Effective date: 18.01.2021
ACSR (hereinafter referred to as “Us” ) is fully dedicated to protecting the privacy of all personal data we collect, process and store.
Operator: Any natural or legal person, whether governed by private or public law, including public authorities, their institutions and territorial structures, who determines the purpose and means of processing personal data.
This Privacy and Personal Data Security Policy will help you understand:
- What is personal data?
- What data do we collect and how to collect it?
- How, why and how long do we process this data?
- To whom and why do we transmit personal data?
- How do we protect this data?
- What are your rights?
- How can you exercise these rights?
- How can you contact us?
1. WHAT ARE THE DATA WITH PERSONAL CHARACTER
According to Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) which enters into force from 25 May 2018:
Personal data is any information that relates to an identified or identifiable natural person. Different information which collected, may lead to the identification of a particular person also constitutes personal data.
Examples of personal data: first and last names; home address; e-mail address, such as email@example.com; an ID number; Location data; Internet Protocol Address (IP); a cookie identifier.
2. WHAT DATA WE COLLECT AND MODALITY OF COLLECTION
Information you provide to us
The data you submit via the forms available on this website (certification offer request, questionnaires) in physical or digital format, via e-mail messages sent to us or by phone calls.
Data collected automatically
When you access our website (www.acsr-certification.com) the web server automatically saves access logs (journals) containing the visitor’s IP address, the web resource (document) accessed and information about the operating system/browser used. We store this data to prevent fraud and to ensure the security of the website and information.
3. HOW, WHY AND HOW LONG WE PROCESS THIS DATA
Processing of personal data: Any operation or set of operations that is carried out on personal data, by automatic or non-automatic means, such as collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, devalising to third parties by transmission, dissemination or otherwise, joining or combining, blocking, deleting or destruction.
Storage: Keeping collected on any kind of medium personal data.
ACSR will process personal data for the following purposes:
- Providing the services requested by you.
- To confirm the services you have ordered and provide to you with additional information about them.
- For tender operations, contracting, invoicing.
- To comply with applicable laws.
- For specific activities to the Human Resources department, if you are a Member / interested in being part of our team.
- To prevent fraud and to ensure the security of the website and information.
We will process this data throughout our contractual relationship and, after its completion, at least for the period required by the applicable legal provisions in the field, including, but not limited to the provisions on archiving.
4. TO WHICH AND WHY WE TRANSMIT PERSONAL DATA
Confidentiality of personal data is one of the most important aspects for us. We do not transmit this data to third parties unless necessary, and only the data necessary to comply with legal requirements or accreditation.
The communication of personal data is made only to the authorities, if they request it. Personal data can also be communicated in the context of audit activities to an authority.
Personal data can be communicated to companies that provide occupational health services, safety and security of work, IT services, security and protection of the work premises with which ACSR has service contracts. Where a third party uses the data in the context of its legitimate interest, the administrator does not assume that responsibility. This process is governed by the principles of processing the personal data of companies and relevant persons.
5.HOW WE PROTECT THIS DATA
Personal data is processed safely. ACSR has taken appropriate technical and organizational measures regarding data security, against unauthorized processing or alteration, against loss or destruction, as well as against unauthorized disclosure and access to personal data transmitted, stored or processed. ACSR ensures integrity, availability, confidentiality and authenticity with respect to personal data.
ACSR uses advanced security methods and technologies, together with policies applied to employees and working procedures to protect the processing of personal data, in accordance with the applicable laws.
ACSR has a contract with the provider of hosting services of our website www.acsr-certification.com (through which we collect personal data), which ensures that it has taken all security measures and availability of servers.
ACSR makes every reasonable and commercially justified effort to protect the personal data we hold, we analyze new technologies in the field , and then if necessary, we apply them to upgrade our security systems.
We have also implemented appropriate technical and organizational measures to ensure that only personal data necessary for the specified purposes is processed. The principle of default data protection will also be followed during the development of new products or services.
However, despite the average efforts made to store the information collected in a secure operation, wich is not available to the public, we cannot guarantee the absolute security of this information during transmission or storage in our systems. In case of a breach of security that puts in danger your privacy or personal information, we are committed to inform you of these things, either through this website or by other methods at our disposal (email messages, phone calls).
6. WHAT RIGHTS DO YOU HAVE
Access, Information, Correction and Objection
You may contact us and we will inform you about the personal information that we have collected and processed in connection with you and the purposes for which this data is used.
You have the right to correct any incorrect, incomplete, outdated or unnecessary personal information stored about you.
You may challenge certain uses of personal information, including direct marketing, if such data is processed for purposes other than the purposes necessary for the performance of our services or for the fulfilment of a legal obligation. You may also challenge any further processing of personal information after your prior consent. If you oppose to further processing of personal information, this may lead to fewer possibilities to use our services.
Deletion and right to restrict processing
You may also ask us to delete your personal information from our systems. We will comply with this request if we do not have a legitimate reason not to delete the data. Once the data is deleted, we may not be able to immediately delete all residual copies of all our systems. These copies will be removed as soon as possible.
You may ask us to restrict the processing of certain personal information, but this may lead to fewer possibilities to benefit from the services offered.
Right to portability
You are entitled to receive the personal information that you provide in a structured and commonly used format.
7. HOW YOU CAN EXERCISE THIS RIGHTS
These rights may be exercised by completing and submitting the request for exercise of rights, in physical format or by e-mail, to the contact details below.
We may request the provision of additional information necessary to confirm your identity.
We can reject claims that are unreasonably repetitive, excessive or manifestly unfounded.
If you consider that our personal information processing activities does not comply with applicable data protection legislation, a complaint may be made to:
National Supervisory Authority for Personal Data Processing
8. HOW YOU CAN CONTACT
If you have any questions about data protection, please contact us at any time:\