CERTSIGN S.A., with the registered office in Bucharest, 107A, Olteniței Road, building C1, 1st floor, room 16, 4th Sector, registered with the Trade Register under the no. J40/484/17.01.2006, CUI 18288250, phone: 0311 011 870, fax: 021 311 9905, e-mail: office@certsign.ro.

Having regard to:

– the provisions of Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing of Directive 95/46 EC – „GDPR”,

– processing of personal data of contractual partners, natural persons, of contact persons, legal or conventional representatives, collaborators, employees and / or other natural persons designated by the contractual partners as legal entities, sent to CERTSIGN for the purpose of negotiating, concluding and conducting contractual relations

we hereby inform you about the processing of personal data for the purpose of negotiating, concluding and executing contracts in which CERTSIGN S.A. is a contracting party:

1. Capacity of certSIGN as regard to the processing of personal data

CERTSIGN S.A. is a personal data controller, according to the provisions of art.4, para. 7 of GDPR.

2. Categories of data subjects

Personal data processed by CERTSIGN belong to the following categories of data subjects: contractual partners, natural persons, contact persons designated by the contractual partners, their legal or conventional representatives, collaborators, employees and / or other categories of natural persons whose data are disclosed to CERTSIGN by the contractual partners (collectively referred to as hereinafter referred to as “Data subjects “. These personal data are transmitted to CERTSIGN at the initiation of contractual relations with the contractual partners or over the course of these relations.

3. Grounds and purposes for processing personal data

The purposes for processing your personal data are:

• initiating the contractual relationship, negotiating, concluding and running contracts with certSIGN’s contractual partners, including the provision of services, delivery and payment of contracted products or the creation of a user account in certSIGN applications, in accordance with Article 6 (1) (b) of GDPR;
• Fulfilling legal obligations of CERTSIGN in the context of conducting contractual relations, according to article 6 (1) (c) of GDPR, such as: drawing up and keeping of financial and accounting documents; the observance by certSIGN of the right of withdrawal that you exercised according to GEO 34/2014 on consumer rights in contracts concluded with professionals, as well as for amending and supplementing normative acts, if you have purchased products and services online; keeping personal data throughout the contractual relationship and archiving documents; conducting audits; transmission of information representing personal data at the request of the competent state authorities; ensuring the security of systems and databases (including by backing up); other applicable legal obligations depending on the nature of the contractual relationship and / or the quality of the contractual partner;
• to pursue the legitimate interests of the Data Controller or a third party in accordance with Article 6 (1) (f) of the GDPR, such as: for the internal reporting of the controller or for streamlining the company’s processes; for the management of contracts or supporting accounting documents; for communicating with the representatives of contractual partners, for solving complaints; for auditing or verifying internal processes; fraud prevention; for the protection of the operator’s rights such as the recovery of his claims and the formulation of defence actions in the event of a dispute;
• Transmission of newsletters, promotional materials, marketing communications, commercial offers or any relevant information on certSIGN products and services if you have given your consent to this, according to art. 6 (1) (a) of GDPR.

The legal grounds for data processing operations refer to Article 6 (1) (a), (b), (c) and (f) of the GDPR, as detailed above.

4. Categories of personal data

The categories of personal data that CERTSIGN processes for the purposes mentioned above may be but not limited to:

• name, surname
• position
• handwritten or electronic signature
• e-mail address, telephone number
• residence address, mailing address
• bank account
• credit card details for electronic payments
• data from logs such as IP address, data about your actions on the platforms of certSIGN.

5. Transmission of data and the consequences of non-compliance

The provision of the aforementioned personal data is necessary to achieve the purposes specified above. Your refusal to provide the data will make it impossible to provide the services or products covered by the contracts.

Should you no longer want to receive promotional materials and marketing communications regarding our products and services, we will no longer process your data for this purpose.

6. Duration of personal data processing

CERTSIGN S.A. processes all information and personal data provided by the contractual partners throughout the negotiation and conduct of the contractual relationship. Upon termination of these relations, personal information and data will be archived for a period of 10 years. After this period, your personal data will be destroyed in accordance with Law 16/1996 on National Archives.

Also, should you no longer want to receive newsletters, promotional materials, marketing communications, commercial offers or any other relevant information about our products and services, certSIGN will no longer process your data for this purpose.

7. Transmission of personal data for achieving the processing purposes of certSIGN

Your personal data may be disclosed to: data subjects, auditors, the supervisory body under the law applicable to the service provided, public authorities and institutions under public law obligations, lawyers to represent us in the event of a dispute or for consultancy, bailiffs for contractual communications or enforcement of any court decisions, debt collection companies, CERTSIGN contractual partners (courier companies, suppliers, subcontractors, consultants and technical experts, etc.) for concluding and conducting contracts, to banks for claims mortgages and / or for obtaining financing and / or grant instruments, to insurance companies for obtaining guarantee instruments, to CERTSIGN affiliates and in any other situations justified with your prior notice, but only but only for the purpose of fulfilling the purposes mentioned above and pursuing with priority the protection of your rights.

8. Transfer of personal data outside the European Union

certSIGN does not transfer your personal data outside the European Union.

9. Rights of Data Subjects

The rights you benefit from in accordance with the provisions of EU Regulation 2016/679 are:

• Right to information: the right to be informed about the identity and contact details of the controller and the Data Protection Officer, the purposes for which the data are processed, the categories of personal data concerned, the recipients or categories of recipients of the data , the existence of the rights provided for by the legislation on the protection of personal data for the data subject and the conditions under which they may be exercised;
• Right of access to data: the right to obtain from the data controller confirmation that the personal data concerning you are or are not processed by him;
• The right to rectification: the right to obtain the rectification of inaccurate data concerning you, as well as the completion of incomplete data;
• The right to restrict processing if the data subject has objected to the processing for the legitimate interests pursued by certSIGN or third parties or if certSIGN no longer needs the personal data but the data subject requests them for finding, exercising or defending a right in court;
• The right to withdraw your consent at any time, insofar as the data processing operation is based on your consent and the digital certificate has not been issued;
• The right to data removal before issuing the digital certificate. After the issuance of the digital certificate certSIGN will store the data related to the certificate for the 10 year period mentioned above.
• The right to portability of the data provided, insofar as the data processing operation is based on consent or is based on the contract concluded with you.
• The right to object for reasons related to your particular situation regarding the processing of data carried out for the purpose of pursuing the legitimate interests of certSIGN or third parties.
• certSIGN will notify the recipients to whom it has disclosed personal data of any deletion, rectification or restriction of the processing of personal data, unless this proves impossible or involves disproportionate efforts.
• The right to address the ANSPDCP for the protection of any rights guaranteed by the applicable legislation in the field of personal data protection that have been violated.

In order to exercise your rights over personal data, you can contact the Department of Personal Data Protection of CERTSIGN using the following contact details:

• e-mail address: dpd@certsign.ro
• fax: (+4021) 311 99 05
• 29A, Tudor Vladimirescu Bvd, nr. 29A, AFI Tech Park 1, 2nd floor, Bucharest, sector 5.

Should you submit a request regarding your rights over the processing of personal data, you will receive a reply as soon as possible, within 30 days, under the provisions of GDPR.