1. The Preamble

2. Third party Services

3. Who are we?

4. Who are you?

5. Data processing Principles

6. Changes

7. Questions and requests

8. What data processing means

8.1. What kind of information do we collect about you?

8.2. Why do we collect this information?

8.3. What is the legal basis for processing?

8.4. Where do we obtain the data?

8.5. How long do we store the data?

8.6. How we share your information With the others?

9. Marketing

9.1. What kind of data do we collect for marketing?

9.2. Marketing Partners

9.3. How can you opt out of direct marketing?

10. What are your rights?

11. Personal Data Security

12. No automated decision-making process

13. Meaning of the terms used

1. Introduction

We, S.C. METALLINA S.R.L., are seriously considering the protection of your personal data. The protection of confidentiality with regard to the collection, processing and use of your personal data is an important concern for us, of which we take great care in our economic processes, respecting, of course , all legal requirements. We do not provide information to third parties without informing you. We do not make exclusive automated decisions with significant impact on you. This information is important. We hope you read them carefully.

When you enter into a relationship of any kind with us, you entrust us with your information. This information presented herein (hereinafter referred to as “Privacy policy”) is important. We recommend that you read them carefully.

The purpose of this privacy policy is to explain to you what data we process (we collect, use, share), why we process them, in what way we process them, your rights. Under the GDPR and how you can exercise these rights. In collecting this information, we act as an operator and, by law, we are obliged to provide you with this information.

By visiting the site, purchasing a good or service or by interacting with us through any means and/or through any communication channel (e-mail, telephone, network Socialization, etc.), you agree to this privacy policy and also consent to the use of your personal data. For advertising or marketing purposes, under the conditions described below in the sections dedicated to marketing and advertising. If you do not agree with those described in this Privacy policy, please do not use the platform.

2. Third-party services

This privacy policy does not cover the apps and sites of other third parties that you can reach by accessing the links on our website. This exceeds our control. We encourage you to review the privacy policy from any site and/or app before providing personal data.

3. Who are we?

S.C. METALLINA S.R.L., personal Data controller, established in Arad, jud. Arad, Str. Păduri, Romania, registered at the Trade Register under No. J2/1782/91, tax code RO 1693649, is responsible for the processing of your personal data. Personal data that we collect directly from you. or other sources.

4. Who are you?

According to the legislation, you, the natural person receiving our services or the person in a relationship of any kind with our company, are a “data subject”, i.e. an identified or identifiable natural person. In order to be completely transparent about data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data controller and you, the person concerned.

5. Data processing Principles

Protection of your information Personal information is very important to us. That is why we are committed to respecting European and national legislation on the protection of personal data, in particular regulation (EU) 679/2016, also known as the GDPR and the following principles:

Legality, fairness and transparency

We process your data. Legal and fair. We are always transparent about the information we use, and you You are duly informed.

Your control belongs to you

Within the limits of the law, we offer you the possibility of examining, modifying, deleting the personal data you have shared with us and exercising your other rights. For more information, go to sections 7, 10, and 11 of this document.

Data integrity and purpose limitation

We use data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our goals are compatible with the legislation. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.

Security

We have implemented reasonable security and encryption measures so as to protect your personal information as best as possible. However, keep in mind that no Web site, app, or Internet connection is completely secure.

6. Changes

We can change this privacy policy at any time. All updates and changes to this policy are valid immediately after the notification, which we will achieve by displaying on the site and/or email notification.

7. Questions and requests

If you have questions or concerns about the processing of your data or want to exercise your legal rights in relation to the data we hold, or if you have concerns about how we treat any privacy issue, we You can write to the email address: info@metallina.com

8. What data processing means

“Processing ” means any operation or set of operations carried out on personal data or on sets of personal data, with or without the use of automated means, such as collection, registration, organisation, Structuring, storing, adapting or modifying, extracting, consulting, using, disclosing, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying.

8.1. What kind of information do we collect about you

When you browse our website, when you send us a request by email or contact us for any other purpose and on any other communication channel, you can communicate to us the following personal data, which we collect directly from you or from other sources, such as :

• Name and surname

• Email Address

• Phone number

In addition to the information given above, we may also collect the following information, depending on the circumstances:

• How you interact with our website or ads (for example, information about how and when you access our site or which device you use to access the site);

• Information provided when you fill out forms or questionnaires;

• Content of messages sent via messaging and email systems;

• Interactions between you and us on social networks (e.g. likes, distributions, comments);

• Information we collect about you From other companies in the group or third parties who have obtained your consent. Or have another legal right to share this information with us (including publishing or advertising partners/platforms and data aggrebers that have obtained that right).

If you make purchases, certain payment information (card data) will be collected, but it will be stored by our processor partners in a way that we cannot read and cannot access that data. We will only be informed if the purchase was successful.

If you make purchases, certain payment information (card data) will be collected, but it will be stored by our processor partners in a way that we cannot read and cannot access that data. We will only be informed if the purchase was successful.

• IP Address

• Internet browser

• Location

• Web pages you visit on our website

• Information from the use of cookies

If you are employed (former, current or future), certain information relating to the performance of the employment contract will be collected. They may be exemplified

• Name and surname

• Contact details (address, phone number, email address)

• Financial data (bank account)

• Various original or copy documents (certificates of seniority, holidays, salary, medical situations, dependents, familiar situation, work book, evaluation sheets, CVS, various requests, delegations, timecard, information notes and processes Documents, employment documents), employee indicative

• Signature

8.2. Why do we collect this information?

We collect personal information for the following purposes:

• To conclude or execute a contract between you and the and we;

• To answer your questions and requests and provide your customer support service;

• For marketing purposes, but only if we have your consent. In advance or when there is a legal exception to obtaining consent;

• To provide and improve the services and products we offer;

• To diagnose or remedy technical problems;

• To defend ourselves against cyber attacks;

• For the creation and/or maintenance of accounts;

• In order to comply with the legislation, such as compliance with tax legislation that obliges us to keep accounting documents for a period of 10 years, or the law of archives that compel us to keep employee documents for a period of 50 years.;

• For the establishment or claim of a right in court;

• For analytical and research purposes;

• To conduct promotions and competitions;

• To prevent crime, deception or fraud;

8.3. What is the legal basis for processing?

We can use the following legal bases, depending on the specific case:

A. Processing is necessary to conclude or execute a contract between you and us.

B. Processing is necessary for the fulfilment of legal obligations (such as compliance with tax legislation obliging us to keep accounting documents for a period of 10 years or providing certain information to the bodies and institutions public ability).

C. Consent to the processing of personal data;

However, please note that if you are our customer, we may send promotional messages (direct marketing) of similar goods and services without the need for consent under art. 12 para. (3) of Law No. 506/20014, in certain specific situations legally regulated.

However, in all cases, you can oppose direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions (“unsubscribe”) from each email or by submitting a written request to the email address info@metallina.com

D. Processing is necessary for the purposes of our legitimate interests or other parties, unless your interests, rights or freedoms prevail.

If we use legitimate interest, we carry out an analysis of the legitimate interest (balancing test) through which we can balance our interest and your interests. If our interests prevail, we will use the legitimate interest. If your interests prevail, we will not use the legitimate interest, and in so far as we fail to identify another correct legal basis, we will not carry out that processing activity.

E. In some situations, processing may be necessary to protect your vital interests. or another natural person.

Please note that obtaining consent is not compulsory and we will proceed to obtain consent from you. Only in situations where we have failed to use another legal basis.

8.4. Where do we obtain the data?

We collect more information directly from you. (for example, by filling out a form on the site). Most of the information is described above, but there may be situations where we collect data from third parties (i.e. partners, advertising platforms), such as for example, information on purchases and interests.

S.C. METALLINA S.R.L. also processes personal data from contracts with employees, as well as from contracts with parties and other service providers.

S.C. METALLINA S.R.L. will not collect or process personal data when providing information services to the company directly to children under the age of 16-or under a lower age-except in the case of parental consent, in accordance with applicable local law. If we find out about the accidental collection of a child’s personal data, we will immediately delete that data.

8.5. How long do we store the data?

We store your data. Personal data only for the period necessary to fulfill the purposes, but not more than 10 years after the termination of the contract or the last interaction with us.

After termination of the period, personal data will be destroyed or erased from computer systems or transformed into anonymous data for use for scientific, historical or statistical research purposes.

Keep in mind that in certain expressly regulated situations, we store data for the period required by law.

8.6. How we share your information with the others?

We can disclose your data, respecting applicable law, business partners or other third parties. We are constantly making reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. With these third parties, we have contractual clauses so that your data is to be protected. In these situations, we will ensure that any transfer is legitimate, based on your consent. or other legal basis.

For example, we could provide your data to other companies, such as IT service providers or telecommunications, accounting, legal services, transport and courier service providers and other third parties with whom we have a contractual relationship. These third parties are selected with special care so that your data is not available. Processed only for the purposes that we indicate.

We may also share your data to out business partners as a result of a joint effort to provide a product or service.

Although unlikely, we could sell the business or part of the business in the future, which will include transferring your data.

We may transmit the data and other parties with your consent or according to your instructions, for example, if you exercise a request for portability.

We will also be able to provide your information and to the parquet, police, courts and other competent bodies of the State, on the basis and within the limits of the legal provisions and as a result of expressly formulated requests.

We will ensure, within reasonable limits, that your personal data is I do not leave the European Economic area, but, in so far as we transfer data to States outside the EEA, we will, in all cases, ensure that transfers are legitimate, based on your explicit consent or other legal basis.

9. Marketing

To the extent that we have obtained your consent. Before or you are already a customer of the company, we can use direct marketing technologies and targeed advertising using the information collected about you. Interests, preferences, acquisitions, age, location, etc. For example, we could send emails, we could show advertisements within our website or on social media, or we could place advertisements on third-party sites, apps, or other Internet-connected devices.

9.1. What kind of data do we collect for marketing?

In order to conduct direct marketing or targeted advertising, we may use the following information:

• Information collected through cookies and similar technologies (location, device, navigator, age, etc.);

• Your purchases, how you interacted with our services and feedback received from you;

• Age, country, region, gender;

• Other information obtained from our third-party marketing partners, information they have obtained with your consent.

9.2. Marketing Partners

Our marketing partners, such as Facebook, Google, Squarespace and/or other agencies, help us to send marketers to you based on the information they collect directly from you and your consent. In some cases, we share even new information that we have collected from you. We ensure, in all cases, that these transfers are legal as explained in paragraph 8.6.

Our partners may place advertisements on our services and products, depending on the data previously collected from you. (interests, preferences) on other sites and/or services. Our marketing partners may also use the information collected about you. To improve the services and/or algorithms (including algorithms based on artificial intelligence). This privacy policy does not include information about how your data is processed by our partners, but we encourage you to read the Marketing Partners ‘ privacy policy for more information.

9.3. How can you opt out of direct marketing?

You can oppose direct marketing and/or withdraw your consent at any time by following the unsubscribe instructions in each email (“Unsubscribe” or “unsubscribe”) or by submitting a request to this effect to your email address info@metallina.com

To turn off interest-based advertising, please refer to our policy on the use of cookies in this regard.

10. What are your rights?

Your rights. According to the GDPR, the following are:

• Right to withdraw consent

You can withdraw your consent to the processing of your data at any time by submitting a request to this effect to the e-mail address info@metallina.com. Please note, however, that in so far as we have identified another legal basis for processing your data, we will continue to process your data. Based on that legal basis. We have the legal possibility to use one or more grounds for processing your data.

• The right to be informed about the processing of your data

• Right of access to data

You have the right to obtain from us a confirmation that personal data concerning you and, if so, access to that data and the information provided for in art are not processed or not. 15 para. (1) of the GDPR.

• The right to correct inaccurate or incomplete data

You have the right to obtain, on our part, without undue delay, the rectification of inaccurate personal data concerning you.

• Right of deletion (“right to be forgotten”)

In the situations provided for in art. 17 from the GDPR, you have the right to request and obtain the deletion of personal data.

• Right to restriction of processing

In the cases provided for in art. 18 from the GDPR, you have the right to request and obtain restriction of processing.

• The right to transmit the data we have about you. To another operator (“right to portability”)

In the cases provided for in art. 20 GDPR, you have the right to request and obtain data portability.

• The right to oppose the processing of your data

In the cases provided for in art. 21 of the GDPR, you have the right to oppose the takeover of the data.

• The right not to be subject to a decision based solely on automated processing, including the creation of profiles with legal effects or similar significant effects on you.

• The right to address justice for the protection of your rights and interests

• The right of a complaint before a supervisory authority

Please note that:

• You can withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email/SMS or other electronic message.

• If you wish to exercise your rights, you can do so by submitting a written, signed, and dated request to your e-mail address: info@metallina.com

• The rights listed above are not absolute. There are exceptions, therefore each request received will be analysed so as to decide whether it is grounded or not. To the extent that the application is grounded, we will facilitate the exercise of your rights. If the application is unfounded, we will reject it, but we will inform you of the reasons for the refusal and the rights to lodge a complaint with the supervisory authority and to address your justice.

• We will try to respond to your request within one month. However, the term may be extended depending on different aspects, such as the complexity of the application, the large number of requests received or the inability to identify you within a useful time limit.

• If, while we make every effort, we are unable to identify you, and you are Do not provide us with additional information to be able to identify you, we are not obliged to comply with the request.

11. Personal Data Security

We work hard to protect our customers, other people whose data we process and ourselves from unauthorized access and modification, disclosure or unauthorised destruction of the data we process.

In particular, we have implemented the following technical and organisational measures to ensure the security of personal data:

Dedicated policies.

We adopt and review our data processing practices and policies for our customers and others, including physical and electronic security measures, to protect our unauthorized access systems and other possible threats to Their security. We constantly check how we apply our personal data protection policies and comply with data protection legislation.

Minimizing data.

We have ensured that your personal data we process is limited to those that are necessary, appropriate and relevant for the purposes stated in this note.

Restricting access to data.

We strictly restrict access to personal data that we process to employees, collaborators and other people who need to access them so that we can process them for us. All these companies and individuals are subject to strict confidentiality obligations and we will not hesitate to take them accountable and stop working with them if they do not treat the protection of your data and other Persons of utmost seriousness.

Specific technical measures.

S.C. METALLINA S.R.L. use technologies to ensure our customers and others that the security of their data is protected.

Control of our service providers. We introduce in contracts with those who process for us (empowered persons) or together with us (other operators – associated operators) clauses to ensure the protection of the data we process; This protection goes at least to the minimum required by the legislation.

While we take all reasonable steps to ensure the security of your data, S.C. METALLINA S.R.L. cannot guarantee the lack of any security breach or the inability to penetrate security systems. In the unfortunate and unlikely event in which such an infringement will arise, we will follow the legal procedures for limiting the effects and informing the data subjects.

12. No automated decision-making process

Our respect for your data includes the fact that we are giving them the necessary human attention through our staff. Under current conditions, as a user of our service, you will not be subject to our decision based solely on automated processing of your data (including profiling) that produces legal effects on you in a similar way to a significant extent.

13. Meaning of the terms used

Supervisory authority for the processing of personal data: an independent public authority which, according to the law, has powers concerning the supervision of compliance with the protection of personal data law. In Romania, this supervisory authority for the processing of personal data is the national supervisory Authority for the processing of personal data (ANSPDCP).

Special categories of personal data (sensitive personal data/sensitive data): Personal data which: reveals racial or ethnic origin, political opinions, religious confession or philosophical beliefs or Membership of trade unions; genetic data; Biometric data for the unique identification of a natural person; Data on the health, sexual life or sexual orientation of a natural person.

Collaborators: Natural or legal persons who have concluded a cooperation agreement with us and who provide services to our customers.

Personal Data: Any information relating to an identified or identifiable natural person (‘ data subject ‘). A natural person shall be identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one/more items Physical, physiological, genetic, mental, economic, cultural or social identity of that person. Thus, for example, the following are included in the notion of personal data: name and surname; Home address or Residence email address; Phone number; The personal Numeric code (CNP); Established diagnosis (are sensitive data); Genetic data (are sensitive data); Bimoetric data (are sensitive data); Geolocation data. The categories of personal data about you that we process are listed above.

Operator: The natural or legal person deciding why (for what purpose) and how (by what means) personal data is processed. According to the law, liability for compliance with the legislation on personal data rests primarily with the operator. In relation to you, we are the operator, and you are the person concerned.

Person empowered: Any natural or legal person who processes personal data on behalf of the Controller, other than the operator’s employees.

Data subject: The natural person to whom he refers (to whom ‘ they belong ‘) certain personal data. In relation to us (the operator), you are the person concerned.

Processing of personal data: any operation/set of operations performed/performed on personal data or on personal datasets, with or without the use of automated means; For example: collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction of such personal data/sets of personal data. These are just examples. In practice, processing means any operation on personal data, whether by automated or manual means.

Third State: A state outside the European Union and the European Economic area.

Declaration of Conformity

S.C. METALLINA S.R.L. declares on its own responsibility that it has taken all measures it has deemed necessary for the purpose of complying with the requirements of Regulation EU 2016/679 (GDPR) on the collection, use and storage of personal data in European Union member countries.

S.C. METALLINA S.R.L. certifies that it adheres to the notification, option, transfer, security and integrity requirements of data, access and implementation of the EU regulation 2016/679 (GDPR) on the collection, use and Storing personal data in the member countries of the European Union.

Date 07.05.2020