PERSONAL DATA PROCESSING POLICY

SC GRAFOPRINT SRL will ensure that it respects the confidentiality of your data and, therefore, SC GRAFOPRINT SRL undertakes to protect any information that identifies or may contribute to the identification of a natural person ("personal data") that it collects, processes and/or to which it has access.

The manner in which personal information is collected, processed and shared depends on the purposes and legal grounds for the collection and processing of this data, as well as on the specific consent given by you.

This website, https://grafoprint.ro/ , is provided and administered by SC GRAFOPRINT SRL, based in Chișoda, DN59 KM8, Timiș county, registered at ORC Timiș under no. J35/1536/1991, having CUI 2482984, tax attribute RO, phone: 0728.988.306, email: grafoprint@grafoprint.ro.

Through this Policy on the protection of personal data (hereinafter referred to as the "GDPR Policy") we want to ensure that you have access to adequate information regarding the collection and processing of your personal data, as provided for by the regulations in force regarding the protection of personal data.

This Personal Data Processing Policy can be supplemented with other terms and conditions that apply on this website or to which you have given your consent by interacting with us.

What is personal data?

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.

What does the processing of personal data mean?

"Processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy.

What data do we process?

In order to communicate materials for marketing purposes, we process the following personal data: e-mail address, name and surname, no. phone. Please do not provide us with any other personal data.

GRAFOPRINT collects personal data of job candidates, employees, customers, supplier representatives / prospects, associates, administrators, website users, etc.

Basis and purposes of personal data processing

Personal data provided with your consent will be collected and processed by us exclusively for the purpose for which it was provided to us.

Who has access to your data?

The personal data submitted by you is processed only by GRAFOPRINT and will not be communicated to other third parties without your explicit consent, except in cases where there is a legal/contractual obligation on our part to disclose this data.

Please keep in mind that the website https://grafoprint.ro/ may contain access links to other sites that may have a different personal data processing policy than GRAFOPRINT, the subscriber not assuming responsibility for information submitted or collected by these third parties.

Depending on the context, there is the possibility of finding ourselves in the situation of needing to provide information, both globally and internally or externally, to our partners with whom we transfer data in compliance with the provisions of Regulation 679/2016, by virtue of ensuring the most professional services . Information controlled by GRAFOPRINT may be transferred, transmitted, stored or processed in the EU or in countries other than the country in which you are a resident, for the purposes described in this policy.

How long is your data stored?

The personal data provided by you will be processed and stored for the maximum period required by applicable laws. So:

• If you want to send us various requests (emails requesting offers, questions about some products) we keep your personal data for a period of time that will not exceed 2 years from the last correspondence sent.
• Where you have given us consent to use your personal data for marketing purposes, we retain this data until you ask us to delete it, or after a period of inactivity; In this regard, we inform you that the data stored in our database for communications for direct marketing purposes is deleted after a period of 10 years has passed since the last interaction with you.
• If cookies are stored on your computer, we keep them for as long as necessary to achieve the purposes and for a period defined in accordance with legal regulations. We note that the data processed by the cookie modules (to provide us with online behavioral advertising, to allow the distribution of our content on social media sites, etc.) will be kept for a maximum period of 10 years from their collection based on your consent.

GRAFOPRINT will review the need to continue to retain your personal data. Every year we analyze the data collected and processed, in order to filter, sort and maintain the processing only for the data in which the purpose of the processing is current.

We delete your personal data within a specified period of time: We delete your data at the time one year from the date on which your relationship with us ends (the clause applicable in the case of job advertisements or other types of contracts, from the time at which you no longer have a valid contract with us). We delete your data when you ask us to do so, with the exception of data whose provision and processing is required by a legal provision, which we delete within the term provided for by law.

What are your rights?

You have a number of rights under applicable data protection regulations.

1. The right to access data. You have the right to obtain confirmation that your personal data is or is not being processed by us. In addition, you have the right to obtain more detailed information regarding the personal data stored and its processing by us and, in certain circumstances, you have the right to obtain a copy of such personal data.

2. The right to rectification of data. You have the right to request the rectification of incorrect personal data and, taking into account the purpose for which they are processed, to request the completion of missing personal data.

3. The right to data deletion. In certain cases, you have the right to have your personal data deleted without undue delay. These circumstances include:

• when the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
• when you withdraw your consent to consent-based processing;
• when the processing is for direct marketing purposes;
• when personal data have been processed without complying with the legislation in force.

There are certain general exceptions to the right to data erasure. These general exemptions include cases where processing is necessary:

• for exercising the right to freedom of expression and information;
• to fulfill legal obligations;
• for the establishment, exercise and defense of legal claims.

4. The right to restriction of processing. In certain situations, you have the right to restrict the processing of your personal data. Where processing has been restricted, we may continue to store your personal data. Otherwise, we will only process them when:

• we have your consent;
• are necessary for the establishment, exercise or defense of legal claims;
• are necessary to protect the rights of another natural or legal person;
• for reasons of public interest.

5. The right to data portability. You have the right to move, copy, transfer the data that interests you from our database to another database. This only applies to data you have provided to us, where the processing is based on your consent or on the basis of a contract and is implemented by automated means. However, this right does not apply where its exercise would adversely affect the rights and freedoms of others.

6. Right to opposition. You can object at any time to the processing of your data when such processing is based on a legitimate interest.

7. The right to withdraw consent. To the extent that the legal basis for data processing derives from your consent, you have the right to withdraw that consent at any time. The withdrawal of the consent given by you does not affect the lawfulness of the processing based on the consent before its withdrawal.

8. The right to disable cookies – you have the right to disable cookies in the settings of internet browsers which are usually programmed by default to accept cookies. Many modules are used to enhance the usability or functionality of websites, so disabling cookies may prevent you from using certain parts or applications of the websites. If you wish to restrict or block all cookies set by our website / our applications, you can do so by changing your browser settings.

8. The right to complain to the data protection supervisory authority. You have the right to lodge a complaint with your local data protection supervisory authority at any time.

The data protection supervisory authority in Romania is:

The National Supervisory Authority for the Processing of Personal Data

Address: Bld. General Gheorghe Magheru, 28-30, sector 1, 010336, Bucharest, Romania

Phone: +40318059211

Website: http://www.dataprotection.ro/

GRAFOPRINT does its best to protect your personal data and to comply with the data protection regulations in force. If you have any dissatisfaction with the processing and protection of your personal data or with the information we have provided you, we encourage you to notify us so that we can improve the services. Please also feel free to contact us when you want to exercise your rights.

Please contact us using the contact details at the beginning of this document. We also ask that you provide us with the information relevant to processing your request, including your full name and email address, so that we can identify you. We will process your request without undue delay.

How is your data stored?

The processing of personal data is carried out by automatic/manual means, in compliance with legal requirements and under conditions that ensure security, confidentiality and respect for the rights of the persons concerned.

All documents containing personal data are registered and follow the rules for keeping, processing, multiplying, transporting, transmitting, destroying and archiving established by the legal regulations in force and by internal procedures.

Legal requests

GRAFOPRINT accesses, maintains and provides your information to regulatory authorities, law enforcement agents or other entities:

• In response to legal requests when the law requires us to do so.
• When we believe in good faith that it is necessary to detect, prevent and respond to acts of fraud, to protect us (including our rights, property and materials), you and others, including in as part of investigations or inquiries by regulatory authorities. The information we receive about you may be stored for a longer period of time when it is subject to a legal request or legal obligation.

How do you access your data?

You can modify the data provided or request information about the processing of your personal data, including requests to exercise your rights by sending an email to the following address: grafoprint@grafoprint.ro.

GRAFOPRINT will provide the information in electronic format when possible, unless you request another format.

The information provided, as well as any communication to be sent in electronic format and the measures taken by you in exercising the above rights, are provided by GRAFOPRINT free of charge. However, if the requests made by you are unfounded or excessive, in particular due to their repetitive nature, GRAFOPRINT may:

• or charge a fee taking into account administrative costs for providing the information or communication or for taking the requested action;
• or refuse to comply with the request.