I. DEFINITIONS

​

1.     GDPR (General Data Protection Regulation) is a European Regulation that:

- protect the processing of personal data;

- establishes free circulation of personal data;

- protect the rights and freedoms of natural persons regarding their personal data;

2. "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific elements of his physical, physiological, psychological, economic, cultural or social identity;

3. "Processing of personal data"  means any operation or  series of operations performed on personal data, by automated or non-automated means, such as collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise, joining or combining, as well as blocking, and deleting or destroying;

4. "Personal data record system" (hereinafter referred to as "record system") means any structured series of personal data accessible according to specific criteria, whether centralized, decentralized or distributed according to functional or geographical criteria;

5. "Operator" means the institution or community body, general direction, unit or any other organizational entity that establishes, alone or together with others, the purposes and means of personal data processing; if the purposes and means of processing are established by a special community act, the operator and the specific criteria necessary for its designation may be established by such a community act;

6. "Person authorized by the operator" means the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the operator;

7. "Third party" means a natural or legal person, public authority, agency or any body, other than the data subject, the operator, the person authorized by the operator and the persons who, under the direct authority of the operator or the person authorized by the operator, are authorized to process the data;

8. "Recipient" means the natural or legal person, public authority, agency or any other body to which the data is transmitted, whether or not it is a third party; however, the authorities to which data are communicated in the context of a particular investigation should not be considered recipients;

9 "Consent of the data subject" means any free, specific and informed expression of will, by which the data subject agrees to have his/her personal data processed.

 

II. DATA QUALITY

​

Personal data must be:

(a) processed correctly and legally;

(b) collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with these purposes. Further processing of personal data for historical, statistical or scientific purposes is not considered incompatible to the extent that the operator takes appropriate security measures, in particular to ensure that the data is not processed for any other purpose nor used to support dispositions or decisions made about a particular person;

(c) adequate, relevant and not excessive in relation to the purposes for which they are collected and subsequently processed;

(d) accurate, and if necessary, updated; any justified measures may be taken for inaccurate or incomplete data to be deleted or rectified, taking into account the purposes for which they are collected or for which they are subsequently processed;

(e) kept in a form that allows the identification of the data subjects for a period of time that does not exceed that necessary for the purposes for which they were collected or for which they are subsequently processed.

Community institutions or bodies determine that personal data to be kept for periods longer than the mentioned period for historical, statistical or scientific purposes must be kept only in an anonymous form or, if this is not possible, to be stored only under the condition of coding the identity of the person concerned. In any case, the data must not be used for purposes other than historical, statistical or scientific.

 

III. SECURITY OF PERSONAL DATA

​

Conacu Iancu SRL, as a personal data operator, will process your personal data, in accordance with GDPR provisions, for order confirmation, authentication, information by e-mail, post or other means of communication, making statistical reports, etc.

Accessing the sitewww.conacuiancu.roimplies the consent of the persons concerned that their personal data (if they are requested to be entered in the special fields on the Website/mobile application) will be kept and processed by the company Conacu Iancu SRL   for the purpose of processing them, Conacu Iancu SRL being the sole owner of the information collected within this site

The data provided by the data subject is strictly confidential and will be treated responsibly and in accordance with the provisions of the GDPR. Conacu Iancu SRL commits to its clients not to provide this data to third parties or companies and to use it strictly for operational use between the client and Conacu Iancu SRL. However, personal data may be transmitted to the legal authorities for the purpose of verifying commercial transactions or in cases where such disclosure is necessary according to the applicable legislation or regulations, to carry out any legally justified checks.

The personal data processed by Conacu Iancu SRL for the confirmation and processing of orders, authentication, information by e-mail, post or other means of communication, the creation of statistical reports, loyalty,  etc. are:

a)     Name and surname,

b)     Telephone number,

c)     Email address,

d)     City,

​

All personal data are stored on Conacu Iancu SRL servers and security applications and measures are used against the loss, alteration or misuse of information under our control, and access to these servers is restricted by various security methods (access control, video surveillance systems, encryption, passwords, etc.).

​

Conacu Iancu SRL aligns itself with the provisions of Regulation 2016/679/EU, which offers data subjects several advantages and rights as follows:  confidentiality, security, transparency, compliance, etc. and undertakes to respect the rights of data subjects, mentioned in this regulation:

1. The right to receive information about data processing and a copy of the processed data;

2. The right to request the rectification of inaccurate data or the completion of incomplete data;

3. The right to request the restriction of data processing;

4. The right to request the deletion of personal data and, if the personal data has been made public, the transmission of information related to the deletion request to other operators;

5. The right to receive personal data about the data subject in a structured, commonly used and machine-readable format and to request the transmission of this data to another operator;

6. The right to object to data processing with the intention to stop processing;

7. The right to withdraw at any time a given consent in order to stop data processing that is based on your consent. The withdrawal will not affect the lawfulness of the processing based on the consent given before the withdrawal

8. The right to file a complaint with a supervisory authority if you consider that data processing is a violation of the GDPR;

​

Conacu Iancu SRL undertakes to respect the rights conferred by Law 677/2001, and at your request sent to the address Str. Main No. 105, Ginta, Bihor, undertakes: to update, modify, block, delete or transform into anonymous data, free of charge, the data whose processing does not comply with the provisions of Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data or to stop processing your personal data.

Any attempt by third parties to attack the site www.conacuiancu.ro with the aim of  modifying its content, affecting server performance or accessing the personal data of another user, will be considered a malicious action that will impose the initiation of criminal investigation procedures against the one or those who attempted these acts.

​

IV. SECURITY OF PROCESSING

​

 Considering the current state of the art and the costs of its implementation, Conacu Iancu SRL implements the appropriate organizational and technical measures to ensure a level of security consistent with the risks represented by the processing and the type of data with personal character that must be protected.

These measures are taken in particular to prevent any unauthorized disclosure or access, unlawful or accidental destruction or accidental loss, or alteration, as well as to prevent any other unlawful way of processing.

If personal data are subject to automated processing, measures appropriate to the risks are taken, in particular with the aim of:

(a) to prevent the access of any unauthorized person to the computerized systems for the processing of personal data;

(b) to prevent any reading, copying, modification or deletion of storage media;

(c) to prevent any unauthorized entry of data into memory, as well as any unauthorized disclosure, modification or deletion of stored personal data;

 (d) to prevent unauthorized persons from using data processing systems by means of data transmission;

(e) to ensure that authorized users of data processing systems can access only those personal data that their right of access allows them to consult;

(f) to record the personal data that were communicated, the time when they were communicated and their recipient;

(g) to guarantee that it can be subsequently verified which personal data have been processed, at what time and by whom;

(h) to guarantee that personal data processed on behalf of third parties can only be processed in the manner provided by the institution or contracting body;

(i) to guarantee that, from the moment of communication of personal data and transport of storage media, the data cannot be read, copied or deleted without authorization;

(j) to design the internal organizational structure of an institution or body so that special data protection requirements are met.