Iridex Group S.R.L, Romanian legal entity, with registered office in Bucharest, Sector 1, Șos. București-Ploiești Nr. 17, Floor P+1+7, with unique registration code 398284, registered at the Commercial Registry Office of the Bucharest Court under No. J40/2292/1991 ("Iridex" or "Society"), waste management expert, owner and manager of www.iridex.ro, complies with the legal provisions in force on the protection of personal data in the conduct of all its activities and provides respect, trust and confidentiality, offering security to all personal information collected on our website.
Iridex keeps the information of site visitors confidential www.iridex.ro, and of the individuals whose personal information it receives through the use of applications, forms and other related services.
This privacy policy explains how Society collects and processes personal information through the website and beyond in the course of its activities relating to the operation and delivery of its services and products while ensuring that your personal data is processed responsibly and in accordance with applicable personal data protection legislation.
This privacy policy also describes the collection and use of personal information on behalf of customers who subscribe to the platform Iridex.
By providing personal information on the website Iridex, you consent to the information handling practices described in this privacy policy. We encourage you to read the section entitled "Your rights" below to understand the choices you have regarding your personal information.
To make the document easier to read, we have included a glossary at the end of this note explaining the main terms used (e.g. "personal data", "processing", etc.).
- OUR CONTACT DETAILS:
If you have any comments, suggestions, questions about any of the information in this notice or about any other aspects of our processing of your data, please do not hesitate to contact our Data Protection Officer at any time. Depending on your preferences, you can contact us through any of the communication channels below:
Full name: IRIDEX GROUP S.R.L
Head office address: Bucharest, Sector 1, Șos. Bucharest-Ploiesti No. 17, Floor Gf+1+7
Phone number: 021.233.20.15
Email address: office@iridex.ro
Contact details of our Data Protection Officer (DPO):
Email address: dpo@iridex.ro
Phone: +4031.438.14.19
- COMPLIANCE WITH PROCESSING PRINCIPLES:
Iridex, in its processing of personal data, is always subject to the following principles:
- All data are processed lawfully, fairly and transparently in relation to the individual targeted ("legality, fairness and transparency");
- Personal data are collected for specified, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes ("purpose-related limitations");
- All personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation");
- We ensure that your data are accurate and, where necessary, update them; we take all necessary steps to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy");
- Your personal data is not kept longer than necessary ("storage limitations");
- Adequate security of the processing of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organisational measures ("integrity and confidentiality");
- The processing takes place in accordance with respect for your rights as a data subject;
- Your data is not transferred outside the European Economic Area unless the territory/country to which it is to be transferred ensures an adequate level of protection of personal data.
III. THE PERSONAL DATA WE PROCESS:
The personal data about you that we will process is data obtained directly from you that you voluntarily submit to us, technical data collected from all users of the site, information collected through our services, information we collect from third parties who have permission to exchange information with us and includes the following categories of data:
- Personal details: name; surname; sex; date of birth/age; nationality; home/residence address, mobile/fixed telephone number, fax number; e-mail address, National ID Card, the rest of the information on your identity card (including date of issue, expiry date of card, place of birth),
- Image data: images/video recordings (in our premises where we have CCTV video surveillance cameras installed - where available, these are indicated by visible signs);
- Your contact with us, such as a note or record of a call you have made to us, data sent by email or letter, request for a quote, or other records of contact with us;
- Payment details: billing address, bank account or bank card number/IBAN code, first and last name of the bank account or bank card holder (can be someone other than you if someone else has paid a bill on your behalf); date from which the bank card is valid; expiry date of the bank card;
- Opinions and views (may include sensitive data), such as: any opinions and views you share with us or any opinions and views you publicly post about us on social media or share in other public channels;
We will collect your usual personal data when, for example:
- Visit us at our office, send us CVs or job applications;
- Send us a request for collaboration or a response to a request for collaboration, send us a request for waste collection;
- Request/purchase or use any of our services/products;
- In order to conclude/execute a contract;
- Subscribe to newsletters, alerts or other services we offer;
- You contact us through various channels to request information about our services; e.g. when you choose to offer them through the website iridex.ro/contact , including when you send us an email asking a question - it registers to answer your request;
- Visit or browse our website;
- In the event that we transmit such data to third party suppliers or collaborators of ours, insofar as we have legal grounds, for example: lawyers, consultants, accountants, etc.;
- When your personal data is public;
- We automatically receive and record information from the server logs in your browser when you use the site iridex.ro. We may use a variety of methods, including "cookies" to collect this information. The information we may collect through these automated methods may include, for example, your IP address, the type of browser you use, the content and pages you access on our site, the duration and frequency of your visits to track your movements on our site - see the Cookies section below.
Our respect for your data includes giving it the human attention it needs, through our staff. Under the current circumstances, you are not subject to a decision by us based solely on automated processing of your data (including profiling) that produces legal effects concerning you or similarly affects you to a significant extent.
- THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
The purposes for which we process personal data about you are as follows:
- For providing our services. Your personal data is used to carry out our non-hazardous waste collection/management activities, to conclude contracts for the transfer of responsibilities for the achievement of annual non-hazardous waste collection targets, to process requests for the collection of non-hazardous waste (in which case we need to clarify the factual situation and carry out additional checks within a strictly legal framework), to process requests from the competent authorities that supervise and regulate our activities.
- Billing and customer relations. To bill you for your purchase of our services, to contact you if the billing information you have provided us is incorrect, about to expire or we are unable to collect payment, to respond to any questions or concerns you may have about our services;
- Marketing communications. To the extent that you have given your consent, we will keep you informed by any means (e.g. e-mail, mobile or landline phone, telephone messages (SMS), mail, messages sent on social media platforms or in person) about news about available services, offers about them, subscription to newsletters or provision of other information that may be of interest to you. You can control your marketing permissions and the data we use to personalise these communications at any time on our website iridex.ro or by using the contact details in the "How to contact us" section above.
- Managing our communications and IT (information technology) systems. Managing our communications systems; managing our IT security; performing security audits on our IT networks, issuing reports to the relevant institutions or fixing system errors;
- Fulfilling our legal obligations. Fulfillment of our legal obligations with respect to archiving, security, reporting, record keeping and other obligations that legislation requires of us.
- Improving services. Identifying potential problems with our services in order to improve them, resolving your complaints/complaints registered on the website Company – iridex.ro/contact handling routine correspondence with contractual partners, etc., controlling visitor access to the premises Company;
- Supervision of premises in accordance with legal provisions. CCTV systems installed for the surveillance of premises related to access routes, areas with valuables, for the guarding and protection of goods and staff in those premises, etc.
- THE GROUNDS ON WHICH WE PROCESS YOUR DATA
"Iridex" will process your ordinary personal data in consideration of at least one of the following grounds:
- Consent - if no other ground of lawfulness of processing set out below applies, Society always obtain the consent of the data subject to the processing of his or her personal data for one or more specific purposes. For example in relation to our marketing communications, we process your data on the basis of your consent to processing for this specific purpose.
- Conclusion/execution of a contract - the processing is necessary for the performance by the Company of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. For example in order to initiate discussions about the costs and types of services requested in order to conclude a contract with you.
- Legal obligation - processing is necessary for compliance with a legal obligation to which he is subject Company. For example accounting and tax requirements that are subject to strict internal policies such as the retention period for tax/accounting documents. We may process your data for the purposes of fulfilling our obligations to keep records of the services provided, obligations to disclose certain information to public authorities on request, or other legal obligations.
- Legitimate interest - processing is necessary for the purposes of the legitimate interests pursued by Society. For example where we process your data to maintain network security, improve our services.
- Establishing, exercising or defending a right of ours in court. In the event that disputes arise between you and us which we cannot resolve amicably, we may process your data for the purpose of establishing, exercising or defending a legal claim against us.
- TO WHOM WE SEND YOUR DATA
As a general rule, we do not disclose your data to other companies, organisations or individuals in any country (including Romania), but in certain circumstances we may disclose your data to other individuals or companies.
But we try to be as transparent and specific as possible, and below we present the categories of such recipients:
- Competent authorities, operators of collection services, transport, etc., accounting and auditing firms, lawyers, human resources, contractual partners, service providers Whenever we do so, we make sure that there is a good justification, that we will only transmit data that is strictly necessary for the purpose of the transmission, and that we try to ensure that the recipient provides a high standard of protection of personal data.
In the case of data processing activities carried out by a third party provider/supplier/partner/intermediary for the Company under a service contract of any kind concluded between Iridex and the respective third party (which is a processor of personal data from the point of view of the GDPR), these contracts are concluded in writing and include a number of specific clauses, whereby the respective third parties provide sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing complies with the requirements laid down in the GDPR and ensures the protection of the data subject's rights.
- Recipients for whom you request or give us agreement in this respect or persons who can demonstrate legal authority to act on your behalf;
- Any relevant person, agency, bailiff or court in Romania - to the extent necessary to establish, exercise or defend a right of ours;
- If it is our legitimate interest to do so in order to administer, expand or develop our business, for example if we sell or transfer all or part of our shares, our assets or our business (including in the event of our reorganisation, dissolution or liquidation), in which case personal data held by us will be one of the transferred assets - in which case potential purchasers will be bound by an obligation of confidentiality.
VII. HOW LONG AND HOW WE KEEP YOUR DATA
We keep your personal data only as long as we need it or as required by law.
Your data that is required for purposes related to the provision of our services will be stored for a period of 3 years after the termination of the service contract with Society.
Payment/invoicing data will be stored for a period of 10 years, in accordance with the Accounting Act No 82/1991.
Video surveillance data to ensure the security of goods and persons will be stored for a period of 30 calendar days in accordance with current legislation.
Processing for marketing purposes will take place for the duration of the contractual relationship with "Iridex" as well as after its termination. If you no longer want your data to be processed for marketing purposes, you can withdraw your marketing consent and your data will no longer be processed for marketing purposes from the moment of withdrawal.
If there is no legal requirement, we will only store them for as long as necessary to process the data for the purposes mentioned above.
Except as otherwise provided by law and as exemplified above, we will generally process your data for the duration of a contract between you and "Iridex", plus a period of 3 years after its termination.
We strive to ensure that data is kept secure. We use our own servers or those of other companies specialising in electronic archiving to store your data electronically.
We strive to use reasonable organisational, technical and administrative measures to protect personal data within Company ours.
To this end, we have adopted dedicated policies on physical and electronic security measures to protect our systems from unauthorised access and other possible security threats.
To the extent possible, we will anonymise data that we no longer need in a way that does not allow the identification of data subjects or apply pseudonymisation to limit the risks to the personal data processed.
VIII. WHAT YOUR RIGHTS ARE AND HOW YOU CAN EXERCISE THEM
We treat with seriousness and full commitment the rights you have in relation to our processing of your data. In short, your rights are as follows:
- The right to be informed. Where personal data is collected from you or obtained from another source, we have an obligation to inform you of the purpose of the use of this data and your rights.
- Right of access to data. You have the right to request information about the personal data we hold about you, including information about the categories of data we hold or control, what it is used for, the source from which we collected it if we obtained it indirectly, and to whom it is disclosed, if at all. We will provide you with a copy of your personal data upon request. If you request multiple copies of your personal data, we may charge you a reasonable fee based on administrative costs.
- Right to rectification of data. You have the right to have your data that we process or check corrected if they are not correct.
- The right to erasure of data ("right to be forgotten")You have the right to obtain from us the deletion of your data that we process or control. "Iridex" aims to process and store your data only for as long as necessary. We must comply with this request if we process your personal data, and if:
- personal data are no longer necessary for the purposes for which they were collected;
- you object to the processing for reasons relating to your particular situation;
- your data has been processed illegally;
- personal data must be deleted to comply with a legal obligation incumbent on us;
unless your data is still required:
- for the exercise of the right to free expression and information;
- to comply with a legal obligation we have;
- for archival purposes in the public interest, for scientific or historical studies or for statistical purposes; or
- to establish, exercise or defend a right in court.
- The right to restrict data processing. You can obtain from us the restriction of the processing of your personal data if:
- challenge the accuracy of your personal data, for the period we need to verify its accuracy,
- the processing is unlawful, but you object to the erasure of your personal data and request instead that their use be restricted,
- we no longer need your personal data but you request them for the establishment, exercise or defence of a legal claim, or
- you object to the processing, for the period of time during which we verify whether our legitimate interests outweigh yours.
- The right to object to the use of personal data. In certain circumstances, you have the right to object to the processing of your data by us or on our behalf. Where processing is not based on your consent but on our legitimate interests or those of a third party, you may object to the processing of your personal data at any time on grounds relating to your particular situation. In this case, we will no longer process your personal data, unless (a) we can prove compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (b) where the purpose is the establishment, exercise or defence of legal claims.
If you object to the processing, please specify whether you also want your personal data to be deleted, otherwise we will only restrict it.
You can always object to the processing of your personal data for marketing purposes based on our legitimate interest, whatever your reason. If the marketing was based on your consent, you can withdraw your consent.
- 7. Right to data portability. You have the right to receive your personal data that you have provided to us, and where technically feasible, to request that we transmit your personal data (that you have provided to us) to another organisation/clinic.
These two rights are rights that you have if, cumulatively: (a) we process your personal data by automated means, (b) we rely, in processing your personal data, on your consent or the processing of your personal data by us is necessary for the conclusion or performance of a contract to which you are a party; (c) your personal data is provided to us by you, and (d) the transmission of your personal data does not have an adverse effect on the rights and freedoms of other persons.
You have the right to receive your personal data in a structured, commonly used and machine-readable format.
Your right to receive personal data must not have a negative effect on the rights and freedoms of others. This could happen if a transfer of your personal data to another organisation also involves the transfer of personal data to other individuals (who do not consent to the transfer).
The right to have your personal data transmitted by us to another organisation is a right you have if such transmission is technically feasible.
- The right not to be subject to an automated decision (including profiling). You have the right not to be subject to a decision based solely on automated processing (including profiling) that is legally binding on you or that significantly affects you.
This right will not apply in the following exception situations, where the automatic decision:
- (a) is necessary for the conclusion or performance of a contract between the data subject and Society;
- (b) is authorised by Union law or national law applicable Company and which also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or
- c) is based on your explicit consent;
In the situations in points a) and c) of this paragraph, the Company is obliged to implement appropriate measures to protect your rights, freedoms and legitimate interests, at least your right to obtain human intervention by Society, to express your point of view and challenge the decision.
- Right to withdraw consent. Where we process your data on the basis of your consent, you have the right to withdraw your consent; you can do so at any time, at least as easily as you originally gave us your consent. Withdrawal of consent will not affect the lawfulness of the processing of your data that we carried out prior to withdrawal.
- The right to lodge a complaint with the supervisory authority. If you have a complaint about the way we process your data, we would prefer that you contact us directly so that we can resolve your problem. However, if you still have a complaint, you can contact the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro):
Address. Gheorghe Magheru, Bucharest, Romania;
Phone: 40.318.059.211/ +40.318.059.212
Fax: +40.318.059.602;
E-mail: anspdcp@dataprotection.ro
- The right to take legal action. At the same time, it is important to note that if you consider that your rights under the Regulation have been infringed as a result of the processing of your personal data in breach of its provisions, and without prejudice to your right to lodge a complaint with the supervisory authority, you have the right to apply to the courts for a review of your complaint by lodging an appeal against Company.
To exercise one or more of these rights or to ask any questions about any of these rights or other aspects of our processing of your data, you can do so by sending a written, signed and dated request to the e-mail address: dpo@iridex.ro. Printed forms are also available at our office, which you can fill in to request the exercise of one or more of the above rights.
We will endeavour to respond to your request within one month, which may be extended by two months for specific reasons related to the specific right invoked or the complexity of your request. In any case, if this period is extended, we will inform you of the extension period and the reasons for the extension.
In some situations, we may not be able to grant you access to all or part of your personal data due to legal restrictions. If we deny your request for access, we will notify you of the reason for the denial.
In some cases, we may not be able to identify your personal data because of the identifiers you provide in your application. In such cases, if we cannot identify you as a data subject, we may not act on your request under this section unless you provide us with additional information that allows us to identify you. We will inform you and give you the opportunity to provide us with such additional details.
- COOKIE-URI
A cookie is a string of information that a website stores on a visitor's device and that the visitor's browser provides to the website each time the visitor returns. Because the browser provides this cookie information to the site on each visit, cookies serve as a kind of tag that allows a site to "recognize" a browser when it returns to the site. For more details, please visit: http://ro.wikipedia.org/wiki/Cookie
Cookies store information about your activities on a website or other platform. For example, cookies may store session information to easily log you in to a website or other platform you have previously visited.
The information we may collect with these automated methods may include, for example, your IP address, user code, browser type, system type, the content and pages you access on our sites or services, the frequency and duration of your visits to the site.
Website Company, https://iridex.ro, uses cookies to keep your login valid for a long time, to remember your browsing and site usage preferences, to monitor the total number of visitors and pages viewed, to administer, use and improve the site and the Company's other services and systems, and to provide services and content that are tailored to you.
Facebook also uses cookies on this site. For more details, please visit: https://www.facebook.com/help/cookies/
If you have agreed to the inclusion of cookies in your browser via the banner on the first page of the website, please note that your consent can be withdrawn at any time. Current browsers (web browsers) offer the possibility to set/deactivate cookies. To do this, generally go to the Options or Preferences tab.
However, if you do not accept cookies, you may not be able to use all portions of our site or all of its functionality.
Please note that disabling these technologies may interfere with the performance and features of the services offered.
- AMENDING AND UPDATING THE PRIVACY POLICY
We reserve the right to change our data protection practices when we deem it appropriate and to update and amend this notice at any time. For this reason, we encourage you to periodically review this notice.