Privacy Policy with regard to personal data processing  

 

Ensuring the right to personal data protection is a fundamental commitment of RINF TECH and therefore we devote all our resources and make every effort to process your data in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or "GDPR"), as well as with any other applicable legislation. One of the key principles of this legal framework is transparency and we want you to be fully informed, so we have prepared this document to show you how we collect, use, transfer and protect your personal data when you interact with us either through our website or by means of the applications available on your mobile phone.

We reserve the right to periodically update and modify this Privacy Policy so that you always have access to and are aware of any changes to the way we process your personal data, as well as any other changes to the legal requirements. In the event of any such change, we will display on our website the updated version of our Privacy Policy, and therefore it is advisable to periodically check the contents of this Privacy Policy.

Who are we and how can you contact us?

RINF TECH is the trade name of RINF OUTSOURCING SOLUTIONS SRL, a Romanian legal entity, with its registered office in Green Court Bucharest, 4 Gara Herastrau Street, Building B, 3rd Floor, District 2, with registration number with the Trade Register J40/1436/01.02.2006, unique tax registration number RO18334380 (hereinafter referred to as "RINF TECH" or "us"). For the purposes of the data protection law, we are a controller when we process your personal data.

You can share your views and we are willing to provide any additional information you need with regard to the processing of your data. If you find yourself in this situation, you can contact the RINF TECH Data Protection to the e-mail address data-protection@rinftech.com or by mail or courier to the address Green Court Bucharest, 4 Gara Herastrau Street, Building B, 3rd Floor, District 2, Bucharest, Romania – with the mention: to the attention of the RINF TECH Data Protection.

Which categories of personal data do we process?

  • Generally, we collect personal data that comes directly from you and thus you control and decide which pieces of information you are willing to share. For example, when applying for a job at RINF TECH, you send us your e-mail address, your first and last name, the phone number, the city you live in, and other information specific to this context.
  • According to the Cookie policy, information on cookies or other similar technologies can be stored and collected on our website.

Please note that we do not want to collect or process data related to minors who are under the age of 16.

For what purpose do we collect and process your data?

We will use your personal data for the purpose of recruiting staff for RINF TECH

How long do we keep your personal data?

As a general rule, we will store your personal data for a period of 3 years from their transmission.

Who do we send your personal data to?

As the case may be, we may transmit or provide access to certain personal data to the following categories of recipients:

  • companies within the same group of companies as RINF TECH;
  • Customers, Business Partners of RINF TECH;
  • IT service providers;

If we have a legal obligation or if it becomes necessary to defend our legitimate interest, we may also disclose certain personal data to public authorities.

We do ensure that access to your data by third-party private law entities is done in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

To which countries do we transfer your personal data?

We currently store and process personal data in Romania and England.

In this regard, we will always take the necessary measures to ensure that any international transfer of personal data is carefully managed so that your rights and interests are always protected. The transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, by other safeguards, such as standard contract terms issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of the personal data transferred from within the EU to the United States of America.

You can contact us at any time, using the contact information above to find out more about the countries where we transfer your data, as well as the safeguards we have implemented with regard to these transfers.

How do we protect your personal data security?

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to the industry standards.

We keep your personal data on secure servers using state-of-the-art encryption algorithms and ensuring storage redundancy.

Despite the measures taken to protect your personal data, we mention that sending information on the Internet in general as well as through other public networks is not entirely secure, with the risk that data may be seen and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are under our control.

What are your rights?

The General Data Protection Regulation recognizes a series of rights with respect to your personal data. Which are these? You can ask for access to your data, you can ask us to correct any mistakes in our files and / or you can oppose the processing of your personal data. You can also exercise your right to file a complaint with the competent supervisory authorities or to appeal to the courts. Where applicable, you also have the right to request the deletion of your personal data, the right to restrict data processing, and the right to data portability.

You can get more information about these rights by consulting the table below.

In order to exercise your rights, you can contact us using the contact details listed above. If you want to exercise your rights, it is important to keep in mind the following:

Identity. We take seriously the confidentiality of all records that contain personal data. We reserve the right to verify your identity by requesting additional information to confirm your identity.

Fees. We will not charge you a fee for you to exercise any rights with respect to your personal data unless your request for access to information is groundless, repetitive or excessive, in which case we will charge an amount for such circumstances. Of course, you will be informed in advance of any applicable fees before resolving your request.

Response time. We propose to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made more requests, in which case we will respond within a maximum of two months. We will let you know if we will need more than a month. We may ask whether you can send us more details about your request. This will help us to act faster and shorten the response time for your request.

Rights of third parties. We do not have to respond to a request if it would adversely affect the rights and freedoms of other data subjects.

Rights concerned

Description

Access

You can ask us:

  • to confirm that we process your personal data;
  • to provide you a copy of this data;
  • to give you other information about your personal data, such as the data we have, what we use it for, who we divulge it to, whether we transfer it abroad, and how we protect it, how long we keep it, what rights you have, how you can make a complaint, from where we obtained your data to the extent that the information has not already been provided to you by this notification.

Rectification

You may ask us to rectify or complete your personal data if it is inaccurate or incomplete.

We may try to verify the accuracy of the data before correcting it.

Data deletion

You may ask us to delete your personal data, but only if:

  • it is no longer required for the purposes for which it was collected; or
  • you have withdrawn your consent (if the data processing is based on consent); or
  • you are exercising a legal right to oppose; or
  • it has been illegally processed; or
  • there is a legal obligation in this regard.

We have no obligation to comply with the request to delete your personal data if processing of such data is required:

  • to comply with a legal obligation; or
  • to establish, exercise or defend a right in court;

There are other circumstances in which we are not obliged to comply with your request for data deletion, but the two situations mentioned above are the most probable circumstances in which we may decline this request.

Restriction of data processing

You can ask us to restrict the processing of personal data, but only if:

  • its accuracy is being contested (see the rectification section) to allow us to verify its accuracy; or
  • the processing is illegal, but you do not want the data to be deleted; or
  • it is no longer required for the purposes for which it was collected, but you need it to establish, exercise or defend a right in court; or
  • You have exercised the right to oppose and the verification of whether our rights prevail is underway.

We may continue to use your personal information as a result of a restriction request, if that is the case:

  • we have your consent; or
  • to establish, exercise or secure the defence of a right in court; or
  • to protect the rights of another natural or legal person.

Data portability

You may require us to provide your personal data in a structured format that is currently in use and that can be read automatically, or you may request that it be "ported" directly to another data controller, but in each case only if:

  • the processing is based on your consent or on the conclusion or performance of a contract with you; and
  • the processing is done by automatic means.

Opposition

You may oppose at any time, for reasons related to your particular situation, the processing of your personal data under our legitimate interest if you believe that your fundamental rights and freedoms prevail over this interest.

You can also oppose any time the processing of your data for direct marketing (including profile creation) without any reason, in which case we will cease this processing as soon as possible.

Making automated decisions

You can ask that you are not made the subject of a decision based solely on automatic processing, but only when the decision that is taken:

  • produces legal effects on you; or
  • affects you in a similar way and to a significant extent.

This right does not apply if the decision reached as a result of the automatic decision making:

  • is required to conclude or perform a contract that we have with you;
  • is authorized by law and there are adequate safeguards for your rights and freedoms; or
  • is based on your explicit consent. 

Complaints

You have the right to file a complaint with the supervisory authority regarding the processing of your personal data. The contact details of the data protection supervisory authority in Romania are as follows:

The National Supervisory Authority for Personal Data Processing

B-dul G-ral. Gheorghe Magheru no. 28-30, 1st district, postal code 010336, Bucharest, Romania

Telephone: +40.318.059.211 or +40.318.059.212;

E-mail: anspdcp@dataprotection.ro

Without affecting your right to contact the Surveillance Supervisory Authority at any time, we ask that in such a case to also contact us beforehand and we promise that we will do our best to resolve any issues amicably.   

 

We remind you that you can contact the RINF TECH Data Protection at any time by submitting a request using any of the following communication channels:

  • by e-mail to the address: data-protection@rinftech.com or
  • by mail or courier to the address: Green Court Bucharest, 4 Gara Herastrau Street, Building B, 3rd Floor, District 2, Bucharest, Romania- with the mention to the attention of the RINF TECH Data Protection.