IBB-HIB ROMÂNIA SRL processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and in accordance with Law 190/2018 on measures implementing Regulation (EU) 2016/679.
Personal data privacy is one of the main concerns of our website. Under the provisions of the GDPR (General Data Protection Regulation), our company is required to record, store, use, securely and only for the purposes described below, the personal data you provide. We reserve the right to amend or update, from time to time, this Privacy and Personal Data Processing Policy information document in accordance with national and international regulations. In the event of such changes, we will post the amended or updated version of the Privacy and Personal Data Processing Policy on our website, so please check its content periodically.
The personal data controller is IBB-HIB ROMÂNIA SRL , a Romanian legal entity operating in accordance with Romanian law, with registered office in Pantelimon, Șoseaua de Centură no. 48A, Ilfov county, registered with the Trade Register under no. J23/3436/2021, with CUI RO38092770, telephone: 0312.255.010, e-mail address: firstname.lastname@example.org, website: ibb-hib.ro
For any questions regarding the protection of personal data, or to exercise the rights described in this information document, please contact the Personal Data Protection Officer appointed by IBB-HIB ROMÂNIA SRL at the following contact details:
MEANING OF CERTAIN TERMS
To ensure a better understanding of the information in this document, we have included below the definitions of the main terms used.
These definitions are taken from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and in accordance with Law 190/2018 on measures implementing Regulation (EU) 2016/679.
personal data means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;
processing means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data filing system means any organised structure of personal data which is accessible according to specified criteria, regardless of whether that structure is organised on a centralised or decentralised basis or is allocated on a functional or geographical basis;
controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data;
processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data;
addressee means the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or national law are not considered as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
anonymous data means data which, duet to their origin or the specific way in which they are processed, cannot be associated with an identified or identifiable person;
which personal data does IBB-HIB Romania process?
We collect personal data obtained automatically as a result of accessing our website (e.g. date and time of access, IP address, name and url accessed, etc.), as well as data submitted by you for the creation of your user account, for the purchase of services and products and data processed as a result of contact by you.
We do not collect or process sensitive data as defined in the Regulation.
We may collect and process certain information about your behavior while visiting our website. Behavior evaluation targets the areas of interest on the website as well as the most frequently accessed links on the website in order to personalize your online experience and provide you with offers tailored to your profile.
data provided by you
We collect personal data based on how you use our services. If you contact us to ask for more details about our services and products or to request an offer, we collect any data you provide directly: name, surname, email address, phone number, delivery address, billing details, payment method, bank card details, etc.
1.Because we always want to provide you the best experience, we may collect and use certain information about your user behaviour on our website, we may invite you to complete satisfaction questionnaires after completing an order or we may conduct, directly or with partners, market research and surveys.
We base these activities on our legitimate interest in doing business, always taking care that your rights and freedoms are not infringed.
2. DATA COLLECTED FOR MARKETING PURPOSES
We want you to constantly be informed regarding the best offers for products and services that are of your interest. Thus, we may send you various messages (such as: e-mail/SMS) containing information on similar or complementary products to those you have purchased, offers or promotions, as well as other marketing communications such as market research and surveys.
As a rule, we base our marketing communications on your prior consent. You may exercise your right to withdraw your consent at any time, with effect for the future, without affecting the lawfulness of the processing carried out on the basis of your consent until the date of withdrawal. To withdraw your consent, you may:
Accessing the unsubscribe link displayed within the messages you receive from us;
Contact the Data Protection Officer using the contact details above.
- Data collected to protect our legitimate interests
We have the right to protect our interests and business and may process certain data for this purpose. By way of example, we mention:
- For the prevention and detection of fraud, theft, loss, misuse and the like on computer devices, systems and networks, software programs, databases, servers, emails, and in general on assets and means used by our company;
2. to protect our assets, employees, collaborators, partners and customers;
3. to ensure the proper and correct conduct of our business (e.g. for the correct and complete identification of the work performed, for the invoicing of services to the customer, to prevent the permanent loss of data);
4. to ensure the security and proper use of databases and, in general, personal data processed by the Company for itself or for third parties;
The general basis for such processing is our legitimate interest to conduct our business in the best possible way and to protect our commercial interests by ensuring that any measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
We also base our processing in certain cases on legal provisions such as the obligation to ensure the security of goods and valuables provided for by the applicable legislation in this field.
The data listed above is stored by us and associated with your account.
WHAT ARE THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
for further information by e-mail about our marketing campaigns, according to your expressed preferences;
to know your preferences, to the extent that you have expressly agreed to this;
for further correspondence with you;
for the transmission of requested offers, processing of requests for quotations, and the completion of the steps leading to the conclusion of a contract;
for the purpose of dealing with various requests/questions/submissions made by users.
If we intend to process your personal data for purposes other than those for which we originally collected them and which are not purposes related to the original ones, we will notify you in advance and provide you with all relevant information, with subsequent processing taking place only insofar as there is a legal basis for it.
GROUNDS FOR PROCESSING PERSONAL DATA
consent according to Art. 6 para. (1) lit. a) – The Company will always obtain your consent to the processing of personal data for the purposes mentioned above, unless another legal basis applies.
conclusion and performance of a contract under Art. 6 para. (1) lit. b) – On this basis, the Company will process your personal data for the purpose of concluding and performing the contract that arises between you and the Company when placing orders.
Legitimate interest under Art. 6 para. (1) lit. f) – The processing is necessary for the purposes of complying with the legitimate interests of the Company, unless the rights and freedoms of the data subject prevail. (internal administrative purposes, protection of copyrights, establishment or defence of a legal claim).
What to note about data processed on the basis of consent
In general, your data are not processed on the basis of consent, but on other grounds described above.
In the limited cases where data processing is done on the basis of your consent, we inform you that:
You are under no obligation to provide us with that data or to consent to its processing;
Lack of consent will not affect contractual relationships with us carried out on different grounds;
Lack of consent will not, however, allow us to provide you with real-time information about certain products or services of interest to you, special offers or discounts;
If you have given your consent, you may withdraw it at any time by clicking on the unsubscribe link in the messages you receive from us or by simply notifying us in writing at email@example.com.
You do not need to justify your decision;
Withdrawal of consent means that we will no longer be able to further process that data using consent as a basis. However, depending on the circumstances, we may continue to process such data for limited purposes on other grounds, for example to preserve, exercise or defend our rights in court, to fulfil certain legal obligations or in other similar cases that are closely related to the original processing;
Please also note that withdrawal of consent will not affect processing previously carried out by us on the basis of consent, nor processing of data not carried out on the basis of consent.
how long do we keep the personal data you have provided us for the purposes mentioned above?
The personal data that you have provided us for the purposes mentioned in this document will be kept for as long as necessary to fulfil the purposes described and for as long as necessary to fulfil legal obligations. Relevant in this regard are the provisions of the Tax Code which provide for a retention period of 10 years for tax invoices issued and 5 years for accounting documents, as well as the provisions of any other legislation which impose certain retention periods.
to whom we transmit personal data?
The personal data referred to in this document may be provided to affiliated entities, partners, collaborators of the Operator or other independent legal entities as follows:
We may transmit personal data to companies belonging to the IBB Group given that the Company is part of a group of companies, called IBB Holding;
To IT specialists in charge of the administration and security of the website;
Employees or contractors of the Company with whom the Company has a contractual relationship for the delivery of products/services contracted or requested by you;
Individuals or legal entities acting as authorised persons for the Company in various areas related to the conclusion or performance of the contract;
Accountants, auditors, lawyers, bailiffs and/or other external professional consultants.
Public authorities, persons vested with public authority, public institutions, courts, investigative bodies, if the transmission of personal data is required by law and/or necessary in the event of litigation, etc.
We will enter into legally required contractual clauses with each of them aimed at ensuring the protection of your personal data, including data security and confidentiality.
As of the date of this Policy, our Company does not transfer and does not intend to transfer your personal data to entities or persons outside the European Union.
The suppliers, partners, collaborators mentioned in the above section to whom we transfer personal data are persons/entities who are members of the European Union. However, we cannot exclude that they may transmit your data to other countries, which may or may not be members of the European Union (for example if they have their servers located in the United States). In the contractual clauses that we will conclude with them, we will take into account that these entities/persons will assume the existence of adequate security measures and guarantees aimed at ensuring confidentiality and adequate protection of your personal data.
In the event that the Company transfers personal data to entities/persons outside the European Union, we will ensure that appropriate personal data protection measures are in place, or we will seek your consent to such transfers, with your prior information on the potential risks involved. In exceptional situations where it will be necessary to transfer data outside the European Union and the above conditions are not met, we will ensure that the transfer will only take place in cases where the law allows express exemptions (e.g. Article 49 of the GDPR Regulation).
how we protect the security of personal data
IBB-HIB ROMANIA is committed to ensuring the security of personal data by implementing appropriate technical and organisational measures in accordance with the standards in force.
Due to the fact that personal data is transmitted electronically, there may be a risk of interception, loss, copying of information by unauthorized persons through the use of interception equipment or software. Upon users’ request, the Company will take all necessary measures and will make available all necessary files to the competent authorities in charge of solving this type of crime. We cannot be responsible for such vulnerabilities of systems not under our control.
The Company cannot be held responsible for errors arising from the user’s negligence regarding the security and confidentiality of his/her account and password.
Any access to the database of personal information by users of the ibb-hib.ro platform, including any unauthorized access attempts, will be logged in an access file. Access files will make it possible for ibb-hib.ro to identify individuals who have accessed personal data without a legitimate reason in order to refer them to the competent authorities. Any attempt to access another user’s personal data, to modify the content of the site or to affect the performance of the server on which ibb-hib.ro runs will be considered an attempt to defraud the site.
WHAT YOUR RIGHTS ARE IN RELATION TO THE PROCESSING OF PERSONAL DATA
Right of access to personal data under Article 15 GDPR: you have the right to obtain information about whether or not your personal data is being processed, the right to obtain access to your data or a copy of such data that we hold, and the right to obtain information about the type, processing and disclosure by us of such data, or about the source of personal data, if such data has not been collected directly from you.
the right of data rectification under Article 16 GDPR: you have the right to obtain rectification of your data that we process or control, if they are inaccurate as well as the completion of data that are incomplete.
the right of data erasure („right to be forgotten”) under Article 17 GDPR: you have the right to request the erasure of your data that we process, in cases provided for by law.
the right to restrict the processing of your data under Article 18 GDPR: you have the right to request restriction of the processing of your data, in some situations provided for by the Regulation (e.g. if the duration of storage or processing of your data has expired but before we proceed to erase it, you ask us to do so in order to defend, exercise or establish a right in court.
the right to data portability under Article 20 GDPR: you have the right to receive personal data concerning you that you have provided to us. In case of such a request. You have the right to receive the data in a structured, commonly used and machine-readable format; you also have the right to transmit this data to another Controller without any restriction on our part.
Right to object under Article 21 GDPR: you have the right to object to the processing of personal data depending on your particular situation. IBB-HIB ROMANIA will no longer process personal data, unless it demonstrates that it has legitimate grounds for the processing which override your rights and freedoms or the purpose of establishing, exercising or defending a legal claim.
Automated decision-making, including profiling under Article 22 GDPR: the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly affects you to a significant extent.
In addition to the above-mentioned rights, you have the right to contact the National Supervisory Authority for Personal Data Processing in order to resolve any unpleasant situation that may arise in relation to the security of your personal data (address: B-dul G-ral Gheorghe Magheru 28-30, sector 1, postal code 010336, Bucharest, Romania, tel. +40 312 255 010, email: firstname.lastname@example.org
Authentication and security:
To log in to IBB-HIB.RO
To protect your security
To help detect and fight spam and other activities that violate IBB-HIB agreements
For example, cookies help authenticate your access to IBB-HIB UK and prevent unauthorized parties from accessing your accounts.
To store data about your browser and preferences.
To remember settings and other choices you make
For example, cookies help us to remember your preferred language or country so that we can provide content in your preferred language without asking you each time you visit.
Analytical functions and research
To help us improve and understand how people use IBB-HIB
For example, cookies help us test different versions of IBB-HIB UK to see what features or content users prefer, web beacons help us determine which email messages are open, and cookies help us see how you interact with IBB-HIB UK, such as the links you click.
These service providers may either collect this data on their own or it may be disclosed to them by us.
You can opt-out of some of these services through Tools such as the Google Analytics Opt-Out Browser Opt-Out Form
To personalize IBB-HIB Romania with more relevant content
For example, cookies help us to display a personalised list of recommended courses on the homepage.
To give you more relevant advertising
To learn more about specific cookies and advertising and how you can opt-out, visit the Your Choices Online website if you are in the European Union or www.allaboutcookies.org/manage-cookies/index.html.
Please note that when advertising technology is integrated into the Services, you may still receive advertising materials on other websites and apps, but these will not be tailored to your interests.
When you use mobile apps, you may also receive personalised in-app advertising materials. Apple iOS, Android OS and Microsoft Windows each provide their own instructions on how to control personalised in-app advertising materials. For other devices and operating systems, you should review your privacy settings or contact your platform operator.
What are my privacy options?
Most browsers accept cookies automatically, but you can change your browser settings to reject cookies by consulting your browser’s help articles. If you decide to reject cookies, please note that you may not be able to sign in, personalize or use some interactive features of the Services.
Flash cookies work differently than browser cookies, so your browser’s tools for managing cookies may not remove them. To learn more about how to manage Flash cookies, see Adobe’s Flash cookie management article and the settings panel for storing them on websites.
To opt out of ads displayed by Google or to customize your Google display network ads, visit the Google Ads settings page.
For general information about specific cookies and how to disable them, visit www.allaboutcookies.org.
Updates and contact information
Processing of personal data
The personal data controller is IBB-HIB Romania, a Romanian legal entity with registered office in Pantelimon, Ilfov, Șoseaua de Centură nr. 48A, 077145, telephone 0312.255.010, email address: email@example.com, registered at the Trade Register under no. J23/3436/2021 with CUI RO38092770, bank account RO87MIRO0000906634450101, opened at ProCredit Bank – Victoriei branch, legally represented by Iulian Crăciunescu.