The company WESTACO S.R.L., headquartered in Bucharest, Calea Griviței, no. 11, sector 1, registered at the Trade Register under no. J40 / 8693/2001, unique registration code RO 14235694 (“the Company”), as operator, wishes to inform you about the processing of your personal data in the context of operations related to the provision of WESTACO EXPRESS services / products to customers, for the purposes of specified below.
By the nature and procedures of the services / products provided by WESTACO (“Services” or “WESTACO EXPRESS Services“), their users (“Customers” or “Users“) – PAYER / SENDER and / or BENEFICIARY – transmit certain personal data used to ensure the provision and development according to the legal provisions and its own procedures, in optimal conditions and in safety of the Services.
According to the requirements of Law no. 363/2018 and Law no. 190/2018 for the protection of individuals with regard to the processing of personal data and the free movement of such data, amended and supplemented and of Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, S.C. WESTACO S.R.L. has the obligation to manage safely and only for the specified purposes, the personal data you provide us about you, a member of your family or another person.
Protection and processing of personal data
Personal data means both non-personal data and personal data – information about an identified or identifiable natural person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, including, but not limited to: (i) name, surname, CNP, serial number and identity document number (IC, passport, etc.), other information contained in the identity document (eg date and place of birth, citizenship, etc.), home address and/or correspondence, e-mail, telephone (eg landline, mobile, fax ) (ii) information on the occupation, the name of the employer, the nature of his activity, the important public office held, the policy exposure (if applicable); (iii) information of a financial nature (eg income, etc.); (iv) various information required or requested by the authorities for the application of legal provisions relating to the prevention of money laundering and terrorist financing activities or the risks specific to the provision of services/products; (v) information resulting from video/audio monitoring if the Customer visits one of the locations where WESTACO EXPRESS services/products are provided or contacts support services; (vii) signature; (viii) any other information deriving from them following the processing performed by WESTACO (eg, customer segmentation according to different criteria, unique identifier generated at WESTACO for each customer, information specific to the services/products offered by WESTACO etc. ) and any other information that is necessary for the conduct of WESTACO’s activities; (ix) IP or activities performed when browsing our site or using WESTACO applications/services.)
Processing of personal data means any operation or set of operations carried out on personal data, by automatic or non-automatic means, such as collection, registration, organization, storage, adaptation or modification, extraction, consultation, use, disclosure to third parties by transmission, dissemination or in any other way, joining or combining, blocking, archiving, deleting, destroying, etc.
Collection of information
The information is collected in the process of providing services/products to users or potential users. The main sources of information are:
- Forms used to provide the services, data provided when using the WESTACO websites or applications, other means of communication, questionnaires that users or potential users of the Services accept (without being obliged to accept) to complete at our request, other documents which users or potential users make available to us at our request;
- Transactions that take place between WESTACO and its agents/partners and between them and the users of the Service;
- External sources – for fulfilling specific customer knowledge obligations and in order to prevent money laundering and terrorist financing (competent institutions, public registers, electronic databases, information available on social media and on the Internet, or authorized third parties, holders of such information, such as, but not limited to, the Directorate for Personnel Records and Database Administration, the National Office of the Trade Register, the Romanian courts portal administered by the Ministry of Justice, other providers of personal data etc.).
Purposes of personal data processing
The purpose of data collection is: provision of goods and services (operations of transfer and remittance of money, collection of invoices or installments, marketing of various products or services of their own or for third parties); advertising, marketing and publicity for the services and/or products offered by us; statistics; debt collection/debt collection; electronic communications services; acquisitions of products/services.
The registered information is intended for use by us for the development, development and promotion of those services or products or new services or products and may be communicated to our partners: companies in whose name or in collaboration with which receipts, sales of products, other services are made; partners through or with whom the respective services/products are offered.
The purposes for which WESTACO processes personal data are:
- Providing the Services directly, through agents or other channels available for this purpose (eg, physical locations, internet, fixed or mobile applications that the Customer accesses in order to use the services provided by WESTACO, telephone, etc.;
- Identification of users/potential users both in the physical locations where the Services are available and through the means of communication (eg. telephone, e-mail, mail, internet, fixed or mobile applications that the Customer accesses in order to use the services provided);
- Identification of users/potential users in order to fulfill the legal obligations incumbent on WESTACO to provide the Services;
- Monitoring operations and running Services and/or providing support services to users/potential users;
- Creating or analyzing profiles for the improvement of the Services and conducting surveys as well as for conducting any other types of promotion of the Services and/or conducting marketing or general advertising activities;
- Analyzing the behavior of any person accessing WESTACO sites, by using cookies, in order to provide content (general and commercial) tailored to user preferences, remember passwords, language preferences, child protection filters, limit the frequency of advertising etc.;
- Carrying out internal analyzes (including statistical analyzes) both on the Services and on the portfolio of users/potential users, for the provision, improvement and development of the Services, as well as conducting market studies and analyzes on the Services;
- Settlement of any procedural and/or legal situations in connection with the provision of the Services or the interest of the Company;
- Archiving both in physical and electronic format of the documents related to the provision of the Services and/or correspondence with users/potential users;
- Reporting to state institutions according to the applicable legal regulations WESTACO (eg: National Bank of Romania, other authorities, etc.).
Grounds for processing personal data
WESTACO processes personal data for the purposes mentioned above, on the following grounds:
- For the provision of the Services in the common legitimate interest of WESTACO, the Client, the third party and/or the partner, as the case may be, to provide the Services in an optimal way and in compliance with the legal provisions and procedures;
- Based on a legal obligation under WESTACO (eg identification of users/potential users, application of legal provisions, reporting to supervisory authorities);
- Based on the consent given by selecting the communication options (eg in case of direct marketing, etc.);
- Based on the legitimate interest of the Company to protect its financial situation and its assets and those of users.
Is it mandatory for the user to communicate the data? What are the consequences in case of refusal?
The processing of personal data requested from users/potential users by WESTACO in order to provide the Services is considered strictly necessary for the provision of services in accordance with the legal provisions and procedures of WESTACO. Refusal to provide such data makes it impossible for us to provide the Services. The user may choose not to process his data for direct marketing purposes.
In order to choose not to process or perform certain types of processing of your data except for the purpose of carrying out and developing the transfer of money WESTACO EXPRESS, mention “do not use my data” on the front of the form, under the heading “Comments and/or oppositions”.
You are obliged to provide the data, which are necessary for the provision of those services according to the procedures and their safe conduct. Your refusal makes it impossible for us to offer you the respective services/products, as they can no longer be offered in the absence of the necessary identification data.
Recipients of personal data
In order to fulfill the purposes mentioned above, the Company may disclose Customer data, where strictly necessary, based on the need for knowledge, to the following categories of third parties:
- Regulatory authorities (eg National Bank of Romania, etc.) and competent public authorities or institutions under the law;
- Contractual partners (eg agents of the Company, auditors, consultants, etc.), some of whom also have the capacity of persons empowered by the controller with the processing of personal data.
These contractual partners also carry out their commercial activity in Romania, and they may be provided with your personal data in order to be used within the limits of the obligations they have assumed towards the Company. The personal data that we disclose to the persons empowered by us with their processing are limited to the minimum necessary for personal data in order to perform those services and, at the same time, we ask them not to use personal data for any other purpose.
We make every effort to ensure that all entities we work with store your personal data securely and securely. Also, some of them are in turn operators operating in Romania, such as payment service providers as agents.
Some of these are third parties who do not have the role of processing personal data, but may have access to them in order to fulfill their obligations or in their interaction with the Company, such as technical maintenance companies, financial auditors or service providers. legal services.
The personal data mentioned above may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with competences in control activities regarding the Services, activities or assets of the Company, which request the Company to provide information, based on the legal obligations incumbent on the Company. (ii) for the fulfillment of a legal requirement, including those related to the provision of the Services, or for the protection of the rights and assets of our Company or other entities or persons, such as courts (iii) acquiring third parties, to the extent that the activity The company would be (totally or partially) transferred, and the personal data of the data subjects would be part of the assets representing the object of the transaction. Also, for the purpose of processing regulated above, we may provide your personal data to companies that are part of the WESTACO group, companies that will be subject to the Company’s instructions regarding the processing of your personal data. For more information visit: www.westaco.com.
Transfer of personal data abroad
In the context of the operations described above, Customers’ personal data may be transferred abroad to countries in the European Union (“EU“) or the European Economic Area (“EEA“). Thus, we hereby inform Customers that any transfer made by the Company to an EU or EEA Member State will comply with the legal provisions of the General Regulation on data protection no. 2016/679 adopted by the European Parliament (“GDPR”).
We will store Customers’ personal data only for the time necessary to achieve the purposes of processing, as mentioned above, and in compliance with legal regulations in force including, but not limited to, the provisions on archiving.
What happens to personal user data after processing stops
After the expiration of the aforementioned processing period and the Company no longer has legal reasons or a legitimate interest in the processing of your personal data, personal data will be deleted in accordance with the Company’s procedures, which may involve archiving, anonymization, destruction.
Automated decision making and profiling
The personal data mentioned herein may be subject to automated decision-making processes, including profiling.
Security of personal data processing
The company constantly evaluates and improves the security measures implemented in order to ensure a safe and secure processing of personal data.
The rights of the data subject with regard to the processing of personal data
According to Law no. 363/2018 and Regulation no. 190/2018, you benefit from the right of access, of intervention on the data, the right not to be subjected to an individual decision and the right to go to court. At the same time, you have the right to object to the processing of personal data concerning you and to request the deletion of data *. To exercise these rights, you may address a written request, dated and signed at the address below. You also have the right to go to court.
În contextul prelucrării datelor cu caracter personal ale utilizatorilor / potențialilor utilizatori, persoana vizată are urmatoarele drepturi:
- The right to information – art. 13 and 14 GDPR. It allows the data subjects to know, right from the moment the collection is made, how those data will be used, to whom they will be disclosed or transferred, what rights the persons in question have regarding the processed data, etc.;
- The right of access to the personal data processed – art. 15 GDPR. Allows the person to obtain, from WESTACO, confirmation that personal data concerning him or her are being processed or not and, if so, access to that data and other useful information;
- The right to rectification or deletion of data – art. 17 GDPR. It allows the person to obtain from WESTACO the deletion / rectification of personal data concerning him / her, without undue delay. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; the data are processed for statistical or archiving purposes; the data are processed to fulfill a legal obligation or are processed to establish or defend a right in court;
- The right to request the restriction of processing – art. 18 GDPR: you have the right to obtain a restriction on the processing in cases where: (i) you consider that the personal data processed are inaccurate, for a period that allows the operator to verify the accuracy of the personal data; (ii) the processing is illegal, but you do not want us to delete your personal data, but to restrict the use of such data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need the data to establish, exercise or defend a right in court; or (iv) you objected to the processing, for the time period in which to verify whether the legitimate grounds of the data controller prevail over the rights of the data subject;
- The right to data portability – art. 20 GDPR. It represents the right to receive your personal data that you have provided to WESTACO in a structured, commonly used and automatically readable form, as well as the right to transfer that data to another operator, in the event that that the processing is based on your consent or the performance of a contract and is carried out by automatic means;
- The right to withdraw your consent for processing, when the processing is based on consent, without affecting the legality of the processing performed until that time;
- The right to object to the processing of personal data – art. 21 GDPR – for reasons related to the particular situation in which you are, when the processing is based on a legitimate interest, as well as to oppose, at any time, the processing data for direct marketing purposes, including profiling;
- The right not to be the subject of a decision based exclusively on automated processing, including the creation of profiles, which produces legal effects concerning the data subject or similarly affects him to a significant extent;
- The right to file a complaint with the National Authority for the Supervision of Personal Data Processing (NASPDP) and the right to address you to the competent courts.
Amendments to this Statement regarding the processing of personal data
The exercise of the above rights may be made at any time. In order to exercise these rights, we recommend that you use the forms that can be found on the website www.westaco.com or by sending a notification in electronic format to the following address: firstname.lastname@example.org or a written notification, dated and signed , at OP 37, CP 177, Bucharest.
*Any person has the right to object, for legitimate reasons, to the processing of data concerning him. This right of opposition may be excluded for certain processing provided by law (eg processing by financial and tax services, police, justice, social security). Therefore, that statement cannot be made whether the processing is compulsory;
*Everyone also has the right to object, free of charge and without any justification, to the processing of his personal data for direct marketing purposes;
*If any information about you is incorrect, please let us know as soon as possible.
S.C. WESTACO S.R.L., OP 37, CP 177, Bucharest
Email (data protection officer): email@example.com