Processing of Personal Data and CCTV
STATEMENT ON DATA PROTECTION
Thank you for your interest in our Company. Protecting your privacy while using our website www.ferex.ro is extremely important for us. Therefore, we further inform you in detail about the processing of Personal Data. FEREX PARTNER SRL is responsible for data protection on this web page. When using and processing Personal Data, FEREX PARTNER SRL strictly complies with legal provisions in force on data protection. The right to use Personal Data and anonymous data belongs to FEREX PARTNER SRL within the legal limits, in compliance with the rights of Data Subjects described below.
This statement on data protection applies only to www.ferex.ro and its related sub-domains, but not to pages controlled or operated by third parties. Please check the statements on data protection of web pages controlled or operated by third parties, as we do not control those web pages and FEREX PARTNER SRL cannot undertake responsibility for their content and their data protection measures.
[1.] Data security
[1.1] FEREX PARTNER SRL has taken technical and organizational measures to protect your data, in particular against loss, handling or unauthorized access. The adopted measures are checked regularly and are constantly adapted to the state of the art. In case of a security breach involving your Personal Data, estimated to result in a major risk to your rights and freedoms, we will notify you immediately, as soon as possible, within 72 hours.
[1.2] Please note that you are personally responsible for the confidentiality and safekeeping of your user data or passwords provided or conveyed to you.
[2.] Processing of Personal Data of the underaged
[2.1] We expressly inform you that all Personal Data processing relates exclusively to persons over 16 years of age. The use of systems and tools, as well as the results of data processing of users who are under this age limit is prohibited without a consent of their parents/guardians. If, however, such processing of Personal Data takes place, we will stop processing this data as soon as we become aware of it.
[3.] Collection and processing of Personal Data
[3.1.] The data you give to us
We process Personal Data according to legal provisions in force regarding the protection of Personal Data. If you write to us or you fill in a form on our website, please note that the data you provide in that form will be processed for the purposes described below (see points [5.] and [6.]).
[3.2.] The data we collect
If you visit our website, your Personal Data are automatically recorded using cookies. For more information on the cookies used on our website, see point [7.] and Cookie-Richtlinie.
[4.] Partners
FEREX PARTNER SRL does not carry out all the processing of Personal Data on its own, but has the support of professional partners, namely various marketing agencies and opinion polling companies, for the purposes mentioned in this policy, including companies that provide services for site maintenance, such as WEB DESIGN
Partners are carefully selected and they undertake to provide, through appropriate technical and organizational measures, the processing of your data in accordance with legal provisions in force on data protection and with respect for your rights. Partners are prohibited from using the Personal Data they receive for their own purposes or for commercial purposes or to pass them on to third parties.
[5] Data processing for which consent is not required
More information on data processing for which consent is not required can be found in the following listing.
General contact form
- Contact form (information material, request for price quotes, appreciation and criticism, others): When sending the contact form, your Personal Data in the categories* (contact and identification data, as well as the text of your request) will be processed.
- Purpose: To answer to your request
- Grounds: Legitimate interest in processing your questions individually and being able to answer them credibly.
- Storage time: 24 months
- Consequences of refusal: if you do not provide this data, you will not be able to contact us and we will not be able to provide you with the information you ask for.
*Exact data fields: Request text, company contact person, title, position, first name, last name, company, street, postal code, city, country, telephone, availability (from/to), fax, e-mail, means of contact
[6] Data processing for which consent is required
FEREX PARTNER SRL processes Personal Data for the following purposes:
Newsletter subscription
- The data given upon subscription in the categories* (contact and identification data) will be used only to send newsletters. When sending newsletters, we will use the e-mail address provided by you and, finally, we need your confirmation, as the holder of the e-mail address, that you agree to receive them (the so-called Double Opt-In function). You can cancel the subscription at any time using the unsubscribe option sent to protectiadatelor@ferex.ro.
- Purpose: To send information about products, services and events
- Grounds: Consent
- Storage time: As long as newsletters are sent, until you unsubscribe.
Consequences of refusal: if you do not agree with this processing, you will not receive newsletters.
*Exact data fields: Title, first name, last name, e-mail, chosen location
[7.] Cookies and social Plug-ins
[7.1] We collect data automatically by using cookies. A cookie is a small text file that saves your internet settings. Almost every web page uses this technology. It is downloaded by your internet browser the first time you access a web page. The next time you access that web page with the same device, the cookies and saved information are either sent back to the web page that created them (First Party Cookie) or to another web page to which they belong (Third Party Cookie). Thus, the web page recognizes that you have visited it before using the same browser, and the content displayed varies in some cases.
Cookies we use:
1.
- Cookie name: NID
- Provider: google.com
- Type: HTTP
- Description of the cookie purpose: t registers a unique ID, which identifies the device of a returning user. The ID is used for targeted advertising.
- Expiry: 6 months
- Sursa: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d7718.419392758684!2d23.767629048913832!3d46.846183125118
98!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x4749a1e5bc8c5a0f%3a0x26b346a6b43a71!2sferex+partner!5e0!3m2!1sen!2sro!4
v1557998409880!5m2!1sen!2sro
[8.] Rights of the Data Subjects
You can exercise the following rights regarding the processing of Personal Data:
[8.1] Right of access You can ask for a confirmation of your Personal Data processing and how your Personal Data are used.
[8.2] Right to rectification If we process incomplete or inaccurate Personal Data, you can request to have them rectified or completed.
If you create a user account, you can access your Personal Data at any time and can complete or rectify them. In addition, you can close your user account at any time.
[8.3] Right of erasure You may request to have your Personal Data erased if the purpose for which they were collected no longer exists, if their processing is contrary to legal provisions, if their processing excessively affects your interests or if the processing is based on your consent, which you withdrew. Please note there may be other reasons that can prevent an immediate deletion of your data, for example, mandatory archiving time limits, pending actions, claims, the exertion or defence of legal rights, etc.
[8.4] Right to restriction of processing
You have the right to request a restriction of your Personal Data processing in the following cases:
– you challenge the accuracy of your data within a time frame that allows us to verify the accuracy of your Personal Data,
– the processing of your Personal Data is contrary to legal provisions, but you oppose the erasure of your Personal Data and request a restriction of their use,
– we no longer need your Personal Data for the intended purpose, but you still need this data for exercising, exerting or defending some legal claims, or
– you have objected to the processing of your Personal Data.
[8.5] Right to data portability You may ask us to give you your Personal Data you have provided us in a structured, commonly used and machine-readable format, to the extent that we process these data according to your consent or to perform a contract between us, the processing being made through automated processes.
[8.6] Right to object If we process your Personal Data to perform some tasks of public interest, to exert some public authority or if we refer to the need to defend a legitimate interest, you may object to the processing of such data, to the extent that there is a prevailing legitimate interest as regards your Personal Data. You may withdraw your consent for sending advertisements at any time without giving any reason.
[8.7] Right of complaint If you believe we have infringed Austrian or European law in the processing of your Personal Data, thereby infringing your rights, please contact us so that we can clarify your questions. Of course, you have the right to address to the Romanian Data Protection Authority or a European Supervisory Authority.
These rights can be exercised directly against FEREX PARTNER SRL by a notification sent to the e-mail address protectiadatelor@ferex.ro
I. POLICY ON THE PROCESSING OF DATA COLLECTED THROUGH THE CCTV MONITORING SYSTEM
1. PURPOSE OF USING A CCTV MONITORING SYSTEM
The CCTV system was installed at the Company’s offices for the following purposes:
(a) to prevent criminal offences;
(b) to contribute to security on the Company’s premises;
(c) to help identify actions that may lead to disciplinary proceedings against employees;
(d) to ensure traffic management measures at the locations listed in Section 4 below; and
(e) to increase the security of employees, collaborators, visitors and customers.
The Company’s video system is not intended to capture (for example, by focusing or selective orientation) or to process images (for example, indexing, profiling) that reveal “special categories of data”.
The Company does not intend to use the video surveillance system on an ad-hoc and temporary, circumstantial basis.
2. LIMITATION OF THE PURPOSE OF USING CCTV MONITORING
The Company will not use CCTV monitoring under any circumstances to check employee attendance or to assess employee activities.
In exceptional cases, images captured by the CCTV system may be used in the event of a disciplinary investigation, if disclosure of such images may help investigate a sufficiently serious misconduct that could endanger the safety of other employees and public safety.
3. PROCESSING GROUNDS
The Company processes Personal Data collected through the CCTV surveillance system on the grounds of legitimate interest.
4. ROLES AND DUTIES
The CCTV system is maintained by SC FEREX PARTNER SRL. All the equipment is tested and monitored in a scheduled and coordinated manner.
The contract concluded between the Company and the service provider that provides maintenance for the CCTV monitoring system, will include a Code of Conduct that will regulate security standards in the processing of Personal Data that the service provider must meet.
5. LOCATION OF THE CCTV MONITORING SYSTEM
Video cameras are generally located in the following spaces / areas / rooms / offices at the Company’s head office:
Ü at the main access door (inside and outside);
Ü at the warehouse access door (inside and outside);
Ü in the factory where the machines are located
The Company does not monitor areas where there is a high level of privacy expectations, such as offices, toilets and other similar locations.
The CCTV equipment must be located so as to ensure only the monitoring of the areas to be covered by the equipment. Under no circumstances will the monitoring exceed the limits of the Company’s property. If the cameras are adjustable, the Company will adjust them so that they do not exceed the perimeter that should be supervised.
6. AUTHORIZED PERSON
Access to these data is allowed only to persons authorized by the Company, generically referred to in this Policy as “authorized persons”, who will sign a declaration of confidentiality for the data and information they become aware of during the performance of their duties in connection with the processing of Personal Data. Moreover, the job description of authorized persons will include specific data privacy obligations. The Company will take into account the number of persons required to carry out the objectives of this Policy, when designating the authorized persons.
7. NOTIFICATION ON THE USE OF A VIDEO MONITORING SYSTEM
The Company will notify employees that it uses a video recording system for surveillance, in accordance with the Policy on the processing of employee Personal Data, using the notification in Annex 1 of this policy.
At the same time, both to inform employees and to notify visitors at the Company’s head office/places of business, the Company will place a warning at the main entrance of the building, close to the main entry door, saying that the building is monitored with a video surveillance system. Moreover, the Company will place a warning regarding the use of the CCTV monitoring system in each space / room / office where such a device is located.
The notices must be clearly visible and legible, must give details on the organization operating the system, the purpose of using the surveillance system and the contact details of the contact person to provide additional information.
8. RESPONSIBILITY OF OPERATING THE VIDEO MONITORING SYSTEM
If the Company processes CCTV images, the persons authorized to carry out such actions will need to know and comply with the guidelines in the Data Management Policy and will also need to comply with the specific obligations set out in this policy.
If a third party service provider supplies processing services (for example, by editing CCTV images), the Company must make sure such operations will be performed only based on a written contract between the parties, in force at the time of processing, which will include well-set out responsibilities.
The existing contract between the Company and the service provider must detail that the information must be processed only in accordance with the Company’s instructions. The contract should include guarantees regarding the security, storage and the use of well-trained personnel by the service provider and must include a requirement for the service provider to implement and comply with security level standards in the processing of Personal Data, at least equivalent with those set out in this policy. The Company will make sure the contract to be concluded with third party service providers will comply with Personal Data protection standards at least at the level of this policy.
The Company will carry out regular assessments of the CCTV system to determine whether it is has to be kept and whether it is necessary to continue its use.
To protect the security of images captured by the CCTV system, a series of technical measures will be implemented by the Company at a technical level:
Ü The Company will implement administrative measures consisting in the appointment of authorized personnel who will have duties to monitor the images captured by CCTV;
Ü The Company will designate, by an in-house document, the person/department responsible for solving requests to disclose CCTV images to third parties, as well as for solving requests made by Data Subjects;
Ü The Company will organize professional training courses to train the authorized personnel on the obligations they must fulfil in order to ensure compliance with security and confidentiality standards in the processing of Personal Data.
Ü All employees assigned as authorized persons for the purposes of this Policy will sign a declaration of privacy for the Personal Data on which they will perform processing activities;
Ü By the care of the Company, the job descriptions of the authorized persons for processing CCTV images will be supplemented with privacy obligations.
Ü The Company will take the necessary measures to make sure all persons with whom it concludes contracts under which it will disclose Personal Data will sign a code of conduct containing security and confidentiality standards for the processed Personal Data at the level in place within the Company.
9. MONITORING TIME
The Company’s video monitoring system operates 24 hours a day.
To respect the right to privacy, whenever possible, the cameras will not capture images in focus mode. If the focusing of images captured by cameras cannot be prevented, the system operators will be trained so as to provide a high level of respect for the right to privacy.
10. SPECIAL RULES FOR THE USE OF CCTV MONITORING
The following requirements will apply to the Company in the places of business where the CCTV system is operated:
(a) Discs, printed photographs and images must be uniquely identified and stored securely. All activities related to each video recording will be recorded (for example, the date and time of viewing, the purpose of viewing, number of copies made, if the discs are retained by a person other than the Company and the purpose, duration and basis of the retention);
(b) All images recorded on the CCTV systems will be stored centrally and they may be viewed by the representatives of the Supervisory Authority or by the Data Subjects included in such video recordings, who can justify a legitimate purpose, only in the presence of a person authorized by the Company, appointed according to this Policy;
(c) Images captured by the video recording system will be monitored in an autonomous secure area with restricted public access, hereinafter referred to as “secured zone” or “access are”, and monitoring will be conducted by a limited number of persons authorized in this respect;
(d) In the restricted access area where the captured images will be monitored, a record will be kept with details of the dates when the tape / disc / photo / print was entered into the system or created, the date when it was viewed, the date when it was deleted;
(e) An entry will be made in the processing ledger for Personal Data collected through the CCTV system whenever the images are viewed, transmitted to other persons / authorities / institutions, or deleted or processed in any other way. The ledger will identify the person processing the Personal Data captured by the CCTV system;
(f) Unauthorized access to the restricted area will be allowed only with an authorization given by the Company;
(g) All visitors to the restricted area will be registered, including their name, department or organization visiting the restricted area. Mention will also be made of the name of the person who authorized the visit (if applicable), as well as the entry time and exit time in/from the restricted area.
11. STORAGE OF COLLECTED PERSONAL DATA
Except for cases when, according to legal provisions, the Company has an obligation to keep CCTV recordings or in case of investigating crimes/offences, recorded images will usually be kept for 30 days at the most after the recording day, and then they will be deleted automatically.
In the event of a security incident, the retention time of the relevant footage may exceed normal limits depending on the time required to further investigate the security incident.
Retention for a time longer than established by law will be rigorously documented, and the need for retention will be reviewed periodically, with the revision of the CCTV Policy.
Video recordings will be kept in accordance with the procedures set out in the Policy on storage, deletion and updating of Personal Data.
12. DELETION OF VIDEO RECORDINGS
At the end of the period specified above, all stored images and recordings will be deleted, and records / photos stored on support media (i.e. CD, DVD, photo) will be deleted, and those stored on support media will be destroyed according to the confidential waste system, either by the Company’s own means or through a service provider specialized in the collection and disposal of Personal Data waste.
13. UPDATES AND MAINTENANCE OF SOFTWARE SYSTEMS USED FOR THE CCTV MONITORING SYSTEM
All computer software and CCTV monitoring systems must be updated and maintained regularly in order to ensure security and for compliance with the applicable legislation.
14. INCIDENT LEDGER
An event ledger will be kept at the Company’s head office and in each place of business where there are video cameras. This ledger will record details on security incidents related to the CCTB monitoring system, indicating if there were complaints or requests in connection with an incident, as well as how they were solved.
15. RIGHT OF DATA SUBJECTS TO ACCESS CCTV RECORDINGS
Data Subjects may have access to recordings or footages that concern them, without infringing the rights of other persons, with the meaning that a person making such a request will only be allowed to see footage of themselves and not of other third parties. The Company has the obligation to respond to such a request within one month from the registration date of such a request. If the Company refuses to grant access to a Data Subject to recorded footage, the Data Subject has an obligation to file a complaint with the Supervisory Authority.
Whenever the Company grants access to Personal Data, this will be recorded in an activity ledger and it will be documented with sufficient documents and information, so that it will be able to prove the circuit of information in case there are incidents of Personal Data processing or in case there are complaints in relation with the Personal Data to which access was granted at the request of third parties.
The following information should be recorded in an activity ledger/logbook if Data Subjects are granted access to captured images:
Ü the reason for disclosure;
Ü details of the images to which access was granted, namely the place where they were recorded, the time and date of recording;
Ü an indication whether the images were disguised/blurred to prevent disclosing the identity of other persons showing in those images;
Ü information on the persons who were present at the time when the images were disclosed;
Ü details of the place, date and time of disclosure, as well as an indication whether copies of the images were made.
16. DISCLOSURE OF CCTV VIDEO RECORDINGS TO STATE AUTHORITIES AND TO THIRD PARTIES
The Company will disclose video recordings at the request of the Police and of state authorities, whenever the need to disclose them is determined by investigations conducted to solve crimes/offences and the disclosure is made under the law. The grounds and lawfulness of a request for disclosure will be analysed by the person appointed by the Company and having duties in this respect.
Moreover, the Company will disclose video recordings to third parties when such a disclosure is needed to achieve the purpose of CCTV surveillance, as this purpose is declared in this policy.
Disclosure to third parties will be made exclusively under a contract that will include conditions to provide the security standards for the protection of Personal Data, at least at the level in this Policy, and these will be included in a code of conduct undertaken by the contracting parties upon signing it. Codes of conduct will include at least the following information:
Ü the time frame for which the recordings are made available to the third party;
Ü the obligation of the recipients of the recordings to return the information or to delete/destroy the data;
Ü the security measures implemented by the recipient of the recordings to guarantee the privacy of the processed Personal Data;
Ü what records of processed Personal Data are to be kept; etc.
The person in charge with solving requests for the disclosure of CCTV images will consider both this Policy and the Personal Data Disclosure Policy.
The decisions made and the rationale for disclosure will have to be recorded in the activity ledger for CCTV images. If the Police or law enforcement agencies request the disclosure of CCTV image, they must provide appropriate disclosure forms that establish their identity and the purposes for which they require the disclosure. The personal data sharing policy should also be referred to.
The following information should be recorded in an activity ledger/logbook, if the Police, state authorities, and other third parties are granted access:
Ü the reason/purpose and grounds for disclosure;
Ü details of the images to which access was granted, namely the place where they were recorded, the time and date of recording;
Ü an indication whether the images were disguised/blurred to prevent disclosing the identity of certain persons;
Ü information on the persons who were present at the time when the images were disclosed;
Ü details of the place, date and time of disclosure, as well as an indication whether copies of the images were made.
17. REQUESTS FROM DATA SUBJECTS
The Company must provide Data Subjects with a copy of their personal data in accordance with the legislation on data protection. Data Subjects may exert the rights set forth in law pursuant to the “Policy on the Rights of Data Subjects”, using the forms enclosed with this policy.
18. MONITORING AND SANCTIONS
This Policy will be reviewed yearly. When this Policy is reviewed, the Company will also assess the need of using the CCTV monitoring system.
* * *
Contact details
Responsible person:
FEREX PARTNER S.R.L
Address:
Cluj Napoca, 13 Arinilor Street, Bl. E, Entrance 2, 8th floor, apt. 53, Cluj County
Phone: 0722 100 660
E-mail: protectiadatelor@ferex.ro
* * *
Presentation letter
Hello,
The Company Ferex Partner SRL from Cluj Napoca was founded in 2013 with 100% Romanian capital.
The Company was founded based on the needs for high quality steels, especially steel sheets, that can provide both high productivity and quality as per demand.
We distribute exclusively imported first quality metals brought from factories in Slovakia, Italy. Some of the products we market: cold rolled (DC01-DC03), hot rolled (DD11,S235,S355MC, S460MC), galvanized (DX51), as well as pickled and oiled metal sheets 2.5 to 15 mm thick. For sensitive products, we also keep in stock tempered metal sheets https://ferex.ro/tabla-de-otel-detensionata/. We can supply any quality and format based on a fixed-term contract.
Since 2015, we have started to make investments in high-performance equipment according to demands on the market and in line with the shareholders’ vision.
Out collaboration with domestic and Western European countries gave us the opportunity for constant improvement and modernization and to procure new state-of-the-art technologies.
The production line consists of modern equipment – from laser cutting to Mig/Mag welding. We execute small batch and large scale series products, as well as unique products according to our partners’ requests. For more details on our services and information on the machinery we possess, please visit our website: www.ferex.ro
We are also capable of laser cutting and CNC bending.
Please do not hesitate to contact us for any questions.
Faithfully yours,