In the personal data processing operations on the website https://onestarsecurity.ro/, personal data are used, such as:

• Customer data;

• Data on site users;

• Data on monthly / weekly information subscribers;

The processing of these types of data is subject to the legislation on the processing of personal data: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation – GDPR), which explicitly regulates the activities of personal data processing, the qualities of legal entities processing personal data, roles and responsibilities them.

The General Regulation on the Protection of Personal Data (GDPR) is one of the most important pieces of legislation that directly affects the company’s personal data processing activity.

“PDP legislation” means any law, ordinance, decision, regulation or secondary legislation issued by the Supervisory Authority, regarding the processing, confidentiality and use of Personal Data, applicable to the services provided under the Contract, including:

(a) Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and on the free movement of such data (“Law 677/2001 ”); Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (“Law 506/2004 ”) and any other normative acts in Romania that implement these laws, Directive 95/46 / EC (“Data Protection Directive ”) and Directive 2002/58 / EC (“E-Privacy Directive ”); and / or

(b) from 25 May 2018, Regulation No 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( General Data Protection Regulation) (“GDPR ”), from the date on which it will be applicable; and any other national regulations issued in application of the GDPR;

(c) any judicial or administrative interpretation of any of the above, any guidance, guidance, codes of practice, codes of conduct or certification mechanisms approved or issued by any relevant Supervisory Authority, for as long as they are in force. and applicable, and to any acts that amend, supplement or replace them over time.

“Personal Data Operator” means the Company and / or any customer / beneficiary of the Company’s services who determines (individually or jointly with others) the purposes for which and how any personal data are or will be processed;

“Security Incidents” means any breach of security that leads to the destruction, loss, alteration, unauthorized, accidental or unlawful disclosure of any personal data or the accidental or illegal access to any personal data;

“Personal Data ”means any information transmitted to the Provider through the tests uploaded on the Provider’s platforms individualized in art. 1 above, related to an identified or identifiable natural person (“the subject of personal data ”) being one that can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, or otherwise as defined in the PDP Legislation;

“Processing” means accessing, collecting, obtaining, registering, possessing, disclosing, using, altering, canceling, deleting or destroying Personal Data, or performing any (any) operation on Personal Data or otherwise, as defined by Applicable PDP legislation;

The “Authorized Person” / “Data Processor” is represented by the Provider, which ensures the provision of the Services in favor of the Beneficiary;

“Regulatory Authority” means the “supervisory authority” and means, according to the GDPR, an independent public authority established by a Member State. In Romania, the Regulatory Authority is represented by ANSPDCP.

Principles related to the processing of personal data require that personal data be:

• processed lawfully, fairly and transparently to the data subject (“legality, fairness and transparency”);

• collected for specific, explicit and legitimate purposes and not subsequently processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes shall not be considered incompatible with the original purposes, in accordance with Article 89 (1) of the GDPR (“purpose limitations”);

• appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“minimization of data”);

• accurate and, if necessary, updated; all necessary measures must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are deleted or rectified without delay (‘accuracy’);

• kept in a form which allows the identification of data subjects for a period not exceeding the period necessary to fulfill the purposes for which the data are processed; personal data may be stored for longer periods to the extent that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with Article 89 (1) of GDPR, subject to the implementation of the appropriate technical and organizational measures provided for in the GDPR Regulation in order to guarantee the rights and freedoms of the data subject (“storage restrictions”);

• processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures (“integrity and confidentiality”).

The company makes every effort to align with these principles all existing personal data processing activities as well as all new processing that it intends to carry out.

The natural person who accesses this site under the GDPR has the following rights:

1. The right to be informed

2. The right to access personal data

3. The right to update personal data

4. The right to request the deletion of personal data

5. The right to request the restriction of the processing of personal data

6. The right to carry personal data

7. The right to object to the processing of personal data

8. Rights regarding the automatic processing of personal data

All of the above rights are supported by separate procedures developed at the level of our company according to the strict requirements of the GDPR and according to the deadlines defined in it.

The company processes your data. personal on this site only under the following conditions:

• If the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

• When the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract;

• When the processing is necessary in order to fulfill a legal obligation incumbent on the operator;

• When processing is necessary to protect the vital interests of the data subject or another natural person;

• When processing is necessary to protect the vital interests of the data subject or another natural person;

• Where the processing is necessary for the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, especially when the data subject is a child.

The company will ensure at all times that all operations concerning the processing of personal data are governed by written contracts concluded between the controller and the authorized persons or between the associated processors, as the case may be. All these contracts will comply with the requirements and clauses expressly imposed by GDPR.

To the extent that the Company has designated a personal data protection officer, in the cases expressly provided by the GDPR, we confirm that he will have the responsibilities and roles established by the Regulation, and his identification will be explicitly made on the dedicated page of the our site.

In the case of our Company, contact the person in charge of personal data protection.

To contact our personal data protection officer and obtain any information regarding the processing of your data. personally please send an email to the above address.

In case of personal data security incident:

a. will inform you of any security incidents involving your data. personal;

b. will investigate data security breaches;

c. take reasonable steps to mitigate the effects and mitigate any damage resulting from the Security Incident, as well as reasonable steps to prevent the recurrence of such a breach of data security;

d. will develop and execute a response plan to counter the Security Incident;

e. shall inform the relevant regulatory authorities within 24 hours of the occurrence of the security incident.

The following actions are used by the Company to comply with GDPR principles. All of the following actions are frequently reviewed to meet all GDPR requirements:

• The company will frequently ensure that there is at all times a justified legal basis for the processing of personal data.

• A person responsible for the processing of personal data is appointed if this requirement exists

• All employees of the operator respect the principles of personal data processing

• All employees of the operator have been trained on the processing of personal data;

• The explicit consent of the consumer regarding the processing of personal data is obtained;

• All compliance policies are frequently audited to comply with GDPR requirements;

• The following elements are thoroughly documented in the process of processing personal data: