Current as of 20 Jan 2022

Privacy policy

Your privacy is important to us at Untitled. We respect your privacy regarding any information we may collect from you across our website.

The purpose of this Policy on the Processing of Personal Data (“Policy”) is to establish the appropriate technical and organizational measures and the responsibilities of our employees with personal data processing duties and/or, as the case may be, authorized persons, to fulfill the obligations regarding the guarantee and protection of the fundamental rights and freedoms of natural persons, in particular the right to intimate, family and private life, regarding the processing of personal data.

If you notice any errors in the provision of personal data concerning you, please inform us as soon as possible in writing to the Contact address.

Principles of personal data processing

a. Personal data are processed in good faith and in accordance with the legal provisions in force.

b. Personal data is collected only for well-defined, explicit and legitimate purposes, and further processing will not be incompatible with these purposes.

c. Personal data are adequate, relevant and not excessive in relation to the purpose for which they are collected / processed.

d. Personal data is not stored for a longer period than is necessary to achieve the purposes for which it was collected.

e. We have taken appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing, as well as regarding the deletion or rectification of inaccurate or incomplete data from view of the purpose for which they are collected / processed.

Categories of data and purpose of use of personal data

a. Identification elements such as name and surname, names and surnames of legal representatives, e-mail address, profession, professional training – diplomas – studies, bank data or the like, which serve to identify you or the persons who represent you or whom you represent them.

b. We collect, use, process or provide personal data provided by users strictly for authentication purposes. In addition, in the case of paying users, and for the issuance of financial-accounting documents, the conclusion of contracts.

c. Personal data is intended for use by our organization. They are collected automatically in the database without the intervention of other people.

General rules

a. This Policy establishes technical and organizational measures implemented by our organization to fulfill obligations related to the confidentiality and security of data processing. We have in mind a complex of technical, IT, organizational, logistical and procedural measures to ensure a level of data security in accordance with the Regulation.

b. We protect data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorized access or any other form of unlawful processing.

c. We have adopted appropriate technical and organizational measures to protect personal data.

d. In order to fulfill the legal provisions, we developed and implemented organizational and technical measures oriented towards certain directions of action:

  • User identification and authentication;
  • Type of access;
  • Data collection;
  • Execution of safety copies;
  • Computers and access terminals;
  • Staff training;
  • Data printing.

1. Specific procedures

l. User identification and authentication

The user means any person acting under the authority of our organization or the person authorized by us, with a recognized right of access to the databases.

To gain access to personal data, users must identify themselves.

In the case of automated processing, identification is carried out by authentication in our IT systems. Authentication is done by entering unique authentication data, consisting of user account and password. Passwords are strings of characters, security-appropriate in length and composition. Passwords change periodically.

ll. Access type

Users may only access personal data necessary to perform permitted activities. For this, the types of access according to functionality (administration, input, processing, saving, etc.) and according to the actions applied to personal data (writing, reading, deleting), as well as the procedures regarding these types of access, are stable.

Systems programmers have access to personal data under a confidentiality agreement signed with our organization.

The department providing technical support may have access to personal data to resolve incidents and problems arising in the use of IT systems.

lll. Data collection

Our organization designates authorized users for the operations of collecting, entering and processing personal data in a computer system or manual system.

Any modification of personal data can only be done by authorized users designated by the operator.

The operator has taken steps for the information system to record who made the change, the date and time of the change.

lV. Execution of safety copies

The computer system has a back-up of the databases, for a possible data recovery, in case of loss, destruction or dysfunction of the computer systems. The users who run these backups are appointed by the operator, in a limited number. Backups are stored in a location with restricted access.

V. Computerele și terminalele de acces

Computers and other access terminals are installed in lockable access-controlled rooms. If computers are open and not acted upon for a given period, set by the operator, the work session is automatically closed.

Users are trained so that databases with personal information are closed, in cases where they are open, if unauthorized persons are around.

The servers hosting the databases can only be accessed in a controlled manner based on access rights.

Vl. Staff training

Users who have access to personal databases are trained on the provisions of the Regulation as well as on the importance of maintaining their confidentiality and the risks they entail.

Users are required to close their work session when they leave their workplace.

Vll. Data printing

Printing of personal data will only be done by designated users and only for the purpose specified in these rules.

2. The rights of the persons whose personal data are collected and/or processed

According to the Regulation, you have the following rights regarding the processing of your personal data:

l. The right to information

You have the right to obtain from our organization, according to the Regulation, at least the following information, unless you already have that information:

  1. the identity of the operator and its representative, if applicable;
  2. the purpose for which the data is processed;
  3. additional information, such as: recipients or categories of data recipients; whether the provision of all requested data is mandatory and the consequences of refusing to provide them; the existence of the rights provided for by this law for the data subject, in particular the right of access, intervention on data and opposition, as well as the conditions under which they can be exercised;
  4. any other information the provision of which is required by the supervisory authority, taking into account the specifics of the processing.
  5. Right of access to data

You also have the right to obtain from our organization, according to the Regulation, confirmation that the data concerning you is or is not being processed by us.

ll. The right to access data

At the same time, you have the right to obtain from the operator, according to the Regulation, the rectification, updating, blocking or deletion of data whose processing is not in accordance with the law.

lll. The right of opposition

In addition, you have the right to object at any time to the processing of personal data concerning you by our organization in accordance with the Regulation.

lV. The right not to be subject to an individual decision

According to the provisions of the Regulation, you have the right to request and obtain the withdrawal/cancellation/reevaluation of any decision that produces legal effects regarding you. These decisions are adopted exclusively on the basis of data processing carried out by automatic means, intended to evaluate some aspects of your personality, such as professional competence, behavior or other such aspects.

V. Dreptul de a vă adresa justiției

In accordance with the provisions of the Regulation, you have the right to go to court to defend any rights guaranteed by law, which have been violated. To exercise these rights, you can contact us with a written, dated and signed request, sent using the contact details indicated in section 8 of this Policy.

3. Dezvăluirea datelor cu caracter personal către terți

Collected data is disclosed to third parties only if our organization is subject to a legal obligation to do so. Any disclosure to third parties under other conditions of personal data will be made only with your express consent, expressed in advance.

4. Prevederi finale

For requests or questions regarding this policy, please contact us using the coordinates available in the contact section of this website