Other models of this type can be found in the 7 mandatory GDPR procedures to be followed by every SME. 1.2. For the purposes of the provisions of the applicable data protection legislation, the contracting parties are: Romcontrol SA – personal data operator and the natural persons who interact with the operator in order to perform the evaluation services contract – data subjects. 2.1. The purpose of the processing of personal data by the controller is the performance of the evaluation service contract which, in the absence of a separate agreement / other processing basis to which the data subject has given his consent or, where applicable, has been duly informed by the operator, cannot be extended for other purposes. The European Union`s (EU) General Data Protection Regulation (GDPR) released in May 2018 may also impact U.S. businesses. For example, I was recently asked to look at the « standard contractual clauses » that my local client received from an EU company. The customer found this request strange, as he already had a contract with the EU company. The EU company has recently been subject to the GDPR, as the EU company notes. However, my client had never thought about the GDPR and had no idea what to do with the standard contractual clauses he was supposed to sign. I then presented my client with the GDPR and the standard contractual clauses. 2.2.
Prelucrarea datelor cu caracter personal de către ROMCONTROL S.A. it is actively carried out during the term of the contract and thereafter passively for a period of 6 years, with the exception of contracts relating to services provided to customers in the Premium Customers category*, for which the retention and archiving period of evaluation reports can be up to 10 years, in accordance with the internal decision on the archiving of documents and the internal data retention policy, which applies at the level of the operator of Romcontrol SA. To my client`s surprise, the United States is not on the list approved by the European Commission. As a result, companies within the EU that make international transfers to US companies must take steps to ensure GDPR compliance before international transfers can take place. To comply, EU companies can require US companies to sign a contract or addendum to a contract that incorporates the European Commission`s Standard Contractual Clauses. Standard contractual clauses may, as in the case of the customer, appear as a data processing addendum to an existing contract. According to the European Commission, standard contractual clauses provide « adequate safeguards » that allow international data transfers without breaching the GDPR. *Premium customers represent customers (public/private companies) with whom ROMCONTROL S.A. has an old/traditional cooperation and for whom the work/contracts carried out are of great importance. ➢ first name, surname and signature of the persons who sign the contract or, where applicable, are authorised to sign and execute the contract; 2.3. The nature and purpose of the processing are strictly limited to the personal data necessary for the execution of the provisions of the evaluation service contract. In accordance with the provisions of EU REGULATION 679/2016, data subjects whose personal data are processed for the purpose of providing evaluation services have the following rights in the evaluation report and in the documents accompanying the evaluation report: ➢ Personal data arising from the pre-contractual or bilateral promise to sell (the Operator stores copies of these documents); Section 3.
The parties may use the personal data of the signatories within the framework of the contract concluded by them, which constitutes the legal basis for the processing of any further processing, or for other purposes they are the subject of a separate data processing agreement concluded between the parties. The retention period of the personal data processed under the contract is also limited to the period corresponding to the achievement of the main purpose of the contract. 1.1. ROMCONTROL S.A. guarantees the protection of our individual customers and the legal representatives of legal persons with regard to the processing of personal data collected by us or by credit institutions for the purpose of the execution of the evaluation service contract in accordance with the provisions of REGULATION (EU) 679/2016 – General Data Protection Regulation and Law No. 190/2018 on the application of the provisions of the General Regulation on the Protection of data. Romcontrol S.A. processes personal data exclusively for the purpose of complying with the contractual provisions in accordance with the provisions of EU Regulation 679/2016, Article 6, paragraph 1 letter (b), which are compatible with those of Law No. 190/2018, since the processing is necessary for the performance of a contract to which the data subject is a party. Article 2. The parties are aware that the European regulation of Regulation (EU) No. 679/2016 applies to any controller or authorized representative in the European Union and to any person who processes or provides services to the personal data of data subjects established in the European Union.
Therefore, the parties confirm full compliance with the following provisions, including, but not limited to: Since the entry into force of the GDPR, one of the most common questions is what an example of an annex to the personal data protection contract actually looks like. Below is an example that you only have to customize with the data of your company/institution and the supplier with whom you have concluded the contract. ➢ Right to object: the right to object at any time to the processing of data concerning them for justified and legitimate reasons related to their particular situation, unless otherwise provided by law; ➢ the right not to be subject to a decision based solely on automated processing, including profiling, which would produce legal effects; If data subjects wish to exercise their aforementioned rights, they can send a written request to the office@romcontrol.ro or, if necessary, to the address in Bucharest, St. Polona nr. 16, District 1. The controller asks the data subjects to include in the subject of the message sent by e-mail, as far as possible, a reference to the reported problem (e.B. personal data / GDPR / data protection, etc.) or, in the case of correspondence sent to the head office, to be inserted on the envelope in which the request is located. Oricare dintre drepturile menționate anterior nu anulează dreptul persoanelor vizate de a se adresa justiției la instantele competente și/sau a dreptului de a înainta o plangere către Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (www.dataprotection.ro). Chapter V of the GDPR describes the laws that govern the transfer of data outside the EU (so-called international transfers). The GDPR requires that data can only be transferred outside the EU if there is a sufficient level of data protection in the recipient`s territory/jurisdiction. The European Commission has identified countries outside the EU that offer an adequate level of data protection, whether due to the country`s international obligations or its national legislation.
.