office@smartemp.ro

021 301 90 90

Expo Business Park, Aviator Popisteanu no. 54A, Building 2, 4th floor, District 1, 012244 Bucharest

English
English Română
English
English Română

GDPR Policy

Home

Processing Policy for personal data, collected from users/visitors of this website

SMARTEMP S.A.

 

1. Presentation of the company

The website www.smartemp.ro (hereinafter referred to as "the website") belongs to SMARTEMP S.A., hereinafter referred to as "SMARTEMP", a Romanian company with its registered office in Bucharest, Sector 1, Str. Av. Popisteanu no. 54A, Office building 2, floor 4, Open Space 1, within the Expo Business Park, Order number in the Trade Register J40/4656/2000, unique registration code 13020557.

 

2. The purpose of this Personal Data Processing Policy

This Personal Data Processing Policy of SMARTEMP, displayed on this website, is applicable only to users/visitors of the www.smartemp.ro website and describes the principles of processing personal data, the categories of personal data we process, the purpose and the processing operations, the legal basis of their processing and how SMARTEMP fulfills its responsibilities as a personal data operator, to maintain the security of your information and full compliance with the requirements of the GDPR - i.e. of Regulation (EU) 2016/679 regarding the protection of individuals with regard to the processing of personal data and regarding the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), here called GDPR and all legal requirements arising from it.

This personal data processing policy of SMARTEMP is valid for all users/visitors of the website, with or without an account.

For other categories of persons concerned (who are not users/visitors of this website, but are partners of SMARTEMP for the performance of SMARTEMP services, as clients, suppliers, other persons who will become/are SMARTEMP employees, other persons whose personal data are processed by SMARTEMP as a person authorized by the client companies, who appear as data operators or with whom SMARTEMP shares the quality of associated operators), information about how GDPR requirements are met are specified in contractual documents and or in personalized information notes.

 

3. Definitions from the GDPR, used in this personal data processing policy of SMARTEMP

 

  • Personal data = means any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;
  • Biometric data = means personal data resulting from specific processing techniques related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of that person, such as facial images or dactyloscopic data
  • Processing = means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy
  • Operator = means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law;
  • Person authorized by the operator = means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator;
  • Recipient = means the natural or legal person, public authority, agency or other body to whom (to whom) the personal data is disclosed, whether or not it is a third party. However, public authorities to whom personal data may be communicated within a certain investigation in accordance with Union law or internal law are not considered recipients; the processing of this data by the respective public authorities respects the applicable data protection rules, in accordance with the purposes of the processing;
  • Consent of the data subject = means any manifestation of the free, specific, informed and unambiguous will of the data subject by which he/she accepts, through a statement or through an unequivocal action, that the personal data concerning him/her will be processed
  • Personal data security breach = means a security breach that leads, accidentally or illegally, to the destruction, loss, modification or unauthorized disclosure of personal data transmitted, stored or otherwise processed or to unauthorized access to these.

 

4. Principles of personal data processing, according to GDPR   

  • Personal data are processed in a legal, fair and transparent manner towards the data subject ("legality, fairness and transparency")
  • Personal data are collected for specific, explicit and legitimate purposes and are not subsequently processed in a manner incompatible with these purposes ("purpose limitations")
  • Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization")
  • Personal data are kept in a form that allows the identification of the persons concerned for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed ("storage limitations")
  • Personal data are processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, through appropriate technical and/or organizational measures ("integrity and confidentiality").

    

5. Purpose of processing, processed personal data and description of processing operations, legal basis of information processing, recipients, archiving period of personal data

I.SMARTEMP collects and processes only the personal data that you provide as a user/visitor of the website, for the following purposes:

A. Communication of information about our services, to initiate the bidding process

If you are the representative of a company and you want to receive more information about the services provided by SMARTEMP regarding personnel leasing, with or without recruitment services, the personal data collected from you, as a user/visitor of the website are : name, company, telephone, e-mail (CONTACT section - individual option or connected with a). SERVICES section, b) HOME section - REQUEST AN OFFER). In the communication process in order to present the services and offer, it is possible to use the ZOOM or TEAMS platforms. In order to protect your biometric data, SMARTEMP guarantees that the meetings organized through these platforms will not be recorded, nor will screenshots (print screens) be taken.

Processing operations: collection (at the time of provision, through voluntary registration by users/visitors), registration and storage (in the SMARTEMP database), use (for the communication desired by users/visitors), deletion (when no longer are necessary or when expressly requested by users/visitors).

Legal basis: the consent given by users/visitors [art. 6 para. (1) lit. a) of the GDPR.], in order to initiate a communication process, in order to conclude a service contract between SMARTEMP and potential clients, who wish to use SMARTEMP's recruitment and/or consulting services for labor and immigration legislation [art. . 6 para. (1) lit. b) of the GDPR].

Recipients: the internal staff of SMARTEMP, who will develop the communication process. Your personal data is not transferred outside the EU.

Durata de arhivare: pe toata durata de comunicare in vederea ofertarii si incheierii unui contract, dar si pe durata derularii contractului eventual incheiat, daca va fi cazul. Daca nu se ajunge la incheierea unui contract, se solicita persoanei vizate, prin e-mail, consimtamantul pastrarii datelor de catre SMARTEMP pentru o durata de timp mai indelungata (5 ani de la finalizarea relatiei contractuale), in scopuri de marketing, cu amendamentul ca se poate cere oricand de catre persoana vizata stergerea datelor din baza de date a SMARTEMP, odata cu retragerea consimtamantului. Aceste operatiuni se realizeaza printr-o solicitare scrisa la adresa de e-mail office@smartemp.ro 

Important observation: In the event that the communication with you, as a user/visitor of the website, will result in the realization of a service provision relationship by SMARTEMP to the company on whose behalf you have spoken, all the information regarding how the requirements are met GDPR will be the subject of an Annex to the Services Agreement services concluded between SMARTEMP and the company you represent.

B. Subscription to the Newsletter of individuals/legal entities, who are users/visitors of the website.

In the event that you wish to subscribe to the NEWSLETTER, only your e-mail address is collected as personal data (the HOME section, under the heading „Subscribe to the Smartemp newsletter to be up to date with all the news in the HR field” ), for this fact requesting the consent to process personal data.

Operatiunile de prelucrare date personale: colectarea (in momentul furnizarii, prin inregistrarea voluntara efectuata de catre utilizatori/vizitatori), inregistrarea si stocarea (in baza de date a SMARTEMP), extragerea si structurarea (pentru transmiterea automata a Newsletter-ului), ştergerea (cand abonatul trimite mesaj cu DEZABONARE NEWSLETTER la adresa office@smartemp.ro ).

Legal basis: the consent given by users/visitors [art. 6 para. (1) lit. a) from GDPR.], for the purpose of informing about legislative/service news (marketing purpose) [art. 6 para. (1) lit. b) of the GDPR].

Recipients: the internal staff of SMARTEMP, but also of the webhosting service provider, which facilitates the transmission of NEWSLETTER-type information to subscribers. Your personal data is not transferred outside the EU.

Durata de arhivare : pe toata perioada pentru care v-ati dat consimtamantul pentru a primi NEWSLETTER de la SMARTEMP. Odata cu retragerea consimtamantului (printr-un mail cu titlul trimite mesaj cu DEZABONARE NEWSLETTER la adresa office@smartemp.ro ), se sterge adresa de e-mail a celui care nu mai doreste sa primeasca informari prin NEWSLETTER.

II. The provider of website hosting services/web server management services automatically collects and stores information in the so-called server records, which the browser used by the user/visitor transmits to us automatically. This stored information may include:

  • The type and version of the browser used, as well as the installed plugins;
  • Type of operating system used;
  • URL reference;
  • The hostname or the device from which the access was made;
  • Date and time when the server received the information.

The information mentioned above cannot be linked to a specific person individually. Also, we do not associate the collected data with information from other sources. However, we reserve the right to analyze the information, if a suspicion of illegal or unauthorized use is brought to our attention.

III. Processing of personal data, by association with Facebook, LinkedIn, Instagram, You Tube, Zoom, Teams platforms

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA ON THE FACEBOOK PAGES OF SMARTEMP S.A.

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA ON THE LINKEDIN PAGES OF SMARTEMP S.A.

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA ON THE INSTAGRAM PAGES OF SMARTEMP S.A.

INFORMATION NOTE REGARDING THE PROCESSING OF PERSONAL DATA ON THE YOUTUBE CHANNELS OF SMARTEMP S.A.

For more details on privacy policies and the way in which the ZOOM platform processes your personal data during meetings, please visit: https://zoom.us/docs/en-us/privacy-and-security.html . If you do not agree with the policies of the ZOOM platform, please let us know that you do not accept online meetings.

For more details on privacy policies and the way in which the TEAMS platform processes your personal data during meetings, please visit: TEAMS - https://privacy.microsoft.com/en-gb/privacystatement and https:/ /account.microsoft.com/privacy/third-party-ads?scrolltonewtoggle=true If you do not agree with the policies of the TEAMS platform, please let us know that you do not accept online meetings.

6. Rights of data subjects, from the category of website users/visitors

  • The right to information = allows access to concrete information regarding why personal data are collected and how they are processed by SMARTEMP, so that there is a guarantee of compliance with the legal requirements in force;
  • The right of access = allows obtaining confirmation that personal data is processed by SMARTEMP and the relevant details of these processing activities;
  • The right to rectification = allows the rectification (modification/correction/completion, updating...) of personal data, if they are inaccurate;
  • The right to delete data = allows the deletion of personal data in certain cases (when they are no longer necessary for the purpose of processing, when the data subject withdraws his consent, when the data subject opposes the processing, when the personal data were processed illegally, etc.);
  • The right to restrict processing = allows the restriction of the given processing their personal nature in certain cases (when the data subject disputes the accuracy of the data, when their accuracy is verified, when it is verified which rights prevail - of the operator or of the data subject, etc.);
  • The right to data portability = allows receiving the personal data provided, in a structured format, commonly used and which can be read automatically or the transmission of this data to another data operator, upon request (when it is technically feasible);
  • The right to opposition and the automated individual decision-making process = allows opposition to the further processing of personal data, under the conditions and limits established by law; for the situations of using personal data in marketing activities or in the interests of the operator, explicit consent is requested, the persons concerned being able to object at any time to the processing of data for those purposes, by notifying the operator; you therefore have the right to withdraw your consent when there is a processing based on it; the withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.

Related rights of website users/visitors:

  • The right to be informed about the existence or not of an automated decision-making process for the creation of profiles (in case of existence – information about the reason and the consequences of such processing on the concerned persons).
  • Dreptul de a depune plangere in fata autoritatii de supraveghere - eventuale reclamatii referitoare la GDPR puteti trimite la adresa de e-mail office@smartemp.ro , dar şi catre Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal: e-mail anspdcp@dataprotection.ro  si telefon  +40 21 252 5599.
  • The right to exercise a judicial appeal if he considers that the rights he benefits from under the GDPR have been violated.

Pentru alte informatii referitoare la modul de exercitare a drepturilor GDPR ale utilizatorilor/vizitatorilor acestui website si aplicarea efectiva a drepturilor, va rugam sa ne contactati la adresa de e-mail office@smartemp.ro .Este posibil sa va solicitam sa va dovediti identitatea, transmitandu-ne o copie a unui mijloc valabil de identificare, pentru a ne conforma cu obligatiile de securitate pe care le avem si pentru a impiedica divulgarea neautorizata a datelor.

 

7. Liability of the operator

SMARTEMP, as a personal data operator, assumes, according to GDPR, the following main obligations in relation to the users/visitors of this website: 

  • ensuring an organizational framework so that the persons concerned (users/visitors of this website) can exercise their rights;
  • recording the personal data processing operations of the persons concerned;
  • assessment of the impact of the loss of personal data security and assessment of risk factors that may affect the security of personal data type information (in special situations, prior consultation of the National Authority for the Supervision of Personal Data Processing can be accessed);
  • the application of technical and organizational measures to protect personal data and prevent their destruction, loss, modification or unauthorized disclosure; in the application of these measures, SMARTEMP assumes compliance with data protection assurance starting from the moment of conception (by designing) and implicitly (by default); for the effectiveness of these measures, SMARTEMP assumes exclusive partnership with companies that, in turn, comply with GDPR requirements;
  • informing the persons concerned about possible violations of personal data;
  • notification of the National Supervisory Authority for the Processing of Personal Data in case of possible personal data security incidents;
  • handling Security incidents through actions that lead to their elimination or decrease the probability of their recurrence;
  • internal monitoring of the degree of compliance with the GDPR requirements and the continuous improvement of the security measures of the personal data type information of the persons concerned, in the category of users/visitors of the website.

 

8. Ensuring data protection

SMARTEMP applies two categories of measures for the processing of the personal data of users/visitors of the website for all categories of information, including for the personal data it processes (collected through the website and/or during the provision of its services ):

A. Technical measures, such as those provided in the following Policies: 

- Information Security Policy, which also involves personal data type information

- Cryptographic Policy - a) encryption techniques for data storage in the cloud, data protection on removable media, protect take passwords on systems, e-mail protection, remote access, etc., which are tested and revised in order to increase their effectiveness; b) rules for managing cryptographic keys, so that they are protected

- Anti Malware Policy - a) antivirus platform installed in key locations - firewall, e-mail servers, other servers, users' computers (users do not deactivate their protection); b) spam filtering; c) installing only permitted software on computers and periodically scanning computers to identify unauthorized software; d) information reported by ITC service providers regarding vulnerabilities, including threat monitoring and alerting, of malware incidents, which will generate, after analysis, additional protective actions

- Access control policy to IT systems and applications - a) requirements for access control, depending on the level of security imposed on various categories of classified information (including personal information); b) user access management

- Network security policy - a) characteristic of the network; b) network security management.

- Cloud systems policy - with rules for the relationship with service providers that use the cloud.

B. Organizational measures:

- Physical security policy - a) secure areas; b) rules for the use of documents in written format, which contain personal data, including the archiving of these documents

- Electronic Messaging Policy - with information about the rules for using e-mail

- training of internal SMARTEMP users regarding the access control elements to IT systems and applications (by user and password), including password-protected e-mail communication - with the signing of the Declaration of Acceptable Use

- training SMARTEMP internal users regarding the physical access elements (via card) - with the signing of the Declaration of Acceptable Use

- training SMARTEMP internal users on the methods of spreading malware (phishing, mobile codes, hacking/cracking, using USB, CD, DVD, etc.) and how to protect themselves

 

9. Solving the requests and/or complaints of the persons concerned

Any requests and/or complaints can be addressed by the concerned person:

  • catre SMARTEMP, in scris, la adresa de e-mail office@smartemp.ro ;  va rugam sa specificati – identitatea solicitantului/reclamatului, subiectul solicitarii/reclamatiei, cu detalii corespunzatoare si dovezi, daca este cazul; SMARTEMP va confirma primirea mesajului in termen de 4 ore de la primirea lui si va da raspuns, dupa analiza, in maxim 48 de ore de la primirea mesajului dvs. (mesajul poate contine rezultatele analizei si/sau actiunile decise si/sau masurile implementate si/sau care urmeaza a fi implementate, cu termenul limita; dupa caz, solicitantul/reclamantul va primi informari ulterioare referitoare la statusul actiunilor anuntate)
  • to the National Supervisory Authority for the Processing of Personal Data, with headquarters in B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, either in the form of a written address, at the institution's headquarters, or by e-mail at anspdcp@dataprotection.ro; additional information can be found on the website www.dataprotection.ro
  • to the competent courts.

10. Management of information security incidents 

*Security incidents can be: destruction, loss, modification, unauthorized disclosure of personal data or unauthorized access to it.

Both SMARTEMP and its partners, who provide ITC services as support for this site or for other social media tools to which the site is connected, monitor the effectiveness of the technical and organizational measures implemented.  

When it identifies security incidents, directly or through its partners (who immediately announce the occurrence of incidents, if they have detected them), SMARTEMP follows the steps: 

  • records the incidents in the internal documents, within 2 hours at the most from its detection
  • together with his partners, if they were involved in the occurrence of the incident, apply, within a maximum of 48 hours from the discovery of the incident, the necessary corrective actions to eliminate or reduce the effects of the incidents
  • together with his partners, if they were involved in the occurrence of the incidents, identify, after a maximum of 48 hours from the detection of the incident, their cause/causes, evaluate the risk (in terms of the severity of the impact of the incident and the number of affected persons and decide on the application of corrective actions, so that the incidents do not recur (the implementation period differs, depending on the nature of the actions); all these actions must not exceed 72 hours from the detection of the incidents
  • informs the supervisory authority, within a maximum of 72 hours from the moment when he became aware of it, with the exception of in which it is likely to generate a risk for the rights and freedoms of natural persons; if the notification does not take place within 72 hours, it is accompanied by a reasoned explanation for the supervisory authority
  • in the event that the security incidents present a high risk for the natural persons affected, inform, within a maximum of 72 from their occurrence, the respective targeted persons, communicating to them the context of the occurrence of the incident, this type (according to the above *) and what personal data has been affected; if the notification does not take place within 72 hours, it is accompanied by a reasoned explanation; natural persons are no longer informed if effective technical and organizational protection measures have been applied or other measures that ensure that the risk is no longer likely to materialize
  • informs, within a maximum of 2 hours from the moment when he became aware of the incident, the companies for which SMARTEMP acts as an authorized person or acts, together with SMARTEMP, as associated operators.

 

11. Other information

PRIVACY POLICY UPDATES

This Privacy Policy was updated in May 2024. We reserve the right to periodically update and modify this Privacy Policy, to reflect any changes in the way we process your personal data or any changes in legal requirements. In case of any such modification, we will display the modified version of the Privacy Policy on our website and/or make it available in another way.

CONTACT

Daca doriti sa ne contactati in legatura cu orice intrebari legate de prezenta politica de confidentialitate, precum si de prelucrarea datelor dvs., va rugam sa ne transmiteti un e-mail la adresa office@smartemp.ro .

 

Scroll to Top