Starting May 25, 2018 Regulation 679/27-April-2016 regarding the protection of natural persons in what concerns the processing of personal data and regarding the free movement of such data and repeal of Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") it is applied in all the states of the European Union. This Information regarding the processing of personal data is intended to inform you about how we understand to regulate and integrate at our company level the GDPR policy and is an integral part of the Contract for the provision of qualified reliable services concluded with Digisign.
The operator (the one who processes your data) | DIGISIGN S.A. Office: 74B Nicolae G. Caranfil St., 1st District, 014146, Bucharest, Romania Trade Registry No: J2005008069408 VAT No: RO17544945 The data protection officer declared at ANSPDCP is DPO DATA PROTECTION SRL, d p o @ digisign.ro In its relations with its customers, DigiSign is the Controller of personal data. DigiSign has implemented an information security management system, ISO 27001 certified. DigiSign has also obtained the status of a qualified trusted service provider in accordance with EU Regulation no. 910/2014 eIDAS. Obtaining and maintaining ISO 27001 certification and Qualified Trusted Service Provider status requires annual external audits, which assess the security of information systems and information. DigiSign SA employees who have access to personal data are regularly trained on respecting the confidentiality, integrity and security of the data and have become aware of the applicable internal procedures. |
Purposes of processing | The processing of your personal data as a data subject is carried out for the following purposes: • to provide DigiSign services purchased or ordered from DigiSign; • to be contacted and answered in connection with the services you use or expect to use from DigiSign; • to keep in touch with you and to provide you with the necessary information through our website: www.digisign.ro but also on our social pages. https://www.facebook.com/SemnaturaElectronicaDIGISIGN • for marketing communications. We will only make these communications if we have the consent of the data subject. |
Who are the data subjects and the legal basis of the processing | • Customers or potential customers whose data we will use to make offers, conclude and execute the contract and to provide the services requested by them. We will process the following data: name, first name, position / position, employer, telephone number, home address, CNP, series and no CI, date of CI release , date of birth, photos, email address, signature. Financial data: data resulting from the documents certifying the payment of the services ordered by you, for the execution of the contract (IBAN code, transaction code, payer's bank), but also the mandatory accounting records and supporting documents underlying the records in financial accounting. In addition to this data, in the case of electronic video authentication or identification, biometric data will be processed, in order to uniquely identify you. The trusted service provider, DIGISIGN, can perform remote identification using video means, in order to issue qualified certificates, In accordance with Art. 24 para. (1) lit. d) Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC). Regarding the biometric data, we mention that it is not stored, being deleted as soon as the result of the operation of unique identification of the person was generated. Only the result of the identification process is kept within the aforementioned 10-year period. Applications for obtaining / renewing unfinished certificates are kept in the database for 30 days, after which they are irreversibly deleted. |
Data transfer | DigiSign does not transfer your personal data outside the European Union. |
Data retention terms | The expected deadlines for keeping and deleting the different categories of data will be those established by the legislation in force including the one regarding the archiving, respectively until the achievement for the purpose for which they were collected, for as long as necessary for their use as established by the legislation in force ( (including tax) or by the competent authorities. We have a legal obligation to keep the data for 10 years from the date of expiry of the digital certificate, according to the applicable law. After the expiration of the filing deadline, the data will be irreversibly erased. Regarding the biometric data, we mention that it is not stored, being deleted as soon as the result of the operation of unique identification of the person was generated. Only the result of the identification process is kept within the aforementioned 10-year period. Applications for obtaining / renewing unfinished certificates are kept in the database for 30 days, after which they are irreversibly deleted. |
To whom we will disclose your data | As a rule, DigiSign SA does not disclose the data you hold and process, about all categories of data subjects, to other natural or legal persons. The cases in which DigiSign SA customer data can be disclosed to other companies or individuals are those where other companies or individuals legal persons act as persons empowered in relation to. DigiSign SA In these cases, we will disclose the data for legitimate reasons related to the performance of a contract, the preparation of documentation necessary for the performance of the contract, finding, defending and exercising our rights or interests. The categories of recipients to whom we may disclose your data are: < br> a the employees and collaborators of the Operator located in Romania; a of third-party companies or contractual partners a to the state authorities (ANAF, criminal investigation bodies, etc.) In all these cases DigiSign SA will make all reasonable efforts to ensure that the data recipients we process them under conditions of security and confidentiality, in accordance with the purpose for which we have also been transmitted respecting the rights of the data subjects. |
Your rights | You have the following rights as a data subject: |
What can happen if a person does not want to give us the data | In most cases, the data subjects are not obliged to communicate their personal data. that are related to principal of DigiSign SA, including the provision of certificates digital. |
Where can you go for exercise rights and the response time. | The exercise of the aforementioned rights will be done on the basis of a written request addressed to the DigiSign office or by email to d p o @ digisign.ro. The deadline for any application for your rights is 30 days. except in cases where the request is complex or there is a large number of requests, when the deadline can be extended by another 60 days. If you are not satisfied with the solution received, you can contact the National Supervisory Authority for Data Processing with Personal Character - contact details can be found at www.dataprotection.ro |
Updates | This Information may be subject to changes in content over time. Any new version will be announced and displayed on the DigiSign website https://www.digisign.ro |
Date of entry into force: | This Information is valid starting with 31.10.2022 |