PRIVACY STATEMENT

  

Thank you for your interest in our company. Data protection has a high priority for the management of ECTRA ELECTRONICS SRL. The use of ECTRA ELECTRONICS SRL websites is possible without indicating personal data; however, if a person wants to use our services either through the website (www.puntoiberica.com) or directly, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

 

The processing of personal data must always be carried out in accordance with Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation / GDPR) and national data protection legislation. Through this privacy statement, our enterprise wishes to inform in accordance with Articles 13 and 14 of GDPR to the general public about the nature, purpose and object of the processing of the personal data we collect, as well as about the rights that the data subjects have.

 

This privacy policy applies to the main activity of ECTRA ELECTRONICS SRL .

 

Your personal operator:

            Your personal operator is the company “ECTRA ELECTRONICS SRL, a company organized under Romanian law, with its registered office in Craiova, Dolj, I.D. Sîrbu 13, cămin 3, 1st floor, registered with the Trade Register under number J16/778/1992, unique registration code 2299627, email office@puntoiberica.com.

 

Personal data or categories of personal data areviewed:

  • Regarding the students, we can process the following data: name, surname, home address, telephone number, e-mail address, citizenship, personal identification number, copy of the identification document, audio/video recordings of the lessons.
  • Regarding their business partners and representatives (suppliers of goods and services) or of the public authorities, we may process the following personal data: name, surname, mailing address, e-mail address, telephone number and position.
  • Regarding the candidates for a job, we can process the following personal data: name, surname, home address / correspondence, telephone number, e-mail address, date of birth, sex, citizenship / nationality, civil status, data on studies and professional training: CV, diplomas / certificates / certificates, previous jobs, military service, professional evaluations;
  • With regard to third parties, we may process the following personal data: name, surname, telephone number, e-mail address and other data contained in their requests, or necessary for the settlement of requests.

 

The purposes for which your personal data is processed:

  • For providing the contracted services, pursuant to Article 6 para. (1) lit.b of the GDPR;
  • To promote the company’s activity, by developing photo and video materials and publishing them in the online environment, in the mass-media or in printed publications, only based on your consent, pursuant to Art. 6 para. (1) point (a);
  • To invite you to events, after the termination of the contractual relations, only based on your consent, pursuant to Art. 6 para. (1) point (a);
  • For marketing purposes / online campaigns to promote the company, only based on your consent, pursuant to art. 6 para. (1) point (a);
  • To ensure the security and security of goods and persons, based on the legitimate interests of the operator, provided for in Article 6 (1) letter f of the GDPR.
  • To carry out commercial relations with business partners, suppliers of goods and services necessary for the activity of the school, respectively for the conclusion and execution of commercial contracts, pursuant to Article 6 para. (1) lit.b of the GDPR, as well as for the legitimate interests of the company regarding the proper conduct of commercial relations, pursuant to Article 6 (1) letter f of the GDPR;
  • For recruitment, based on the consent of the data subject, pursuant to Article 6 para. (1) letter a of the GDPR;
  • To respond to your legal requests, under the legal obligation to respond to complaints, according to Art. 6 para. (1) lit.c of the GDPR and of the legitimate interests to prove acts and facts as a result of the settlement of a request, in accordance with Article 6 (1) letter f of the GDPR;
  • For other legitimate interests pursued by the operator, namely: evaluating the quality of our services, gestionarea our site, managing events, managing our client portal. improving the services and content of our website, personalizing the services, promoting our services, if you were previously their beneficiary, as well as to ensure the security and continuity of our systems computer science;
  • In order to fulfill the legal obligations of the operator, such as those provided by the legislation in the field of education, in the field of occupational safety and health, in the financial – fiscal field and in archiving matters;

 

Please also note that we may use your personal data for other purposes, which are not yet set out in this “Privacy Policy”. In this case, we will contact you before using your personal data for new purposes, to inform you of the changes to our rules on the protection of personal data and to give you the option to accept or refuse.

 

Source of our personal data

 

            Personal data are provided directly from the data subject, and in the case of minor students  they are provided by the parent / guardian / legal representative. Also, certain data specific to the cookies used, such as the IP address, may be collected automatically through these files.

Please note that we do not sell your personal data and do not share your personal data outside of ECTRA ELECTRONICS SRL, unless we have your express consent for an explicit purpose or if we have to fulfill an obligation provided by European law or by national law or to the suppliers of ECTRA ELECTRONICS SRL , to fulfill our obligations to you as well as to the processors, who provide services for the purposes pursued by the company and the proper conduct of its activity, such as IT service providers, marketing, market surveys, hosting, maintenance, security, etc. and only with those partners who share the commitment of ECTRA ELECTRONICS SRL to protect your privacy and personal data.

 

Recipients of your personal data

In order to fulfill the purposes mentioned above, the recipients of your personal data may be:

  1. employees and representatives of ECTRA ELECTRONICS SRL, associates and affiliated companies;
  2. staff authorized to perform the obligations (e.g., the internal doctor);
  3. State authorities in charge of reporting and control.

We also inform you that we can empower a person to handle the data processing, but only if it has sufficient guarantees and are included in a written contract concluded between the parties involved, which contains a series of mandatory clauses, provided by Art.28, para. (3) of GDPR, including the fact that the processor will process data only when ECTRA ELECTRONICS SRL so requests.

Thus, your data may be processed, on behalf of ECTRA ELECTRONICS SRL, by the following categories of persons, which ECTRA ELECTRONICS SRL can contract for the provision of services, the fulfillment of the intended purposes and for the proper conduct of the activity:

  1. providers of electronic communications services, online platforms, crm internal management software;
  2. service providers and marketing tools;
  3. providers of web hosting, maintenance and IT security services;
  4. accountants and auditors;
  5. companies that provide transport, accommodation and other services auxiliary to the activity carried out by ECTRA ELECTRONICS SRL

Please note that we do not intend to transfer personal data to a third country or international organization. Otherwise, ECTRA ELECTRONICS SRL has the obligation to ensure that there is a decision of the Commission on adequacy or, in the case of transfers referred to in Article 46 or 47 or the second subparagraph of Article 49 (1) of the Regulation, of the existence of adequate or appropriate guarantees, as well as of the signing of Standard Contractual Clauses,  provided by the European Data Protection Directorate, which it will make available to data subjects whenever necessary.

The services of ECTRA ELECTRONICS SRL are governed and operated in accordance with the laws of Romania and the European Union, which prevail over the national legislation.  ECTRA ELECTRONICS SRL makes no warranty that its services are governed by or operated in accordance with the laws of any other country.

Period of storage of personal data

ECTRA ELECTRONICS SRL processes and stores personal data for the duration necessary to carry out the specific purposes and in its legitimate interest, in accordance with the European law or other laws applicable to the company’s activity, and outside the duration of the specific purpose or legitimate interest we process and store the data for as long as you allow us. If the purpose of the processing and storage is not applicable or if the legal retention period expires, the personal data are usually blocked or deleted.

Thus, your personal data will be deleted when it is no longer reasonably necessary for the authorized purposes or when you withdraw your consent (where applicable) and it is no longer legally necessary for us to continue storing this data. However, we will retain your personal data, where necessary for us to support or defend you or others against any legal claims, until the end of the relevant retention period or until the claims in question have been resolved. If a financial transaction has been carried out, personal data will be archived for a period of five years, to comply with the rules provided by the Accounting Act and the Specific Orders on the keeping of documents justifying accounting operations.

We implement technical and organizational measures to organize the process and criteria presented for the deletion of your personal data.

In accordance with the Data Protection Regulation, we inform you that you have the following rights:

  • to obtain information on the processing of personal data and a copy thereof under the right of access to data provided for in Article 15 of the Regulation;
  • to requestthe rectification of the data if they are inaccurate (e.g. they are no longer current or incomplete, pursuant to the right of rectification provided for in Article 16 of the Regulation);
  • to request the erasure of your personal data under the right of erasure provided for in Article 17 of the Regulation, if: the personal data are no longer necessary for the purposes for which they were collected or processed; you withdraw your consent on the basis of which the processing takes place and there is no other legal basis for the processing; you oppose the data processing and there are no legitimate reasons that prevail as regards processing; the processing of personal data has been carried out illegally or the personal data must be deleted in order to comply with an obligation laid down by national or European legislation;
  • request restriction of data processing, i.e. limitation of data processing in the future, if: you dispute the accuracy of the data, the restriction may be requested for a period that allows the accuracy of the data to be verified; the processing is illegal and you oppose the erasure of the personal data, requesting instead the restriction of their use; the controller no longer needs the personal data for the purposes of the processing, but you ask them to establish, exercise or defend a right in court; you oppose the processing, the restriction may be requested for the period of time during which it is verified that the legitimate rights of the operator prevail over your rights;
  • request portability, i.e. the transfer of data to another controller, where the processing is based on your consent or on the conclusion and performance of a contract and is carried out by automated means;
  • to exerciseyour right to object to data processing, for reasons related to your particular situation if the data processing is based on your consent or the legitimate interest of the controller, as well as to oppose the creation of profiles based on these grounds; However, we inform you that such an effect will not occur if we demonstrate that there are legitimate and compelling reasons for the processing that prevail over your interests, rights and freedoms, or if the purpose is to establish, exercise or defend a right in court. If the processing of personal data is for the purpose of direct marketing, you have the right to object at any time to the processing for this purpose, including the creation of profiles, insofar as the processing is related to the respective direct marketing.
  • Be not the subject of a decision based solely on automated processing, including profiling, which produces legal effects that concern you or similarly affect you to a significant extent;
  • File a complaint with a supervisory authority. The supervisory authority in Romania is the National Supervisory Authority for Personal Data Processing, based in B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336 Bucharest, Romania, e-mail: anspdcp@dataprotection.ro / dpo@dataprotection.ro, phone: +40318059211 /+40318059212, fax: 40318059220;
  • Withdraw your consent at any time, where personal data has been processed on its basis. In this case, the withdrawal of consent will not affect the lawfulness of the use of the data until the moment of its withdrawal;

 

We inform you that your personal data is not subject to any automated decision-making process or profiling.

 

Legal basis for the processing

Art. 6, paragraph (1) letter a of the General Data Protection Regulation serves as the legal basis for the processing operations to which we request consent for certain processing purposes.

 

If the processing of personal data is necessary for the conclusion and, subsequently, the performance of a contract to which the data subject is a party, as is the case, for example, where the processing operations are necessary for the supply of goods or for the provision of any other service, the processing shall be carried out on the basis of Article 6 para. (1) lit.b of the General Data Protection Regulation. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries concerning our products or services.

 

If our company is subject to a legal obligation by which it is necessary to process personal data, such as the fulfillment of tax obligations, rules on private education, accounting archive and other archives, registers and schedules required by law and specific nomenclatures, labor legislation, insurance and social protection, etc., the processing is done on the basis of Art. 6,  para. (1) lit.c of the General Data Protection Regulation (GDPR).

 

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a data subject, regardless of the relationship he or she had with him or her, was injured at our company’s premises and his or her name, age, health insurance details or other vital information should be transmitted to a doctor, hospital or other third party. Then the processing will be based on Art. 6, para. (1) letter d of the General Data Protection Regulation (GDPR).

 

Finally, the processing operations are based on Article 6 para. (1) point (f) of the General Data Protection Regulation. This legal basis is used for processing operations that are not covered by any of the legal grounds mentioned above, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless those interests are removed by the interests or fundamental rights and freedoms of the data subject, which require enhanced protection of personal data. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is the customer of the controller (recital 47, sentence 2 of the GDPR), in which case, for example, the processing of personal data for the purpose of direct marketing can be considered as having been carried out for a legitimate interest (recital 47, last sentence of the GDPR).  Legitimate interests, in general, are associated with activities related to the proper conduct and administration of the business, the protection of property, goods, persons, systems and software or activities that enjoy legal recognition, in any case, respecting the necessity and proportionality of the processing and the establishment of appropriate technical and organizational measures.

 

Provision of personal data as a legal or contractual requirement.

We clarify that the provision of personal data is partly required by law (e.g. tax regulations, accounting regulations, labour law, education law archiving rules) or may also result from contractual provisions (e.g. information on the contractual partner and/or its representative). Sometimes it may be necessary to conclude a contract according to which the data subject provides us with personal data, which must be further processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The refusal to provide the personal data would have the consequence that the contract could not be concluded with the data subject or with the company he or she represents. Before the provision of personal data by the data subject, the data subject must contact the management of the company. The management of the company clarifies for the data subject whether the provision of personal data is provided for by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data and the consequences of refusing to grant personal data.

 

Cookies and analytical data

Any information we collect automatically relates to your use of the website. This information is anonymous and is collected through log files in our servers. These files record generic information, such as the number of visits our website receives, the types of browsers used, and the number and types of files downloaded, but never the personal information. This information provided by log files allows us to create better content for your preferences. Some of our pages use a browser feature called a “cookie”. Cookies, in themselves, cannot extract personal information from you. Such a cookie automatically identifies your computer on our servers when you visit our website, but not on you. If you do not tell us specifically, ECTRA ELECTRONICS SRL will never know who you are, even if we could assign a cookie to your computer. Also, the website can only read the cookies created by the site. The website uses third-party analytics cookies. Cookies, among other things, allow us to personalize the website for you and to provide you with information that matches your needs and desires. For example, once you choose a language and a type of visitor, a cookie is written on your computer so that you do not have to make this choice again in the future. When you download documents or files from our customer portal, a cookie is written on your computer so that you can be informed about the updated versions of these files. Contact us for any questions.

 

A brief description of the roles and responsibilities of internal organization of ECTRA ELECTRONICS SRL for the protection of your personal data

ECTRA ELECTRONICS SRL provides support, assistance, advice and training to all relevant departments, offices and related staff, to ensure that they are able to comply with the legislation.

Specifically, the following roles and responsibilities are considered:

The Company’s management is responsible for reviewing and approving the privacy policies and ensures that appropriate policies and procedures are in place within each department, as well as that any data breach is properly handled. Each member of the management is responsible for ensuring compliance with the General Data Protection Regulation in its area of responsibility; Also, the Company’s Management processes and responds to formal requests for access to data; initiates regular reviews of data protection policies and procedures and ensures that documentation is updated as appropriate; organises specific training and training sessions for staff; provides advice and guidance to staff on data protection issues; maintains a register of the processing activities performed by ECTRA ELECTRONICS SRL; collaborates with the Data Protection Authority when necessary / recommended, including in case of a data breach.

ECTRA ELECTRONICS SRL employees have certain key responsibilities regarding the information they keep in the computer or in manually structured sheets regarding people, these being summarized in the terms of eight “Rules” that the employees follow. Thus, the employees of ECTRA ELECTRONICS SRL:

 

  1. Obtain and process personal data correctly;
  2. Retains personal data only for one or more specific, explicit and lawful purposes;
  3. Processes personal data only in ways compatible with the purposes for which they were originally collected;
  4. Keep your personal data in a safe, secure place;
  5. Keep your personal data accurate and up-to-date;
  6. Ensures that personal data are adequate, relevant and not excessive;
  7. It does not retain personal data longer than is necessary for the specific purpose(s);
  8. It shall provide a copy of the personal data to any of their holders upon request.

 

ECTRA ELECTRONICS SRL knows that your privacy is very important to you. We are waiting for questions and comments regarding this privacy policy, so feel free to contact us at office@puntoiberica. com or by phone at no.  +40 773 742 279.  If you are dissatisfied with our response, you are free to lodge a complaint with the competent data protection authority (www.dataprotection.ro). Because internet technologies are changing so quickly, ECTRA ELECTRONICS SRL reserves the right to change its privacy policy from time to time. By using the company’s website and services, you agree to the terms and conditions of this privacy policy.

 

We will establish technical and procedural measures to protect and ensure the confidentiality, integrity and accessibility of your personal data. processed personal data; we will prevent unauthorized use or access and we will prevent the breach of the security of personal data, in accordance with the legislation in force.

 

Leadership of

ECTRA ELECTRONICS SRL