INFORMATION NOTE ON THE PROCESSING of PERSONAL DATA BY CORPORATE OFFICE SOLUTIONS SRL
1. WHO WE ARE AND WHAT THE PURPOSE OF THIS DOCUMENT IS
This information note was drafted by Corporate Office Solutions SRL, registered office in Bucharest, Șos. București-Ploiești No. 73-81, Building 2, 1st floor, District 1, registered with the Trade Register under no. J40/391/1998, tax registration number RO10148013, as personal data controller (“COS”).
With this document, we intend to explain why and how we process the personal data of the visitors of our website, www.cos.ro, of the business partners of COS (e.g. clients, providers etc.) and of their representatives, as well as of other persons who contact or visit COS, of the persons who attend events organized by or with the involvement of COS, and applies to data collected through our website, www.cos.ro, as a result of the contracts concluded with our business partners, as well as other personal data which we collect through the e-mail service or other offline contacts or in the context of events organized by or with the involvement of COS.
“Personal Data” means any information regarding an identified or identifiable person, and an identifiable person is a person who can be directly or indirectly identified, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or one or several elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
This information note mainly describes:
who we are;
the purposes for which we collect and use your personal data;
the legal grounds on which the data processing carried out by us is based (i.e. the legal basis that allows us to process your data);
the categories of personal data processed by us;
the duration of the data processing;
your rights as data subjects and the manner in which you can exercise these rights;
the persons to whom we disclose or we may disclose your personal data.
2. PURPOSES, PROCESSING GROUNDS AND CATEGORIES OF PERSONAL DATA WE PROCESS
Depending on the context in which you interact with us, we process the following categories of personal data for the purposes and based on the grounds described below:
2.1. If you use our website:
Activity | Purpose |
---|---|
Using the website www.cos.ro | The data collected from you while using our website is mainly processed in order to allow you to use the website as well as to monitor the traffic or improve the content of the website. For these purposes we use cookies, according to the Cookie Policy. |
2.2. If you visit us at our headquarters
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Video camera surveillance | Ensure the security of our offices, assets and personnel | Your image | Our legitimate interest to ensure the security and protection of our premises, assets and personnel (Art. 6 par. 1 let. f of GDPR). |
WI-FI connection | If you want to connect to our wi-fi network during your visit at our headquarters, our system will automatically assign you a randomly generated dynamic IP address. | A randomly generated dynamic IP address, which does not allow your identification or the identification of the device you are connecting from. | Your legitimate interest to use the internet connection available at our headquarters (Art. 6 par. 1 let. f of GDPR) |
2.3. If you are or want to become a business partner (client, provider etc.) of COS
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Preliminary steps to your request to conclude a contract or perform the contractual relationship with you | We process your data for the purpose of negotiating or performing the contractual relationship concluded with you | Contact data | Making endeavors upon your request, before concluding a contract or performing an already concluded contract (Art. 6 par. 1 let. b) of GDPR). |
Communication with you | We process your data in order to be able to communicate with you regarding any relevant aspects related to the targeted activity field. | Contact data | Making endeavors upon your request, before concluding a contract or performing an already concluded contract (Art. 6 par. 1 let. b) of GDPR). |
Internal management of business contacts | Efficient management of business contacts by specialized software (CRM). | Contact data | Our legitimate interest to efficiently organize and manage business contacts, in order to keep better records of our contractual partners (Art. 6 par. 1 let. f of GDPR). |
2.4. If you are a representative, contact, employee or another collaborator of a business partner (client, provider etc.) of COS
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
The development of our contractual relationship with our business partner | The development of our contractual relationship with our business partner | Contact data | Our legitimate interest to ensure the proper management of the contractual relationship with our business partner (Art. 6 par. 1 let. f of GDPR) |
Communication with you | Communicating with you regarding any relevant aspects related to the contractual relationship with our business partner | Contact data | Our legitimate interest to ensure the proper management of the contractual relationship with our business partner (Art. 6 par. 1 let. f of GDPR) |
Internal management of business contacts | Efficient management of business contacts by specialized software (CRM). | Contact data | Our legitimate interest to efficiently organize and manage business contacts, in order to keep better records of our contractual partners (Art. 6 par. 1 let. f of GDPR). |
2.5. If you attend an event organized by or with the involvement of COS
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Development of events organized by or with the involvement of COS | Management of participation and promotion of events organized by or with the involvement of COS | Photo / video images and other personal data which can be provided by you directly or by the organizer of the event in which you participated or intended to participate, as the case may be | Our legitimate interest to create business connections with companies interested in the field we operate in (Art. 6 par. 1 let. f of GDPR). |
Taking photos / recording video | We may process certain personal data in the context of taking photos / recording video with the participants in the events organized by or with the involvement of COS. | Photos / video recordings, as well as other personal data that you directly provide to us, on your own initiative. | For landscape / panoramic photos / video recordings, we rely on our legitimate interest in the development and the promotion of events (Art. 6 par. 1 let. b) of GDPR). For photos / video recordings in which you are in the foreground, we rely on the consent expressed by you, including by gestures, facial expressions, behavior (e.g. by the positioning within the photo / video recording). If you do not want to appear in such photos / video recordings, you can always approach the photographer directly. (Art. 6 par. 1 let. a of GDPR). |
2.6. If you are a subscriber to our newsletter
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Sending newsletters regarding the products and services provided by us | Sending newsletters regarding the products and services provided by us | E-mail address | Your consent (Art. 6 par. 1 let. a of GDPR) |
When you subscribe to our newsletter we analyze and document whether you open the newsletter and how you use it. | Structuring our newsletter in accordance with your needs and to improve the range of our marketing campaigns. | E-mail address | Our legitimate interest of structuring our newsletter in accordance with your needs and to improve the range of our marketing campaigns (Art. 6 par. 1 let. f of GDPR). |
2.7. If your data are provided by a business partner of COS
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Provision of requested services for fitting offices and work premises. | We may process certain personal data in order to prepare and provide the requested services. | Your name and other personal data that our business partner provides or that are accessed from public sources, as necessary for achieving our goals. | Our legitimate interest in performing the contract with our business partner (Art. 6 par. 1 let. f of GDPR). |
2.8. If you are a provider or a representative, employee or collaborator of a provider of products and services that are relevant in our field of activity
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Collecting market information on products and services relevant for fitting offices and work premises | Permanently checking and updating our information on products and services relevant for fitting offices and work premises | Contact data obtained from third parties or from public sources | Our legitimate interest in having updated information regarding the offer available on the market of products and services relevant for fitting offices and work premises (Art. 6 par. 1 let. b) of GDPR). |
2.9. If you exercise your rights granted by GDPR as a data subject
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Managing the rights granted by GDPR to data subjects. | The processing of your personal data may be necessary if you exercise the rights granted by GDPR as a data subject. | Identification data, and other personal data you may communicate to us directly, as necessary in order to achieve our goals. | Our legal obligation to reply to your requests. |
2.10. For all the aforementioned data subject categories
Activity | Purpose | Personal Data Categories | Processing Grounds |
---|---|---|---|
Changes related to shareholders, structure or similar transactions regarding COS | The processing of your personal data may be necessary in the context of certain changes related to shareholders, structure or similar transactions regarding COS | The identification data, as well as other personal data which you or the parties involved in such transactions may directly provide, as necessary for achieving these goals. | The processing grounds may be a legal obligation (if COS has the legal obligation of disclosing certain personal data to public authorities), the performance of the contract concluded by COS in the context of such transactions (if you are a party to the contract) or the legitimate interest of COS to perform the transaction in the most efficient manner (in the other cases). |
You can oppose the processing based on the legitimate interest of COS at any time, for reasons related to your specific situation. For further details regarding your rights, please see section 7 below.
3. DATA PROVISION NECESSITY
When personal data is communicated by you directly, please provide all categories of personal data requested for the purposes mentioned above. Otherwise, we will not be able to adequately carry out our activities (including, among others, providing our services to you).
If you provide to COS personal data of other natural persons, please inform them, before disclosing the data, about the manner in which COS intends to process the data, as provided in this Information Note.
4. TO WHOM WE DISCLOSE YOUR PERSONAL DATA
4.1. Our service providers
We disclose your personal data to our service providers, such as, for example, providers of specialized software licenses (CRM), providers of website hosting services, organizers of events, providers of newsletter sending services. They will exclusively access and process the personal data necessary for the performance of the contracted services by us, based on proper contractual documentation, the basis for this disclosure being our legitimate interest to contract and benefit from the services provided by these suppliers.
We may also disclose your personal data as follows:
– we may disclose photos/videos taken/recorded within events organized by or with the involvement of COS, by publishing on our website, www.cos.ro or on social media platforms such as Facebook, LinkedIn, Instagram or YouTube, based on our legitimate interest to promote the events organized by or with the involvement of COS (you can find details about the manner in which your personal data are processed on these platforms here:
– we may disclose relevant personal data to the business partners who provided us with your personal data, in the context of providing the requested services, if this is necessary for achieving these goals;
– to our auditors, advisers, attorneys or other providers of specialized professional services, if necessary for the provision of services contracted by us, by them, given our legitimate interest or our legal obligation to contract these services;
– to third parties with whom we may discuss/negotiate changes related to shareholders, structure or similar transactions regarding COS, given our legitimate interest for this purpose;
– to public authorities and institutions, if we have a legal obligation for this purpose or upon their express request, if allowed by the law.
4.2. International data transfers
As a rule, we transfer your personal data only in states that belong to the EU and/or the European Economic Area (EEA); we do not transfer your data to states outside the EEA.
Nevertheless, a series of data posted on Facebook, LinkedIn, Instagram or Youtube could be transferred outside the European Economic area according to the details available in the data processing policies of these companies, which you can consult at the addresses mentioned above.
5. HOW WE PROTECT YOUR DATA
We implement technical and organizational measures to ensure the security of personal data, out of which:
Dedicated policies. We adopt and review our practices and policies for processing your data, including physical and electronic security measures, in order to protect our systems from unauthorized access and other potential threats to their security.
Specific technical measures. We use technologies that ensure the security of the personal data we process, we do backups and check whether the used security technology is adequate to the risk level.
Personnel training. We train our employees and collaborators regarding the legislation and best practices in the field of processing personal data.
Controlling our service providers. According to the law, we stipulate in the contracts with the persons who process for us (operators) or with us (other controllers – associated controllers) clauses in order to ensure the protection of the data that we process.
We also adopt other measures imposed by the law.
Although we take all reasonable measures in order to ensure the security of your data, COS cannot guarantee the absence of any security breach or the impossibility of penetrating our security systems. In the unfortunate case in which such a breach occurs, we will follow the legal procedures for limiting the effects and informing the data subjects.
6. HOW LONG WE KEEP YOUR DATA
We intend to keep your personal data during the entire term of the contract concluded with the relevant business partners, and after the termination of the contract, according to our internal policies and our legal obligations.
If the data is not collected in the context of a contract with our business partners, this data will be kept as long as it will be necessary in order to achieve the data processing goal (for example: 3 years for the data processed in order to send newsletters, 30 days for the images collected by surveillance cameras, 3 years for photos taken / videos recorded in the context of an event organized by or with the involvement of COS).
7. YOUR RIGHTS
According to the law, you benefit from the following rights related to the processing of your personal data that we perform:
Personal Data Processing Supervision National Authority | G-ral. Gheorghe Magheru Boulevard no. 28-30, District 1, zip code 010336 Bucharest, Romania anspdcp@dataprotection.ro |
If you exercise any of your rights according to the law, this will not affect: (i) a processing that has already taken place; or (ii) a processing that is not based on your consent.
In order to exercise one or several of the aforementioned rights or in order to ask a question regarding these rights or the processing of your personal data by us, please contact us by e-mail at dataprotection@cos.ro or by mail at the following address: Bucharest, București-Ploiești Road no. 73-81, Building 2, 1st floor, District 1.
This document was drawn up in both Romanian and English versions. In case of discrepancies, the Romanian version shall prevail.
(Date of the last revision, July 2nd, 2020)
For any enquiry on our products or services, simply use the form below.