PERSONAL DATA PROTECTION POLICY

This policy refers to aspects related to the protection of personal data of TOTEM Communication based in str. Popa Soare nr. 27, 023981 Bucharest, registered with the Trade Registry under number J40/13710/2003, CUI RO15816821), hereinafter referred to as TOTEM.

Vision

In today’s and especially in the future’s circumstances and business environment, the protection of personal data is essential for us as well as for our Customers and partners. That is why we are committed to protecting our information and that of our Customers and partners, monitoring, evaluating and improving the adequacy and effectiveness of this protection from a personal point of view, methods and assets, including hardware and software.

Mission

Ensuring the protection of personal data, their confidentiality, integrity and availability in accordance with legal, regulated and other requirements assumed in this field.

Scope of application

All activities of processing, transfer and retention of personal data, all personnel involved and all relevant assets in all departments of the company, including hardware, software, storage media, documents and records.

Purpose

The purpose of the Policy is to protect the personal data of TOTEM, its customers, partners and collaborators and data subjects within its projects.

Principles

  • Compliance with laws, fairness and transparency
    Personal data will be collected and processed lawfully, fairly and transparently to protect the individual rights of data subjects.
  • Limitation to the specified purpose
    Personal data will only be collected for explicit and legitimate purposes and will not be processed in a way incompatible with the original purposes.
  • Data accuracy / Data timeliness
    Personal data will be accurate and, where necessary, constantly updated. TOTEM will take all necessary measures to eliminate or rectify inaccuracies promptly.
  • Limitation to necessary data
    Personal data will be adequate, relevant and limited to what is strictly necessary. Personal data will not be kept for longer than necessary.
  • Rights of personal data subjects
    TOTEM respects the rights of all data subjects, including the rights of access to their data, restriction of processing or deletion and their accuracy. TOTEM will provide clear and unambiguous information about the manner and purpose of collecting and processing personal data of subjects.
  • Deletion of personal data
    The retention period of personal data will be defined. TOTEM removes personal data that is no longer necessary in relation to the purposes for which they were collected or if consent is withdrawn and no other legitimate purpose for data processing applies.
  • Data processing security / Data security
    Personal data will be processed safely. Appropriate technical and organizational measures will be taken regarding data security, against unauthorized processing or alteration, against loss or destruction, as well as against unauthorized disclosure and access to personal data transmitted, stored or processed. TOTEM fully ensures integrity, availability, confidentiality and authenticity regarding personal data. In the event of an incident, TOTEM has the ability to restore, in a timely manner, the availability and access to personal data.
  • Implicit protection of personal data
    TOTEM will implement appropriate technical and organizational measures to ensure that only personal data necessary for the specified purposes are processed. The principle of data protection by default will be followed during the development of new products.
  • Responsibility
    TOTEM assumes responsibility for all activities regarding the processing of personal data. TOTEM manifests its responsibility and has the ability to demonstrate compliance.

Final decisions

In order to ensure the success of the mission of ensuring the protection of personal data, TOTEM Communication management has appointed a Data Protection Officer who will carry out the Policy and will provide support and guidance for its implementation.

For the application of this Policy, internal procedures for the protection of personal data have been put into operation.

Each person with a management position in TOTEM is responsible for the implementation and success of this policy in its management area, including the involvement and performance in this regard of the subordinated staff.

Each Employee has the obligation to know, comply and support this Policy and the applicable provisions of the personal data protection documentation communicated by TOTEM.

TOTEM’s Personal Data Protection Policy will be reviewed periodically.

The Personal Data Protection Policy has been approved by TOTEM management.

This Personal Data Protection Policy was last updated on 23.10.2023.