GDPR Partners

INFORMATION NOTICE REGARDING THE PERSONAL DATA PROCESSING IN CONNECTION TO BUSINESS PARTNERS

Given that, on May 25, 2018 entered into force Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,  , and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) and must be strictly and immediately implemented with regard to Romanian companies as well.

BIA Human Resource Management Services SRL (hereinafter referred to as BIA ), headquartered in Bucharest, 61-81, Horia Macelariu street, 1st floor, District 1,  registered at the Bucharest Trade Register under no. J40/7707/2005, Tax Identification Number 17521526, telephone number +40 21 319.35.82 (available between 9 and 17.30, Monday – Friday), acting as the controller of personal data, shall send this information notice regarding the personal data processing operations carried out by BIA in connection with the contracts concluded with its business partners.

Thus, in order to carry out contractual relations with business partners, BIA has access to the contact information of persons involved in the performance of the contract, as well as information regarding legal representatives/agents/direct beneficiaries, hereinafter referred to as data subjects, namely:

  • personal contact and identification data, for example: first and last name, e-mail address, landline/mobile phone number, signature, ID series and number, copy of ID;
  • data regarding the status and personal and/or professional characteristics, for example: occupation, position, employer, qualifications.

In order to avoid any doubts and damages that may occur in relation to the GDPR provisions, we would like to clarify certain aspects related to data, as described below:

(i) Personal data to which BIA has access, as data controller, in order to carry out business relations with its partners, shall be processed in accordance with the General Data Protection Regulation.

(ii)   Thus, BIA is given the right to process the personal data of the business partners’ legal representatives/agents for the following purposes:

  • performance of the contract concluded with the business partner
  • to fulfil the obligations imposed by the applicable legislation as well as for legitimate purposes, such as fraud prevention, internal reporting, customer analysis measures in accordance with the applicable legislation.

The processing operations carried out by BIA, on the basis of and respectively for the above-mentioned purposes, consist mainly in operations and/or a set of operations of electronic recording, organization, list structuring, storage on working units, extraction, consultation, use, alignment or combination, disclosure, archiving, deletion or destruction by automatic, manual and/or mixed means as the case may be, by persons authorized for this purpose by BIA, in accordance with the BIA rules and procedures.

The data processing duration is represented by the duration of the negotiations, the implementation of the contract with the business partner, the possibility to exercise and protect the rights and interests of BIA arising from its relationship with the potential business partner/relevant business partner (such as the right to appeal to the competent courts) and by the duration of fulfilling the legal obligations of BIA (e.g. archiving, clientele knowledge and prevention of money laundering) in accordance with the provisions of the applicable legislation.

Categories of recipients to whom personal data may be disclosed by BIA:

  • persons who represent BIA legally or conventionally, as well as individuals, BIA employees, for carrying out the duties entrusted to them;
  • entities to which personal data must be transmitted in order to fulfil an obligation provided by the law, regulations, other applicable rules;
  • companies carrying out courier activities in connection with BIA’s business partner
  • companies that provide archiving services for documents/files/e-mails related to contractual relationships with business partners;
  • other companies which offer services and are used for carrying out the contractual relationships of BIA with its business partners (consultants, law offices, notary public, etc.);
  • companies that provide support services necessary for any business activity in general, such as IT systems maintenance services
  • companies specialized in compiling accounting records and audit companies;

BIA shall ensure the personal data security standards, as required by Article 32 of the General Data Protection Regulation. Thus, BIA shall take and apply all appropriate technical and operational measures in order to protect your personal data against any accidental or illegal destruction, loss, alteration, unauthorized disclosure or access and against illegal processing.

Data subjects. whose data are processed under the above-mentioned conditions, have the rights provided by Articles 15 to 22 of the General Data Protection Regulation, respectively:

  • the right of access to data in accordance with Art. 15;
  • the right to rectify the data, according to Art. 16;
  • the right to erase the data, according to Art. 17;
  • the right to data restriction, according to Art. 18;
  • the right to data portability, according to Art. 20;
  • the right to object, according to Art. 21;
  • the right not to be subject to an automated individual decision, including profiling, according to Art. 22;
  • the right to appeal to the National Supervisory Authority for Personal Data Processing and Justice.

All these rights can be exercised through a written request, signed and dated, by the data subject, sent to the registered office of BIA or to the e-mail address dpo@bia.ro.

Any complaints can be addressed by the data subject (i) to the National Supervisory Authority for Personal Data Processing (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal – A.N.S.P.D.C.P.), headquartered in 28-30 Gheorghe Magheru Blvd., District 1, postal code 010336, Bucharest, either in a written form, at the office of the institution, or by e-mail at anspdcp@dataprotection.ro, respectively (ii) to the competent courts.

Thank you,

BIA HUMAN RESOURCE MANAGEMENT SERVICES SRL