Personal Data Processing Policy - GDPR
About GDPR (General Data Protection Regulation)
At Opticom Consulting (hereinafter “Opticom”) we have from the very beginning paid special attention to the collection, use, processing and storage of our clients’ personal data. Compliance with the legislation in force and alignment with the new provisions in the field has always been a priority for us.
Opticom is a Data Controller registered under no. 10578/28.06.2013 in the Register of Personal Data Processing.
From 25 May 2018, Opticom will adopt the EU Regulation 2016/679, also known as GDPR (General Data Protection Regulation), applicable in all EU Member States.
We would like to inform you in detail about the collection and use of your personal data. If you have any questions, you can write to us at firstname.lastname@example.org.
Data collected, collection methods and purpose
Personal data is information by which a customer can be directly or indirectly identified.
In most situations, Opticom collects personal data directly from the customer, in situations such as: when signing the contract or during the course of the contract, when placing an order, following contact with Opticom. Such data can be:
- Name, first name
- Postal address
- Email address
- Phone number
- Purchase details (product type, price, payment method)
- Traffic details and the area from which you use Opticom services
- Voice (when calling Customer Service) or image (when entering a video conference with Opticom)
Opticom may request other personal data with the customer’s consent.
Sometimes, in order to improve the services and products offered, Opticom may launch surveys, asking for information on the customer experience during the use of Opticom products and services.
Opticom may also collect customer data by automated means, such as cookies, when the customer visits Opticom websites and other information systems or interacts with an Opticom advertisement. Such data may include: IP address, browser type, operating system, geographic location, actions taken. Most of the data collected in this way is used for statistical purposes only, without linking it to other data sources that could make it possible to identify a specific person.
The customer shall not be subject to any decision based solely on automatic processing of data which produces legal effects concerning him or significantly affects him, unless the customer has explicitly agreed to the processing or the processing is necessary for the conclusion or performance of a contract concluded with Opticom to prevent fraud and debt situations, or Opticom is obliged by law to use personal data in this way.
In all cases, the customer has the opportunity to request an explanation of the logic behind the automated decision mechanism and, where appropriate, the customer may request human intervention in the decision making process.
Sometimes, Opticom may also legitimately collect customer data from external sources by consulting public databases (such as the Trade Register or the Ministry of Public Finance).
Personal data may also be collected from sources such as: third party data aggregators, Opticom partners, public sources and third party social networking sites, online platforms that provide access to Opticom or Opticom partners’ applications (if there is customer consent for their personal data to be shared with Opticom).
Opticom processes customer data either for the performance of the contract or commercial relationship, or for compliance with legal obligations, or following the customer’s consent, in the legitimate interest of Opticom and with the aim of providing a better experience in the interaction with Opticom, in the use of products and services offered.
Opticom may process personal data, if it has the customer’s consent, in order to inform about Opticom products and services, offers or special events.
Opticom can record telephone calls with Opticom representatives. The purpose of these recordings is to improve the services offered and to identify correctly and completely the customer’s requirements, the latter being informed about the recording at the time of requesting a call with a Customer Service operator. If the customer does not agree with this registration, he has the possibility to contact Opticom by other means: mail, email, fax.
Opticom will be able to use the information it collects about the customer in other ways only in compliance with the law.
Customers' rights regarding the processing of personal data
In accordance with the General Data Protection Regulation, Opticom customers have the following rights:
- The right to request access to your personal data
- The right to request modification or correction of data, deletion or restriction of data processing
- The right to withdraw your previously given consent, to disable certain types of collection or use of your data, including the use of certain cookies
- The right to request Opticom to transfer them to another company
- The right to lodge a complaint with the competent supervisory authority – in Romania this is the National Supervisory Authority for Personal Data Processing (ANSPDCP)
There are situations, provided for by law, in which these rights may be limited. For example, data required to execute an ongoing contract cannot be deleted following a request by the client. Deletion will only be possible if legal obligations to retain do not prevent such deletion, if the data are no longer necessary to achieve the purpose of their storage or if storage is not permitted for other reasons. Any such request will be considered on an individual basis, resolved in accordance with the law, and the decision will be communicated to the client accordingly.
The customer may refuse or withdraw his/her consent to the processing of his/her personal data for marketing and advertising purposes at any time, but will still receive administrative communications from Opticom, such as, but not limited to, order confirmations, invoices for services, important notifications regarding service availability.
Data processing by third parties
Opticom will not disclose the customer’s personal data to a third party, unless there is the customer’s consent or there is a legitimate interest in the use of his personal data.
However, Opticom may disclose the customer’s personal data to third parties, without the customer’s consent, in the following situations and to the following entities:
- Service providers: Opticom may contract service providers, agents or contractors to provide services on its behalf, including services for the management of the means and services made available to the customer. Opticom requires these third parties to comply with all applicable data protection laws and specific security requirements relating to the Customer’s personal data. Opticom may transfer such personal data when providing electronic communications services, warranty related services.
- Opticom’s external consultants or partners providing assistance to the company (e.g. external lawyers, external accountants, debt collection agents)
- Public authorities: Opticom may disclose customer data if required to do so by law or if it believes in good faith that such disclosure is reasonably necessary for the proper conduct of legal proceedings, investigations or to respond to any complaints or requests from authorities.
Opticom has implemented a number of security measures that are in line with industry standards in order to keep customers’ personal data safe. It does not cover those personal data that the customer chooses to communicate in public spaces online or offline.
Opticom will retain personal data for as long as necessary for the stated purpose, taking into account the need to answer questions or resolve problems, to provide new or improved services and to comply with applicable legal requirements. Therefore, Opticom may keep personal data for a reasonable period of time after the customer’s last interaction with Opticom, in accordance with applicable law.
When the customer’s personal data is no longer necessary for the purpose for which it was collected or agreed, nor is there any legal obligation to retain it, Opticom will destroy or delete it in a secure manner.
Processing of user data in the case of corporate clients
In the case of corporate customers, for the purpose of processing personal data of its users as mentioned above, Opticom will obtain the express consent of the account holder for the types of processing of personal data or for categories of personal data for which the law imposes such a condition. In this regard, the legal entity customer undertakes that before transferring personal data of the users and of the contact person to Opticom, it shall obtain their consent for the processing carried out by Opticom in the performance of the contract and for the data processing mentioned in the previous articles. By transferring the personal data of the users and the contact person to Opticom, the legal entity customer certifies that the consent of the users and the contact person for the processing of their personal data by Opticom has been obtained as provided above and assumes full responsibility in this regard.