PERSONAL DATA PROTECTION INFORMING NOTE FOR USING THE WWW.TOTEM.COM.RO WEBSITE
“www.totem.com.ro” or “the website” means Totem Communication’ presentation page.
“Personal data” means the information referring to any identified or identifiable individual.
“TOTEM” means Totem Communication S.R.L..
” (Personal Data Protection) Informing Note” means this document.
“GDPR” – we refer to the 679/2016 (EU) Regulation on natural persons’ protection with respect to personal data processing and with respect to these data’ unrestricted circulation, as well as of revoking of the 95/46/EC Directive.
“The person in view”, that is an identified or identifiable person. An identifiable natural person is a person who can directly or indirectly be identified, especially by a reference to an identification item, such as a name, identification number, locating data, online identifier, or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.
“Cookie”, small sized file made of letters and numbers that will be stored on a user’s computer, mobile terminal or other equipment the Internet is accessed from. The cookie gets installed by means of a request sent by a web server to a browser (for instance, Internet Explorer, Chrome) and is completely “passive” (does not contain any software, viruses or spyware and cannot access the information on user’s hard driver).
TOTEM, as a data processor, may be, as well, referred to within this Informing Note by the words “we”, “us”, “our” and other first person plural forms.
Area of applicability
This Informing Note is applicable to the information we collect about you both directly from you and from the reports on the traffic recorded by the site-hosting servers, as well as by means of cookies. The information is collected during your interactions with the website www.totem.com.ro.
Why do we need your data and why we collect it?
In order to ensure the www.totem.com.ro website functioning, we collect from you and use a series of personal data, the way the latter is described in the list below. The data we process is not special personal data, the way the latter is defined by the law in force (for instance, health condition, etc. data).
TOTEM Communication collects information from their website’s visitors in the following ways, but not limiting themselves to the latter: a) information that you voluntarily provide us (When using the form on the site, when you contact us by phone or email or communicate to us in any manner, you voluntarily give us the information that we process. This information includes name, surname, email address and telephone number). b) Information that we automatically collect (When you navigate on our website, it is possible that we collect information related to your visit on the site. This information may include IP address, operating system, browser, navigation activity and other information regarding the way you have interacted with the site. We can collect this information by using cookies, the reports on the traffic recorded on the site-hosting servers, or other similar technologies).
Information directly provided by the visitor
The data we collect by means of the contact form is represented by: your name, the email address and the message transmitted. This data is necessary for us to respond to the message you send us. When you contact TOTEM Communications by means of the contact form on the www.totem.com.ro site, we will deem all information collected from you as confidential and we will not share it with third parties without your prior and expressed consent.
Information from the server traffic report
When you visit our site, you disclose certain information about yourself, namely: your IP address, the time of your visit, the website you came from when you accessed our website, www.totem.com.ro, as well as other websites, records this information in order to be able to personalize its content, to protect itself from external attacks directed against its technological capabilities or to track, throughout the time, the traffic registered on the website and on the pages most accessed by its readers, in order to improve the content of the website.
Information from cookies
We do not sell, rent or otherwise disclose your personal data to third parties.
How do we use and distribute the information about you?
- We may use information about you:
- to answer your questions and requests;
- to defend ourselves against cyber-attacks;
- to provide and improve the services we offer.
- for marketing purposes, but only in the situation when you gave your prior consent.
Which is the legal basis for processing your data?
TOTEM Communications created the site www.totem.com.ro to inform their clients or other interested categories of persons, to promote their services and to become known in the online environment.
The legal basis for processing the visitors’ personal data is our legitimate right to make our company known on the Internet, to promote ourselves to our clients or potential clients and to communicate with them. The collected data helps us know our website’s visitors better and to adapt its content according to the traffic information. As well, some of the collected data is needed to prevent cyber-attacks and make criminal prosecution possible, in which case the legal basis for data processing is the defense of a right in court.
According to the law in force, consent is not required if the processing is necessary for carrying out actions for the conclusion of a contract, the fulfillment of a legal obligation or the legitimate interest.
The collected data is not used for any purpose other than those declared. The processing by us of your personal data is designed in such a way that it prevents the processing of your data for a secondary purpose, incompatible with the primary purpose for which your personal data was initially collected. If, however, this happens, you will be informed before the processing of your personal data for a secondary use occurs. The data collected are adequate, relevant and limited to what is strictly necessary for TOTEM Communication. If you voluntarily provide more information, they will not be taken into consideration and will be immediately deleted.
Who do we share your data with and how do we keep it?
We may disclose your personal data (described above) under the following circumstances:
- if you expressly request this to us or authorize the disclosure;
- the information is provided to our agents, employees, suppliers or service providers performing functions on our behalf;
- information is provided to comply with the law (for example, to comply with a search warrant, a subpoena or a court order), impose an agreement we have with you or to protect our rights, property or the safety or rights, property or safety of our employees or of others;
- if we talk about dealing with emergencies or force majeure cases
- if the disclosure is necessary to resolve disputes, claims or for the persons having a legal or beneficial interest;
TOTEM Communications may disclose your personal data to one or more of the following categories of recipients:
- You, your representatives or other parties with your consent or instructions, upon request, that is, we may transmit the information to third parties to whom you consent or request us to make such disclosure.
- To employees and collaborators of TOTEM Communication, in accordance with their specific duties
- To entities that TOTEM Communication empowers: Easyhost SRL (website hosting), Google Inc. (traffic analysis and statistics), Microsoft Ireland Ltd (cloud storage)
- To Courts, Prosecutors’ Offices or other central/ local public authorities, at their request, in order to comply with the law or in response to a mandatory legal procedure (such as a search warrant or a Court decision);
The personal data disclosed to the above mentioned authorized entities may be all data processed about you previously mentioned. The personal data is provided to the hosting services and traffic analysis providers because TOTEM Communication uses their services to ensure the good functioning of their website. Data is provided to the cloud service provider because TOTEM stores the databases by using cloud computing.
These entities are carefully selected to ensure that they meet the specific requirements regarding personal data security and protection. The providers of these services have been selected after examining the security and privacy measures and practices about which you can read more here: https://ro.easyhost.com/legal/confidentialitate , https://ro.easyhost.com/legal/termeni-si-conditii ,https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008 , https://www.microsoft.com/en-us/trustcenter/security/office365-security
The disclosure of your personal data to our authorized parties is based on accords, agreements or written contracts. These entities have a limited ability to use your information for purposes other than providing us the services. If, in the future, we disclose your personal data to other categories of recipients, then we will inform you about the moment of the disclosure and the names of the recipients.
We keep the information we collect about you in the databases of our authorized providers or on our servers. This information can only be accessed by the personnel of the authorized entities or of TOTEM directly involved in the administration of the website and its services. We will keep this information for as long as is necessary to fulfill these objectives and as long as it is permitted or required by the law in force.
We may collect aggregate data about our members and site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertising agencies and/or other third parties for statistical, marketing or promotion purposes.
We will not disclose your information to third parties, to be used for their own marketing or commercial purposes, without your consent.
Where are your personal data transferred?
Our site uses Google Analytics, a service of web analysis provided by Google, Inc. (“Google”) that helps us constantly analyse the way the users utilise our site. For this purpose, Google Analytics uses “cookies”, which are text files placed in your computer.
Google will use this information for the purpose of evaluating the use of the website, of compiling reports on website activities for website operators, and for providing other services related to the website activity and Internet usage.
Cookie-generated information about the way the site is used – standard Internet logbook information (including your IP address) and visitor behavior information in an anonymous form – is transmitted to Google and stored by Google, including on servers in the United States. Your IP address is anonymised before being sent to Google.
In accordance with its “Privacy Shield” certification, Google declares it complies with the EU-US Privacy Shield Framework. Google may transfer information collected by Google Analytics to a third party when required by law or when that third party processes the information on Google’s behalf.
You can refuse the use of Google Analytics cookies by downloading and installing Google Analytics Opt-out Browser Add-on.
Apart from the situation described above, we do not transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) or to an international organization. The data provided to the hosting service provider are stored on servers located in the EU and the EEA.
How long do we keep your personal data?
We limit the processing of your personal data to the extent, volume and frequency required for the processing’ purposes. We store personal data only for the period necessary to achieve the purposes, but not more than 5 years since the last visit to the site or the last interaction with us or until the date you may exercise your right to intervene on the data.
. After the expiration of the processing period or on the date you exercise your right to intervene on your personal data, your personal data will be erased or anonymised unless we have the right or are obliged to keep some or all of the data in accordance with the applicable law, in which case we will continue to process those personal data, according to the law.
How is your collected data security ensured?
When processing personal data, nothing is more important than the way one understands to keep this data’ safety. And we have tried to do all that is technically possible, at this moment, to keep an extremely high security standard.
We have built a series of physical, technical and administrative security measures. We continuously update and test our security technology. Where possible, we encrypt the information. As well, we use information pseudonymisation techniques.
We have structured the access to your personal data based on a hierarchy of rights, so that TOTEM Communication employees be able to access data only when they are entitled to. Moreover, we train our employees on the importance of confidentiality and on maintaining your information confidential and secure. We undertake to apply the appropriate disciplinary measures for ensuring the compliance by our employees with personal data protection responsibilities.
TOTEM protects personal data processing against processing threats. The data security measures that TOTEM has put into practice are meant to ensure your personal data protection. TOTEM has also quality and security certificates implemented, which ensure the highest level of protection for your data. (ISO27001:2013 – data security management system, ISO 9001:2008 – quality management). Both our personnel and that of our empowered entities are responsible for the safe processing of personal data. TOTEM controls the access to the personal data they hold and controls the fact that only the persons that are entitled to access the held personal data, can actually do this. As well, TOTEM makes sure that unauthorized physical access to your personal data is banned and prevents the loss, destruction, deterioration and modification of the personal data storage support. Annually, TOTEM performs internal audits (verifications) within an internal data quality and security control system.
For more information regarding the way we ensure data security, please consult our Information Security Policy, available here: http://totem.com.ro/information-security-policy/.
Which are your rights regarding the collected data?
According to the law in force, by this document, it is deemed that you are informed with respect to the following rights related to your personal data processing by TOTEM Communication.
- i) The right to be informed regarding the personal data, as well as the data that are object to processing, and their origin. Once we collect certain personal data from you, we will inform you in relation to everything that happens with them, to the purpose they are used for, the way they can be accessed, modified, erased, etc. At the same time, you have the right to access your personal whenever you want.
(ii) The right to have access to the personal data. At your request, we will confirm you if we process your personal data or not. This right includes only the personal data that are yours and is not applicable with reference to third parties. As well, the right also refers to pseudonymous data that can be clearly related to you. If we confirm you the fact that we process such data, you will receive access to the latter, if you solicit it. As well, you will receive a copy of this data, if you solicit it.
(iii) The right to intervene (rectification, restriction, erasing – “the right to be forgotten”) on personal data.
We will rectify your personal data that we process, if the latter are inaccurate or incomplete and you solicit their recovery or completing. Each time you notice the fact that, among the information collected by us from you, an error is present, you may indicate this to us and we will proceed to the quickest correction of that error.
At your request, we will restrict the processing, that is will block, for a certain period of time, your data processing (e.g.: if you find that the data is not accurate or that the processing is illegal, etc.). We will inform you with respect to which measures were taken, or the exact moment when the restriction was quit.
At your request, we will erase without unjustified delays your personal data that we process, if (i) the data is no longer necessary for the fulfilling of the purposes it had been collected for, (ii) we process your data based on a legitimate interest over which your objection prevails and there is no other reason for processing (for the consent-based processed data, if the case).
(iv) The opposition right regarding personal data processing. If you exercise this right, we will cease processing your data, but if the processing takes place based on a legal obligation or if we process your data based on a legitimate interest over which your objection prevails, the processing will continue.
(v) The right of not being submitted to an individual decision, exclusively adopted based on personal data processing by automatic means. For the processing we are talking about, we do not use your personal data to take automate decisions in your respect that produce legal effects concerning or affecting you to a significant extent.
(vi) The right to data portability. If the data processing is made based on your consent or an agreement with you, then you have the right to request for and receive the data processed by automatic means and to decide what exactly to do with it – to keep it exclusively for your private use, or to choose for the transfer to another operator.
(vii) The right to submit complaint to the National Supervisory Authority for Personal Data Processing (the supervisory authority), as well as to appear in the court to bring action against the decisions of the operator TOTEM Communication, according to the law in force.
Regarding the exercising of these rights, please consider the following:
These rights may be limited in certain circumstances, for instance: there where we can prove that there is a legal obligation of processing your data. This means that we can keep your data even though you exert your rights of intervening upon the data.
Period of time: We will try to respond your request within 30 days. Nevertheless, the term may be extended from specific reasons related to the specific legal right or the complexity of your request.
Access restriction: in certain situations, we may not be able to offer you access to all or some of your personal data, because of the legal decisions. If we refuse your access request, we will inform you about the reason of the refusal.
The impossibility of identifying you – In some cases, we may not be able to search for your personal data, because of the identifiers you provide in your request. An example of personal data we cannot verify when you provide us the name and email address is the data collected by means of cookies by the browser. In such cases, if we cannot identify you as a subject person, we are not entitled to conform to your request, except for the case when you provide additional information that enables the identification.
How you can exert your rights and which is the address you can contact us to?
Your data is collected and used by TOTEM Communication, a limited liability company, with headquarters in:
27 Popa Soare Street, Bucharest 2, 023981, Romania
If you wish to exert any of these rights or if, at any time, you have any questions or concerns regarding this Informative Note, you can submit a request in this respect to Bogdan Paunescu, Data Processing Responsible, 27 Popa Soare Street, Bucharest 2, 023981, email: firstname.lastname@example.org.
We will involve all our reasonable efforts to promptly respond to your requests or to solve your problem. You will receive our answer at the mail or email address you will indicate us or, in the absence of an expressed indication, to the mail or email address you used when submitting the request. The latter will be reported to within 15 days since its receiving, except for the case when a longer time is necessary for responding; case in which we will notify you about the delay.
If any modification of this informing note occurs, you will be acknowledged about a new version, which will be communicated to you by the means most appropriate to you. We may change this Informing Note anytime. All the updates and modifications brought to this Informing Note enter into force immediately after the notification, which we will realize by displaying it on the site or by email notification.
We are a Romanian entity that offers services to the Romanian residents, consequently the applicable law is the Romanian law.
For more details about the way we ensure personal data protection, please consult our Data Protection Policy, available here: http://totem.com.ro/personal-data-protection-policy/. This informing note has been elaborated based on the General Data Protection Regulation, entered into force and applicable beginning May 25, 2018.