data subjects, auditors, the supervisory body under the law applicable to the service provided, public authorities and institutions under public law obligations, lawyers to represent us in the event of a dispute or for consultancy, bailiffs for contractual communications or enforcement of any court decisions, debt collection companies, CERTSIGN contractual partners (courier companies, suppliers, subcontractors, consultants and technical experts, etc.) for concluding and conducting contracts in any other situations justified with your prior notice, but only but only for the purpose of fulfilling the purposes mentioned above and pursuing with priority the protection of your rights.

6. Transfer of personal data outside the European Union

To achieve some of the aforementioned data processing purposes, certSIGN transfers your personal data outside of the European Union. The data transfer is carried out in compliance with the rights of the data subjects based on adequate guarantees in accordance with art. 46 of the GDPR.

7. Rights of Data Subjects

The rights you benefit from in accordance with the provisions of EU Regulation 2016/679 are:

  • Right to information: the right to be informed about the identity and contact details of the controller and the Data Protection Officer, the purposes for which the data are processed, the categories of personal data concerned, the recipients or categories of recipients of the data , the existence of the rights provided for by the legislation on the protection of personal data for the data subject and the conditions under which they may be exercised;
  • Right of access to data: the right to obtain from the data controller confirmation that the personal data concerning you are or are not processed by him;
  • The right to rectification: the right to obtain the rectification of inaccurate data concerning you, as well as the completion of incomplete data;
  • The right to restrict processing if the data subject has objected to the processing for the legitimate interests pursued by certSIGN or third parties or if certSIGN no longer needs the personal data but the data subject requests them for finding, exercising or defending a right in court;
  • The right to withdraw your consent at any time, insofar as the data processing operation is based on your consent and the digital certificate has not been issued;
  • The right to delete the data if the data are no longer necessary for the purposes of the processing or if the data subject withdraws his consent to the extent that the processing is based on the consent or if the data subject opposes the processing of data art. 21 of the GDPR and there are no legitimate reasons for the continuation of processing to prevail;
  • The right to portability of the data provided, insofar as the data processing operation is based on consent or is based on the contract concluded with you;
  • The right to object for reasons related to your particular situation regarding the processing of data carried out for the purpose of pursuing the legitimate interests of certSIGN or third parties;
  • certSIGN will notify the recipients to whom it has disclosed personal data of any deletion, rectification or restriction of the processing of personal data, unless this proves impossible or involves disproportionate efforts.
  • The right to address the ANSPDCP for the protection of any rights guaranteed by the applicable legislation in the field of personal data protection that may be violated.

 

In order to exercise your rights over personal data, you can contact the Department of Personal Data Protection of CERTSIGN using the following contact details:

  • e-mail address: dpd@certsign.ro
  • fax:(+4021) 311 99 05
  • 29A, Tudor Vladimirescu Bvd, nr. 29A, AFI Tech Park 1, 2nd floor, Bucharest, sector 5.

Should you submit a request regarding your rights over the processing of personal data, you will receive a reply as soon as possible, within 30 days, under the provisions of GDPR.

We connect service providers with customers—100% online

certME allows users to register and authenticate with service providers exclusively online, eliminating physical travel at the counter, standing in queues and filling out forms.

LEARN MORE