Version 1 \ 01.11.2019
This policy specifies the manners of collecting, using and protecting the personal data of customers, suppliers, contractors applying for a job at I3T EOOD and other individuals providing their personal data to our company.
The policy is an integral part of the implemented Personal Information Management System. In developing it, we have been guided by the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and by the Law on Personal Data Protection.
We have taken the necessary measures to bring our activities in line with best practices and legal requirements aimed at protecting the information and its confidentiality. When collecting personal data of our customers, we follow the principles of the minimisation of the personal data being processed, legality, transparency and security. We strive to process only personal data that is essential and appropriate for the purposes of the company's business.
This policy applies to personal data collected through our website, by phone, in person, by e-mail, through related social media applications, by sending and receiving data from suppliers, contractors and partners of I3T EOOD and through technical devices used in providing our services. This policy also explains your rights as regards your personal data and how you can exercise such rights.
In the event that you refuse to provide your personal data required by us to render a service, we may be unable to provide you with the requested services.
When you share personal data with us, we process it in accordance with this Policy. Please read carefully the information contained therein. Should you have any questions or should you need further clarification on the processing of your personal data, please do not hesitate to contact us at: firstname.lastname@example.org
I3T EOOD shall process those personal data that is necessary and related to our activities, while acting as an administrator or processor of personal data - depending on the case.
Depending on your relationships with I3T EOOD and the way of communication with us, we shall collect and process various types of personal data.
When visiting the company's website, we use automatic technologies to collect: your internet protocol address (IP identifies a device on the internet or a local network representing the identifier that allows information to be sent between devices on a network); login information, browser type and version, time zone settings, browser types and versions; information about the operating system and platform used; information about your visit and duration, including URLs that go to, through and from our website, as well as other similar information and statistics about your interactions.
In certain cases, I3T EOOD will process personal data of individuals:
When contacting us we recommend not sending information more detailed than that we need as specified hereinabove, including information that contains sensitive personal data (information on racial and ethnic origin, religious and political beliefs, membership of trade unions and political organizations, sexual orientation, health status, etc.). If, however, such data is sent to us by e-mail or other communication channel, we will not accept and process it. We will immediately take the possible practical measures to delete it, taking into account the way it has been sent to us.
In order to improve our services and the quality of service, we shall process personal data contained in customer feedback forms, customer surveys and inquiries, statistics, data from complaints, claims and compliments. If possible, we shall process this data in an anonymized form.
For direct marketing purposes (based on your consent or our legitimate interest) we shall use your contact information to inform you about products and services offered by us and our partners, to send greeting cards and information on advertising campaigns. Should you do not wish to be contacted by us for this purpose, you may object to that as set out in the "Your Rights" section.
We always process personal data in connection with a product or service we provide, and the processing is necessary to achieve any of the following purposes:
Depending on the purpose for which the data is used, the legal grounds for processing personal data may be one or more of the following:
If you provide us with your consent, we shall process your data for the following marketing purposes:
You could withdraw your consent you have given at any time by contacting us. If you refuse your data to be processed for marketing purposes, it will not be used in the future for the stated purposes. Withdrawal shall not affect the lawfulness of the processing prior to receipt of the refusal.
We undertake to protect and safeguard your data by working only with trusted partners and suppliers. We shall never provide or sell your data. We respect your rights and always strive to comply with your requests as far as possible in accordance with our legal and operational responsibilities.
Your personal data may be processed on our behalf and by our trusted suppliers and subcontractors. We may entrust services that require processing of your personal data to providers of IT services, hosting services that may contain information about you, social networks, web analytics and search engines, use of tools to refine user-generated content, postal services and deliveries, advertising, marketing, digital and social media agencies to assist us in arranging advertising and marketing campaigns, analyzing their effectiveness and managing your contacts and questions.
We may share your personal information in order to comply with our legal and corporate obligations, to prevent fraud and/or to protect our interests or to improve our services.
When we protect our rights and legitimate interests and if we use the services of external consultants, lawyers, auditors, etc., we shall disclose to them the amount of personal data on the need-to-know basis in order to assist us and to provide the services for which we have hired them.
We may also provide your personal data to third parties in the event that:
You could obtain more information about who we share with and in what cases we share your personal data after sending an inquiry to I3T EOOD to the contact details specified hereinabove.
We shall store your personal data only for a minimum time period necessary to meet your needs, to achieve the objectives set out herein, as well as where by operation of law or international agreement we are obliged or entitled to store it for a longer period of time. Where we no longer need your personal data, we shall delete it or make it anonymous so that you can no longer be identified thereby. In order to determine the retention period of your personal data, we shall apply the following criteria:
Where there are cookies on your computer, we shall keep them for as long as necessary to fulfill their purposes (for example, for the duration of the login session).
You should keep in mind that during pending court and/or out-of-court proceedings, the data provided to us and stored may be subsequently processed for the purposes of such proceedings.
We shall process your personal data only in accordance with the objectives and within the time periods specified hereinabove.
When we collect personal data, we do so in a minimal amount and only for preliminary clearly defined purposes and retention periods. We provide access to the data only to a limited number of persons who have been previously trained and instructed on how to deal with the data.
I3T EOOD has implemented an Information Security Management System in accordance with the requirements of ISO/IEC 27001, thereby ensuring the maintenance of adequate security measures for the protection of information and in particular personal data. The risk assessment, including the risk assessment as regards the rights and freedoms of the data subjects, is integrated with our Information Security Management System.
All users should be aware of the many risks associated with information security and should take appropriate steps to protect their own information and information processing devices. We do not assume any responsibility for violations that occur as a result of actions or omissions beyond our control.
As a data subject, you are entitled to receive confirmation and/or detailed information about your personal data being processed, including a copy of your personal data processed (right of access).
In addition, you may object to the collection and further processing of your personal data, as well as ask it to be corrected (updated) or deleted (when we do not have a valid legal grounds to continue processing it).
It is also important to know that you can withdraw your consent to the processing of personal data at any time. You can exercise this right only for those categories of personal data that we process on the basis of your consent.
To ask questions about your rights or should you wish to exercise any of them, please contact us at the contacts listed hereinabove.
We will respond to any of your requests without undue delay within a 30 days period as from receiving the request. Should we are unable to do so for reasons beyond our control, we will notify you in a timely manner stating the reasons for such delay.
In the event of doubt, we may request additional information to verify your identity. This shall be done so as to protect your rights and privacy.
If you wish to exercise any of the above rights and such request is obviously groundless, or if you particularly often wish to exercise your right, we may require you to pay an appropriate processing fee or even reject your request.
This Policy is part of the Personal Information Management System implemented in I3T EOOD and is subject to periodic review and update, which will be announced on the company's website.