In principle, the use of the websites of Alu Design Construction Civile SRL. it is possible without the provision of personal data. If a data subject wishes to request special services of our company through our website, it may still be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we obtain the consent of the data subject.
Alu Design is a company specialized in complete design services in the field of constructions, acting successfully in the field of design, structuring, and facades.
The privacy statement of ALU DESIGN CONSTRUCTION CIVILE S.R.L. is based on the terms used by the European legislative and regulatory authority when adopting the General Data Protection Regulation (GDPR). Our privacy statement should be easy to read and understand for both the public and our customers and business partners. To ensure this, we want to explain in advance the terms used.
We use certain terms in this privacy statement, including but not limited to:
a) Personal data: All information relating to an identified or identifiable natural person (hereinafter referred to as "data subject") constitutes personal data. A natural person is considered to be identifiable which can be identified directly or indirectly, in particular by associating with identification information such as a name, identification code, location data, online identifier or one or more special characteristics, which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data subject: The data subject is any identified or identifiable natural person, whose personal data is processed by the operator.
c) Processing: Processing means any operation performed with or without the aid of an automated procedure or any series of such operations regarding personal data, such as recording, organizing, ordering, storing, adapting or modifying, reading, querying, using, disclosure by transmission, dissemination or any other form of supply, comparison or binding, limitation, deletion or destruction.
d) Processing limitation: Processing limitation is the marking of stored personal data, with the purpose of limiting their future processing.
e) Profiling: Profiling is any type of automatic processing of personal data consisting of the use of such personal data in order to evaluate certain personal aspects relating to a natural person, especially in order to analyze or predict aspects related to work performance, economic situation, health status, personal preferences, interests, reliability, behavior, residence or change of address of the respective natural person.
f) Pseudonymisation: Pseudonymization is the processing of personal data in a way in which personal data can no longer be associated with a particular data subject without obtaining additional information, insofar as this additional information is kept separately and is subject to technical and organizational measures that guarantee that personal data is not associated with an identified or identifiable natural person.
g) Operator: The operator is a natural or legal person, an authority, an institution or another body that decides alone or together with others on the purposes and means of processing personal data. If the purposes and means of such processing are laid down by EU law or by the laws of the Member States, the operator may, respectively, the criteria for its appointment may be provided by EU law or the laws of the Member States.
h) Operator authorized person: The person authorized by the operator is a natural or legal person, an authority, an institution or another body, which processes personal data on behalf of the operator.
i) Recipient: The recipient is a natural or legal person, an authority, an institution or another body, which makes public the personal data, whether or not a third party. However, authorities that may receive personal data in a particular investigation request in accordance with EU law or Member State laws are not considered as recipients.
j) Third party: The third party is a natural or legal person, an authority, an institution or another body, with the exception of the data subject, the operator, the operator authorized person and the persons who are authorized to process personal data under the direct responsibility of the operator or of the operator authorized person.
k) Consent: The consent represents any voluntary manifestation of will, specific and informed, in the form of an unequivocal statement or other confirmatory act, by which the data subject understands that he/she agrees to the processing of the personal data concerning him/her.
Operator’s name and address
The operator within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection provisions is: ALU DESIGN CONSTRUCTION CIVILE SRL (“ALU DESIGN”), Bucharest, sector 2, 58 Blvd Ferdinand I, entrance C, 1st floor, room 2, VAT# 28751040, reg. code J40/8063/01.07.2011, e-mail email@example.com.
Information automatically collected by our website
We limit the information we collect only to what is necessary to ensure the proper functioning of the website and the production of traffic statistics for our site. You are not required to log-in, register or provide personal information about you in order to use our website.
When you access our website, we collect the following information:
- Internet Protocol address ("IP address"). IP addresses are assigned by your Internet Service provider (e.g. RCS-RDS/Telekom, UPC, etc.) to the modem used to access the Internet for devices connected to your home and/or workplace. All devices that use the modem to access the Internet can broadcast the same IP address. At home, connected devices can include one or more laptop/desktop computers, tablets, mobile phones, smart/connected TVs and game consoles. At work, connected devices may include one (or all) floor(s) in an office building. Our website receives from your web browser (e.g. Microsoft Explorer, Mozilla Firefox or Google Chrome) the IP address whenever you request a file or web page.
- User Agent. Due to the way the Internet works, we may receive information (known as a "User Agent") automatically sent by your web browser, such as data associated with your Internet browser/content delivery software (e.g. Microsoft Explorer, Mozilla Firefox, or Google Chrome) and the operating system used on your device (e.g. Windows, Mac OS, or Linux). The User Agent information we receive may also include information such as device type (e.g. computer, tablet, mobile device) and/or the date/time of your visit.
If you use the contact information provided on our website to contact us directly, we will receive your contact information which may include, depending on how you contact us, your email address, name, company, reason for contact and postal address.
How we use the information that we collect
- Analysis/Statistics: We may use aggregated collected information to understand general information and trends related to our website, such as the number of users who have visited our website in a given time and the types of devices used by them. The information cannot be used to identify a person and is used by us to help improve the consumer solution.
- Answer to questions: If you choose to contact us directly (via email, a form or by mail) using the contact information we provide on our website, we will use your contact information to respond to your request;
- To comply with the legal or contractual obligations.
Difference between personal information and aggregate information
Personal information is information that can be used to identify a particular person, generally understood to be information such as your name, physical address, email address and telephone number. Aggregated information is not considered personal information and cannot be used to identify you.
Whom we share collected information with
- We will not rent, sell or distribute information about you to other non-affiliated persons or companies;
- We may share aggregate information (ie, information that cannot be used to identify a person) for several reasons, including in the following circumstances:
- To improve our services;
- If Alu Design is purchased or merges with another company, the aggregate information will be transferred to the new company;
- We may share aggregate information, if necessary, in order to comply with a summons or a court decision, to establish or exercise our legal rights or to defend against legal claims or to cooperate with government officials and/or law enforcement agencies;
- o For any legal basis.
What about the cookies?
Do we collect your e-mail address?
We do not ask you to send us your e-mail address or any other personal information in order for you to use our website. If you use the information provided on https://aludesign.com to contact us directly (for example, by emailing us at firstname.lastname@example.org), we will receive your contact information, but we will use them only to respond to your request. If you fill out an online form on our website, we receive your email and we can store that email and the associated contact information for up to 12 months.
Your rights regarding the processing of personal data and how you can use them
In accordance with the applicable regulations, you have the following rights:
- Access: you can obtain information regarding the processing of your personal data and a copy of this personal data;
However, your access to the processed data may be exercised only to the extent that it does not prejudice the rights and freedoms of other persons;
- Rectify: if you believe that your personal data is inaccurate or incomplete, you may request that the personal data be modified accordingly;
- Delete: you may request the deletion of your personal data, in accordance with the obligations provided by the legislation in force;
However, the data will not be deleted when processing is necessary for:
- the exercise of the right to free expression and information;
- compliance with a legal obligation which provides for processing under EU law or national law that applies to the company or for the performance of a task related to the public interest;
- for finding, exercising or defending a right in court.
In addition, when Alu Design has made public in any context the data whose deletion is requested and you request the deletion of data from any recipients, the data will be reasonably kept by appropriate (including technical) measures to ensure the data recipients are informed of such a request.
- Restrict: you may request the restriction of the processing of your personal data, ie its limitation strictly to the processing that you agree with and/or strictly to the necessary processing for the purpose of finding, exercising or defending a right in court or for the protection of the rights of another natural or legal person or for reasons of public interest of the EU or a Member State;
The restriction applies when:
- you challenge the exercise of the data for a period that allows us to verify the accuracy of the data;
- processing is illegal and you oppose the deletion of personal data, asking instead to restrict their use;
- Alu Design no longer needs your personal data for the purpose of processing, but you ask us to find, exercise or defend a right in court;
- you have objected to the processing, in accordance with the legal provisions governing your right to opposition, for the period of time in which it is ascertained whether our legitimate rights prevail over yours.
- To oppose the processing of data: you can oppose, for reasons related to the particular situation in which you are, processing under art. 6 paragraph 1 e) and f) of Regulation no. 679/2016, as well as, in the case of data processing for direct marketing purposes, in the latter case without the need for motivation and justification;
In this situation, we will no longer be able to process your personal data, unless we demonstrate the existence of legitimate and compelling reasons that justify processing and prevail over your interests, rights and freedoms or that the purpose of processing is finding, exercising or the defense of a right in court.
- Right to notify the recipients of the rectification, deletion or restriction of personal data: the recipient to whom your personal data has been disclosed will be informed of any rectification or deletion of them as well as of any restriction on the retrieval;
- Right to data portability: You have the right to request that the personal data you have provided to us be returned to you or, if possible, transferred to a third party, if the following conditions are cumulatively fulfilled:
a) the processing is based on a consent or is necessary for the implementation of a contract to which you are a party or to carry out actions at your request before the conclusion of a contract; and
b) it is made by automatic means (not in physical/paper form, but by any automated means).
- Right not to be subjected to automated decisions, including profiling- you have the right that your personal data will not be processed in the context of automated decisions:
Data processing for automated decision making is allowed when:
- it is necessary to fulfill the object of activity of the company and/or to conclude or implement a contract between you and Alu Design;
- it is authorized by EU or national law that applies to Alu Design and also provides for appropriate measures to protect your legitimate rights, freedoms and interests; or
- you have expressly consented to such processing.
You can exercise your above-mentioned rights and you can learn more about such rights by filing in with us, as data controllers, a written request to ALU DESIGN CONSTRUCTION CIVILE - Bucharest, Sector 2, 58 Blvd Ferdinand I, entrance C, 1st floor, room 2, or by emailing us to email@example.com. In order to identify and prevent unauthorized disclosure of your data, please include a scan/copy of your ID certified by you to be original.
- • In accordance with the applicable regulation, in cases where you find that your rights regarding the processing of personal data have been violated, in addition to the above rights you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing - Gheorghe Magheru Boulevard no. 28-30, Bucharest, Romania, Phone: +40.318.059.211; +40,318,059,212; Fax. +40,318,059,602; http://www.dataprotection.ro or/and to the courts having jurisdiction.
Data protection in the case of applications and the selection procedure
The operator collects and processes the personal data of the applicants in order to carry out the selection procedure. The processing can also be done electronically.
This is especially the case when an applicat submits the appropriate application documents to the operator electronically, for example by e-mail or through a web form which can be found on the Internet. If the operator concludes an employment contract with the applicant, the data transmitted shall be stored for the purpose of carrying out employment relationships in compliance with the legal provisions. If the operator does not enter into an employment contract with the applicant, the application documents will be automatically deleted within twelve months from the notification of rejection, insofar as the deletion does not go against other legitimate interests of the operator.
Legal grounds when we process personal data
Alu Design may base the processing of your personal data on any (one or more) of the following legal grounds:
- Consent: the data subject has given his consent to the processing of his personal data for one or more specific purposes.
- Execution of a contract: processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before the conclusion of a contract.
- Compliance with legal obligations: processing is necessary to comply with the operator’s obligations that come from laws or other regulations.
- Vital interests of the data subject: processing is necessary to protect the vital interests of the data subject or of another natural person.
- Public interest or public authority: processing is necessary for the performance of a task that serves a public interest or which results from the exercise of the public authority with which the operator is invested.
- Legitimate interest of the operator: processing is necessary for the legitimate interests pursued by the operator or by a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which involves the protection of personal data.
In cases where the applicable legal provisions require your prior and explicit consent for the processing of special categories of data, we will process the respective data only on the basis of your prior and explicit consent.
At any time, you have the right to withdraw your consent. Withdrawing your consent will not affect the legality of the processing on the basis of consent given before its withdrawal. In order to withdraw your consent for any processing you have previously consented to, please email us at firstname.lastname@example.org or send us a notification to ALU DESIGN CONSTRUCTION CIVILE SRL ("ALU DESIGN"), Bucharest, sector 2, 58 Blvd Ferdinand I, entrance C, 1st floor, room 2, VAT# 28751040, reg. number J40/8063/01.07.2011.
Keeping the your personal data while necessary to process it
Alu Design complies with its obligations under the national law and the GDPR through actions such as:
- Updating of personal data
- Their safe storage and destruction
- Avoiding collecting or storing excessive amounts of data
- Applying appropriate technical measures for the personal data protection
- Protecting personal data against loss, misuse, unauthorized access and disclosure.
Technical and organizational measures have been implemented at Alu Design to maintain the confidentiality and security of your personal data, in accordance with our internal procedures regarding the storage, disclosure and access of personal data. Personal data can be kept on our personal data IT systems and/or in hard copy, in special rooms at each department or according to the specific activity of each one.
Transfer of your personal data abroad
We may transfer your personal data to countries within the EU, EEA or other countries.
In such case, we will ensure that these international transfers are made subject to appropriate safeguards as required by General Data Protection Regulation (EU) 2016/679 or other applicable laws.
Personal data that you provide for other natural persons
If, for any reason, you provide us with personal data regarding another natural person, you must ensure that you have the right to disclose such personal data and that, without taking further measures, we may collect, use and disclose that personal data.
In particular, you must make sure that the person in question is aware of things such as: our identity, how he can contact us, why we collect data, our data disclosure policy; the rights of the natural person with regard to personal data and the right to file complaints regarding personal data management.
Your information pertaining any security breach
Please be assured that we have trained the persons involved in data processing so that they can identify the security breaches and bring them to the attention of the persons in charge in order to take the necessary measures to analyze and limit the consequences of such security breach and, as the case may be, to notify the supervisory authority and possibly the data subjects.
Our company will notify about those security breaches whose notification is obligatory (likely to generate a risk for the rights and freedoms of the data subjects) to the Supervisory Authority for Personal Data Processing.
In cases where the notification of the authority is obligatory, this will be done without delay, in principle no later than 72 hours from the date when the operator became aware of the breach.
When preparing the notification, the operator will seek to protect the confidentiality of the information provided by you, meaning that they will provide the authority with details about the categories and number of affected persons, without compromising the confidentiality of the received data.
In case of a security breach, we will inform you in order to be able to take protective measures, in principle no later than 72 hours from the date on which we became aware of the breach.
You will be notified only if the security incident is likely to create a high risk for your rights and freedoms.
If the specific circumstances do not require another approach, the information will be made through direct communication, using an appropriate communication channel (e-mail, SMS, etc.).
As an exception, only in the case where direct contact would involve a disproportionate effort, public information channels may be used.
We guarantee that you will be informed of any new developments related to the incident and of the measures we will take in connection with it, in consultation with you to limit the consequences and prevent its recurrence.
With respect to each violation, we will assist you in any way, including the provision of sufficient information, as well as support in the investigations conducted by the regulatory authority, with a view to remedying and investigating the breach, to prevent future incidents, limit the impact of the incident on the involved parties and/or limit the damage to you as a consequence of the security breach.
Latest revision: 5 Aug 2019