Within SC PRACTICOM SRL, the right to the protection of personal data is considered in relation to its function in society and is balanced against other fundamental rights, in accordance with the principle of proportionality as it is enshrined – respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information.
SC PRACTICOM SRL guarantees control of personal data, legal and practical certainty for natural persons.
INTEGRITY AND CONFIDENTIALITY
Personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
SECURITY AND CONFIDENTIALITY
Personal data are processed in a manner that ensures appropriate security and confidentiality of such data, including for preventing unauthorised access to or
use of personal data and the equipment used for the processing.
Within SC PRACTICOM SRL any processing of personal data is lawful and fair because it ensures that:
- any information and communication concerning the processing of personal data is easily accessible and easy to understand, and that clear and plain language is used.
- informing the data subjects about the purposes of processing as well as providing additional information in order to ensure fair and transparent processing as regards the data subjects is done in order to guarantee their right to be confirmed and communicated the personal data relating to them which are processed.
- persons are informed of the risks, rules, safeguards and rights in the field of personal data processing and their rights in relation to such processing.
CONCISE, EASILY ACCESSIBLE AND EASY TO UNDERSTAND INFORMATION
Within SC PRACTICOM SRL information concerning personal data processing is concise, easily accessible and easy to understand.
For information purposes, there is used a clear and plain language and, additionally, where appropriate, visualisation.
Such information could be also provided in electronic form, for example, when addressed to the public, through the website of SC PRACTICOM.
LAWFULNESS OF PROCESSING
Within SC PRACTICOM, the processing is lawful only if and to the extent that:
- the data subject has given his/her consent to the processing of the data
- the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- the processing is necessary for compliance with a legal obligation of SC PRACTICOM;
- the processing is necessary to protect the vital interests of the data subject or of another natural person;
- the processing is necessary for the performance of a task carried out in the public interest
- the processing is necessary for the legitimate interests pursued by SC PRACTICOM or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Personal data shall be:
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
In order to ensure that personal data are not retained for longer than necessary, SC PRACTICOM SRL
- establishes time limits for erasure,
- establishes time limits for periodic review.
- takes every reasonable step to ensure that personal data which are inaccurate are rectified or deleted.
INFORMATION ABOUT PROCESSING OPERATIONS
- informs the data subject about the existence/purposes of the processing operations
- provides additional information to ensure fair and transparent processing
The consent of the person is given
- following the transmission of a clear and concise request.
- by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
- when the data processing has multiple purposes, the consent is given for all of them
- If processing is based on consent, SC PRACTICOM is able to demonstrate that the data subject has given his/her consent to the processing of his/her data
- The data subject has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject is informed thereof. It shall be as easy to withdraw as to give consent.
- prevents the risk to the rights and freedoms of natural persons that may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation or any other significant economic or social disadvantage;
- ensures that data subjects cannot be deprived of their rights and freedoms or prevented from exercising control over their personal data;
- gives consideration to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage, when assessing personal data security risk
TECHNICAL AND ORGANIZATIONAL MEASURES
- the protection with regard to the processing of personal data is ensured by taking appropriate technical and organizational measures
- there are adopted internal policies and implemented measures which meet in particular the principles of data protection by design and data protection by default.
BREACH OF DATA SECURITY
As soon as it becomes aware that a personal data breach has occurred, SC PRACTICOM SRL shall notify the breach to the Supervisory Authority not later than 72 hours after having become aware of it, unless it demonstrates that the personal data breach poses a risk to the rights and freedoms of natural persons.
Right of access
The data subject shall have the right to obtain a confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, he/she has the right to access such data.
Right to rectification
The data subject shall have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him or her.
Right to be forgotten
The data subject shall have the right to obtain the erasure of personal data concerning him or her, and SC PRACTICOM shall erase such data without undue delay.
Right to restriction of processing
The data subject shall have the right to obtain restriction of processing of personal data concerning him or her in accordance with the GDPR.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided, and shall have the right to transmit those data to another controller.
Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data, in accordance with the Regulation.
Cooperation with the supervisory authority
SC PRACTICOM and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of their tasks.
Communication of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, SC PRACTICOM shall communicate the personal data breach to the data subject without undue delay.
Data Protection Officer
SC PRACTICOM shall designate a data protection officer on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in the GDPR.
The top management shall maintain a permanent commitment to continuously improve the security of personal data processing activities in order to increase performance in the areas of:
- integrity of personal data.
The POLICY will be permanently maintained:
- as documented information,
- appropriate to the purpose,
- adapted to the security requirements of the personal data processing activities,
- communicated within the organization and available to interested parties.