Personal data protection policy

Personal data protection policy

Art. 1 – Definitions

For the purposes of this Personal Data Processing Policy (hereinafter referred to as “the Policy”), the following terms have the meaning set out in the General Data Protection Regulation no. 2016/679 adopted by the European Parliament, applicable from 25 May 2018 (“GDPR”) and they are defined as follows:

  1. personal data – any information relating to an identified or identifiable natural person;
  2. data subject – the person to whom the personal data belong;
  3. processing of personal data – any operation or set of operations carried out under Interdiligence in respect of personal data which form part of, or are intended to be included in, such a record system;
  4. storage – keeping on any kind of support the personal data collected;
  5. personal data record system – any organized structure of personal data;
  6. operator – any natural or legal person, private or public law, including Interdiligence and its collaborators mentioned in this Policy;
  7. the person empowered by the operator – a natural or legal person, private or public law, including public authorities, institutions and their territorial structures, which processes personal data at the instructions of the operator.

Art. 2 – Purpose of the Policy

  1. This policy on the processing of personal data (hereinafter referred to as “the Policy”) aims to guarantee and protect the fundamental rights and freedoms of individuals, in particular the right to privacy, family and private life and to the processing of these data by the operator INTERDILIGENCE CONSULTING SRL (“Interdiligence”) in accordance with the General Regulation on data protection no. 2016/679 adopted by the European Parliament applicable from 25 May 2018.

      2. This information relates to your status as an Interdiligence Call Center user.

  1. Interdiligence, as operator, shall collect and process the personal data referred to below, by means of telephone calls, for the following purposes, on the basis of the legal grounds indicated for each of them:
ContextData categoryPurposeLegal basis
Use of our services (in the context of answering the phone call)Call details – your phone number, time and duration of the callTo ensure the correct billing of servicesContractual
Consent
To comply with legal storage obligationsLegal
In the context of the discussion with our operatorsYour name and identification dataTo provide the requested servicesConsent
Phone call contentTo provide the requested services and improve the services offered to other customersConsent

Art. 3 – The way of processing personal data

  1. Interdiligence will collect, use or disclose personal data provided only for the purposes indicated, unless the communication of data:
    1. refers to the use of personal data for any additional purpose that is directly related to the original purpose for which the personal data were collected;
    2. is required by law or by the competent governmental or judicial authorities;
    3. is necessary to establish or defend a legal right.

       2.  Interdiligence will not knowingly collect personal data from minors without the prior consent of the parents, guardian or legal, verbal or written representative, if required by applicable law.

Art. 4 – Interdiligence Commitment regarding the Policy

  1. The protection of the security and safety of personal data is important to Interdiligence, therefore, the activities we carry out within the company are in accordance with the applicable legislation regarding the protection of data security and their security.
  2. By accessing our website (www.interdiligence.com) you are informed about the Personal Data Processing Policy.
  3. The data subjects have the right to access the data that are processed, to intervene on them, to oppose and not to be subject to an individual decision, as well as the right to address the National Supervisory Authority for Personal Data Processing or the court for the defense of any rights guaranteed by law that have been violated.

Art. 5 – The rights of the data subject regarding the processing of personal data

  1. In the context of the processing of your personal data, you have the following rights:
    • Right of access to processed personal data: you have the right to obtain confirmation that your personal data are or are not processed and, if so, to have access to the type of personal data and the conditions under which they are processed, by addressing a request to that effect to the data controller;
    • Right to request the rectification or deletion of personal data: you can request, by requesting the data controller, the rectification of inaccurate personal data, the completion of incomplete data or the deletion of your personal data if (i) the data are no longer necessary for the original purpose (and there is no new legal purpose), (ii) the legal basis for the processing is the consent of the data subject, the data subject withdraws his consent and there is no other legal basis, (iii ) the data subject exercises his right to object and the controller has no legitimate reason to continue processing, (iv) the data has been processed unlawfully, (v) the deletion is necessary to comply with EU or Romanian law, or (vi) data have been collected in connection with information society services provided to children (if applicable), when specific requirements apply on consent;
    • Right to request a restriction on processing: You have the right to obtain a restriction on the processing in cases where: (i) you consider that the personal data processed are inaccurate, for a period that allows the controller to verify the accuracy of the personal data; (ii) the processing is illegal, but you do not want us to delete your personal data, but to restrict the use of that data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need the data to establish, exercise or defend a right in court; or (iv) you have objected to the processing, for the period of time in which to verify whether the legitimate grounds of the data controller prevail over the rights of the data subject;
    • The right to withdraw your consent for processing, when the processing is based on consent, without affecting the lawfulness of the processing performed up to that time;
    • The right to object to the processing of personal data for reasons related to the particular situation you are in, when the processing is based on a legitimate interest, as well as to oppose, at any time, the processing of data for marketing purposes directly, including profiling;
    • The right not to be the subject of a decision based solely on automated processing, including the creation of profiles, which produce legal effects, which concern or affect the data subject in a similar way to a significant extent;
    • The right to data portability, meaning the right to receive your personal data that you have provided to the data controller in a structured, commonly used and automatically readable form, as well as the right to transfer such data to another operator, if the processing is based on your consent or the performance of a contract and is carried out by automatic means;
    • The right to file a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) and the right to address you to the competent courts.
  1. The exercise of the above rights may be exercised at any time. In order to exercise these rights, we recommend that you send a written, dated and signed notification, or in electronic format to callcenter@interdiligence.com.

Art. 6 – Completion of processing operations and subsequent destination of data

At the end of the processing operations, unless there is a contractual basis, a legal obligation and/or a legitimate interest, if the data subject has not expressly and unequivocally given his consent for another destination or for further processing, the data personnel will not be transferred to another operator.

Art. 7 – Other recipients of personal data

  1. Interdiligence may disclose your personal data to third parties, for the fulfillment of a legal obligation of Interdiligence, in order to execute the contract for the provision of services, as well as in cases where these actions are necessary to protect and defend the property rights of Interdiligence.
  2. These recipients of the data may be:
    1. Mobile phone companies, in order to charge for services;
    2. State authorities;

Art. 8 – Data retention period

  1. Personal data collected by Interdiligence may not be stored longer than is necessary for the purposes for which they are processed, in compliance with the applicable legislation in force. The data retention period is 90 days from the date of termination of the call. After this period, personal data will be completely deleted from the systems or transformed into anonymous data, in accordance with the company’s procedures.
  2. Personal data collected on the basis of your consent will be deleted upon withdrawal of the consent, except for the intervention of another processing subject mentioned in this Policy.

Art. 9 – Transfer of personal data outside Romania

  1. Personal data may be transferred outside Romania, under legal or contractual obligations.
  2. The recipient companies that process your personal data within the European Union / European Economic Area are subject to the same legal provisions and offer the same level of protection as that offered by Interdiligence. However, if in order to achieve the purposes set by Interdiligence, it will be necessary to transfer the personal data of passengers to recipients outside the European Union / European Economic Area or countries that do not offer an adequate degree of protection, Interdiligence will request those recipients to protect personal data in accordance with GDPR requirements.

Art. 10 – Confidentiality and security of processing

  1. As there are always risks associated with the provision of personal data by telephone and there is no technology that can ensure absolute security, or guarantee the impossibility of unauthorized access, Interdiligence has taken appropriate technical and organizational measures regarding the security of information in order to prevent and minimize these risks. These measures shall include, where appropriate, the use of firewall systems, server security facilities, encryption, and the implementation of appropriate systems and procedures for the administration of authorized access rights, the selection of suppliers and other reasonable technical and commercial measures to provide adequate protection for your personal data in order to prevent unauthorized use or disclosure. If necessary, we may use backups and other similar means to prevent accidental damage or destruction of your personal data.
  2. Interdiligence certifies that it meets the minimum requirements for the security of personal data. Interdiligence uses security methods and technologies, together with policies applied to employees and working procedures, including control and audit, to protect personal data, collected in accordance with the legal provisions in force.
English