On May 25, 2018 European Regulation 2016/679 (hereinafter referred to as GDPR) on data protection and privacy for all individuals within the European Union and the European Economic Area entered into force.
- The processing of personal data legally, fairly and transparently for the person concerned.
- The collection personal data for determined, explicit and legitimate purposes.
- The processing of personal data appropriately and for the purpose of the data processing.
- The data processing is accurate and constantly updated.
- The storage of personal data will only take place for the duration necessary to achieve the purpose for which the data has been processed.
- The protection of personal data processed by RebelDot is ensured.
2. The categories of processed data
Generally, we collect only the personal data that is voluntarily provided by clients or potential clients, business partners, employees, potential employees, collaborators or online visitors of our web site so that we can offer information, provide services, carry out contractual relationships, promote our services, and offer information about employment opportunities. In addition, we need to receive certain personal data in order to be able to render the services agreed upon with clients or to comply with different legal obligations.
The categories of personal data that may be processed by RebelDot are the following:
- Identification or contact personal data such as name, date of birth, nationality, series and number of the identity card, personal identification number (CNP or other), place of birth, photo, domicile, residence or correspondence address, email address, telephone number etc.;
- Personal data regarding professional qualifications such as certificates/attestations/study diplomas and/or professional development diplomas;
- Financial data, bank account and other payment details, salary, benefits, shares, etc.;
- Civil status or family data such as number of children or other persons in care;
- Electronic identification details such as IP address, cookies, web beacons.
- Video or other data in connection with visitors to RebelDot’s premises.
3. Processing activities
Personal data relating to business contacts might be used to develop our business opportunities. We will process our business contacts’ personal data based on our legitimate business interests or the consent, if the data subject has been requested to express one.
b) Individuals associated with our clients/individual clients: RebelDot collects personal data necessary to provide our professional services. These personal data may include name, contact title, phone, e-mail and other business contact details.
These data are processed for the following purposes:
- Managing our relationship with clients;
- Fulfilling our contractual obligations;
- Developing business relationships;
c) Job applicants
We collect personal data from job applicants as part of our recruitment process. Generally, the personal data is provided directly to us by an applicant. However, it’s possible that RebelDot collects data from potential applicants via job market websites/platforms or other third parties where this kind of data is publicly available.
This information includes general data about applicants’ education, employment history and other similar data provided in CV-s and application letters.
These data are being used for applicants to be able to participate in our recruitment process.
We hold and processes your data based on a lawful basis (e.g.. provisions of the Labour Code) and in order to take steps at your request prior to entering into an employment contract. We may also process some of your data in pursuit of our legitimate interest in recruiting you as a candidate. Where you consent to our use of your data for specific purposes, we will process the data based on your consent.
In case of unsuccessful recruitment process, we will hold your data based on your consent.
d) Suppliers and subcontractors
We collect personal data regarding individuals associated with our suppliers and subcontractors. The purpose of processing these data is to manage the contractual relationship with these companies / entities.
More exactly, we process the personal data of individuals involved in these contractual relationships. Generally, the above-mentioned data is processed based on contractual obligations. However, in some cases it is possible that these data are processed for complying with a legal obligations such as tax law obligations.
e) Visitors of our offices
In order to ensure the security of our offices, we have installed security measures, including CCTV. The images captured on CCTV is stored and can only be accessed on a need to know basis. These recordings are automatically deleted after a short period of time unless they are needed to prove an incident. For the same reason, we require visitors to sign in at our front desk, so we can keep a record of visitors for a short period of time.
f) Visitors of our website
We use small text files, called cookies, in order to make a user’s experience more efficient. Some cookies are necessary to run our website.
However, on the basis of your consent, we might use other cookies like:
- Preference cookies: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Statistic cookies: Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
RebelDot might collect personal data of individuals who request to get in touch with us via questions, complaints, comments etc. In these situations, we only collect the necessary data for the purpose of responding to these requests.
In these cases, personal data is processed on legitimate interest or on consent.
In any other case that is not mentioned above, we only process data based on your consent.
4. Legal ground
a) Entering into a contract: your personal information is necessary for us to take the steps, at your request in order to enter into a contract; for example: if you apply for a job or request an offer for one of our services.
b) Fulfilling a contract: processing of your personal information is necessary in order to perform our obligations under a contract;
c) Legal obligation: in some cases, we are required to process your personal information in order to comply with a legal obligation.
d) Legitimate interests: we might process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, as long as it doesn’t outweigh your interests.
e) Your consent: in some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting RebelDot at the following e-mail address: firstname.lastname@example.org
5. Third parties
RebelDot might share personal data with third parties in order comply with legal obligations (e.g. obligations regarding tax and labor law) or to fulfill contractual obligations (e.g. if in providing our services we involve subcontractors/business partners.
In relationship with third parties RebelDot is responsible to make sure that third parties handling personal data on behalf of RebelDot are providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
6. Retention period
7. Data subject rights
- Right to Information: You can request information on RebelDot’S data processing activities.
- Right to Rectification: You can rectify or correct inaccurate personal data.
- Right to Delete Data (the “Right to be Forgotten”): You can obtain data deletion, if the processing of your personal data was unlawful.
- Right to Restrict Data Processing: You may request the restriction of the processing of your personal data. You can also contest the accuracy of the personal data, in accordance with applicable law.
- Right to Data Portability: You can receive, under certain conditions, your personal data in a format that can be automatically read, or you can request that your personal data be transmitted to another data processor.
- Right of Withdrawal of Consent: You can withdraw your consent to the processing of your personal data, in cases where the processing of personal data is based on consent.
8. Security measures
Our security measures consist in:
- Limiting access to personal data strictly to employees that are involved in fulfilling our contractual obligations;
- Taking all possible measures to prevent unauthorized persons in gaining access to data processing systems;
- Ensuring that persons processing personal data have access only to the data necessary data and that these data cannot be copied, modified or deleted without authorization;
- Keeping a record of people who have access to personal data and the way personal data is stored;
- Ensuring that personal data is being processed strictly in accordance with the applicable legal provisions.
- Ensuring that data is being stored under conditions that guarantee safety and confidentiality.
9. Changes to this policy
10. Requests and complaints
If you have any question, request or complaint regarding the way we process data, you can contact us at email email@example.com / telephone number +40 749 993 993.
You may also lodge a complaint with the local Data Protection Authority at the following contact details:
The National Supervisory Authority for Personal Data Processing
Address: 28-30 G-ral Gheorghe Magheru Bld., District 1,
Post Code 010336, Bucharest, Romania
Telephone number: +40.318.059.211