CERTSIGN S.A. (hereafter referred to as “certSIGN”), with the registered office in Bucharest, 107A, Olteniței Road, building C1, 1st floor, room 16, 4th Sector, registered with the Trade Register under the no. J40/484/17.01.2006, CUI 18288250, phone: 0311 011 870, fax: 021 311 9905, e-mail: office@certsign.ro, processes the personal data of users of the website www.certme.ro, in its capacity of personal data controller, in accordance with the provisions of art. 4, para. 7 of the GDPR.
The purposes for processing your personal data are:
1.1. initiating the contractual relationship, negotiating, concluding and running contracts with certSIGN’s contractual partners, including the provision of services, delivery and payment of contracted products or supplying information regarding the development status of contracted services or creating user accounts on the website www.certme.ro with the aim to contract services, in accordance with Article 6 (1) (b) of GDPR;
1.2. fulfilling legal obligations of CERTSIGN in the context of conducting contractual relations, according to article 6 (1) (c) of GDPR, such as: drawing up and keeping of financial and accounting documents; keeping personal data throughout the contractual relationship and archiving documents; conducting audits; transmission of information representing personal data at the request of the competent state authorities; ensuring the security of systems and databases (including by backing up); other applicable legal obligations depending on the nature of the contractual relationship and / or the quality of the contractual partner;
1.3. to pursue the legitimate interests of the Data Controller or a third party in accordance with Article 6(1) (f) of the GDPR, such as: for the internal reporting of the controller or for streamlining the company’s processes; for the management of contracts or supporting accounting documents; for communicating with the representatives of contractual partners, for solving complaints; for auditing or verifying internal processes; fraud prevention; for the protection of the operator’s rights such as the recovery of his claims and the formulation of defense actions in the event of a dispute;
1.4. transmission of newsletters, promotional materials, marketing communications, commercial offers or any relevant information on certSIGN products and services if you have given your consent to this, according to art. 6 (1) (a) of GDPR.
The legal grounds for data processing operations refer to Article 6 (1) (a), (b), (c) and (f) of the GDPR, as detailed above.
The categories of personal data that CERTSIGN processes for the purposes mentioned above may be but not limited to:
The provision of the aforementioned personal data is necessary to achieve the purposes specified above. Your refusal to provide the data will make it impossible to provide the services or products covered by the contracts.
Should you no longer want to receive promotional materials and marketing communications regarding our products and services, we will no longer process your data for this purpose.
CERTSIGN processes all information and personal data provided by the contractual partners throughout the negotiation and conduct of the contractual relationship. Upon termination of these relations, personal information and data will be archived for a period of 10 years. After this period, your personal data will be destroyed in accordance with Law 16/1996 on National Archives.
Also, should you no longer want to receive newsletters, promotional materials, marketing communications, commercial offers or any other relevant information about our products and services, certSIGN will no longer process your data for this purpose.
Your personal data may be disclosed to: data subjects, auditors for the fulfillment of the audit obligations to which certSIGN is subject, the supervisory body under the law applicable to the service provided, public authorities and institutions under public law obligations, lawyers to represent us in the event of a dispute or for consultancy, bailiffs for contractual communications or enforcement of any court decisions, debt collection companies, CERTSIGN affiliates and contractual partners (courier companies, suppliers, subcontractors, consultants and technical experts, etc.) for concluding and conducting contracts in any other situations justified with your prior notice, but only but only for the purpose of fulfilling the purposes mentioned above and pursuing with priority the protection of your rights.
To achieve some of the aforementioned data processing purposes, certSIGN transfers your personal data outside of the European Union. The data transfer is carried out in compliance with the rights of the data subjects based on adequate guarantees in accordance with art. 46 of the GDPR.
The rights you benefit from in accordance with the provisions of EU Regulation 2016/679 are:
You, as the data subject, also have the right to withdraw your consent at any time, to the extent that the data processing operation is based on your consent without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal ( Article 7 (3) of the GDPR).
At the same time, we inform you that you have the right to contact the National Authority for the Supervision of Personal Data Processing - ANSPDCP for the protection of any rights granted by the applicable legislation in the field of personal data protection, which have been violated, and to appeal to the competent courts.
In order to exercise your rights over personal data, you can contact the Department of Personal Data Protection of CERTSIGN using the following contact details:
Should you submit a request regarding your rights over the processing of personal data, you will receive a reply as soon as possible, within 30 days, under the provisions of GDPR.