TRIDENT SERVICII ȘI MENTENANȚĂ S.A., with its registered office in Bucharest, Șos. Olteniței no. 107 A, Corp C1, 2nd floor, room 1213, sector 4, registered with the Trade Register under no. J2004018361403, CUI 16933677, processes personal data for the purpose of carrying out the company’s activities, in compliance with the legal provisions relating to them in the countries in which it operates. The processing of personal data is carried out under conditions that ensure security, confidentiality and respect for the rights of the data subjects in compliance with the following principles:
- legality, fairness and transparency
- specified, explicit and legitimate purpose
- data minimization (adequate, relevant and limited data)
- accuracy, timeliness
- limited storage
- integrity and confidentiality
- accountability
CHAPTER I
Purpose
The purpose of the General Personal Data Protection Policy (“GDPR Policy”) is to establish the rules and practices that regulate the way in which TRIDENT SERVICII ȘI MENTENANȚĂ S.A. ensures compliance with the principles and rules established by the GDPR in its activities of processing the personal data of customers, suppliers, partners, employees and other individuals.
CHAPTER II
Scope
This policy applies to all activities carried out by TRIDENT SERVICII ȘI MENTENANȚĂ S.A. which involves the processing of personal data as a controller, as well as those carried out as a processor of a controller, activities which fall under the scope of Union law.
CHAPTER III
Definitions and abbreviations
consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear statement, signifies agreement to the processing of personal data relating to him or her;
personal data means any information relating to an identified or identifiable natural person (“data subject”), directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity
DPO responsible for data protection
GDPR means REGULATION no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
- controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or national law, the controller or the specific criteria for his designation may be laid down in Union or national law;
- processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- data subject means the natural person whose personal data are processed;
- processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
CHAPTER IV
Objectives of the GDPR policy
Ensuring the lawfulness of data processing
In carrying out its activities, TRIDENT SERVICII ȘI MENTENANȚĂ S.A. processes personal data under one of the following conditions:
the data subject has given his/her consent
- the processing is necessary for the performance of a contract to which the data subject is a party
- the processing is necessary for compliance with a legal obligation to which the data subject is subject
- the processing is necessary to protect the vital interests of the data subject or another natural person
- the processing is necessary for the purposes of the legitimate interests pursued by TRIDENT SERVICII ȘI MENTENANȚĂ S.A. or by another person.
Ensuring the rights of the data subject
TRIDENT SERVICII ȘI MENTENANȚĂ S.A. respects the right of natural persons to privacy.
When processing personal data, our company communicates to the data subject what data it collects, the purpose and basis of the collection, the recipients or categories of recipients of the personal data, the duration of data storage, their deletion at the end of the storage period. If the controller intends to further process the personal data for a purpose other than that for which they were collected, the controller shall provide the data subject, prior to such further processing, with information on the respective secondary purpose and any relevant additional information.
Data processing shall only be carried out by personnel authorized to do so.
Personal data processed and used by TRIDENT SERVICII ȘI MENTENANȚĂ S.A. shall be stored on electronic media or archived on paper, for the period necessary to achieve the purposes for which they were collected and in accordance with the legal provisions applicable to the activities carried out by the company.
Upon completion of the personal data processing operations, the processed personal data shall be destroyed.
If TRIDENT SERVICII ȘI MENTENANȚĂ S.A. acts as a processor of an operator in the course of carrying out the activities within the scope of the company’s activity, it will conclude an agreement with the operator regarding the processing of personal data, which will ensure that the rights of the data subjects are respected.
If the data subject wishes to exercise a right or make a complaint, he/she may contact the DPD at the following contact details:
address: TRIDENT SERVICII ȘI MENTENANȚĂ S.A: Șoseaua Oltenitei 107A, Corp C1, etaj 2, cam 1213, Sector 4, Bucharest
e-mail address: dpo@tridentsm.ro
TRIDENT SERVICII ȘI MENTENANȚĂ S.A. provide the data subject with information on the personal data processed following a request pursuant to Articles 15-22 of the GDPR, without undue delay and in any event not later than one month from receipt of the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests. TRIDENT SERVICII ȘI MENTENANȚĂ S.A. shall inform the data subject of any such extension within one month of receipt of the request, stating the reasons for the delay.
If it does not take action on the data subject’s request, TRIDENT SERVICII ȘI MENTENANȚĂ S.A. shall inform the data subject, without undue delay and not later than one month from receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and of seeking a judicial remedy.
Ensuring data security
TRIDENT SERVICII ȘI MENTENANȚĂ S.A. has implemented an information security management system, certified ISO 27001, being subject to annual external audits in which the assessment of IT and information security, in general, represents a very important component.
drawing up and maintaining records of data processing activities
The company maintains the Personal Data Processing Records Register. The register is drawn up and managed by the DPD and contains at least the information required by the GDPR.
training staff to comply with the GDPR provisions
The staff of TRIDENT SERVICII ȘI MENTENANȚĂ S.A. is periodically trained on the GDPR provisions, on the minimum security requirements for personal data processing, as well as on the risks involved in the processing of personal data. Employees who have access to personal data are informed of the special nature of this data and have taken note of the rules that apply to them.
verifying the compliance of the company’s activities with the GDPR requirements.
Through the DPO and audits, TRIDENT SERVICII ȘI MENTENANȚĂ S.A. verifies compliance with and implementation of internal rules, GDPR provisions and other applicable legal provisions, as well as recommendations made regarding the processing of personal data.