• Corporate Office Solutions • We Are Platinum! Again! •
• Corporate Office Solutions • We Are Platinum! Again! •
2020 © COS. Proudly Crafted by Quart Creative Agency.

Privacy Statement

INFORMATION NOTE ON THE PROCESSING of PERSONAL DATA BY CORPORATE OFFICE SOLUTIONS SRL

 

1. WHO WE ARE AND WHAT THE PURPOSE OF THIS DOCUMENT IS

This information note was drafted by Corporate Office Solutions SRL, registered office in Bucharest, Șos. București-Ploiești No. 73-81, Building 2, 1st floor, District 1, registered with the Trade Register under no. J40/391/1998, tax registration number RO10148013, as personal data controller (“COS”).

With this document, we intend to explain why and how we process the personal data of the visitors of our website, www.cos.ro, of the business partners of COS (e.g. clients, providers etc.) and of their representatives, as well as of other persons who contact or visit COS, of the persons who attend events organized by or with the involvement of COS, and applies to data collected through our website, www.cos.ro, as a result of the contracts concluded with our business partners, as well as other personal data which we collect through the e-mail service or other offline contacts or in the context of events organized by or with the involvement of COS.

“Personal Data” means any information regarding an identified or identifiable person, and an identifiable person is a person who can be directly or indirectly identified, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or one or several elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

This information note mainly describes:

who we are;
the purposes for which we collect and use your personal data;
the legal grounds on which the data processing carried out by us is based (i.e. the legal basis that allows us to process your data);
the categories of personal data processed by us;
the duration of the data processing;
your rights as data subjects and the manner in which you can exercise these rights;
the persons to whom we disclose or we may disclose your personal data.


2. PURPOSES, PROCESSING GROUNDS AND CATEGORIES OF PERSONAL DATA WE PROCESS

Depending on the context in which you interact with us, we process the following categories of personal data for the purposes and based on the grounds described below:

2.1. If you use our website:

ActivityPurpose
Using the website www.cos.roThe data collected from you while using our website is mainly processed in order to allow you to use the website as well as to monitor the traffic or improve the content of the website. For these purposes we use cookies, according to the Cookie Policy.



2.2. If you visit us at our headquarters

ActivityPurposePersonal Data CategoriesProcessing Grounds
Video camera surveillanceEnsure the security of our offices, assets and personnelYour imageOur legitimate interest to ensure the security and protection of our premises, assets and personnel (Art. 6 par. 1 let. f of GDPR).
WI-FI connectionIf you want to connect to our wi-fi network during your visit at our headquarters, our system will automatically assign you a randomly generated dynamic IP address.A randomly generated dynamic IP address, which does not allow your identification or the identification of the device you are connecting from.Your legitimate interest to use the internet connection available at our headquarters (Art. 6 par. 1 let. f of GDPR)



2.3. If you are or want to become a business partner (client, provider etc.) of COS

ActivityPurposePersonal Data CategoriesProcessing Grounds
Preliminary steps to your request to conclude a contract or perform the contractual relationship with youWe process your data for the purpose of negotiating or performing the contractual relationship concluded with youContact dataMaking endeavors upon your request, before concluding a contract or performing an already concluded contract (Art. 6 par. 1 let. b) of GDPR).
Communication with youWe process your data in order to be able to communicate with you regarding any relevant aspects related to the targeted activity field.Contact dataMaking endeavors upon your request, before concluding a contract or performing an already concluded contract (Art. 6 par. 1 let. b) of GDPR).
Internal management of business contactsEfficient management of business contacts by specialized software (CRM).Contact dataOur legitimate interest to efficiently organize and manage business contacts, in order to keep better records of our contractual partners (Art. 6 par. 1 let. f of GDPR).



2.4. If you are a representative, contact, employee or another collaborator of a business partner (client, provider etc.) of COS

ActivityPurposePersonal Data CategoriesProcessing Grounds
The development of our contractual relationship with our business partnerThe development of our contractual relationship with our business partnerContact dataOur legitimate interest to ensure the proper management of the contractual relationship with our business partner (Art. 6 par. 1 let. f of GDPR)
Communication with youCommunicating with you regarding any relevant aspects related to the contractual relationship with our business partnerContact dataOur legitimate interest to ensure the proper management of the contractual relationship with our business partner (Art. 6 par. 1 let. f of GDPR)
Internal management of business contactsEfficient management of business contacts by specialized software (CRM).Contact dataOur legitimate interest to efficiently organize and manage business contacts, in order to keep better records of our contractual partners (Art. 6 par. 1 let. f of GDPR).



2.5. If you attend an event organized by or with the involvement of COS

ActivityPurposePersonal Data CategoriesProcessing Grounds
Development of events organized by or with the involvement of COSManagement of participation and promotion of events organized by or with the involvement of COSPhoto / video images and other personal data which can be provided by you directly or by the organizer of the event in which you participated or intended to participate, as the case may beOur legitimate interest to create business connections with companies interested in the field we operate in (Art. 6 par. 1 let. f of GDPR).
Taking photos / recording videoWe may process certain personal data in the context of taking photos / recording video with the participants in the events organized by or with the involvement of COS.Photos / video recordings, as well as other personal data that you directly provide to us, on your own initiative.For landscape / panoramic photos / video recordings, we rely on our legitimate interest in the development and the promotion of events (Art. 6 par. 1 let. b) of GDPR).
For photos / video recordings in which you are in the foreground, we rely on the consent expressed by you, including by gestures, facial expressions, behavior (e.g. by the positioning within the photo / video recording). If you do not want to appear in such photos / video recordings, you can always approach the photographer directly. (Art. 6 par. 1 let. a of GDPR).



2.6. If you are a subscriber to our newsletter

ActivityPurposePersonal Data CategoriesProcessing Grounds
Sending newsletters regarding the products and services provided by usSending newsletters regarding the products and services provided by usE-mail addressYour consent (Art. 6 par. 1 let. a of GDPR)
When you subscribe to our newsletter we analyze and document whether you open the newsletter and how you use it.Structuring our newsletter in accordance with your needs and to improve the range of our marketing campaigns.E-mail addressOur legitimate interest of structuring our newsletter in accordance with your needs and to improve the range of our marketing campaigns (Art. 6 par. 1 let. f of GDPR).



2.7. If your data are provided by a business partner of COS

ActivityPurposePersonal Data CategoriesProcessing Grounds
Provision of requested services for fitting offices and work premises.We may process certain personal data in order to prepare and provide the requested services.Your name and other personal data that our business partner provides or that are accessed from public sources, as necessary for achieving our goals.Our legitimate interest in performing the contract with our business partner (Art. 6 par. 1 let. f of GDPR).



2.8. If you are a provider or a representative, employee or collaborator of a provider of products and services that are relevant in our field of activity

ActivityPurposePersonal Data CategoriesProcessing Grounds
Collecting market information on products and services relevant for fitting offices and work premisesPermanently checking and updating our information on products and services relevant for fitting offices and work premisesContact data obtained from third parties or from public sourcesOur legitimate interest in having updated information regarding the offer available on the market of products and services relevant for fitting offices and work premises (Art. 6 par. 1 let. b) of GDPR).



2.9. If you exercise your rights granted by GDPR as a data subject

ActivityPurposePersonal Data CategoriesProcessing Grounds
Managing the rights granted by GDPR to data subjects.The processing of your personal data may be necessary if you exercise the rights granted by GDPR as a data subject.Identification data, and other personal data you may communicate to us directly, as necessary in order to achieve our goals.Our legal obligation to reply to your requests.



2.10. For all the aforementioned data subject categories

ActivityPurposePersonal Data CategoriesProcessing Grounds
Changes related to shareholders, structure or similar transactions regarding COSThe processing of your personal data may be necessary in the context of certain changes related to shareholders, structure or similar transactions regarding COSThe identification data, as well as other personal data which you or the parties involved in such transactions may directly provide, as necessary for achieving these goals.The processing grounds may be a legal obligation (if COS has the legal obligation of disclosing certain personal data to public authorities), the performance of the contract concluded by COS in the context of such transactions (if you are a party to the contract) or the legitimate interest of COS to perform the transaction in the most efficient manner (in the other cases).

You can oppose the processing based on the legitimate interest of COS at any time, for reasons related to your specific situation. For further details regarding your rights, please see section 7 below.

 

3. DATA PROVISION NECESSITY

When personal data is communicated by you directly, please provide all categories of personal data requested for the purposes mentioned above. Otherwise, we will not be able to adequately carry out our activities (including, among others, providing our services to you).

If you provide to COS personal data of other natural persons, please inform them, before disclosing the data, about the manner in which COS intends to process the data, as provided in this Information Note.

 

4. TO WHOM WE DISCLOSE YOUR PERSONAL DATA

4.1. Our service providers

We disclose your personal data to our service providers, such as, for example, providers of specialized software licenses (CRM), providers of website hosting services, organizers of events, providers of newsletter sending services. They will exclusively access and process the personal data necessary for the performance of the contracted services by us, based on proper contractual documentation, the basis for this disclosure being our legitimate interest to contract and benefit from the services provided by these suppliers.

We may also disclose your personal data as follows:

– we may disclose photos/videos taken/recorded within events organized by or with the involvement of COS, by publishing on our website, www.cos.ro or on social media platforms such as Facebook, LinkedIn, Instagram or YouTube, based on our legitimate interest to promote the events organized by or with the involvement of COS (you can find details about the manner in which your personal data are processed on these platforms here:

– we may disclose relevant personal data to the business partners who provided us with your personal data, in the context of providing the requested services, if this is necessary for achieving these goals;
– to our auditors, advisers, attorneys or other providers of specialized professional services, if necessary for the provision of services contracted by us, by them, given our legitimate interest or our legal obligation to contract these services;
– to third parties with whom we may discuss/negotiate changes related to shareholders, structure or similar transactions regarding COS, given our legitimate interest for this purpose;
– to public authorities and institutions, if we have a legal obligation for this purpose or upon their express request, if allowed by the law.

4.2. International data transfers

As a rule, we transfer your personal data only in states that belong to the EU and/or the European Economic Area (EEA); we do not transfer your data to states outside the EEA.

Nevertheless, a series of data posted on Facebook, LinkedIn, Instagram or Youtube could be transferred outside the European Economic area according to the details available in the data processing policies of these companies, which you can consult at the addresses mentioned above.

 

5. HOW WE PROTECT YOUR DATA

We implement technical and organizational measures to ensure the security of personal data, out of which:
Dedicated policies. We adopt and review our practices and policies for processing your data, including physical and electronic security measures, in order to protect our systems from unauthorized access and other potential threats to their security.
Specific technical measures. We use technologies that ensure the security of the personal data we process, we do backups and check whether the used security technology is adequate to the risk level.
Personnel training. We train our employees and collaborators regarding the legislation and best practices in the field of processing personal data.
Controlling our service providers. According to the law, we stipulate in the contracts with the persons who process for us (operators) or with us (other controllers – associated controllers) clauses in order to ensure the protection of the data that we process.
We also adopt other measures imposed by the law.

Although we take all reasonable measures in order to ensure the security of your data, COS cannot guarantee the absence of any security breach or the impossibility of penetrating our security systems. In the unfortunate case in which such a breach occurs, we will follow the legal procedures for limiting the effects and informing the data subjects.

 

6. HOW LONG WE KEEP YOUR DATA

We intend to keep your personal data during the entire term of the contract concluded with the relevant business partners, and after the termination of the contract, according to our internal policies and our legal obligations.

If the data is not collected in the context of a contract with our business partners, this data will be kept as long as it will be necessary in order to achieve the data processing goal (for example: 3 years for the data processed in order to send newsletters, 30 days for the images collected by surveillance cameras, 3 years for photos taken / videos recorded in the context of an event organized by or with the involvement of COS).

 

7. YOUR RIGHTS

According to the law, you benefit from the following rights related to the processing of your personal data that we perform:

  1. Right to access: you can obtain from us the confirmation that we process your personal data, as well as the information regarding the specificity of the processing, such as: the goal, the categories of processed personal data , the addressees of the data, the period for which it is kept, the existence of the right to rectify, the deletion or the restriction of the processing. This right allows you to obtain free of charge a copy of the processed personal data, and any additional copies for a fee.
  2. The right to rectify data: you can ask us to modify your incorrect personal data or, as the case may be, to supplement incomplete data.
  3. The right to deletion: you can ask us to delete your personal data when: (i) it is no longer necessary for the purposes for which we collected it and processed it; (ii) you withdrew your consent for processing your personal data and we can no longer process it based on other legal grounds; (iii) the personal data is processed contrary to the law; and (iv) the personal data must be deleted according to the relevant legislation.
  4. Withdrawing consent: you can withdraw your consent regarding the processing of the personal data processed based on your consent, at any time and this decision will not affect in any way the processing performed before you withdrew your consent. You can withdraw your consent by clicking the unsubscribe button available in any newsletter we send you or by sending us an e-mail at dataprotection@cos.ro.
  5. The right to oppose: you can oppose the processing based on the legitimate interest of COS, at any time, for reasons related to your specific situation. For further details regarding the processing we perform in our legitimate interest, please consult section 2 mentioned above.
  6. Restriction: you may ask us to restrict the processing of your personal data if: (i) you dispute the accuracy of the personal data, for a period that allows us to check the accuracy of such data; (ii) the processing is illegal, and you oppose to the deletion of your personal data, asking us to restrict its use, in return; (iii) the data is no longer necessary for the processing, but you request it from us for filing a lawsuit; and (iv) if you have opposed the processing, for the time interval when checks are made in order to ascertain whether the legitimate rights of COS as a controller prevail over your rights as a data subject.
  7. The right to portability: you can ask us, according to the law, to provide you with the personal data you provided to us in a structured and frequently used form, which can be automatically read (for example in CSV format). Also, if you expressly ask us, we can send your personal data to another entity, if it is technically possible. You may exercise the right to portability only if (cumulatively): (i) the processing is made by automatic means; and (ii) the processing is made based on your consent or in order to perform a contract with you
  8. The right to not be subject to an automated individual decisional process, including the creation of profiles.
  9. The right to submit a complaint with the Personal Data Processing Supervision National Authority: you have the right to submit a complaint with the Personal Data Processing Supervision National Authority (www.dataprotection.ro) if you consider that your rights have been violated :
Personal Data Processing Supervision National AuthorityG-ral. Gheorghe Magheru Boulevard no. 28-30, District 1, zip code 010336 Bucharest, Romania
anspdcp@dataprotection.ro

If you exercise any of your rights according to the law, this will not affect: (i) a processing that has already taken place; or (ii) a processing that is not based on your consent.

In order to exercise one or several of the aforementioned rights or in order to ask a question regarding these rights or the processing of your personal data by us, please contact us by e-mail at dataprotection@cos.ro or by mail at the following address: Bucharest, București-Ploiești Road no. 73-81, Building 2, 1st floor, District 1.

This document was drawn up in both Romanian and English versions. In case of discrepancies, the Romanian version shall prevail.

(Date of the last revision, July 2nd, 2020)

Contact us for your custom solution

inquiry

For any enquiry on our products or services, simply use the form below.

x

Subscribe to our newsletter

You’ll receive the latest news from the office solutions industry

You’ll get access to our campaigns

You’ll be updated with design and product insights