|Type of data subject:||CLIENT BUSINESS PARTNERS – NATURAL PERSONS (SUPPLIERS, RECIPIENTS, ETC.) OR REPRESENTATIVES OF THE CLIENT SUPPLIERS, RECIPIENTS, ETC|
|Communication method:||DISPLAY ON THE WEBSITE|
In accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (“GDPR”), as the controller/processor of the controller (“PD”), inform the Data Subject, and he/she takes note of the mandatory information below, regarding the processed PD.
The law means: GDPR and any other DCP protection rule. The meaning of the terms below is the one used in these normative acts.
PD processed by Fespore IT:
As controller: NOT APPLICABLE.
As processor of the controller: Name, telephone, email, address and any other PD obtained for the purpose and on the basis mentioned.
- BASIC INFORMATION REGARDING THE PROCESSING OF PD
- Identity and contact details
Client of FESPORE IT in accordance with the concluded agreement.
Identification: FESPORE IT SRL, headquartered in Bucharest, District 4, No. 17 Sold. Nicolae Barbu Alley, Floor 2, Apt. 10,
Representative: Sanda Laurenția, email: email@example.com.
- Contact data of the DPO (FESPORE IT)
Vlad Retca: email at: firstname.lastname@example.org; post to: Bucharest, District 4, No. 17 Sold. Nicolae Barbu Alley, Floor 2, Apt. 10
- PD processing activities
Processing operations can mainly be:
access to PD by the authorized persons of the Controller/Controller’s processor;
storage of PD in the physical archive or in electronic format, on the infrastructure of the Controller/Controller’s processor or of authorized persons;
transfer of PD to specified third parties;
other processing operations carried out for the purpose and on the basis of those grounds.
The basis of processing is:
art. 6 (1) (b) GDPR – the processing is necessary for the conclusion/execution of the contract between the Controller and the Data Subject;
art. 6 (1) (c) GDPR – the processing is necessary for the fulfillment of the legal obligations of the Controller regarding accounting;
art. 6 (1) (f) GDPR – the processing is necessary for the realization of the legitimate interest of the Controller: to carry out its commercial operations.
- Purpose of PD processing
The purpose of PD processing is:
Delivery planning and tracking.
- The legitimate interest on the basis of which the PD is processed, if any
The legitimate interest is: to carry out its commercial operations.
- PD recipients, if applicable
PD is transferred to: AWS, Netopia MobilPay, Paypal, Paylike, Mongo Atlas, Firebase, SmartBill, FullStory, Hotjar, Google, Facebook, Mailchimp, Hubspot, Zoho Mail, WooComerce, Shopify, Emag, Cel Marketplace, Magento.
Other service providers in accordance with the development of the Platform.
- Intention to transfer PD to a third country, if applicable
PD is transferred to non-EU countries, i.e. the USA, Canada, Switzerland and other third countries on the basis of appropriate safeguards.
- ADDITIONAL INFORMATION PROCESSING PD
- PD storage term, if applicable
The PD is stored until it is no longer needed, the law permits erasure and any legal conflict is resolved.
The PD is also erased when an erasure request is received and all the conditions above are meet.
- Right to object of the Data Subject
Right to object. At any time, for reasons related to his/her particular situation, in the case of processing under Article 6 (1) (e) or (f) of the GDPR (legitimate interest of the Controller or public interest), the data subject has the right to request the cessation of any processing of PD, according to the Law (for example: if the data subject invokes reasons related to the personal situation in connection with certain processed PD). However, a request based on the right to object to processing will not always be satisfied by the Controller, if the Controller has legitimate and compelling reasons justifying the processing and prevailing over the interests, rights and freedoms of the Data Subject or if the purpose is to establish, exercise or defend a right of the Controller in court.
- Other rights of the Data Subject
The right of access. At any time, the Data Subject has the right of access to the PD that the Controller or its partners process. In this regard, the data subject has the right to obtain information on issues such as: the nature, processing and disclosure of PD to third parties.
The right to rectification. At the request of the Data Subject, the Controller will rectify any error or inaccuracy regarding PD.
“The right to be forgotten.” At any time, the Data Subject has the right to request the deletion of the PD that the Controller or his partners process, for certain reasons (e.g. if the purpose of the PD processing has been fulfilled). However, a request based on the right to be forgotten will not always be satisfied by the Controller (e.g. if PD is required to establish, exercise or defend the Controller’s right in court).
The right to restrict processing. Under the conditions provided by law, the data subject has the right to restrict the processing of PD (e.g. if the data subject disputes the accuracy or correctness of the PD). In this case, the processing can only be performed with the consent of the data subject, with certain exceptions (e.g. PD storage).
The right to PD portability. Under the conditions provided by law, the data subject has the right to request that the PD concerning him/her and which he/she has provided be transmitted to another PD operator in a structured format, currently used and which can be read automatically. In this case, the Controller will send the PD in the above format, to the controller indicated by the Data Subject.
The right to withdraw consent. When PD is processed on the basis of the data subject’s consent, the data subject may withdraw it at any time. Withdrawal of consent will not affect past processing, but may preclude future processing. In principle, PD are not processed under the consent of the data subject, but it will be possible in the future to do so, in which case the right to withdraw consent will become applicable.
The right to address the supervisory authority. For PD processing that falls within the competence of the Romanian authorities, the Data Subject may file a complaint to the National Authority for the Supervision of Personal Data Processing (http://www.dataprotection.ro).
- Consequences of not providing PD, if applicable
The data subject can refuse the provision of PD. However, this will prevent delivery.
- PD source (other than the Data Subject), if applicable
PD is received from the Client.
- Existence of an automatic decision-making process
The Data Subject is not subjected to an automatic decision-making process.