Menu
Menu
CALLATIS GAS S.R.L. treats with utmost importance the relationship with customers, distributors, suppliers, employees, job seekers as well as with visitors and other interested parties. The company aims to provide an adequate level of protection for the processing of personal data in order to maintain and improve its business relations, trust and reputation.
Privacy policy complies with the principles of the General Regulation of the European Union on the protection of data subjects with regard to the processing of personal data and on their free movement 679/2016 (hereinafter referred to as “RGPD”). The regulation aims to protect the fundamental rights and freedoms of individuals in the EU in the context of the globalisation of the economy and the digitalisation of communications, in particular their right to the protection of personal data. The GDPR puts the transparency and legality of the processing as reference principles to provide individuals with the information and control they need when processing their personal data.
The privacy policy aims to provide an internationally applied framework within CALLATIS to achieve an adequate level of protection of personal data for the benefit of all parties involved.
This policy applies to the processing of personal data by CALLATIS. Personal data is any information relating to an identified or identifiable natural person, such as biographical information (name, birth data, etc.), employment data (addresses, position, position, etc.), telephone numbers and e-mail addresses, etc.) online identifier (IP address) or to one or more elements specific to its physical, physiological, genetic, mental, economic, economic identity, cultural or social. T
his policy includes generally accepted data protection principles, without replacing the existing legal framework. The policy is in accordance with European law and national law on the processing of personal data and applies to CALLATIS card transactions . The Company undertakes with this policy to fully comply with applicable national and European laws regarding the protection of personal data and their free movement.
This policy does not apply to identification data of legal entities, such as companies or other organizations with legal personality.
This policy does not apply to anonymous data, such as statistical data. However, the mere absence of a name does not imply that the data are anonymous, it should be impossible to directly or indirectly identify a data subject.
This policy may be modified under the coordination of the company administrator and the Data Protection Officer. You can find the latest version of this policy on our website.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down by applicable law.
Personal data relating to the physical or mental health of a natural person, including the provision of health services, which disclose information about his or her health.
An identified or identifiable natural person whose personal data are processed. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or, location data, an online identifier or one or more elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity.
Any information concerning an identified or identifiable natural person (“the data subject”).
A security breach that results in the destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.
Any operation or set of operations performed on personal data or on sets of personal data, with or without the use of automated means, such as collection, recording, organisation, organisation, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing the transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The processing of personal data in such a way that personal data cannot be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that such data is not attributed to an identified or identifiable natural person.
A natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not a third party. However, public authorities to which personal data may be communicated in the context of a specific investigation in accordance with Union or national law shall not be regarded as recipients; the processing of these data by the respective public authorities will comply with the applicable data protection rules in accordance with the purposes of the processing.
Marking of personal data stored for the purpose of limiting future processing.
CALLATIS GAS S.R.L.
Headquarters: Bucharest, sector 1, ONE FLOREASCA CITY, no. 159-165, 9th floor
NAIL: 26202070
Order number in the Trade Register: J13/2445/2009
Tel.: 037-355.01
Website: www.callatisgas.ro
Personal data must be processed lawfully and fairly in relation to the data subject. Any processing of personal data will be lawful only to the extent that the processing is based on a basis of processing provided by law. When special categories of personal data are processed, this will be done only when one of the conditions of derogation specified by law applies.
The controller shall take appropriate measures to provide the data subject with any information relating to the processing of personal data in a concise, transparent, understandable and easily accessible form using clear and simple language. The information shall be provided in writing or by other means, including where appropriate in electronic form.
The purposes for which the personal data are processed must be explicit and legitimate and determined at the time of their collection. Personal data may not be processed in a manner incompatible with these purposes.
Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal data must be accurate and, if necessary, kept up to date. Reasonable measures must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Personal data may not be processed for a longer period than is strictly necessary for that processing. Once the personal data are no longer necessary for the purpose of the processing, they must be anonymized or deleted.
Personal data may be stored for longer periods to the extent that they will be processed exclusively for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes.
The processing of personal data must be carried out in a way that ensures their security, including protection against unauthorized or illegal processing, loss, destruction or accidental damage. Confidentiality commitments are established with employees, consultants and other parties who have access to personal data. In addition, a password-based access restriction system ensures that individuals can only access the personal data they need to perform their duties.
CALLATIS must be able to demonstrate compliance with the principles of legality, fairness, transparency, minimization, purpose limitation, storage limitation, integrity and confidentiality of personal data processing. Data protection policies, control elements, procedures, checklists and other measures that constitute the data protection framework shall be documented systematically.
Control elements and how to comply with the principles related to the processing of personal data are being proactively developed from the design and development phase of processing operations. The strictest privacy settings (in relation to the amount of data collected, the extent of processing, the storage period and its accessibility) must be applied by default to any processing. Compliance with the principle of data protection at the time of design and by default is a functional requirement throughout the life of the company’s operations involving the processing of personal data.
CALLATIS processes personal data for the following purposes:
Purpose-signing and conducting contracts with customers and to send information to such customers about similar products and services.
The lawfulness of processing-executing a contract to which the data subjects are a party or to take steps at their request prior to the conclusion of a contract.
Categories of personal data: Identification data of the persons from the client necessary for the performance of the operational contract: name and surname of the shareholders, percentage, identification number (passport/ID), and, the name and surname, the function of the directors or persons authorized to sign, the data of the contact persons within the company (name and surname, telephone, email), data of the administrator (name, surname, first name, last name of the father, last name of the father, personal numeric code, type of identity document, date and place of issuance of the identity document, address, nationality), data of the real beneficiary (name, surname, surname of the father, type of identity document, type of, date and place of issue, address, nationality, country of residence, CNP, public function), signature; Identification data of the customer’s transport service subcontractors required to perform the contract (loading instruction): driver’s name and surname, driver’s phone, driving license, contact person from the recipient (name, surname, location);Identification data of the subcontractors of transport services necessary for the performance of the contract (customs broker, terminal ): name, surname, signature, email address, telephone, address, position.
Storage period – for the period of the contractual relationship and after the conclusion of the contractual relationship for a period of 10 years according to Annex no. 1 Article (A) no. 38 of Order 2635/2015 on financial accounting documents.
The purpose of signing and conducting contracts with suppliers
Legality of processing-executing contracts with suppliers and to take steps before concluding a contract.
Categories of personal data: Identification data of the persons from the operator necessary for the performance of the operational contract: name, surname, signature, email address, telephone, function, address; Identification data of the persons from the sender and/or from the recipient: name, surname, signature, email address, phone, fax, function, address, surname, driver name, driving license, driving license, contact data; Identification data of persons from service subcontractors of the operator necessary for the performance of the contract (customs commissioner, terminal, etc.): name, surname, signature, email address, email address, phone, function, address.
Storage period – for the period of the contractual relationship and after the conclusion of the contractual relationship for a period of 10 years according to Annex no. 1 Article (A) no. 38 of Order 2635/2015 on financial accounting documents.
Purpose of answering questions/messages received from customers/suppliers in order to sign a contract between parties.
Legality of processing – steps to conclude contracts with customers/suppliers.
Categories of personal data – name, surname, e-mail, telephone, locality, message.
Storage period – if a contract has been concluded between the parties we will store these messages during the contractual relationship and after the conclusion of the contractual relationship for a period of 10 years according to Annex no. 1 art. A item 38 of the Order 2635/2015 on financial accounting documents, and if a contract between the parties was not concluded for a maximum period of 90 days.
6.4.1 Employee recruitment and selection
Purpose: recruitment and selection of employees
Legality of processing: steps to sign the individual labor contract.
Categories of personal data: Identification data: full name, date of birth, gender, domicile/residence, citizenship; Contact details: telephone number and e-mail address; Data on studies followed and qualifications obtained; Data on previous professional experience; Additional data provided voluntarily by you in your CV or for the conclusion of the individual employment contract (e.g., photography, photography, hobbies, data on the possession of a driving license, residence permit, residence registration certificate, marital status, etc.).
Storage period – 1 year after collection.
6.4.2 Signing and unfolding management CIM
The purpose of signing and carrying out an individual employment contract including payroll processing, revisal, personal evaluation, labor protection, issuance of proficiency sheet, issuance of documents at the request of the data subject.
Legality of processing – Signing and performing individual labor contract according to the updated Labor Code 2018 (law no.53/2003), (related purposes: payroll, Med. Labor, ITM, OSH, CIM termination, archiving, authorities, secured access, business cards, annual evaluation, issuance of documents on request, legal holidays, medical leave, changing position framing, archiving, travel for work ).
The categories of personal data – name, surname, domicile, serial number and identity document number, validity, CNP, education and training, salary and benefits, family information, administrative information e.g. Bank account, performance at work, location data, health data required by national law, telephone number, email address, criminal record, work book, internal statements, internal statements, civil status papers.
Storage period – 75 years from the termination of the individual employment contract according to Annex 6 of the Law on National Archives L.16/1996.
Purpose-Promoting products and services on the company website and social networks.
Legality of processing – obtaining consent.
Categories of personal data – photo/video image.
Storage period – until withdrawal of consent by the data subject.
Purpose-processing of video information in public access areas in company offices
The lawfulness of processing and processing is necessary based on the legitimate interest pursued by the operator to ensure the protection and protection of persons, goods and values as protection against crime.
Categories of personal data – video image of the data subject, biometric data
Storage period – 30 days
6.7. 6.7. Managing complaints and disputes
Purpose-prevention and detection of illegal activities and dispute management.
The legality of the processing and processing is necessary for the purposes of the legitimate interest pursued by the operator – the protection and promotion of the economic, commercial, social and financial interests of CALLATIS.
Categories of personal data – name, surname, function, telephone, email address, other data relevant to specific situations.
Storage period – during the litigation period and subsequently for a period of 5 years from the end of the year when the trial ended.
State authorities (ANAF, ITM, etc.);
Company management
Suppliers directly/indirectly involved in the marketing, marketing process (eg IT services, courier services, etc.);
Healthcare providers
Labour protection and PSI service providers
Providers of banking, financial and insurance services
Security and protection service providers
IT service providers
Payroll related service providers
Your rights regarding your personal data:
Under Regulation (EU) 679/2016, you may exercise any of the following rights:
the right of access to personal data concerning you;
to request the rectification or updating of personal data when they are inaccurate or incomplete;
the right to request the deletion of personal data if, for example, the data is no longer necessary for processing, or the data subject objects to the processing of data or the processing of personal data has been unlawfully carried out ;
the right to data portability, in the sense of transferring your personal data to another controller of personal data in a structured format that can be read automatically;
the right to restrict the processing of personal data in cases where, for example, the lawfulness of the processing or the accuracy of the data is contested. Once restricted, the controller may only store the personal data, may not use it further, and may lift the restriction only after informing the data subject of that intention. Each recipient to whom the personal data have been communicated must be informed of any rectification, erasure or restriction that has been made to comply with this request;
the right to object to processing if it is carried out in order to protect our legitimate interest if your particular situation gives you reasonable grounds;
the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or affect you to a significant extent;
the right to lodge a complaint with us and/or the competent data protection authority;
the right to withdraw your consent at any time for the processing of personal data to which you have previously consented;
For the exercise of these rights, as well as for any additional questions regarding this notice or in connection with CALLATIS’s use of personal data, please contact us by choosing any of the communication methods described below, specifying your name, postal address or email address (depending on how you want us to communicate), your telephone number and the purpose of your request.
CALLATIS and its employees have implemented technical and organisational measures to protect personal data against accidental or unauthorised destruction, accidental loss, alteration or unauthorised access. These measures shall be developed taking into account the results of the risk analysis of the processing carried out and shall be assessed and tested at regular intervals. Security and privacy require awareness-raising measures, training and communication of personal data protection issues within the organization (training for all employees who have access to personal data, allocation of responsibilities, etc.). Techniques such as data minimization, limitation of the period of information storage, pseudonymization, encryption, confidentiality agreements, must be taken into account, physical integrity of data carriers and logging according to access rights depending on the role played in the processing of personal data. In principle, CALLATIS does not transfer personal data outside the European Economic Area, however if this is required, if this is so, we assure you that we will sign the standard clauses for the transfer of personal data for countries located outside the European Economic Area issued by the European Commission.
CALLATIS has required processors, that is, any subcontractor who processes personal data on behalf of CALLATIS to implement appropriate technical and organisational security measures. When taking these measures into account, due consideration should be given to the current state of information systems, nature, object, object, the context and purposes of the processing and the risks related to the violation of the rights and freedoms of natural persons has concluded a processing agreement with each of the persons empowered in accordance with the requirements of the GDPR.
The transfer of personal data is guaranteed in terms of security in the countries of the European Union / The European Economic Area and other countries considered by the European Commission to ensure an adequate level of their protection. When personal data is exported by CALLATIS acting as an operator in the European Union to recipients in countries that do not provide an adequate level of protection, the, CALLATIS has ensured that appropriate safeguards, standard contractual clauses on the protection of personal data or approved certification mechanisms are implemented.
The company management ensures that the data protection officer receives the appropriate resources, training and independence guarantees necessary to effectively manage their tasks.
The person responsible for data protection has the following tasks:
Information and advice to employees and processors of CALLATIS who deal with the processing of personal data relating to their obligations under Regulation 679/2016 and other provisions of European Union and national law on data protection.
Monitoring compliance with Regulation 679/2016, other provisions of European Union or national law relating to the protection of personal data and the policy of CALLATIS or of the person empowered by the company with regard to data protection personal including the allocation of responsibilities and actions to raise awareness and train the personnel involved in processing operations and may carry out regular checks, reviews and audits of documents, procedures and operations.
Provision of advice on request in relation to the data protection impact assessment and monitoring of its officials in accordance with Article 35 of Regulation 679/2016.
Cooperation with the supervisory authority (ANSPDCP).
Assuming the role of contact point for ANSPDCP on issues related to processing including prior consultation referred to in Article 36 of the GDPR and if necessary consultation on any other matter.
Coordinates the handling of the requests of the data subjects.
Contact details
The person responsible for the protection of personal data :
Ana-Maria Ion
E-mail: ana.ion@takidapte.com
Correspondence address: Sat 2 Mai, Comuna Limanu, PORT MANGALIA, Judet Constanța
Village 2 Mai, Limanu Commune, PORT MANGALIA, Constanța County