Purpose of using personal data by MG ELECTRIC AUTOMATION S.R.L.
MG ELECTRIC AUTOMATION S.R.L. collects, records, organizes, stores, and uses data to administer, maintain, improve, and obtain feedback on the services it provides, as well as to prevent errors and information leaks through its own IT network, violations of the law or contractual terms.
Marketing
MG ELECTRIC AUTOMATION S.R.L. collects and updates information about customers of its services and users of its websites, as well as about suppliers with whom it interacts regularly. This information can be obtained either directly from you or from third parties, or automatically, when using MG ELECTRIC AUTOMATION S.R.L. services through cookies and traffic reports generated by the servers hosting the website www.mgelectric.ro.
User Rights
In the context of personal data processing, users have the following rights:
The right to be informed:
(1) If personal data is obtained directly from the data subject, the operator is obliged to provide the data subject with at least the following information, unless the data subject already has this information:
- The identity of the operator and his representative, if any;
- The purpose of the data processing;
- Additional information, such as: the recipients or categories of recipients of the data; whether the provision of all requested data is mandatory and the consequences of refusing to provide it; the existence of the rights provided by this law for the data subject, in particular the right of access, intervention, and opposition, as well as the conditions under which they can be exercised;
- Any other information that the supervisory authority requires to be provided, taking into account the specific nature of the processing.
(2) If the data is not obtained directly from the data subject, the operator is obliged to provide the data subject with at least the following information, at the time of data collection or, if it is intended to be disclosed to third parties, at the latest by the time of the first disclosure, unless the data subject already has this information:
- The identity of the operator and his representative, if any;
- The purpose of the data processing;
- Additional information, such as: the categories of data concerned, the recipients or categories of recipients of the data, the existence of the rights provided by this law for the data subject, in particular the right of access, intervention, and opposition, as well as the conditions under which they can be exercised;
- Any other information that the supervisory authority requires to be provided, taking into account the specific nature of the processing.
(3) The provisions of paragraph (2) do not apply if the data processing is carried out for statistical, historical, or scientific research purposes, or in any other situations where the provision of such information proves impossible or would involve a disproportionate effort compared to the legitimate interest that could be harmed, as well as in situations where the recording or disclosure of data is expressly provided for by law.
Right of access to data
(1) Any data subject has the right to obtain from the operator, upon request and free of charge for one request per year, confirmation of whether or not data concerning him or her is being processed by the operator. The operator is obliged, if he or she processes personal data concerning the applicant, to communicate to the applicant, together with the confirmation, at least the following:
- a) Information on the purposes of the processing, the categories of data concerned and the recipients or categories of recipients to whom the data is disclosed;
- b) Communication in an intelligible form of the data that is the subject of the processing, as well as any information available regarding the origin of the data;
- c) Information on the principles of operation of the mechanism by which any automatic processing of data concerning the person concerned is carried out;
- d) Information on the existence of the right of intervention and the right of opposition, as well as the conditions under which they can be exercised;
- e) Information on the possibility of consulting the register of records of personal data processing, of submitting a complaint to the supervisory authority, and of addressing the court to challenge the decisions of the operator, in accordance with the provisions of this law.
(2) The data subject may request from the operator the information provided for in paragraph (1) by means of a request drawn up in writing, dated and signed. In the request, the applicant may indicate whether he or she wishes the information to be communicated to him or her at a specific address, which may also be an e-mail address, or through a correspondence service that ensures that the delivery will be made only to him or her personally.
(3) The operator is obliged to communicate the requested information within 15 days from the date of receipt of the request, respecting the possible option of the applicant expressed according to paragraph (2).
Right to Access and Correct Personal Data
(1) Upon request, the data subject has the right to obtain from the controller, free of charge:
- Where applicable, the rectification, updating, blocking or erasure of data whose processing does not comply with this law, in particular incomplete or inaccurate data;
- Where applicable, the anonymization of data whose processing does not comply with this law;
- Notification to third parties to whom the data has been disclosed of any operation carried out under points (a) or (b), if such notification does not prove impossible or involves a disproportionate effort compared to the legitimate interest that could be harmed.
(2) To exercise the right provided for in paragraph (1), the data subject shall submit a written request to the controller, dated and signed. In the request, the applicant may indicate whether he/she wishes the information to be communicated to him/her at a specific address, which may also be an electronic mail address, or through a correspondence service that ensures that delivery will be made only to him/her personally.
(3) The controller is obliged to communicate the measures taken under paragraph (1), and, if applicable, the name of the third party to whom the personal data concerning the data subject have been disclosed, within 15 days of receipt of the request, respecting any option expressed by the applicant in accordance with paragraph (2).
Right to Object
(1) The data subject has the right to object, at any time, for reasons related to his/her particular situation, to the processing of data concerning him/her, except where there are contrary legal provisions. In the case of justified opposition, the processing may no longer concern the data in question.
(2) The data subject has the right to object at any time, free of charge and without any justification, to the processing of data concerning him/her for the purpose of direct marketing, on behalf of the controller or a third party, or to the disclosure of such data to third parties for such purposes.
(3) In order to exercise the rights provided for in paragraphs (1) and (2), the data subject shall submit a written request to the controller, dated and signed. In the request, the applicant may indicate whether he/she wishes the information to be communicated to him/her at a specific address, which may also be an electronic mail address, or through a correspondence service that ensures that delivery will be made only to him/her personally.
(4) The controller is obliged to communicate to the data subject the measures taken under paragraph (1) or (2), and, if applicable, the name of the third party to whom the personal data concerning the data subject have been disclosed, within 15 days of receipt of the request, respecting any option expressed by the applicant in accordance with paragraph (3).
Right not to be subject to an individual decision
(1) Any person has the right to request and obtain:
- The withdrawal or cancellation of any decision which produces legal effects concerning him/her, taken exclusively on the basis of a processing of personal data, carried out by automatic means, intended to assess certain aspects of his/her personality, such as professional competence, credibility, behaviour or any other similar aspects;
- The reevaluation of any other decision taken concerning him/her, which significantly affects him/her, if the decision was taken exclusively on the basis of a processing of data which meets the conditions laid down in point (a).
(2) Compliance with the other safeguards provided for in this law, a person may be subject to a decision of the nature referred to in paragraph (1) only in the following situations:
- The decision is taken in the context of the conclusion or performance of a contract, on condition that the request for the conclusion or performance of the contract, made by the data subject, has been satisfied or that certain appropriate measures, such as the possibility of expressing his/her point of view, are guaranteed to protect his/her own legitimate interest;
- The decision is authorized by a law which specifies the measures to guarantee the protection of the legitimate interest of the data subject.
Right to erasure
- The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing.
- The data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing where it is carried out for direct marketing purposes.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation which applies to the controller in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services.
- Where the controller has made the personal data public and is obliged, under paragraph 1, to erase the personal data, the controller, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or reproduction of, those personal data.
Right to judicial remedy
- Without prejudice to any other administrative or judicial remedy, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed.
- An action brought by a data subject against a controller or processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such an action may be brought before the courts of the Member State where the data subject has his or her habitual residence.
- The application for a judicial remedy shall be exempt from court fees.
Security measures
In order to implement the technical and organizational measures necessary to maintain the confidentiality and integrity of personal data, the controller shall comply with the minimum security requirements for the processing of personal data developed by the supervisory authority, taking into account the state of the art and the cost of implementation, in order to ensure an appropriate level of security, having regard to the risks presented by the processing and the nature of the data to be protected.
Training of personnel
Within the framework of user training courses, the controller is obliged to inform/train them on the following aspects:
- The provisions of Law no. 677/2001 for the protection of persons with regard to the processing of personal data and the free movement of such data, and the minimum security requirements for the processing of personal data.
- The risks involved in the processing of personal data, depending on the specific activity of the user.
- Maintaining the confidentiality of personal data, in which case users will be warned by messages that will appear on the monitors during their activity, and users will also have the obligation to close the work session when they leave their workplace.
Use of computers
In order to maintain the security of the processing of personal data (especially against computer viruses), the controller shall take the following measures:
- Prohibiting the use by users of software programs that come from external or dubious sources.
- Informing users about the danger of computer viruses.
- Implementing automatic virus scanning and computer security systems.
- Deactivating, as far as possible, the “Print screen” key when personal data are displayed on the monitor, thus prohibiting their printing.
Contact
For any other information regarding the collection, archiving and protection of personal data, please send us an email at office@mgelectric.ro
Update
These Privacy Terms are updated as needed. Please read these terms periodically to stay up-to-date on what information MG ELECTRIC AUTOMATION S.R.L. collects, uses and transmits.