- Objective and Purpose
- Definitions
- Legal terms that we use when processing your personal information
- Personal data recipients
- Purpose of data processing
- Obtaining data
- Cathegories of personal data processed and it nature
- Using personal data
- Your rights as data subject
- Other rights of data subject
- Claims and questions
- Requests regarding access to personal data
- Overview
The goal of the present Politics of Confidentiality and Protection of Personal Data (referred to as Policy) is to establish specifics regarding the measures implemented by ERSA ATELIER S.R.L. (referred to as ERSA) that protect confidential data, including the personal data that the company uses, as well as the methods for collecting, using, storing, and transmitting it in relation to its partners and data subjects.
The present Policy of Confidentiality and Data Protection Personal Data applies to the information we gather about:
- ERSA clients, individuals,
- suppliers of ERSA goods and services;
- visitors to the website owned by that organization (https://ersaatelier.com/).
In terms of current Policy, the following names are unquestionable after what follows:
- Supplier refers to a physical or legal entity that offers ERSA products or services,
- Client refers to a physical person who uses an ERSA service or product.
- Data of transaction refers to information on the ERSA transactions process through the website https://ersaatelier.com/ .
- ERSA stands for ERSA ATELIER S.R.L., an economic entity registered with the Romanian Trade Registry under registration number J40/712/2011, Sole Registered Number 27945367, with its registered office located in Bucharest, 2nd District, 4th Dobrota Street, and its business address located in Bucharest, 1st District, 35th Frumoasa Street, Building A, 1st Apartment;
- Representantive: authorized individual entity representative of a Supplier, or, in the case of ERSA;
- Third party means a person other than you, us, or an entity that processes personal data on our behalf;
- Consumer: individuasl that use the ERSA website.
In accordance with Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) we will only use your information when we have a legitimate reason to do so.
These include:
- Legitimate interest in business and service development; adherence to a legal procedure, or certain regulations or regulatory bodies;
- Execution of contractual obligations: the need to execute information in order to fulfill an agreement or contract that we have in draft or are currently implementing in our relationship with you;
- Respect for a legal obligation;
- Approving legal rights, the need to establish, exercise, or appoint legal rights;
- Consent from the data subjects.
If the legal motivation is representated by the consent of data subject, you are specifically asked to do the following: provide an informative brochure for the first time, a marketing campaign, any kind of fidelization program, or various campaigns to promote goods or services.
You can withdraw the consent that was given to you, but it doesn’t apply retroactively to the data that was processed before the request to withdraw it was made.
To express your concerns about how we handle your data, please send an email to office@ersaatelier.com or get in touch with us at the address listed in Chapter XIII-Generalities, point 7-Contact Info.
Occasionally, we can reveal the information you provided, as follows:
- Public investigative and regulatory authorities, such as the police, the prosecution, the court, the Ministry of Finance (ANAF), and other institutions with regulatory and control activitieds
- to a supplier, if it is necessary to use an ERSA service through them which, in turn, provides a service to ERSA
- for the purpose of obtaining assistance for the services offered by ERSA
- to third parties, if you use ERSA services, we may provide your information to third parties, such as financial institutions that use online card payment systems, in case you purchase our products through the ERSA website
- to your service provider and accredited authorities in this regard, in case you are an ERSA Client
- – Providing our services and products – engaging with data subjects, either directly or through ERSA partners
- – Business and service development;
- – Iproving the quality of services offered by ERSA;
- – Providing information about ERSA and the range of services it offers;
- – Providing personal data to ERSA employees for the purpose of delivering services or offering new services;
- – Identifying clients with similar needs;
- – Conducting statistics such as market trends, relationship status, or sales opportunities
- – Sending messages or notifications regarding changes to the characteristics of the products or services you use
- – Transferring personal data to authorities in order to fulfill legal obligations if necessary
We will collect personal data: Directly from you, that is, when you directly provide us with the information or (ii) by examining your interaction with us.
For example, we will obtain your personal data when: (i) you purchase or use any of our services, (ii) you contact us through various channels, or request information regarding a service/product; (iii) you visit or browse the ERSA website. When we receive data directly from you, we will consider it to be real, accurate, complete, and pertaining to you. We will make reasonable efforts to ensure that the data is real, accurate, and belongs to you, and if we have suspicions that you are providing us with incorrect or incomplete data, or that you are using another person’s data without authorization, we will take measures to clarify and remedy the situation. These measures may consist of: updating, completing, or deleting the data, limiting access to illegally used data – including deleting accounts associated with data that do not belong to you. We will also consider that the data collected directly from you is current as long as you have not requested its modification through the communication channels mentioned below in Chapter XIII – General Provisions, point 7 – Contact Information of the Privacy and Personal Data Protection Policy, or you have not personally updated the data.
- Identification Data, for example: • Your name, surname, and signature;
- Contact Data, for example your phone and/or mobile number and your email address;
- Sensitive data: height, weight, sex
- Financial data, for example, information regarding your bank account and other banking information. If you purchase ERSA products using debit or credit cards, we may disclose personal data associated with this service, such as your contact details to the merchant or, if requested, to payment card systems like MasterCard Inc or Visa Europe Limited.
- Location Data may be: (i) IP-based location (Geo-location determined based on your IP address), or (ii) postal code or the name of a locality or city;
- Data collected by cookies and similar technologies. For details, please access the ERSA cookie policy posted on our website;
- Data regarding the resolution of requests/complaints, for example (i) notes or recordings of a call you make to ERSA, (ii) details regarding your complaints, (iii) requests for access to your personal data, (iv) other records of your interactions with us;
- Data regarding interaction with the services and/or, as the case may be, the products, for example (i) details regarding your use of our services, including regarding access to certain sections/ and (ii) information regarding non-compliance of the services and other events that may affect our products or services;
- Derived data. This category includes data generated or inferred by us based on the data we hold about you, regardless of their source (i.e., obtained directly from you, from your interaction with our services and products).
- Eligibility verification. Before providing services to you, we will conduct certain checks to ensure that you are eligible for the products or services you are requesting.
Legal basis: the provision of services to you, or purchase of products made by ERSA. - Providing our services and products. We process your personal data for the purpose of providing the services/products you have purchased. These uses include: (i) Processing the services/products you have purchased from us and informing you about the status of the service provided to you. (ii) Sending messages or notifications regarding changes to the characteristics of the services/products you are using. We also process personal data for specific purposes related to providing our services under optimal conditions, such as: Improving service quality, ensuring that we meet our contractual obligations, and resolving technical issues, should you encounter any.
To achieve the above, ERSA uses personal data, which includes: 1. Identification Data, 2. Contact Data, 3. Location Data, 4. Data regarding the resolution of requests/complaints, 5. Data regarding interaction with the offered product/service.
Legal basis: provision of services to you • compliance with our legal obligations • ERSA’s legitimate interest in ensuring technical capacity as well as ensuring the quality of our services and products. - Billing and payment processing and customer relationship management. These uses include the following: • To issue invoices for the use of our services/products, or to charge you the correct amounts; • To contact you in case the billing information you provided is about to expire or we cannot receive a certain payment, to clarify the situation and, if necessary, to obtain new billing information; • To process payments for the services/products you purchase; • To respond to any questions or requests you may have regarding our services/products; • To send you messages regarding the services you have contracted or for which you benefit for free. We want to keep you informed about various aspects related to the services/products you have contracted, for example, regarding changes to our terms and conditions or the interruption of certain services, expiration of services; • To inform you about the amounts owed to ERSA, the due date, the late penalties applied, and/or other consequences of failing to meet the deadlines of the contracts you have entered into with us; and • In general, to organize and carry out the collection of our debts, including when we attempt to recover any damages suffered by ERSA as a result of the abusive use of our services/products. For this purpose, we may. The personal data we may process in carrying out the above varies depending on the circumstances and on your requests or questions.
Normally, the personal data we process in these cases includes: 1. Identification Data, 2. Contact Data, 3. Financial Data, 4. Location Data, 5. Customer Relationship Data, 6. Sensitive Data.
Legal basis: the execution of services to you regarding billing and payment processing;• compliance with ERSA’s legal obligations as provided by tax legislation (issuing invoices); • the legitimate interest of ERSA, namely: (i) legitimate commercial needs regarding the implementation and conduct of customer relationship management activities; and (ii) legitimate commercial needs regarding the organization and conduct of debt collection activities. - Improving services/products. We continuously improve our services/products. For this purpose, we analyze our services/products, as well as your interaction or experience with them. More specifically, we aim to: • To understand how our services/products are used. In this way, we aim to analyze, develop, and improve the quality of our services, to create more interesting and relevant services/products for you, and to personalize our products/services. • To understand performance, to evaluate whether the services are functioning within the appropriate parameters, or if improvements are necessary; • These data refer to: 1. Location Data, 2. Data regarding your interaction with our services, 3. Deduced Data.
We may also disclose your data in aggregated, pseudonymized, or anonymized format (as applicable) to third-party partner entities to conduct analyses regarding your behavior and preferences necessary for improving their services/products.
Legal basis: our legitimate interest consisting of our commercial needs to measure the performance and functionality of our services, to understand customer interaction with our services/products, and how we can develop/improve our services and products. - Security. Preventing the abusive and improper use of services. Incident management
We will process your personal data to detect and protect you against the improper or abusive use of online payment services when you purchase our services.
The type and volume of processed data vary depending on the circumstances and may include 1. location data 2. Financial Data. When we encounter the above incidents, we may use your personal data to ensure the functionality and performance of the technical solutions we use in our activities and to resume the normal provision of services.
Legal basis: (i) the legal obligation to ensure the proper security of the services (ii) the provision of services to you, and (iii) the legitimate interest of ERSA to investigate, prevent, and report any fraudulent or abusive use of the services and to prevent the risk of financial losses generated by non-payment for the service (including as a result of the accumulation of additional costs through the fraudulent use of the service). - Marketing – Personalization of commercial communications. Commercial communications.
We wish to use your contact information to keep you informed about the products and services of (a) ERSA and (b) our commercial partners. In this context, it is possible: • to send you newsletters, advertising materials, or other similar materials. • to invite you to participate in surveys. • to inform you about offers, promotions, or loyalty campaigns.
6.1. ERSA services/products. We can contact you through: electronic communication means, such as email and/or • mail (postal or courier services). Legal basis: ERSA’s legitimate interest. In the event that you use our services, and we use: • Correspondence (mail / courier or email) to send you our commercial communications, we will rely on your permission to receive such communications; • We will design marketing campaigns in such a way as to avoid excessive calling. If you do not wish to be contacted for information regarding our offers, please let us know.6.2. The products and services of ERSA partners. We also wish to inform you about the products and services of our partners, which we believe you might be interested in. Our partners operate in the following industries/fields: medical product deliveries, service provision. In this regard, we will use your contact data to send you commercial communications through electronic communication means, for example, via email and/or traditional correspondence (mail or courier).
Legal basis: your permission to receive such communications. If you withdraw your consent for all communication channels or for communications regarding a specific type of service/products we provide, you will no longer receive commercial communications from us.
- Relationship with the authorities. Dispute resolution and litigation. We process personal data if it is reasonable to protect ourselves against fraud, defend our rights (including property rights), or protect the interests of our clients in the context of potential or existing litigation or disputes in which we may be involved, regardless of their nature and the authority before which they are conducted. In the context of these procedures, we may receive or communicate your personal data to third parties (e.g., courts, public authorities, parties in dispute, lawyers) or it may be necessary to disclose your information to comply with our legal obligation to respond to requests from authorities. We will provide your personal data only if, after a thorough evaluation, we consider that we have a legal obligation to do so.
Legal basis: (i) legal obligation, if the disclosure is mandated by law, or (ii) legitimate interest, if the disclosure is based on a valid justification and there are no fundamental rights of the data subjects that prevail. We also rely on our legitimate interest to appropriately resolve disputes and litigation, as well as to defend our rights and interests within the respective procedures. Depending on the specific applicable procedures, it may also be necessary, according to the law, to disclose information to third parties (which may also include personal data). - Compliance with specific legal and regulatory requirements. We process (including communicating) your personal data if necessary to comply with regulatory requirements (at the national or European Union level).
Legal basis: (i) compliance with legal obligations or (ii) the legitimate interest of ERSA in addressing and managing the relevant legal requirements applicable to ERSA (if the respective legal requirement does not specifically mandate the processing of certain personal data by us, but achieving the objective involves processing such data).
If you are the Representative of Supplier – corporate entity
We will use your personal data for the following purposes: (i) Conclusion and execution of the contract; (ii) Invoicing and payment processing and managing the relationship with Suppliers/Retailers. We will process your personal data taking into account your role as a representative of the relevant Supplier. Therefore: a) We will process your identification data (e.g., name, surname, position, signature) to sign the contract with the Supplier, in case you act as the signatory of the contract; b) We will process your contact data (e.g., your phone number and email) if you have been designated to act as the Supplier’s contact person in relation to ERSA, and we may use this data to contact you regarding any issues related to our business relationship with the Supplier. These may include, for example: • Contacting you if the billing information in our database is about to expire or if we were unable to collect the payment; • Processing due payments; • Responding to any questions/requests made by you on behalf of the Provider;• Sending messages regarding the services (so-called “functional messages”) related to the services contracted by the Provider. We intent to keep you informed with regards to various aspects releted to our product/services, for example, regarding the modification of our terms and conditions or the interruption of certain services, termination of the contract, information regarding the account balance in relation to you; • Informing about the amounts owed by the Supplier, the due date, the late payment penalties applied, and/or other consequences caused by the Supplier’s non-compliance with the contractual provisions.
Legal basis: the legitimate interest of conducting and managing our activities with Suppliers appropriately.
Commercial communications to Suppliers. We will use your contact information to keep you updated on the products and services of (a) ERSA and (b) our commercial partners. Considering your role as a representative of the Suppliers, we may invite you to participate in surveys relevant to our relationship with the Supplier.
Legal basis: the legitimate interest of conducting and managing our activities with Suppliers appropriately.
Services/Products provided by ERSA. Considering your role as a representative of the Supplier, we may contact you through: • electronic communication means, such as email or phone; and/or • postal mail (correspondence or courier services).
Legal basis: We will rely on your permission as the Provider’s representative to receive such communications.
If you are a Client
We will use your personal data for the following purposes:
- Provision of the service. We process certain personal data: for the improvement of services, for detecting and resolving cases of fraudulent use of services, and for addressing technical issues, in case you encounter any. In this regard, ERSA uses personal data, which includes Identification Data, 2. Contact Data.
Based on this information, ERSA can generate aggregated and statistical management reports that do not individually identify you. Additionally, ERSA can take this personal data and anonymize it to conduct a more in-depth analysis of our services.
Legal basis: our legitimate interest in fulfilling our contractual obligations to our clients and in asserting our rights in relation to the services we provide to our clients. - Assistance and Management of Customer Relationships. These uses include: • Sending you messages regarding services/products. We will contact you with messages to keep you updated with information about the functionality of the services/products, for example, information regarding service interruptions; Certain service-related messages may be more relevant to the client (for example, changes to our terms and conditions) and, therefore, may not be of interest to you; in this case, please disregard them. • To respond to any questions and to address any issues you may have regarding our services/products.
Legal basis: we rely on our legitimate interest to provide consumers with relevant and up-to-date information regarding the services/products they use, as well as to properly implement and carry out customer support and relationship management activities. - Cookies and similar technologies. We use cookies and similar technologies on our websites and applications for analytical purposes. Certain cookies or similar technologies are necessary for the proper functioning of our website (the so-called “necessary cookies”) or to ensure its performance (the so-called “performance cookies”). We also use cookies for online advertising tailored to your interests (so-called “interest-based advertising”) to provide you with relevant advertisements. This can be done on the ERSA website, the websites of other organizations, as well as through other online media channels, such as social media websites. We can also combine, and correlate data collected through cookies or other similar technologies with other data collected by us. If you do not wish to have such processing through cookies and similar technologies, please refer to the Cookie Policy available on the ERSA website. That policy explains how to control cookies and how you can object to the collection and processing of data through these technologies.
Legal basis: depending on the categories of cookies, we rely on (i) the legitimate interest of ERSA to ensure that our services function properly (for “necessary cookies”), or (ii) user consent (for “performance cookies” and “interest-based advertising”). - Other processing purposes applicable to Clients. We will also process personal data for the improvement of our services, security, fraud prevention, prevention of abusive and improper use of services, incident management, research and analysis, relationship with authorities, dispute resolution and litigation, mergers and acquisitions, compliance with specific regulatory and legal requirements.
Legal basis: (i) we rely on our legitimate interest to develop and improve our services or (ii) the fulfillment of a legal obligation. - How and to whom do we disclose your personal data? We disclose your personal data to people authorized by ERSA to process personal data (i.e., entities we contract to carry out various personal data processing operations on our behalf). We enter into written contracts with the people authorized by ERSA, whereby they undertake (i) processing your personal data only based on ERSA’s instructions, and (ii) to keep your personal data secure. Additionally, if the law requires us to do so or we have a legal basis for it, we may disclose your personal data to third parties acting as independent controllers (entities processing data for their own purposes) or, as the case may be, to entities acting as joint controllers with us (in which case we jointly determine the purposes and/or means of data processing).
- The categories of recipients of your personal data (authorized persons, independent operators, joint operators – as applicable) include: • Companies that provide us with support in delivering products; • Entities engaged to provide services for, or on behalf of ERSA, such as: software/hardware service providers and IT support; • Public authorities and regulatory bodies, government agencies, courts – if necessary (including if required by law) or, as applicable, a third party or organization – if such disclosure is necessary to comply with any applicable legal provisions, or other legal or regulatory requirements. In some situations, we are legally obligated to disclose your information (for example, based on a court order or at the request of a regulatory body, including the National Supervisory Authority for Personal Data Processing). (ANSPDCP). We may also disclose information to other regulatory bodies to fulfill their competencies or our objectives. In any of these situations, we will verify that we have a legal basis for disclosing personal data; • Third-party consultants (e.g., external lawyers, auditors, experts), in cases where we involve them in litigation or disputes relevant to us or other activities that require their professional expertise; • Third parties – for joint promotion campaigns. The respective entities will be responsible for their own compliance with the requirements of data protection legislation. • Third parties – involved in providing services related to cookies and similar technologies, as detailed in our Cookie Policy, available on the ERSA website; • Payment service providers involved in processing and/or making payments.
- Retention and storage of your personal data
ERSA has implemented policies and rules regarding the retention of personal data that comply with the principles set forth by data protection legislation. Retention periods are reviewed periodically. In general, we will retain your personal data (1) for the duration of our relationship with you, plus a reasonable period (depending on the circumstances) or (2) for the period required by law or set by a public authority, as permitted by law, or (3) in the case of disputes/complaints/investigations, until their resolution, plus a reasonable period (depending on the circumstances). After this period expires, personal data will be destroyed, deleted, or irreversibly anonymized (as applicable). For example, if you are a Supplier/Client/Supplier Representative, we will store your personal information for the duration of the collaboration/contractual relationships/provision of services with us. After the termination of the contract, ERSA may continue to store certain data for compliance with financial regulations (for example, from 5 to 10 years), and for the purpose of defending ERSA’s rights and interests in the event of litigation/complaints/investigations (for the entire duration of the applicable statute of limitations). Other examples of data retention rules include: • Records related to various promotional campaigns are stored for a period equal to the applicable statute of limitations after the conclusion of the respective campaigns; • Records of complaints are stored for a period equal to the statute of limitations (starting from the date of the last response to the respective complaint), unless a longer period applies for legitimate commercial reasons or if it is regulated by a specific legal provision; • The contact data recorded in our marketing database is stored until you exercise your right to object or withdraw your consent regarding processing. If you wish to obtain detailed information regarding ERSA’s data retention rules, you can contact us through the communication channels mentioned below, in Chapter XIII – General Provisions, point 7 – Contact Information of the Privacy and Personal Data Protection Policy. - International data transfers
In general, we store your personal data at our locations in Romania. It is possible that ERSA will transfer your data to countries within the European Economic Area (EEA) as well as outside of it. The EEA consists of countries from the European Union, Switzerland, Iceland, Liechtenstein, and Norway.These countries are considered to have equivalent laws regarding the protection of personal data. The transfer outside the EEA may occur if our servers (i.e., the ones on which we store the data) or our service providers and contractors provide services outside the EEA. If ERSA transfers your personal data to a country outside the EEA, we will ensure that your data is adequately protected. As a rule, we will ensure that there is an appropriate agreement regarding the data transfer, in accordance with the standard contractual clauses approved by the European Commission. In addition, if it is considered that the country in question does not have laws that are equivalent to EU standards for data protection, ERSA will request the respective third party to enter into an agreement that reflects these standards. If the transfer is not based on such an agreement, we will ensure that the transfer is always based on another legally provided mechanism to ensure the protection of your personal data. - Keeping your personal data safe
We constantly review and improve our protective measures against unauthorized access, accidental loss, disclosure, or destruction of your personal data. Internet communications (for example, emails) are not secure unless they have been encrypted. Your communications may pass through multiple countries before being dispatched, as this is how the internet operates. We cannot be held responsible for unauthorized access or loss of personal data beyond our control. ERSA will never request your secured personal data or secured account data through unsolicited messages. It is your responsibility to keep your personal data and account data secure and not to disclose them to third parties. Our website may provide links to third-party sites. ERSA does not assume responsibility for the security and content of these third-party websites. Therefore, make sure you have read the respective company’s policies regarding privacy and the use of cookies before using their website or entering your personal data on that website.
The right to rectify personal data. You have the right to rectify the data held about you if it is not correct. If the data we hold about you needs to be updated or if you believe it may be incorrect, you can contact us at the address where you can log into your account to update it, or you can contact us at the email address office@ersaatelier.com
The right to access personal data. You can obtain from us confirmation that we are processing your personal data, as well as information regarding the specifics of the processing such as: the purpose, categories of processed personal data, recipients of the data, the period for which the data is retained, the existence of the right to rectification, erasure, or restriction of processing. You have the right to request a copy of the personal data held by ERSA in relation to you. To make this request as an individual or authorized third party, please use the address office@ersaatelier.com
The right to data portability. You have the right, under certain circumstances, to request that we provide you with your own data that you have communicated to us.
The right to object to the use of personal data. In certain circumstances, you have the right to object to ERSA processing your personal data.
To stop receiving marketing messages (commercial communications): If you no longer wish to receive marketing messages (commercial communications) from ERSA, you can choose to opt out of all marketing communications or only selected methods (email or mail). There are various methods to unsubscribe from receiving marketing messages (to object to the processing of personal data for marketing purposes): • Send an email to office@ersaatelier.com • Click the link at the end of a marketing email or text to unsubscribe, if available; • Disable marketing messages at any time in our apps or by changing your device’s notification settings or uninstalling the app; If you choose to opt out of marketing messages, it does not mean that you will no longer receive functional messages. These messages do not fall into the category of commercial communications and, as such, you will continue to receive them.
For the management of Cookies and a better understanding of them: If you wish to disable a cookie or understand more about them, please consult the Cookie Policy on our website for complete details in this regard.
To object to other processing carried out based on our legitimate interests, please send an email to office@ersaatelier.com
Depending on the specific situation, if we have legitimate interests for processing that prevail over your interests, rights, and freedoms, or if we need data for establishment, exercise, or defense of legal claims, we may continue to process your data for related purposes.
The right to restrict the use of your personal data. If you believe that the data we hold about you is incorrect or that we should not be processing your data, please contact us at office@ersaatelier.com to discuss your rights. In certain circumstances, you will have the right to request that we restrict processing.
The right of erasing. ERSA strives to process and retain your data only as long as necessary. Under certain circumstances, you have the right to request that we delete the personal data we hold about you.The request for the deletion of your data can be sent to the email address office@ersaatelier.com
According to Regulation 679/2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), you – as the data subject – have rights that you can apply in relation to the data we hold about you. You can read more about these rights on the website of the National Supervisory Authority for Personal Data Processing (ANSPDCP): https://www.dataprotection.ro/?page=IntrebariFrecvente1
ERSA applies transparency when collecting and using personal information. Within this Privacy and Personal Data Protection Policy, we have prepared a series of information to allow you to understand how we use your data. If you have concerns regarding the use of your data, please contact us.
This Privacy Policy and Personal Data Protection and any frequently asked questions regarding privacy do not constitute an exhaustive list of all aspects related to the collection and use of personal information by ERSA. If you wish to obtain additional information or explanations, please contact us using the contact details provided below.
Additionally, if you request information about ERSA’s Privacy and Data Protection Policy, or if you would like to submit a complaint, you can email us at office@ersaatelier.com or mail to us at the following address: ERSA ATELIER S.R.L., Bucharest, 2nd District, 4th Dobrota Street.
If you intend to report a complaint regarding the use of your personal data, you can contact us in the first instance at the address below. However, if you are not satisfied with the way ERSA Service resolves your complaint, you have the right to address the National Supervisory Authority for Personal Data Processing (ANSPDCP), located in Bucharest, Bulevardul General Gheorghe Magheru 28-30, 1st District, postal code 010336, contact details can be found on its website at the following link: https://www.dataprotection.ro/ , as well as on the ERSA website.
Data subjects (individuals) can find out if ERSA holds any personal information about them by submitting a request for access to the data held, in accordance with Regulation 679/2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
If ERSA holds information about you, we will:
- – provide a description of the type of personal data held by ERSA;
- – specify the purpose for which we retain the respective data;
- – indicate, if applicable, the third party to whom we disclose personal data; and
- – provide you with a copy of the respective data in a clear form
In accordance with the legislation in force, the response and transmission period are 30 days from the date of the request submission, with the possibility of extending this period only after informing the data subject and provided there is a valid reason justifying the inability to formulate a response within the initially mentioned timeframe.
In this regard, you have available on the ERSA website (https://ersaatelier.com/ ) – Personal Data Access Request through which you can send your request to the address office@ersaatelier.com or to the ERSA address mentioned in Chapter XIII – General Information, point 7 – Contact Information.
If you have submitted the request via email, we will respond in the same manner (e-mail).
However, please consider that this method of communication via email is not guaranteed to be secure, just like any other method of communication.
Additionally, please consider that ERSA cannot disclose information regarding other affected individuals, client information, or information about other consumers in such a request.
Consequently, we will remove information related to third parties/organizations from the information we send you.
- Requests received via email
Any email sent to us, including attachments, may be monitored and used by ERSA for security reasons and to ensure compliance with ERSA policies. Email monitoring or blocking software may also be used. Please be aware that you are responsible for ensuring that any email sent by you constitutes legal action, with all the implications that may result from this action. - Visitors to the ERSA website
When you visit our website https://ersaatelier.com/ , please refer to the Privacy Policy and Personal Data Protection available on the website for details about cookies and other website-specific information. - Links to Other Websites
This Privacy Policy and Personal Data Protection does not cover links to other external ERSA websites or documentation available on other websites. We encourage you to read the Privacy Policies of any other website you access. - Changes to this Policy
We periodically review the Privacy and Personal Data Protection Policy. - Applicable Law
This Policy is governed and interpreted in accordance with the specific legislation of Romania, and the parties submit to the exclusive jurisdiction of the Romanian courts regarding all aspects arising from it. - Data Retention Period
The information we hold regarding the payments made is retained for statutory and regulatory purposes. In this regard, payment information may be retained for periods of 3, 5, and, where applicable, 10 years or any other period stipulated by law. Information related to tax records can be kept for 5 years or another period as required by law.
If we hold information on behalf of a client, the retention period is specified by the client in the personal data processing agreements, at least for the duration of the contracts/agreement/arrangements concluded by ERSA with them, unless the applicable legal regulations clearly specify another retention period.
We can provide you with more information regarding retention periods for certain types of information if you send an email to office@ersaatelier.com .
ERSA’s Privacy and Data Protection Policy is periodically updated to reflect changes in our legal obligations and responsibilities. - Contact Information
If you wish to request information about ERSA’s Privacy and Data Protection Policy or to file a complaint, you can email us at office@ersaatelier.com or contact us at the following address:
ERSA ATELIER S.R.L.
Workplace: Bucharest, 1st District, 35th Frumoasa Street, Building A, 1st Apartment
Phone: +40 723 174 871
You have the right to address the National Supervisory Authority for Personal Data Processing (ANSPDCP), located in Bucharest, 28-30 General Gheorghe Magheru Avenue, 1st District, postal code 010336, whose contact details can be found on its website at the following link: https://www.dataprotection.ro/ , if you are not satisfied with the way ERSA has resolved your complaint. - Changes and Updates
We may periodically update this Policy, especially if changes in the relevant legislation occur that may affect your data.This Privacy and Personal Data Protection Policy was issued on November 1st, 2024.