1. INTRODUCTION
C2S GEOPHYSICS SRL as author, owner and
administrator of the website www.c2sgeo.com, hereinafter referred to as C2S
GEOPHYSICS, respects the privacy and security of personal data processing of
each person accessing its website.
1.1 CONTEXT OF THE GENERAL DATA PROTECTION
REGULATION (“GDPR”)
The General Data Protection Regulation 679/2016
replaces the 1995 EU Data Protection Directive and replaces the legislation of
each Member State, which was developed in accordance with Directive 95/46 / EC
on data protection. Its purpose is to protect the “rights and freedoms” of
individuals and to ensure that personal data are not processed without their
knowledge and that they are processed with their consent.
1.2 DEFINITIONS USED BY THE ORGANIZATION
(EXTRACTS FROM GDPR)
Material domain (Article 2) – GDPR applies to the
processing of personal data, carried out in whole or in part by automated
means, as well as to the processing by means other than automated of personal
data, which are part of a data record or which are intended to be part of a
data record system.
Territorial scope (Article 3) – The GDPR applies
to the processing of personal data in the course of the activities of the
premises of an controller or a person authorized by the controller in the
territory of the Union, whether or not the processing takes place in the Union.
This Regulation shall apply to the processing of personal data of data subjects
located in the Union by an operator or a person authorized by the controller,
who is not established in the Union, where the processing activities are
related to:
a) the provision of goods or services to such
data subjects in the Union, whether or not a payment is requested by the data
subject;
b) monitoring their behavior if it occurs within
the Union.
This Regulation shall apply to the processing of
personal data by an controller who is not established in the Union but in a
place where domestic law is applied under international law.1.3 DEFINITIONS OF
ARTICLE 4
“Headquarters” – the operator’s head office in
the EU will be the place where the controller takes the main decisions on the
purpose and means of his data processing activities. The main seat of an EU
representative will be its administrative center.
“Personal data” means any information relating to
an identified or identifiable natural person (“data subject”); an identifiable
natural person is a person who can be identified, directly or indirectly, in
particular by reference to an identifying element, such as a name, an identification
number, location data, an online identifier, or one or more many specific
elements, specific to his physical, physiological, genetic, mental, economic,
cultural or social identity.
“Special categories of personal data” – personal
data revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs or trade union membership and processing of genetic data,
biometric data for the unique identification of a natural person, health data
or data on the sexual life or sexual orientation of an individual.
“Operator” means the natural or legal person,
public authority, agency or other body which, alone or together with others,
establishes the purposes and means of the processing of personal data; where
the purposes and means of processing are determined by Union or national law,
the controller or the specific criteria for its designation may be laid down in
Union or national law.
“Data subject” – any natural person who is the
subject of personal data held by an organization.
“Processing” means any operation or set of
operations performed on personal data or personal data sets, with or without
the use of automated means, such as the collection, recording, organization,
structuring, storage, adaptation or modification, extracting, consulting,
using, disclosing by transmission, dissemination or otherwise making available,
aligning or combining, restricting, deleting or destroying.”Profiling” means
any form of automatic processing of personal data, which consists in the use of
personal data to assess certain personal aspects of an individual, in
particular to analyze or predict performance issues in the field of personal
data. work, economic situation, health, personal preferences, interests,
reliability, behavior, location of the individual or his travels.
“Violation of the security of personal data”
means a breach of security, which accidentally or unlawfully leads to the
destruction, loss, alteration, or unauthorized disclosure of personal data
transmitted, stored or otherwise processed, or to unauthorized access to them.
“Consent” of the data subject means any
manifestation of free will, specific, informed and unambiguous of the data
subject, by which he accepts by a statement or by an unequivocal action, that
the personal data concerning him be processed.
“Child” – GDPR defines a child as any person
under the age of 16, although this may be reduced to 13 years by the law of the
Member States. The processing of a child’s personal data is legal only if the
consent of the parents or guardians has been obtained. The operator will make
reasonable efforts to verify, in such cases, whether the holder of parental
responsibility over the child grants or authorizes the agreement.
“Third party” means a natural or legal person,
public authority, agency or body other than the data subject, the controller,
the controller and persons who, under the direct authority of the controller or
controller, are authorized to process data with personal character.
“Data record system” means any structured set of
personal data accessible according to specific criteria, whether centralized,
decentralized or distributed according to functional or geographical criteria.
2. PRIVACY STATEMENT
C2S GEOPHYSICS management based in Str.
Sângerului, no. 11, Bucharest, Sector 1, undertakes to comply with all relevant
EU and Member State laws on personal data and the protection of the “rights and
freedoms” of persons whose information is collected and processed by C2S
GEOPHYSICS, in accordance with the General Regulation on data protection
(GDPR).
Compliance with the GDPR is described by this
policy and other relevant policies, such as the Information Security Policy,
together with related processes and procedures.
The General Data Protection Regulation (GDPR)
will be applied by all persons within C2S GEOPHYSICS who process personal data,
including all persons within C2S GEOPHYSICS who process the personal data of
customers, employees, suppliers and partners, as well as any other personal
data on which the organization processes from any source.
The Data Protection Officer is responsible for
the annual review of the processing log of any changes to C2S GEOPHYSICS’s
activities (as a result of changes in the data inventory log) and any
additional requirements identified by data protection impact assessments. This
register must be available at the request of the supervisory authority.
This policy applies to all C2S GEOPHYSICS
employees / staff and stakeholders, such as outsourced providers. Any breach of
the GDPR will be dealt with in accordance with C2S GEOPHYSICS’s disciplinary
policy and may also be a misdemeanor, in which case the matter will be reported
to the competent authorities as soon as possible.
Partners and any third parties working with or
for C2S GEOPHYSICS and who have or may have access to personal data are
expected to have read, understood and complied with this policy. No third party
may access personal data held by C2S GEOPHYSICS without first concluding a data
confidentiality agreement, which imposes on the third party obligations no less
onerous than those complied with by C2S GEOPHYSICS and which gives C2S
GEOPHYSICS the right to verify compliance with the agreement.
We may also collect and further process certain
information about your behavior while visiting our website in order to
personalize your online experience.
3. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL
DATA
The personal data we collect from you will be used
for the following purposes:
Name and surname, E-mail address, Telephone
number, Address, for direct marketing purposes:
-Guaranteing access to information, tools,
resources dedicated to members of the C2S GEOPHYSICS community;
-Transmission of additional information regarding
our activity and / or services;
-Cookies with statistical analysis to improve the
operation of our site – Google Analytics;
-Essential cookies in order to comply with legal
requirements established in different jurisdictions around the world – Clym.
Name and surname, CNP, Parent’s first name and
Place of birth (only for training services cf GEO 129/2000), E-mail address,
Telephone number, for the purpose of Contracting in order to provide services
(including ANC authorized training services in based on GEO 129/2000,
information and professional counseling services (labor mediation) and
reporting to the control authorities in the field, to which according to the
law we transfer your data, respectively the Technical Secretariat of ANC, AJOFM.
Name and surname, Correspondence address,
Telephone number in order to send you the correspondence requested by you.
The data collected through the electronic
platform is stored in our internal server, thus applying the principles of data
privacy (Privacy Shield EU-US).
Your consent is required for C2S GEOPHYSICS to
process your personal data, and this must be given explicitly.
You can withdraw your consent at any time by
requesting the withdrawal form at the e-mail address office@c2sgeo.com.
4. WHY DOES C2S GEOPHYSICSE NEED TO COLLECT AND
STORE THE INFORMATION YOU PROVIDE AND HOW LONG DOES IT KEEP IT?
C2S GEOPHYSICS is obliged to process and store
your personal data, in order to provide you with services in conditions of
legality and high quality. During the provision of services, with your consent,
we will transfer your data to third parties in order to fulfill legal
obligations (ANAF, ANC, AJOFM).
Your data will be kept for as long as the
legislation in force requires. Unless explicitly stated, in accordance with
ISO27001 and for a storage period in accordance with the Internal Data
Retention Procedure, but not more than 10 years.
5. WHO HAS ACCESS TO THE DATA PROVIDED?
Access to your personal data is held by C2S
GEOPHYSICS employees or third party processors, as described in point 2 –
Privacy Statement of this Policy. We do not offer anyone access to personal
data without your consent.
6. WHERE IS THE DATA PROVIDED BY YOU?
The personal data provided are stored in the
territory of the EEA, in accordance with the requirements of the General Data
Processing Regulation (EU GDPR).
7. COOKIES USED BY THE C2S GEOPHYSICS SITE
This site uses the following categories of
cookies:
Essential cookies – help to create a website,
allowing basic functions such as page navigation and access to the secure areas
of the website. The website cannot function properly without these cookies. It
also helps us comply with legal requirements, such as the GDPR.
Statistical cookies – collect information about
how visitors use a website. We use them to improve the operation of our site.
However, some of them may be third-party cookies, and the data we collect may
be used for purposes unknown to us, as the owner of the site. Please refer to
the privacy policy of third-party processors, namely: Microsoft Corporation,
JotForm, SpeedExam, Google Analytics and Clym.
Functional cookies – allow the site to remember
the choices you make and provide enhanced functionality (such as support). Some
of them may be third-party cookies and the data we collect may be used for
purposes unknown to us, as the owner of the site. Please refer to the privacy
policy of third-party processors, namely: Microsoft Corporation, JotForm,
SpeedExam, Google Analytics and Clym.
Social cookies – allow us to use the buttons and
widgets provided by social networking services and other third parties and the
chat function. They set cookies, which allow visitors to post links, appreciate
or comment on a site through the network, or use the chat function through
Facebook Messenger. They also allow visitors to be tracked on other sites,
which have the same types of built-in features. Please see Facebook Inc.’s
privacy policy.
Remarketing cookies – to advertise on other
websites to users who have visited www.c2sgeo.com. Google will display ads on
the websites that www.c2sgeo.com users access, and Facebook will display them
on its platforms (Facebook, Messenger, Instagram). These displayed ads are
based on a user’s previous visits to the site www.c2sgeo.com using cookies. If
you wish to opt out of the remarketing cookies used by Google, you may choose
to stop using Google Marketing Platform cookies by accessing the Google
Marketing Platform opt-out page, the Network Advertising Initiative opt-out
page, or your Facebook Advertising Preferences.
8. SECURITY OF YOUR DATA
C2S GEOPHYSICS has an Information
Security Management System according to ISO / IEC 27001: 2013. All
employees are responsible for ensuring that all personal data that C2S
GEOPHYSICS holds and is responsible for is kept secure and is not disclosed in
any way to a third party unless that third party has been specifically
authorized by C2S GEOPHYSICS. C2S GEOPHYSICS to receive this information and
has concluded a confidentiality agreement.
All personal data is accessible only to those who
need to use it. All personal data is processed securely and stored as follows:
-in a closed room with controlled access and / or
-in a closed drawer / cupboard and / or
-if they are stored on computers, stored and
backed up in the Cloud, password protected and access rights, in accordance
with the requirements of the organization’s Internal Access Control Policy and
/ or
-stored on (removable) media that are encrypted.
All employees have entered into a user agreement
before being allowed access to organizational information of any kind. As soon
as the physical records are no longer required for everyday customers, they are
safely destroyed in accordance with the internal procedure and legislation in
force.
Personal data may be deleted or deleted in accordance with the record keeping procedure and in accordance with applicable law. Physical records that have expired are destroyed using a P3 minimum level shredder.