General policy on the protection and confidentiality of personal data.
Meggle is a personal data operator and processes personal data in connection with customers, suppliers, employees and other persons with whom the company has concluded a contract or with whom it is linked.
This policy describes how personal data is collected, used and stored to be in line with company standards and relevant legal provisions.
This policy applies to all persons who have access to personal data held by Meggle as well as to the systems and processes that constitute the company’s infrastructure and IT support through which personal data are stored and processed.
This policy applies to all processing of personal data, whether the data is stored in electronic format, on paper or on another type of media.
The purpose of the policy
This data protection policy has been designed and implemented to ensure:
Compliance with personal data protection legislation and best practices at this level;
Protection of the rights of data subjects: for example partners, customers, employees;
An efficient and secure way to store and process personal data;
Protect the company from possible risks related to data security breaches.
Objectives and scope of this policy
Meggle attaches great importance to the adequate protection, security and confidentiality of all personal information of its employees, and of other persons whose personal data it holds such as customers, visitors, contractual partners or their representatives.
Therefore, Meggle is fully committed to complying with the requirements of the applicable data protection legislation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) transposed into national law by Law no. 190 of 18 July 2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and repealing Directive 95/46 / EC (General Data Protection Regulation) and by Law no. 102 of 3 May 2005 on the establishment, organization and functioning of the National Authority for the Supervision of Personal Data Processing, and the purpose of this Policy is to highlight our general practices regarding the processing of your personal information according to law, for the purposes mentioned below, including information we collect, how we use and protect it and how you can correct / intervene in this process.
Meggle processes personal data both as an Operator and as an Authorized person according to the information presented below.
Much of the personal data that Meggle processes has been obtained directly from the data subject, but there is also personal data obtained from external sources.
In order to protect the data collected, Meggle has implemented security measures so as to avoid as much as possible a security breach. The applied measures are periodically re-evaluated in order to update them with new technologies.
Our procedures regarding the protection of personal data, organizational and technical measures are structured in order to ensure the confidentiality and security of personal data and all information that we store. We periodically check the adequacy of the implemented measures.
At the same time, we undertake to use all technical and organizational measures at our disposal to ensure the security of your personal data, their protection against destruction, modification, disclosure or unauthorized access to them.
Scope of applicability
This policy applies to all Meggle staff and all contractors, suppliers and others working on Meggle’s behalf.
This applies to all data that Meggle holds about individuals and that may lead to their identification.
Personal information is collected and used correctly, stored securely. Illegal use of personal data held by Meggle is not permitted, Meggle penalizes any attempt to illegally use personal data.
The definitions of the concepts on which this policy is based are the following:
Personal data – any information concerning an identified or identifiable natural person (“data subject”)
Data subject – an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more specific elements, specific to his physical, physiological, genetic, mental, economic, cultural or social identity
Processing – any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction
Operator – the natural person or legal person, public authority, agency or other organization which, alone or together with others, establishes the purposes and means of processing personal data; when the purposes and means of processing are determined by the EU or national law, the operator or the specific criteria for its designation may be laid down in the EU or national law
Authorized person – the natural or legal person, public authority, agency or other body which processes personal data on behalf of the operator
Principles regarding the processing of personal data
The processing of personal data is based, according to the GDPR, on a series of fundamental principles of processing.
Personal data are:
- processed lawfully, fairly and transparently to the data subject (“legality, fairness and transparency”);
- collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research or for statistical purposes shall not be considered incompatible with the original purposes, in accordance with Article 89 (1) (“purpose limitations”);
- appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“minimization of data”);
- accurate and, if necessary, updated; all necessary measures must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are deleted or rectified without delay (“accuracy”);
- kept in a form which permits identification of data subjects for a period not exceeding the period necessary to fulfill the purposes for which the data are processed; personal data may be stored for longer periods in so far as they will be processed exclusively for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with Article 89 (1), subject to the implementation of the appropriate technical and organizational measures provided for in this Regulation in order to guarantee the rights and freedoms of the data subject (“storage restrictions”);
- processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures (“integrity and confidentiality”).
Thus, your personal data:
- are processed lawfully, fairly and correct to you;
- are obtained only for determined, legitimate, specified and relevant purposes for the fulfillment of operational needs and will not be processed in any manner incompatible with the purposes for which they were obtained.
- are processed in a transparent manner.
- relevant data are processed and no personal data are processed in excess of the purpose or purposes for which they are processed. Personal data are relevant and strictly limited to what is absolutely necessary for the purposes for which they are processed, in the sense that personal data will not be kept longer than necessary for that purpose or purposes.
- will be correct and, if necessary, will be kept up to date. The processing of personal data will be done in the most secure conditions, being aimed at protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures.
The rights of the data subject
These rights consist of:
- The right to withdraw consent;
- The right to information;
- The right of access;
- The right to rectification;
- The right to delete data (“the right to be forgotten”);
- The right to restrict processing;
- The right to data portability;
- The right to oppose the processing;
- The right not to be subject to a decision based exclusively on automatic processing, including profiling;
- The right to lodge a complaint with the Authority;
- The right to go to court.
You can ask us what information we have about you and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process personal data, you may withdraw this consent at any time.
If we process your personal data to fulfill a contract or by consent, you may ask us to provide you with a copy of the information in a readable format so that you can transfer it to another provider.
If we process your personal data on the basis of consent or legitimate interest, you can request the deletion of your data.
You have the right to ask us not to use your information for a period of time if you believe that we are not doing so legally.
To send a request for your personal data by e-mail, mail or telephone, use the contact information we provide on this site.
Basis of processing
There are six alternative ways in which the legality of a specific case of personal data processing can be established under the GDPR Regulation.
Unless necessary for a reason permitted in the GDPR Regulation, Meggle will always obtain the explicit consent of a data subject for the collection and processing. In the case of children under the age of 16, parental consent will be obtained. Information provided about the use of our personal data will be provided to data subjects at the time of obtaining consent and explaining their rights regarding their data, such as the right to withdraw consent.
If personal data are not obtained directly from the data subject, this information will be provided to the data subject within a reasonable period of time after the data were obtained.
Closing or executing a contract
If the personal data collected and processed are necessary to close or execute a contract with the data subject, explicit consent is not required. This will be the case if the contract cannot be closed without the personal data in question, for example, delivery cannot be made without an address to which it can be delivered.
If personal data must be collected and processed in order to comply with the law, explicit consent is not required.
The vital interests of the data subject
If personal data are necessary to protect the vital interests of the data subject or another natural person, then it may be used as the legal basis for the processing. Meggle will keep reasonable, documented evidence that this is the case whenever this reason is used as a legal basis for the processing of personal data.
Activity carried out in the public interest
If Meggle has to perform a task that he considers to be in the public interest or as part of an official obligation, then the consent of the data subject will not be required.
If the processing of specific personal data is in the legitimate interest of Meggle and is considered not to significantly affect the rights and freedoms of the data subject, then it can be defined as the legal reason for the processing. Again, the reasoning behind this view will be documented.
2. The purposes and grounds on which we process / collect your personal data
Meggle may process / collect personal data of customers, business partners and their representatives / employees, as an Operator, for the following purposes:
- for financial-accounting purposes, for the purpose of developing contractual relations;
- in order to keep the contact details of the company’s contractual partners.
3. How we can process / collect your personal data
Meggle collects the personal data of the data subjects from the moment of entering the premises, respectively from the moment of starting the contractual relations, in the case of business partners.
The types of personal data that we may possibly collect / process
We collect personal data of the natural persons, customers and potential customers, representatives of organizations and persons of contact of the organizations, contact details of the people we interact with and of those who act according to the instructions of our customers, of our suppliers and of people who contact us unexpectedly, as well as of the relevant persons who make their personal data in a manifest manner. We also collect and store personal data as part of customer acceptance and contract execution procedures. It is possible that, for certain services or activities, we also collect special categories of personal data, when we obtain the consent, in writing, by computer means or when it is made public in a manifest way, as well as when the law obliges us.
The data collected differs from case to case. At most we collect the name and surname of the contact person, company name, position, telephone number, e-mail address, postal address, date, time and other possible contact details, to help us remember the context of the interaction with us. We do not want to collect the personal numerical code, so we do this only if the law obliges us and always with adequate security measures. If such data incidentally comes to our attention, we will delete it immediately.
For the purposes mentioned above, Meggle collects and / or processes the following categories of data: name, surname, telephone, fax, email, address, signature on customers, business partners and their representatives / employees, in order to keep the contact details of the contractual partners of the company, based on Art. 6 (1) (f) – the processing is necessary for the purpose of the legitimate interests pursued by the operator.
4. Storage of personal data
Personal data are stored on the server in Germany, are not used to make any automatic decision based on it and will be kept as long as necessary for the processing, and longer periods of storage of personal data are exceptions associated with the legal provisions. The storing of the contact details of the contractual partners of the company takes place during the contractual duration and for a period of 3 years from the date of termination of the contracts.
Personal data will be subject to appropriate technical and organizational measures reasonably necessary to protect it against destruction, loss, alteration, access or other unauthorized or accidental processing.
Meggle will take measures regarding the security of data processing and, consequently, will establish its own internal policy for the security of personal data processing.
5. Disclosure of personal data
Regarding the disclosure of personal data to the contractual partners / representatives of Meggle’s contractual partners, Meggle will disclose the personal data of the data subjects to companies in the Meggle group.
Regarding the Meggle Facebook page, the Meggle-visitors interaction on the Facebook platform is subject to the terms and conditions of Facebook.
6. Your right as a data subject to file a complaint and to lodge a complaint
If you have a complaint about your use of your information, we would prefer you to firstly contact us so that we can resolve the request amicably. For this purpose, for any problems, questions or dissatisfaction regarding the way we process your personal data, you can send us an e-mail to firstname.lastname@example.org to the attention of the person designated for data protection, Mrs. Gabriela Mocanu.
However, you can also contact the National Authority for the Supervision of Personal Data Processing for Information through their website at http://www.dataprotection.ro/ or write to them at:
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
Applications will be exempt from any fees. Meggle will give an answer within a maximum of one month, and in some exceptional cases within two months from receiving the request.
Meggle will always verify anyone’s identity. In order to respond to requests and allow the exercise of rights, the legal department or external legal advisers will have a say on the merits of the request.
Meggle meets the following deadlines for responding to requests from data subjects:
Data request – Time graph
Right to be informed – When data is collected (if it is provided by the data subject) or within one month (if it is not provided by the data subject)
Right of access – One month
Right to rectification – One month
Right of deletion – No undue delay
Right to restrict processing – No undue delay
The right to data portability – One month
Right to object to processing – Upon receipt of the objection
Rights related to the decision-making process and automatic prophylaxis – Not specified
Meggle will reply to the petitioner with the request addressed according to the terms indicated above, calculated from the date of registration of the request. This deadline can be extended by Meggle, with reason, with a maximum of 15 calendar days if Meggle has to solve several requests and / or the request is complex.
Meggle will send the data subject the answer to the above request by letter with acknowledgment of receipt to the address indicated by the person concerned or by e-mail.
By accessing and using this site provided by MEGGLE you agree to this policy. Please read it carefully. If you do not agree, please leave this site.
8. INTELLECTUAL PROPERTY LAW
The content, as defined in the preamble, including but not limited to logos, stylized representations, commercial symbols, still images, dynamic images, text and / or multimedia content presented on the site, are the exclusive property of Meggle, having all rights obtained for this purpose directly or indirectly.
The user is not allowed to copy, distribute, publish, transfer to third parties, modify and / or otherwise alter, use, link to, display, include any content in any context other than the original intended by Meggle, include any content outside the site, the removal of the signs that signify the copyright of Meggle over the content as well as the participation in the transfer, sale, distribution of some materials made by reproducing, modifying or displaying the content, except with the express written consent of Meggle.
The user may copy, transfer and / or use content only for personal or non-commercial purposes, only if they do not conflict with the provisions of this document. No content transmitted to the user, by any means of communication (electronic, telephone, etc.) or acquired by him by accessing, visiting and / or viewing constitutes a contractual obligation on the part of Meggle to that content.
Any use of the content of the site for purposes other than those expressly permitted by this Document is prohibited.
All data collected during visits on our website www.meggle.ro are processed according to the legal provisions valid in Romania. Our website may include links to other sites whose content is not under our control, therefore MEGGLE ROMANIA SRL does not assume and cannot accept any responsibility for the content of these websites.
MEGGLE ROMANIA SRL undertakes not to disclose any information regarding your visits on this site, except for legal situations.
Meggle periodically verifies that this Policy is accurate, complete with respect to the information to be covered, fully implemented and accessible, in accordance with the requirements of applicable law and its principles.