The provisions of this System Procedure comply with Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data which establishes a unique set of rules, directly applicable in all member states of the union, intended to protect the private life of natural persons on the territory of the Union European.
The principles and rules established by the General Data Protection Regulation concern a fundamental right of the person – the right to the protection of personal data, guaranteed by art. 8 of the Charter of Fundamental Rights of the EU and art. 16 of the EU Treaty.
This System Procedure regulates the methodology by which the data subjects can exercise their rights provided for in European Regulation 679/2016 on the protection of personal data.

DEFINITIONS AND ABBREVIATIONS
– personal data means any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;
– processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction , consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
– operator means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law; SC EXPERTAROM FOOD INGREDIENTS SRL – is the operator ;
– recipient means the natural or legal person, public authority, agency or other body to whom (to whom) the personal data is disclosed, regardless of whether it is a third party or not. However, public authorities to whom personal data may be communicated in the framework of a certain investigation in accordance with Union law or internal law are not considered recipients; the processing of this data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing;

DESCRIPTION OF THE PROCEDURE
GENERAL
According to the provisions of Regulation no. 679/2016 (General Data Protection Regulation) SC the data subject has the following rights:
– right of access;
– the right to rectification;
– the right to delete data (“the right to be forgotten”);
– the right to restrict processing;
– the right to data portability;
– the right to opposition;
– the right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles.

METHOD OF EXERCISE OF RIGHTS
In order to exercise the rights provided by the General Data Protection Regulation, the data subject must send a written, dated and signed request to the company’s headquarters or to the email address dpo@expertarom.com or he can submit the application in person at the company headquarters.
In order to facilitate the exercise of the rights provided by the General Regulation on data protection, the data subject has at his disposal models of requests in this sense ( Requests for the exercise of rights ) located both at the company’s headquarters and on the company’s website: www.bwt-ro.ro
In the case of submitting the request at the headquarters, the security guard will hand over the request to the Data Protection Officer in order to resolve it.
Requests are registered by the Data Protection Officer in the Entry-Exit Register regarding the protection of personal data.
After identifying the person concerned, his request will be analyzed by the Data Protection Officer , together with the heads of the departments that are involved in personal data processing operations.
If the Data Protection Officer has reasonable doubts about the identity of the natural person who submits the request with the object of exercising one of the mentioned rights, he may request the provision of additional information necessary to confirm the identity of the person concerned.
The response to the data subject’s request will be formulated within 30 days at most from the receipt of the request. This period may be extended by two months when necessary, taking into account the complexity and number of applications.
The data subject will be informed of any such extension, within 30 days of receiving the request, with the reasons for the delay.
If the data subject submits a request in electronic format, the information is also provided in electronic format where possible, unless the data subject requests a different format and to a different address.
If the application is submitted through a representative, his/her identity data must be communicated, as well as the power of attorney given in this regard.
If requests from a data subject are manifestly unfounded or excessive, in particular due to their repetitive nature, the controller has the right to:
– either charge a reasonable fee taking into account the administrative costs for providing the information or communication or for taking the requested measures;
– or refuse to comply with the request.

Exercising the rights is free for a single request during a year.
The concerned persons dissatisfied with the response to the request, the object of which is the exercise of a right provided for by the General Data Protection Regulation, can submit a complaint to the National Authority for the Supervision of the Processing of Personal Data at its headquarters in B-dul G-ral Gheorghe Magheru no. 28 -30, sector 1, Bucharest, postal code 0103336, e-mail: anspdcp@dataprotection.ro or they can contact the court.

 

*This document was automatically translated using Google Translate from Romanian. For accurate information, we recommend contacting us at dpo@expertarom.com