Privacy Policy

We greatly appreciate your interest in our company. Data protection is of particular importance to the management of ROS Romania Rack Repair System SRL. The use of the internet pages of ROS Romania Rack Repair System SRL is possible, in principle, without providing personal data. However, if a data subject wishes to use special services of our company through our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address, or phone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the specific data protection regulations applicable to ROS Romania Rack Repair System SRL in each country. Through this privacy policy, we aim to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. In addition, data subjects are informed of their rights under this privacy policy.

ROS Romania Rack Repair System SRL has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, data transmissions over the internet may contain security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, such as by telephone.

Definitions

The privacy policy of ROS Romania Rack Repair System SRL is based on the terms used by the European legislator in the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use, among others, the following terms:

  • Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Data subject: any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
  • Processing: any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Pseudonymization: the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  • Controller or controller responsible for processing: the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor: a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
  • Recipient: a natural or legal person, public authority, agency, or another body to whom the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the course of a specific investigation in accordance with Union or Member State law are not regarded as recipients.
  • Third party: a natural or legal person, public authority, agency, or other body, other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Name and address of the controller responsible for processing

The controller, within the meaning of the General Data Protection Regulation (GDPR), other applicable data protection laws in the Member States of the European Union, and other provisions related to data protection, is:

ROS Romania Rack Repair System SRL

Managing Director: Sergiu Paramonov

Str. Hatmanul Arbore no. 15-19, Office 605, Sector 1, Bucharest

Trade Register No. J40/13102/2024

VAT No. 50318974

Phone: 0771 652 490; 0721 436 604

Email: admin@rosromania.ro

Web: www.rosromania.ro

Cookies

The websites of ROS Romania Rack Repair System SRL use cookies. Cookies are text files that are stored on a computer system through an internet browser.

Many websites and servers use cookies. Many cookies contain what is known as a cookie ID, a unique identifier. This ID is a string of characters through which websites and servers can be linked to the specific internet browser in which the cookie was stored. This allows visited websites and servers to differentiate the browser of the data subject from other internet browsers containing other cookies. A specific internet browser can be recognized and identified using its unique cookie ID.

By using cookies, ROS Romania Rack Repair System SRL can offer more user-friendly services that would not be possible without the cookies being set.

Cookies enable us to optimize the information and offers on our website according to user preferences. As mentioned earlier, cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to utilize our website. For example, a website user that uses cookies does not have to re-enter their access data every time they visit the site, as this information is retrieved by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store, which remembers the items a customer has placed in the virtual shopping cart.

The data subject may at any time prevent the setting of cookies through our website by adjusting the settings of the internet browser used, thereby permanently refusing the setting of cookies. Already set cookies can also be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in their internet browser, not all functions of our website may be fully usable.

Collection of General Data and Information

The website of ROS Romania Rack Repair System SRL collects a series of general data and information each time a data subject or automated system accesses the website. This general data and information is stored in the server’s log files. Data collected may include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) subpages, (5) the date and time of access to the website, (6) an Internet Protocol (IP) address, (7) the internet service provider of the accessing system, and (8) any other similar data and information that may be used in case of attacks on our IT systems.

In using this general data and information, ROS Romania Rack Repair System SRL does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyber-attack. Therefore, ROS Romania Rack Repair System SRL analyzes anonymously collected data and information statistically, with the aim of enhancing data protection and data security within our company, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by the data subject.

Contact Possibility via the Website

The website of ROS Romania Rack Repair System SRL contains, in accordance with legal requirements, information that allows for quick electronic contact with our company as well as direct communication with us, including a general email address (email address). If a data subject contacts the controller via email or a contact form, the personal data provided by the data subject will be stored automatically. Such personal data, voluntarily transmitted by a data subject to the controller, is stored for the purpose of processing or contacting the data subject. This personal data is not transmitted to third parties.

Routine Deletion and Blocking of Personal Data

The data controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as long as required by the European legislator or another competent legislator in laws or regulations to which the controller is subject.

If the purpose of storage is no longer applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, personal data is routinely blocked or deleted in accordance with legal requirements.

Rights of the Data Subject a) Right to confirmation

Every data subject has the right, granted by the European legislator, to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right, they may contact any employee of the controller at any time.

b) Right of access

Every data subject has the right, granted by the European legislator, to obtain at any time free information from the controller about their personal data stored and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

  • The purposes of the processing;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom personal data has been or will be disclosed, especially recipients in third countries or international organizations;
  • Where possible, the anticipated period of time for which personal data will be stored, or, if not possible, the criteria used to determine that period;
  • The existence of the right to request rectification or erasure of personal data or to restrict processing or object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • Where the personal data is not collected from the data subject: all available information regarding the source of the data;
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.

In addition, the data subject has the right to be informed of whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards regarding the transfer.

If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.

c) Right to rectification

Every data subject has the right, granted by the European legislator, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.

d) Right to erasure (Right to be forgotten)

Every data subject has the right, granted by the European legislator, to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • The data subject withdraws consent on which the processing is based according to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and where there is no other legal ground for the processing;
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • The personal data has been unlawfully processed;
  • The personal data must be erased to comply with a legal obligation in Union or Member State law to which the controller is subject;
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by ROS Romania Rack Repair System SRL, they may contact an employee of the controller at any time. An employee of ROS Romania Rack Repair System SRL shall promptly ensure that the erasure request is complied with.

If ROS Romania Rack Repair System SRL has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, ROS Romania Rack Repair System SRL, taking into account the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, that personal data, as far as processing is not required. An employee of ROS Romania Rack Repair System SRL will arrange the necessary measures in individual cases.

e) Right to restriction of processing

Every data subject has the right, granted by the European legislator, to obtain from the controller the restriction of processing where one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of its use;
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims;
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data processing stored by ROS Romania Rack Repair System SRL, they may contact an employee of the controller at any time. The employee will arrange the restriction of the processing.

f) Right to data portability

Every data subject has the right, granted by the European legislator, to receive personal data concerning them

 

g) Right to Object

Every individual whose personal data is being processed has the right, granted by the European legislator, to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

ROS Romania Rack Repair System SRL will no longer process personal data in the event of an objection unless compelling legitimate grounds for the processing can be demonstrated, which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If ROS Romania Rack Repair System SRL processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to ROS Romania Rack Repair System SRL processing personal data for direct marketing purposes, ROS Romania Rack Repair System SRL will no longer process the personal data for these purposes.

Furthermore, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or for statistical purposes under Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact any employee of ROS Romania Rack Repair System SRL. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by using automated means based on technical specifications.

h) Automated Individual Decision-Making, Including Profiling

Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which provides for appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into or performing a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, ROS Romania Rack Repair System SRL will implement appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise rights concerning automated decision-making, they may contact any employee of ROS Romania Rack Repair System SRL at any time.

i) Right to Withdraw Consent

Every data subject has the right, granted by the European legislator, to withdraw their consent at any time for the processing of their personal data.

If the data subject wishes to exercise the right to withdraw consent, they may contact any employee of ROS Romania Rack Repair System SRL at any time.

Data Protection for Applications and Application Procedures

The data controller collects and processes personal data from applicants for the purpose of conducting the application process. Processing may also take place electronically, especially if an applicant submits application documents by email or via a web form on the site. If the data controller concludes an employment contract with a candidate, the submitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be automatically deleted two months after notification of the rejection decision, unless retention is required for other legitimate interests of the data controller. Such legitimate interests could include providing evidence in legal proceedings under the General Equal Treatment Act (AGG).

YouTube

On our website, we use YouTube, a video portal owned by YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube.” YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google.”

By being certified under the EU-US Privacy Shield, Google and, thus, YouTube, ensure compliance with EU data protection standards, even when data is processed in the US.

We use YouTube in the “extended data protection mode” to display videos to you. The legal basis for this is Art. 6(1)(f) DSGVO. Our legitimate interest lies in improving the quality of our website. According to YouTube, the “extended data protection mode” means that data is only sent to the YouTube server if you actually start playing a video.

Without this “extended data protection mode,” a connection to the YouTube server in the USA is established as soon as you visit one of our websites where a YouTube video is embedded.

This connection is required to display the video through your browser. In this process, YouTube will at least collect and process your IP address, the date and time, and the website you visited. Additionally, a connection to Google’s “DoubleClick” advertising network is established.

If you are logged into YouTube at the same time, YouTube will link the connection information to your YouTube account. You can prevent this by logging out of YouTube before visiting our website or making the appropriate settings in your YouTube account.

For functionality and user behavior analysis, YouTube permanently stores cookies on your device via your browser. If you do not agree with this processing, you can prevent the storage of cookies through your browser settings. More details can be found above under “Cookies.”

Further information on data collection and use and your rights and privacy options can be found in Google’s privacy policy at https://policies.google.com/privacy.

Privacy Policy for Using Google Analytics (with Anonymization Function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis involves the collection, processing, and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a person came from, which sub-pages were accessed, or how often and for what duration a sub-page was viewed. Web analysis is mainly used to optimize a website and to perform a cost-benefit analysis of internet advertising.

We use Google Analytics on our website. This is a web analysis service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google.”

The data controller uses the “_gat._anonymizeIp” extension for web analysis via Google Analytics. This extension allows Google to shorten and anonymize the IP address of the data subject when accessing our website from a Member State of the European Union or from another country that is a party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the data and information collected to evaluate the use of our website and to compile online reports showing the activities on our website and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject’s system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. During each visit to one of the individual pages of this website, which is operated by the data controller and into which a Google Analytics component has been integrated, the internet browser on the data subject’s system is automatically prompted to transmit data to Google for online analysis. As part of this technical process, Google acquires knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission settlements.

Through the cookie, personal information such as the access time, the location from which access was made, and the frequency of visits to our website is stored. Each time you visit our website, your personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States. Google may pass on this personal data collected through the technical process to third parties.

The data subject can prevent the setting of cookies by our website at any time, as already mentioned, by adjusting the settings of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment of the internet browser used would also prevent Google from setting a cookie on the data subject’s system. In addition, cookies already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics, related to the use of this website, as well as to the processing of this data by Google and the possibility to prevent such processing. For this purpose, the data subject must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s system is deleted, formatted, or reinstalled at a later date, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable Google privacy policy can be found at https://www.google.com/intl/en/policies/privacy/ and at https://www.google.com/analytics/terms/us.html. Google Analytics is further explained at the following link https://www.google.com/analytics/.