General Information Notice Regarding the Processing of Personal Data

Edition 1/Revision 0 Prepared on July 1, 2019.

This document explains how S.C. PANIFCOM S.R.L. processes your personal data and ensures its protection, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

This notice applies to data processing carried out by S.C. PANIFCOM S.R.L. This document is relevant to you regardless of your position: client, partner – individual, representative of a partner – legal entity, offer requester, or person contacting us for other purposes (regarding requests or complaints), visitor to one of our offices or work points, former/current/potential employee, intern, visitor to our website, etc.

This notice covers the following aspects: (a) Categories of personal data we process; (b) Purposes for which we process those personal data; (c) Grounds that justify our processing; (d) Persons to whom we disclose the data; (e) Period for which we store the data; (f) Consequences of refusing to provide us with your personal data; (g) Your rights and information on how to exercise them; (h) Our contact details; (i) Situations in which this notice applies and its changes.

1. Categories of Data. Purpose. Grounds 1.1 Current or potential clients of S.C. PANIFCOM S.R.L. We may process personal data relating to you for: (i) Providing our services. We will use your data to send you an offer (at your request), to conclude and execute the contract with you, and to ensure that we provide the requested services. In this case, we will base the processing on the necessity of concluding and/or executing the contract with you. We will mainly process your identification data (name, surname, other data from the identity document) and, if we have a contractual relationship with you, the data included in your contract or in the issued invoices. (ii) Resolving your requests. We will use your data to respond to any requests, requirements, complaints, or other questions you send us during our relationship. In this case, the basis of the processing will be the execution of the contract with you or, as the case may be, your consent. We will mainly use your name, surname, contact details (email address, phone number), and information included in the request you send us. (iii) Marketing communication. To send you communications and offers about our products, services, and promotions (at our initiative), we need to process your personal data. In this case, the data processing will be based on your consent. We will mainly process the following data relating to you: name, surname, email address, phone number, postal address, product consumption history of our company.

1.2 Members (employees, collaborators, etc.) of our contractual partners – legal entities We may process your data for: (i) Maintaining the contractual relationship with the companies you are part of. To collaborate with the company you are part of (including to communicate with you to resolve any issues your company or S.C. PANIFCOM S.R.L. encounters regarding the contract between them), we will need to process personal data relating to you. In this case, we will base our processing on our legitimate interests to execute the contracts we have concluded with other companies and to ensure that the other companies also execute those contracts. We will mainly process the following data relating to you: name, surname, position, employer, phone number, email address. (ii) Marketing communication. To send you communications and offers about our products, services, and promotions, we need to process your personal data. In this case, the processing of your data will be based on your consent to receive such communications from us or, as the case may be, on our legitimate interests, where our analysis concludes that our legitimate interests prevail. We will mainly process the following data relating to you: name, surname, phone number, email address, postal address, energy consumption history.

1.3 Our contractual partners – individuals (business partners, not clients) In this case, we may process your personal data for the following purposes: (i) To conduct business relations with you. It is necessary to process certain information relating to you to start and maintain collaboration with you. In this case, we will base the processing of data relating to you on its necessity for concluding/executing the contract between you and us. We will mainly process the following data relating to you: name, surname, data from the identity document. (ii) Resolving your requests. We will use your data to respond to any requests, requirements, complaints, or other questions you send us during our relationship. In this case, the basis of the processing will be the execution of the contract with you or, as the case may be, your consent. We will mainly use your name, surname, contact details (email address, phone number), and information included in the request you send us. (iii) Marketing communication. To send you communications and offers about our products, services, and promotions, we need to process your personal data. In this case, the processing of your data will be based on your consent to receive such communications from us or, as the case may be, on our legitimate interests, where our analysis concludes that our legitimate interests prevail. We will mainly process the following data relating to you: name, surname, phone number, email address, postal address, contract history.

1.4 Members of public authorities In this case, we will use your personal data to fulfill our legal obligations, such as responding to requests from authorities, keeping legally required records, and similar tasks. For example, we will need to keep your name, surname, authority, and signature in control registers that the law requires us to maintain. Additionally, if you send us an information request from the authority – your employer, we will process your data (name, surname, position, employer) to respond.

1.5 Applicants for positions/internships at S.C. PANIFCOM S.R.L. In this case, we may process your personal data to conduct the recruitment process. To analyze your application, it is necessary to process the data included in it. This data will typically include your name, surname, contact details (phone number and email address), professional experience, education, and any other information listed in your CV and other documents we may request from you or that you voluntarily send us. In these cases, we will base the processing of your data on concluding/executing the employment, internship, etc., contract with you. If we ask you to ensure the transmission of recommendation letters to us, we will process personal data relating to the opinions the authors of those recommendations have about you. In this case, the source of your personal data will be those individuals. Additionally, in this case, we will process personal data regarding the authors of those letters (based on their consent) and other identified or identifiable persons mentioned in those documents (based on our legitimate interests).

1.6 If you are a visitor to our headquarters, work points, or other premises In this case, we may use your personal data to ensure the security of persons and objects. In some of our premises, we have installed video surveillance cameras (CCTV) to ensure the security of our employees, other persons in those premises, and our property. Therefore, we will process images (video recordings) of you (and possibly your voice). In all cases, we have indicated the locations of these cameras through informational signs, as required by law. The processing of data for this purpose is based on our legitimate interest in ensuring the security of persons and objects in our premises. Additionally, at reception, we will process your personal data included in a valid identity document and information regarding the purpose of your visit, also to ensure the security of persons and objects in our premises, based on our legitimate interest.

1.7 If you are a visitor to our websites or have interacted with one of our social media pages In this case, we may use your personal data for the following purposes: (i) Improving the experience on our website. To consider the preferences you have expressed in previous browsing sessions, to adapt our website to the device you are using, to resolve issues you may encounter when accessing it, we process data such as: IP address; cookie identifiers; other online identifiers; unique device identifier (UUID); date and time of website access; visit history; web request; date and time of the request/date and time of website access; device from which you access the website; type of internet browser and browser language; information about events occurring on your device (e.g., errors); information about your device’s hardware settings; location information when accessing our website. For more information on how we use cookies and similar technologies, please see our dedicated cookie policy at the link https://panifcom/politica-de-utilizare-cookies/. The basis for processing will, in most cases, be your consent or our legitimate interest. (ii) Understanding the opinions you communicate to us. Additionally, when you post a comment under one of our social media posts, press the Like button, share our post, or send us a message on one of our pages, we will process the data you provided (username, profile photo, the action you took – like/other reaction or the content of your comment). In these cases, we will base the processing on your consent. (iii) Managing our communication and IT systems and protecting them. We may process your data for: managing our communication systems; managing our IT security; conducting security audits on our IT networks; protecting our data and systems from attacks and other similar acts in the virtual environment. For this purpose, we will mainly process data such as: IP address; other online identifiers; unique device identifier (UUID); date and time of website access; visit history; device from which you access the website; type of internet browser and browser language. In this case, we will base the processing on our legitimate interests or, as the case may be, on fulfilling our legal obligations.

1.8 Generally, in any position you hold We may also process your data for the following purposes: (i) Resolving your requests. We will use your data to respond to any requests, requirements, complaints, or other questions you address to us. We will mainly use your name, surname, contact details (email address, phone number), and information included in the request you send us. In this case, the basis of the processing will be the execution of the contract with you (if any) or, as the case may be, your consent. (ii) Responding to authority requests or processing data in other cases where the law obliges us. Sometimes we may have a legal obligation to communicate your data to certain authorities, store your data for a certain period, or process your data in another way. In this case, the basis of the processing will be fulfilling our legal obligation. (iii) Conducting transactions, restructurings, or other operations. In the context of transactions, we may disclose your data to potential buyers or their consultants or authorities, although we will try to minimize this as much as possible. In this case, the processing will be based on our legitimate interests or fulfilling legal obligations. (iv) Defending our rights and interests or those of other persons. We may process your data to establish, exercise, or defend our rights or interests or those of other persons before courts, bailiffs, notaries public, other public authorities, arbitral tribunals, mediators, or other public or private bodies that resolve disputes, lawyers, our consultants (such as auditors or experts or specialists) or other natural or legal persons, public or private, involved in those disputes. In this situation, we will process your personal data, as appropriate, based on fulfilling our legal obligations or our legitimate interests. (v) Preventing fraud. We are interested in conducting our activity legally. Therefore, we may process your data (e.g., by transmitting this data to our consultants in various fields – auditors, lawyers, etc., or by consulting this data). In these cases, the processing will be justified by our legitimate interests in preventing fraud and other illegalities in our activity or, as the case may be, by our legal obligations to ensure the legality of our operations (e.g., obligations imposed by anti-money laundering legislation).

1.9 About third-party data If you provide us with personal data relating to other persons (e.g., your representatives, family members, dependents, etc.), you must ensure that you have informed them and directed them to this information on how S.C. PANIFCOM S.R.L. processes personal data. We will inform those individuals appropriately about how we process their data when necessary.

1. To whom we will disclose your personal data As a rule, we will not disclose your data to other individuals or legal entities. We try to limit access to data for individuals outside S.C. PANIFCOM S.R.L. who process your personal data. However, in certain cases, it may be necessary to disclose your data, as described below. We may disclose your data to other companies or individuals, such as: other companies in the PANIFCOM group, individuals or legal entities acting as processors for us or other companies in the PANIFCOM group in various fields (such as document archiving, document destruction, or data storage, payment services, various services we may outsource, such as in the field of human resources), other individuals, courts, authorities. In these cases, we will disclose the data for legitimate reasons related to our activity, such as ensuring our ability to ensure the safety of documents, relieving our activity, establishing, defending, and exercising our rights or interests or those of another person. Additionally, as mentioned above, in certain cases, we may have a legal obligation to disclose data to public authorities or other individuals or legal entities. In all these cases, we will ensure that the recipients of your personal data process them under security and confidentiality conditions, following the purpose for which we transmitted them and respecting your rights.
2. Under what conditions we could transfer your data to third countries or international organizations Currently, we do not transfer and do not intend to transfer your personal data or part of it to other companies, organizations, or individuals in third countries or international organizations. If it becomes necessary to transfer the data to any of the above destinations, we will inform you in advance of our decision, giving you enough time to exercise your rights regarding the transfer of your data.
3. How long we will keep your data We will store your data in accordance with our personal data retention policy, which assigns a retention period based on the purpose of the processing and the category of data processed. These periods are based on legal provisions (especially in the field of personal data protection), considering also the obligations to store certain data, applicable limitation periods, recommended practices, and the purposes of our activity.
4. What could happen if you do not provide us with your data In most cases, you are not obliged to provide us with your personal data. However, if you do not provide the requested data, we will not be able, for example, to conclude or negotiate a contract with you, sell you our products or provide you with our services, allow you access to all options on our website, respond to complaints or requests, or send you communications about our products, services, and promotions that may interest you.
5. No automated decision-making process We do not make decisions based solely on the automated processing of your data (including profiling) that produce legal effects concerning you or that significantly affect you in a similar way.
6. Your rights and how to exercise them Your rights You have the following rights:
7. Right of access to data. You have the right to obtain access to the data we process or control that relates to you or to copies of them; you also have the right to obtain information from us regarding the nature, processing, and disclosure of these data.
8. Right to rectification of data. You have the right to obtain the rectification of inaccuracies in the data we process or control relating to you. • Right to erasure of data (“right to be forgotten”). You have the right to obtain from us the erasure of the data we process or control relating to you.
9. Right to restriction of data processing. You have the right to restrict the processing of data we process or control relating to you.
10. Right to object. You have the right to object to the processing of data relating to you by us or on our behalf.
11. Right to data portability. You have the right to obtain the transfer to another operator of the data we process or control relating to you. • Right to withdraw consent. In situations where we process your data based on your consent, you have the right to withdraw your consent; you can do this at any time, at least as easily as you initially gave us your consent; withdrawing consent will not affect the legality of the data processing we carried out before the withdrawal. • Right to lodge a complaint with the supervisory authority. You have the right to lodge a complaint with the supervisory authority for the processing of personal data regarding the processing of your data by us or on our behalf. In Romania, this authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

How to exercise your rights To exercise one or more of these rights or to address any question about any of these rights or any provision of this notice or about any other aspects of the processing of your data by us, please use the contact details in the OUR CONTACT DETAILS section below.

1. Our contact details You can contact us using the details below. SOCIETATEA PANIFCOM S.R.L. Registered office/correspondence address: Calea Chișinăului no. 29, code 700177, Iași Phone: 0232 233 441, available from 08:00-16:30 from Monday to Friday Email: office@panifcom.ro Fax: 0232/310.071 Call Center: 0748.207.526 Website: www.panifcom.ro

Contact details of the personal data protection officer Correspondence address: Calea Chișinăului no. 29, code 700177, Iași Phone: 0232 233 441 Email address: dpo@panifcom.ro

1. When this notice applies This general notice applies to the processing of your data by companies in the Panifcom group of companies. This notice does not apply to services or products offered by other companies or individuals, including those posted on our websites or about which we inform you in other ways. Additionally, this notice does not cover the activities of other companies or individuals who advertise our services or products or who process your data in other ways through our websites or on social media in connection with our pages.
2. Changes to this information notice We may modify this notice. In such cases, we will inform you in advance by posting it on the website 5 days before it comes into effect at the link http://www.panifcom.com/. We will also keep all previous versions of it at the link
3. http://www.panifcom.com/ so that they can be consulted by interested parties. This version came into effect on July 1, 2019.

 

1. What the terms used in this notice mean Supervisory authority for personal data processing: an independent public authority that, according to the law, has responsibilities regarding the supervision of compliance with personal data protection legislation. In Romania, this supervisory authority for personal data processing is the National Supervisory Authority for Personal Data Processing (ANSPDCP). • Special categories of personal data (sensitive personal data/sensitive data): personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the unique identification of a natural person; data concerning health, sex life, or sexual orientation of a natural person.

• Personal data: any information regarding an identified or identifiable natural person (referred to as the “data subject”). A natural person is identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier, for example, name, identification number, location data, online identifier, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Thus, for example, personal data includes the following: first and last name; home address or residence; email address; phone number; personal identification number (CNP); medical services accessed (sensitive data); established diagnosis (sensitive data); genetic data (sensitive data); biometric data (sensitive data); geolocation data. The categories of personal data we process relating to you are listed above.
• Data controller: the natural or legal person who decides why (for what purpose) and how (by what means) personal data is processed. According to the law, the responsibility for complying with personal data protection legislation primarily lies with the controller. In relation to you, we are the data controller, and you are the data subject.
• Processor: any natural or legal person who processes personal data on behalf of the controller, other than the controller’s employees. • Data subject: the natural person to whom certain personal data refers. In our relationship (the controller), you are the data subject.
• Personal data processing: any operation/set of operations performed on personal data or on sets of personal data, with or without the use of automated means; for example: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of those personal data/sets of personal data. These are just examples. Practically, processing means any operation on personal data, whether by automatic or manual means.
• Third country: a country outside the European Union and the European Economic Area.