PROCEDURE FOR EXERCISE OF THE RIGHTS BY THE PERSON TARGETED
The provisions of this System Procedure they comply with Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data which establishes a unique set of rules, directly applicable in all member states of the union, intended to protect the private life of natural persons on the territory of the European Union.
The principles and rules established by the General Data Protection Regulation concern a fundamental right of the person – the right to the protection of personal data, guaranteed by art. 8 of the Charter of Fundamental Rights of the EU and art. 16 of the EU Treaty.
Present System procedure regulates the methodology by which data subjects can exercise their rights provided for in European Regulation 679/2016 on the protection of personal data.
DEFINITIONS AND ABBREVIATIONS
– personal data means any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;
– processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation , use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
– operator means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law; SC EXPERTAROM FOOD INGREDIENTS SRL – It is operator ;
– consignee means the natural or legal person, public authority, agency or other body to whom (to whom) personal data is disclosed, regardless of whether or not it is a third party. However, public authorities to whom personal data may be communicated in the framework of a certain investigation in accordance with Union law or internal law are not considered recipients; the processing of this data by the respective public authorities complies with the applicable data protection rules, in accordance with the purposes of the processing;
DESCRIPTION OF THE PROCEDURE
GENERAL
According to the provisions of Regulation no. 679/2016 (General Data Protection Regulation) SC the data subject has the following rights:
– right of access;
– the right to rectification;
– the right to data deletion (“the right to be forgotten”);
– the right to restrict processing;
– the right to data portability;
– the right to opposition;
– the right not to be subject to a decision based exclusively on automatic processing, including profiling.
METHOD OF EXERCISE OF RIGHTS
To exercise the rights provided by the General Data Protection Regulation the person concerned must submit a written, dated and signed application to the company headquarters or on the email address dpo@expertarom.com or he can submit the application in person at the company headquarters.
To facilitate the exercise of the rights provided for by the General Data Protection Regulation the person concerned has at its disposal models of requests in this sense ( Requests regarding the exercise of rights ) located both at the company’s headquarters and on the company’s website: www.efigroup.ro
In the case of submitting the application at the headquarters, the security guard will submit the application The data protection officer in order to solve it.
Applications are registered by The data protection officer in the Register of entries and exits regarding the protection of personal data.
After identifying the person concerned, his request will be analyzed by The data protection officer , together with heads of departments who are involved in personal data processing operations.
In case of The data protection officer has reasonable doubts regarding the identity of the natural person submitting the request with the object of exercising one of the mentioned rights, may request the provision of additional information necessary to confirm the identity of the person concerned.
The response to the request the person concerned will be formulated no later than 30 days after receiving the request. This period may be extended by two months when necessary, taking into account the complexity and number of applications.
The person concerned will be informed of any such extension, within 30 days of receiving the request, presenting the reasons for the delay.
In case of the person concerned submits an application electronically, the information is also provided electronically where possible, unless the person concerned requests a different format and to a different address.
If the application is submitted through a representative, his/her identity data must be communicated, as well as the power of attorney given in this regard.
If requests from a targeted persons are manifestly unfounded or excessive, in particular because of their repetitive nature, the operator has the right:
– either charge a reasonable fee taking into account administrative costs for providing the information or communication or for taking the requested action;
– or refuse to comply with the request.
Exercising the rights is free for a single request during a year.
The concerned persons dissatisfied with the response to the request with the object of exercising a right provided for by the General Data Protection Regulation, may submit a complaint to the National Authority for the Supervision of Personal Data Processing at its headquarters in B-dul G-ral Gheorghe Magheru no. 28 -30, sector 1, Bucharest, postal code 0103336, e-mail: anspdcp@dataprotection.ro or they can go to court.
*automatically translated text, we recommend using your own means to translate into the desired language from the Romanian version (the original version)