According to Regulation (EU) 2016/679, the natural persons whose data are processed are guaranteed the right to access, rectification, to erasure, to be forgotten, to restriction of processing, to data portability, and the right to withdraw consent at any time.
CERTIND SA processes personal data provided by individuals in accordance with the legal requirements on the protection of personal data in Romania, processing being performed for legitimate, contractual, economic, financial and administrative purposes.
CERTIND takes all necessary steps to keep all personal information safe and confidential.
Purpose for processing is:
- the performance and execution of the contract concluded between CERTIND and the CLIENT, including data collected and processed in the stages prior to entering into a contract;
- the request received regarding the information that CERTIND has to provide (e.g. the status of a certification);
- marketing, advertising - sending of newsletters and/or periodic alerts, by means of electronic mail, only on the data subject's explicit consent;
- Legitimate collection, economic-financial and administrative purposes.
CERTIND SA collects only the data necessary for the performance and execution in good conditions of the service contracts (assessment and certification, verification, inspection, training, etc.) or following a request for information (e.g. requesting information on the status of a certification).
Personal data means:
- any information concerning an identified or identifiable natural person;
- any information by which a person can be identified (e.g. name, date and place of birth; an identification number; citizenship, signature; phone; e-mail; job, profession, etc.)
Storage of data:
1. Storage and processing of non-personal data
When accessing CERTIND website, www.certind.ro, the internet browser automatically transmits data (such as the URL of the sending website, the date and time of the access, the file being accessed, the amount of data transmitted, type and browser version, operating system, etc.) to the CERTIND server, based on technical settings. These data are collected and used exclusively for statistical purposes and for analysis purpose, to improve the services provided.
Certain traffic data (such as IP addresses) may, under certain circumstances, be personal data and will be treated as such.
2. Storage and processing of personal data
Personal data (e.g. name, surname, email address, phone, workplace and profession, etc.) are stored and processed by us only if they are necessary for the performance and execution of the contract concluded between CERTIND and the natural person concerned (or the organization it represents), including data collected and processed prior to entering into a contract (e.g. certification request).
The stored personal data will be used for the purpose of executing the contracts and processing the received requests. After the termination of the contract, the personal data are stored, taking into account storage deadlines according to the fiscal and commercial legislation; after the expiry of these deadlines the data will be deleted. This rule is not valid if there is explicit consent to further use of personal data.
If you have registered with CERTIND Newsletter, your personal data is stored and processed for the entire period of your subscription to the newsletter. Use ceases as soon as you quit the newsletter service, which you can do at any time by clicking on the "Unsubscribe" button in the e-mail received.
Use and protection of personal data:
CERTIND SA collects and processes personal data in a legal, correct and transparent manner. All personal data is confidential and stored in a manner that provides the necessary security and is distributed to third parties (e.g. the National Accreditation Body, the FSSC Foundation, the courier company, etc.) only if this is necessary for the purpose of offering services under the contracts agreed by both parties. Access to personal data is limited to CERTIND SA personnel and its collaborators / partners / authorities that have the necessary authorization and a clearly defined need for the use of these data.
CERTIND SA processes the data safely and maintains appropriate measures to protect your personal data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure.
CERTIND maintains the confidentiality on all information obtained or created during the activities that make the object of the contract with the client (evaluation and certification, training, etc.) and are necessary for the execution of the contract.
Should CERTIND be requested by a third party, CERTIND will inform in relation to the certification obtained by the certified client, supplying the following information: name of the certified client, field of certification and the reference document(s) for certification, the status of a certification.
CERTIND will make available for the accreditation bodies it collaborates with, upon their request, for evaluation linked purposes, the certification files of its clients. Should CERTIND be requested by law, it will supply information related to the activity preformed for the certified client.
The entire personnel involved in the activities making the object of a contract (fulltime employees and auditors / verifiers / inspectors, etc. who work on behalf of CERTIND and are contracted under a service contract) is individually committed to keeping the confidentiality over all information obtained or created throughout the contractual activities and will comply with the EU Regulation no. 679/2016 on the processing of personal data (collection, registration, organization, structuring, storage, use, consultation, disclosure, transmission, restriction, erasure, destruction).
Information and access to personal data:
All clients of CERTIND SA have:
- right of information and access to its personal data;
- right to rectification of inaccurate or incomplete personal data concerning him or her;
- right to erasure (‘right to be forgotten’) where the personal data are no longer necessary in relation to the purposes for which they were collected, the personal data have been unlawfully processed or other cases stipulated by the Regulation.
- right to restriction of processing where the accuracy of the personal data is contested or other cases provided by law;
- right to notification regarding rectification or erasure of personal data or restriction of processing;
- right to data portability;
- right to object, on grounds relating to his or her particular situation;
- right to lodge a complaint with a supervisory authority;
- right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
All CERTIND SA clients can exercise their above mentioned rights by submitting a written request, dated and signed, at email@example.com or by post to CERTIND SA, 27-29 George Enescu street, District 1, Bucharest.