Declaration regarding the processing of personal data

The protection of personal data in the online environment has become a legal and mandatory necessity. Any operator must inform the customer, the collaborator, the user about the processing of personal data and guarantee their safekeeping.

SC TERMOFARC TECHNOLOGIES SRL with headquarters in Romania, Brasov county, Sacele city, Brasovului street 118 and registered at the Romanian Trade Register with number J08/1047/2014, having CUI RO33399146 as an operator company, hereby notifies you about processing and storage personal user data transmitted through the provision of services and products.

What is personal data

Information regarding the identified / identifiable natural person: name, surname, address, e-mail, telephone, signature, financial information, information requested by specific authorities for the provision of services and products, information from audio video monitoring following the client’s visit to a location which provides the company’s services, audio-video monitoring during technical support services, IP, any other information necessary to carry out the activity.
Any action (set of actions) such as collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using, disclosing to third parties by transmitting, disseminating, joining or combining, blocking, archiving, deleting, destroying data may enters the sphere of personal data (direct or indirect).

Sources of information collection

• when using the web page or applications belonging to the company, you can request the completion of forms, questionnaires (without the obligation of acceptance) necessary to provide the services;
• direct and indirect transactions between the company, partners and users;
• external sources specific to public institutions.

How we collect personal data from users

• direct;
• using the user’s browser and traffic data;
• using cookies.

Direct collection of personal data

Placing an order (with or without account creation) on this web page can mean the request for name, surname, address, email and any other data necessary for the contracting, invoicing and delivery process.
• the contractual data are kept for 3 years (general prescription);
• fiscal data are kept for 10 years (fiscal legislation);
• orders cannot be honored without the above data.

Within the support services offered, we can ask you to provide us with your telephone number or email address so that we can contact you in order to solve your problem (other data that fall into the category of personal data may be requested if necessary). Communication within the company’s support services can be recorded.

The subscription to the newsletter comes with the request to provide us with an email address for a personalized communication, the storage ceasing with the revocation of the consent.

Payments made to our account are processed by our banking partners, the bank information being transmitted to them.

Collection of personal data using traffic data

During the visit on our web page from any device provide information such as your IP address, time of visit, location, pages visited. External traffic analysis services (eg Google Analytics) are used exclusively by us to improve services and to ensure and maintain the security of the site.

Data collection through cookies (per session and fixed)

Cookies are used to remember passwords, language preferences, filters for child protection, the types of advertisements approved or restricted, etc.

For what purposes we process personal data

The company identifies (through the means defined above) potential users who access the services provided, monitors operations in this regard, conducts surveys and / or profiles in marketing activities, performs internal analyzes specific to the services provided. The company also processes personal data in order to solve various legal procedures related to the provision of services. The archiving of information is done both physically and electronically. There are legally regulated state institutions that may request reports containing personal data.

On what basis are personal data processed

The law that defines the General Data Protection Regulation has been promulgated and takes effect in Romania as follows:
– (art. 6 (1) b GDPR) – refers to the collection of personal data through the order form;
– (art. 6 (1) c GDPR) refers to the mandatory data necessary for the issuance of invoices;
– (art. 6 (1) of the GDPR) requires the request for consent in order to use personal data for marketing (subscription to newsletters, cookies, etc.);
– (art. 6 (1) f GDPR and law 506/2004 art. 12 (2)) refers to the legitimate interest of the company in order to secure and optimize its own site (recital 49 GDPR).

The communication of personal data is mandatory

For the user, their refusal leads to the impossibility of providing services. The user has the right to refuse the processing of data in order to be used in direct marketing.

Recipients of personal data

We have specified above the purposes for which the personal data are collected. At the same time, if it is really necessary, the company can make available to the legal authorities and the contractual partners various personal data (limited) of the users that the latter undertake not to use for any other purpose (eg public authorities, auditors, lawyers). , accountants, companies that are part of our group of companies.

Based on law no. 2016/679 (GDPR) adopted by the European Parliament there is the possibility of transferring personal data abroad.

Personal data can be stored as long as the law provides, respectively 3 years for storing contractual data and 10 years for storing financial data. The processing of the data can be done until the moment when the purpose aimed at collecting them has been reached, the next moment involving their archiving or destruction.

Measures regarding the security of personal data processing

It is mandatory to keep the data confidential, which is why users use their own name and password;
Any user who accesses / collects / modifies personal data is registered with the date, time and operation performed;
Only authorized users have the right to print invoices, notices, contracts and other documents containing personal data.

The user or potential user who enters the incident of the processing of personal data has the following rights:

The right to be informed about data collection according to art. 13 and 14 GDPR;
The right to have access to the processed data – art. 15 GDPR;
The right to request the modification or even deletion of data – art. 17 GDPR, except for the exceptions provided by law;
The right to request a minimum processing or to refuse the processing of personal data – art. 18 GDPR;
The right to transfer data to another operator – art. 20 GDPR
Withdrawal of the right to data processing after the initial consent has been given;
Refusal to process data for marketing purposes and creation of profiles;
When he feels unjust, the user has the right to appeal to the ANSPDCP or to go to the competent court.

The company reserves the right to make changes to this statement regarding the processing of personal data without prior notice, by publishing the updated version on the site.

Any notification can be addressed in electronic or physical format using the contact details of the company.