POLYPUS SRL is aware of the importance of your personal data and respects the right of protecting your personal data that we process, for all the natural persons interacting with the company – according to the EU Regulation no.679 / 2016 (‘GDPR’).
According to Regulation 679/2016 (GDPR), the terms below are defined as follows:
- Data subject: The natural person to whom personal data are processed.
- Personal data: Any information about a natural person (the data subject) identified or identifiable directly or indirectly (by reference to an identifier).
- Processing: Any operation or set of operations performed on personal data, with or without the use of automated means.
- Operator: The natural or legal person, the public authority, the agency or another body which, alone or together with others, establishes the purposes and the means for processing personal data.
- Trustee: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator.
- Consent: Any manifestation of free, specific, informed and unambiguous agreement of the data subject by which the person accepts, by a declaration or an unequivocal action, that the concerned personal data are processed.
We may collect personal data from you:
- Directly – data you provide to us by contact, email, telephone or physical form (name, email address, telephone number and other details you communicate to us).
- Indirectly – by means of observed data, such as the server traffic report (IP, geographical location, information from cookies and other information that are inherent to Internet use).
We will process personal data only for the purposes set out below and we will not process the data for purposes incompatible with those stated. We process personal data from you in the following situations:
As a website visitor:
By accessing our website you allow programs that help its operation to collect certain personal data related to you.
Categories of data processed, the basis and purpose of their processing:
Data from the interaction with the website (IP, location, data from cookies).We process this data based on our legitimate interest in analyzing the audience and improving the website as structure and content, to improve the relevance of information we provide and to protect us from cyber-attacks.
The purposes of these processes:
- continuous improvement of our services,
- ensuring the website’s functionality and optimization
- investigating and settling any fraud or security incidents
These data are personal data observed from your interaction with our website.
The need to provide them and the consequences if you do not provide them
For a better understanding of the situation, we can divide this information into two categories:
- Information on which the operation of the website depends. The provision of this data is mandatory, as it allows access to and use of the website. If you did not provide this data you would not be able to access or use the website.
- Information for website traffic optimization. In order to give us this information you can express your consent in the cookie management application.
We do not collect information for promotional, re-marketing or email marketing campaigns.
Transfer to third parties, other countries and security measures
You will have access to this data: our web hosting provider, Google.
The servers on which this data is stored are located in the European Union territory or are part of https://www.privacyshield.gov/welcome, guaranteeing the processing of personal data according to GDPR.
Security measures. We have implemented security measures to reduce the risk of security incidents such as:
- controlling the access in the physical space of our headquarters
- securing electronic access, by: implementing „strong passwords” policies, IT security software, firewall, data protection training for employees, obligations of confidentiality imposed to employees
- imposing security measures on third parties through contractual commitments with them.
We do not store data from cookies. These files are stored on your browser and you can delete them anytime you want.
The information we have access to for a defined period (5 years) contains statistical data on the traffic on our site, from the people who give us access to analytics cookies and we can only access it through Google Analytics
The existence of automatic decisions and profiling
We do not make any automatic profiling and do not take decisions following the automatic profiling of the processed data. However, external analytics and reporting services (Google Analytics) may use your data for complex automated profiling processes. To avoid this situation, we recommend one of the following options:
- Cancel the acceptance for analytics and marketing cookies in our cookie management application
- Cancel the acceptance of cookies directly from your browser or browse the Internet in the ‘incognito’ mode provided by your browser
According to GDPR provisions, all data subjects benefit the following rights:
- The right of data access. You have the right to access your personal data to verify the legality of the processing or to find out what personal data are being processed. If we process personal data related to you, you may request to receive this data.
- The right to correction. If we process your personal data and they are inaccurate, you can request their correction.
- The right to delete data or the ‘The right to be forgotten’. You may request the deletion of your personal data, and we have the obligation to comply with this request in cases where this data is not necessary to fulfill the purposes for which we process your personal data, in the case you withdraw your consent on which the data processing is based.
- The right to restrict the processing. You may request a restriction on the processing of your personal data. In this case, we will not delete your personal data but we will stop processing them.
- The right to data portability. Legal persons have the opportunity to transfer their personal data from one operator to another or to request to use them for their own purposes.
- The right to object. You may object to the processing of personal data for purposes such as direct marketing or other purposes based on the legitimate interest of the operator such as profiling.
- The right to not be subjected to a significant automatic decision. You have the right to not be the subject of a decision based solely on automatic processing which could have significant legal effects or could affect you in a significant way.
- In addition to these rights, you have the right to withdraw your consent at any time wherever applicable.
To exercise the rights in the above list, please contact us by email at [email protected]. At the moment we can only accept written requests because we cannot deal with verbal requests in a timely manner without first analyzing the content of the request and without first identifying you.
What should your request for data access contain?
It is important to ensure that the requests come from you to reduce the security risks of your personal data. For this reason, please contact us with the same email you previously used to communicate with us. In some cases, we will ask for more information to identify you.
The personal data you will provide to us for this purpose will only be used to verify your identity and will not be kept longer than necessary for this operation.
You also have the right to call the supervisory authority (ANSPDCP – http://www.dataprotection.ro/) with reference to how your personal data is being processed by SC POLYPUS SRL.
For any questions or requirements regarding the personal data we process from you, please contact us by email at [email protected].