INFORMATION REGARDIG THE PROCESSING OF PERSONAL DATA

CERTSIGN S.A., with the registered office in Bucharest, 107A, Olteniței Road, building C1, 1st floor, room 16, 4th District, registered with the Trade Register under the no. J40/484/17.01.2006, duly represented by Mr. Adrian Floarea, as General Manager.

Having regard to:

- the provisions of Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing of Directive 95/46 EC,

- processing of personal data of contact persons, legal or conventional representatives, of collaborators, employees and/or other natural persons designated by counterparties, transmitted to CERTSIGN for the negotiation and operation of contractual relations

we hereby inform you about the processing of personal data for the purpose of negotiating, concluding and executing contracts in which CERTSIGN S.A. is a contracting party:

1. The Quality CertSIGN has as regard to processing of personal data is that of data controller in accordance with the provisions of article 4, paragraphs 1 and 7 of the Regulation (EU) 679/2016 on the protection of individuals as regard to personal data and on the free movement of such data and the relevant subsequent applicable legislation.

2. Category of data subjects

Personal data processed by CERTSIGN belong to the following categories of data subjects: contact persons designated by counterparties, legal representatives or their legal or conventional collaborators, employees and/or other individuals whose data are disclosed to CERTSIGN by the counterparties (hereinafter collectively named, „Data subjects”). These personal data are included in the documents submitted to CERTSIGN when entering into contractual relations with counterparties or over the course of these relations.

3. Grounds and purposes for processing are as follows:

3.1.  Negotiating, concluding and carrying out of contracts with counterparties of CERTSIGN;

3.2. Fulfilling legal obligations of CERTSIGN in the context of conducting contractual relations, such as drawing up and keeping of financial and accounting documents; retention of personal data throughout the period of contractual relations and the archiving of documents; conducting audits; management of inspections carried out by authorities; implementing security measures for personal data (including back-ups); formulating of defences in the event of disputes; other applicable legal obligations according to the nature of the contractual relation and/or quality of the counterparty. For the purposes previously mentioned, CERTSIGN will rely, where appropriate, on its legal and contractual obligations.

4. Categories of personal data

CERTSIGN processes data provided by counterparties for the purpose of concluding and performing contractual relations, including but without limitation to: first name, last name, e-mail, phone number.

5. Categories of recipients

Your personal data can be disclosed to: subjects to exercise their rights, shareholders of the company, auditors, authorities and public institutions on the basis of obligations under public law, lawyers to represent us in the event of a litigation or for advice, bailiffs for contractual communications or for the enforcement of possible court decisions, debt recovery companies, counterparties of CERTSIGN (courier companies, subcontractors, consultants and technical experts etc.) for contract conclusion and performance; banks for mortgages and/or for funding and/or guarantee instruments, insurance companies to obtain guarantee instruments, affiliated companies of CERTSIGN and in any other justified cases with your prior notification, but only for the purposes mentioned above, and aiming at protecting your rights as a priority.

6. Duration of the processing.

CERTSIGN S.A. processes all personal data provided by counterparties throughout the negotiation and execution of contractual relations. Upon termination of these relations, personal data and information will be archived for a period of 10 years. After this period, your personal data will be destroyed in accordance with the Law 16/1996 of National Archives.

7. Transfer of data outside of the European Union.

Currently, CERTSIGN does not transfer your personal data outside of the European Union.

8. Rights of data subjects.

Your rights according to the provisions of Regulation (EU) 2016/679 are:

- Information and access to your personal data;

- Intervention on the data;

- Rectification of the data;

- Restriction of their processing;

- The right to lodge a complaint before the National Supervisory Authority for Processing of Personal Data.

9. CERTSIGN S.A. will not use your data for other purposes without your prior consent to this use.

10. To exercise your rights over your personal data, you may contact the Personal Data Protection Department of CERTSIGN using the following contact details:

- e-mail: dpd@certsign.ro

- fax: (+4021) 311 99 05.