It applies to the following persons:
- Users – people who use the site and fill in the contact form (former customers, current and potential customers of PUMAC S.A.);
- Visitors – people who access the site without filling out the contact form (anonymous).
PUMAC S.A. collects personal data in the moment when an individual becomes a potential customer. He is registered when he creates his user account in order to access the information necessary to benefit from our services and support.
Processing refers to all the operations we can perform on the data, such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring and deleting them.
We’re kindly asking that you do not send or disclose any sensitive information on or through the website www.the-light.ro or in any other way.
Your personal data will be processed exclusively on the basis of the express and unequivocal consent given to this processing. Therefore, the provision of the data / information requested through the site www.the-light.ro is considered to represent your express consent for your personal data to be used by PUMAC SA, in accordance with the purposes mentioned below.
We expressly warn visitors and users that all processing of personal data relates exclusively to persons who have reached the age of 16. Use of the site by children under the age of 16 is prohibited. If, however, such a situation occurs, resulting in the processing of personal data of children under 16, we will stop processing this data as soon as we find out such a fact. The responsibility for the use of the site by children lies exclusively with the parents.
The person in charge of personal data protection (DPO) can be contacted at the e-mail address: firstname.lastname@example.org .
If you do not agree with the processing of your personal data, please do not fill in the user form on the site, you can send us your message by e-mail or telephone, using the data entered on the site.
For situations where your personal data is completed by a third party, we do not assume responsibility for the author of the entries.
2.The types of data we collect
The personal data we collect includes identification data, such as name, surname, date of birth, telephone, e-mail address. last name, first name and e-mail address (in the contact form).
We do not record sensitive data on racial or ethnic origin, political opinions, religious denominations or philosophical beliefs or trade union membership, and we do not process genetic data, biometric data for the unique identification of a natural person, health data or data on sexual life or sexual orientation. to an individual.
3.What we’re doing with the personal data
We’re using personal data only for legitimate business purposes, for easy communication with our customers, attracting new customers and monitoring the use of the site by the visitors, for the development of current economic activity.
The purposes for which we process the personal data you provide us by filling in the user form from the respective section of the site are:
- to receive further information by e-mail regarding our marketing campaigns, freely expressing your agreement by accessing the existing form;
- to know your preferences, freely expressing your agreement by accessing the existing form;
- to be able to send us comments about our services and product;
- for subsequent correspondence with you;
- for transmitting of the specially requested offers through the written comments on the site; processing the offer requests, until the takeover of the clients by the sales department; going through the stages prior to concluding a contract;
- in order to resolve various requests / questions / notifications / complaints made by users;
- for the legitimate interest of the company; ex: for the purpose of ascertaining, exercising or defending a right in court, for internal administrative purposes, for invoicing the services provided and making the related payments; for the protection of copyright and related rights;
- for customer relationship management: The Company may request feedback on the products and services offered and communicate it to certain members of our staff in order to improve the quality of services. We can also use notes from conversations we have online, over the phone, or face-to-face, so that we can personalize the products and services we offer.
- for the improvement and development of products and services: The analysis of how the Company’s products and services are used, helps us to better understand and shows us what we can improve. We analyze the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
To whom and why we communicate the data
In order to provide the best services and maintain our competitiveness in the real estate market sector, we communicate certain data within and outside the Company. These include:
Within the Company
We transfer data within the Company’s departments for operational purposes.
The parties agree to use personal data collected exclusively in connection with the Services and not to disclose them without prior written approval, unless this is required by specific law or regulations or when requested by a legally authorized institution.
The personal data entered by you on this website are also seen by other legal entities, our associated operators, as follows:
- Associated operators: SYNAPSER COMUNICATION SRL – member company of the group that provides IT services; RIVER DEVELOPMENT SRL – the company that manages the entire activity of the group;
- On-demand service providers for our customers.
In order to comply with our legal obligations, we may disclose data to the relevant authorities, for example in order to prevent money laundering. In some cases, we are required by law to disclose data to external parties, including:
- To the tax authorities who may ask us to report the assets held by customers. We may process certain data for this purpose.
- Judicial authorities, such as the police, public prosecutors, courts and arbitration / mediation bodies, at their express and legal request.
- Lawyers, notaries, administrators who manage the interests of other parties and auditors of the company.
5.How long we keep personal data
The period in which we will keep the user data on the site is determined according to the following criteria:
- If an offer is requested, the data are kept for a period necessary with the completion of the relationship between the bidder and the client;
- In the case of customers who have completed the bidding period with the signing of a contract – for a period equal to the contractual duration, plus the period necessary to comply with the legal provisions regarding archiving and protection of the company’s interests;
- For other users, who do not meet the criteria in the above points, the data will be processed by the company without a time limit, with the possibility of withdrawing your consent at any time, which in addition will be brought back to your attention at maximum 5 (five) years;
- In the case of occasional visitors, no personal data is collected or stored, except for cookies and IP address, in respect of which the Cookie Use Policy will be considered.
PUMAC SA will not disclose your personal data for use by third parties (other than those mentioned) or by external transfer outside the EEA. It is possible that the personal data collected is only partially used (eg e-mail – only the name and surname, the address form sir / madam and the e-mail address are used).
6.People’s rights and how we respect them
We respect the rights of the individual as a customer or potential customer to determine how personal information is used. These rights include:
The right to access information
The person has the right to request a report of the personal data we process.
The right to rectification
If personal data is incorrect, the person has the right to ask us to rectify it. If we have previously communicated this data to third parties, we will also inform those third parties accordingly.
The right to erasure of data or the “right to be forgotten”
The person has the right to obtain from our company the deletion of personal data from the site, without undue delay, and we, as operators, have the obligation to process the request if there is one of the reasons:
- the data are no longer necessary for the purposes for which they were collected or processed;
- withdraw your consent on the basis of which the processing takes place;
- when you object to the processing of your data;
- when there are ambiguities related to the legality of the processing of personal data;
- if there is a legal obligation that we will comply with as an operator;
- if the personal data belong to children under the age of 16, and the parents or persons exercising parental rights withdraw their consent.
On our turn, depending on the technology available and the cost of implementation, we will take reasonable steps, including technical measures, to inform all processors who have had access to personal data that you have requested their deletion, including copies or links to reference to those data.
The situations in which we do NOT have the obligation to comply with your request to delete personal data are:
- exercising the right to free expression and information;
- compliance with a legal obligation;
- reasons of public interest, in the field of public health;
- archiving purposes in the public interest, scientific or historical research or for statistical purposes;
- finding, exercising or defending a right in court.
The right to oppose data processing
The person may object to the use of personal data by the Company in its legitimate interests. This right can be exercised by e-mail, online or by telephone. We will also consider the opposition if the processing of the information has any unjustified impact that requires the cessation of the processing of that data.
The person may also oppose to the receipt of personalized commercial messages from us. When the person becomes a customer of the Company, he is asked if he wants to receive personalized offers. If he changes his mind later, he can choose not to receive any more messages, using the “unsubscribe” link in the footer of each commercial email.
The person cannot oppose the processing of personal data by the Company if we have a legal obligation to process them; if it is necessary to conclude a contract with the person; if there are security issues with the customer’s account, even if they have opted out of receiving personalized business messages.
The right to restrict processing
The person has the right to request us to restrict the use of personal data if:
- The person considers that the information is inaccurate;
- We process data illegally;
- The company no longer needs that data, but the person wants us to keep it for use in a lawsuit;
- The person objected to the use of personal data by the Company in its legitimate interests.
The right to data portability
The person has the right to request us to transfer personal data directly to him or to another company. This applies to personal data that we process by automatic means and with the consent of the person or on the basis of a contract concluded with the person. If this is technically possible, we will transfer personal data.
The right to delete
The person may request the deletion of personal data if:
- the data are no longer necessary for the purpose that they were collected or processed;
• withdraws the consent on the basis of which the processing takes place;
• objects to the processing of data by the Company in its legitimate interests or for the purpose of sending personalized commercial messages;
• the company processes personal data illegally;
• a Member State of the European Union requires the deletion of personal data by the Company.
The right to complaints
If the person is not satisfied with the way we have responded to the requests, he / she has the right to make a complaint. If she is still dissatisfied with the Company’s reaction to the complaint she submitted, she can forward it to the Data Protection Officer within the Company (email@example.com). In case of going through these stages and the persistence of the dissatisfactions formulated, the person can file a complaint to the National Authority for the Supervision of Personal Data Processing.
Exercise of the rights
If the person wishes to exercise their rights or make a complaint, we can be contacted according to the data displayed on the Company’s website or at the email address: firstname.lastname@example.org, with the reference “GDPR request”, except for the right to address you To the National Authority for Supervision of Personal Data Processing which is exercised by a written request submitted to the competent authority.
Requests are resolved free of charge.
Requests made at intervals of less than 30 days may be rejected if they are unfounded or abusive, in particular because of their recurrence.
In all cases, if we have doubts about the identity of the applicant, we may request additional information to confirm the identity.
7.How we protect personal data
We apply an internal framework of policies and minimum standards at all our levels to maintain data security. These policies and standards are regularly updated to comply with market regulations and developments. Specifically and in accordance with the law, we take appropriate technical and organizational measures (policies and procedures, computer security, etc.) to ensure the confidentiality and integrity of personal data and the way they are processed.
In addition, the Company’s employees have an obligation to maintain confidentiality and may not disclose personal data.
8.What you can do to help us keep our data secure
We do our best to protect the data, but there are certain things the person can do, in turn:
- Can install antivirus, antispyware and firewall applications and update these programs regularly;
- Must keep passwords strictly confidential and replace them periodically;
- Be vigilant in the online environment and learn how to detect unusual activities, such as a new website address or phishing emails requesting personal information.