Taking into consideration the General Data Protection Regulation "or" GDPR ", Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, published in the Official Journal of the European Union L 119 (4.5.2016) and applicable from May 25, 2018, we send you this document to detail when and why we will process your personal data, how we use them, the conditions in which we can disclose them to others and how we store them safely.

1. PROCESSING OF PERSONAL DATA AND THE ROLE OF THE PARTIES

In the context of the conclusion and execution of the Contract, the Parties will process a series of personal data, respectively: the personal data of the Customer’ contact persons disclosed by the Client to FGG IMMOBILIEN and the personal data of the contact persons of the FGG IMMOBILIEN disclosed to the Customer ;

1.1 What is personal data?

Any information by which an individual becomes identifiable, such as: a name, an identification number, location data, an online identifier, one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity etc.

1.2 What does the processing of personal data mean?

Any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as: collecting, recording, organizing, structuring, storing, adapting, modifying, extracting, consulting , use, disclosure by transmission (including to third parties), dissemination or making available in any other way, joining / aligning or combining, blocking / restricting, deleting or destroying

1.3 Which are the risks generated by inadequate processing and not in compliance with national and European legal provisions

The risk at which Regulation (EU) 2016/679 and Law no. 677/2000 refer to, as amended and supplemented, is defined as follows:

“The risk [..] may be the result of a processing of personal data that could cause physical, material or moral damages, especially in cases where: processing can lead to discrimination, theft or fraud of identity, financial loss, compromise of reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymisation or any other significant disadvantage of economic or social nature, (Regulation (EU) 2016/679 on the protection of individuals with regard to personal data processing and regarding the free movement of these data).

1.4 We process your personal data for certain purposes

We process your personal data for the purpose of executing the contract with the legal entity or natural person, on behalf of whom you operate (which also includes the interactions prior to signing it) and for fulfilling our obligations as a contracting party.

We can also send you offers, promotions, advertising and marketing messages by e- mail, without other obligations or payments from any party or with your agreement to benefit from organizing competitions and advertising campaigns with prizes.

In addition, we process your personal data in order to satisfy legitimate interests, such as:

• prevention, detection and analysis and management of commercial risks;
• in connection with any claim, action or proceeding (including, but not limited to, drafting and reviewing documents, preparing the documentation necessary to conclude a transaction, obtaining legal advice and facilitating dispute resolution) and / or to protect or exercise rights and our contractual and legal obligations;
• cooperation with public authorities and institutions;
• conducting internal statistics, in order to improve the company's activity and to offer as consistent and personalized offers as possible;

We will process the personal data during the existence of the account of the subject person and during the guarantee period of the purchased products, and after the deletion of the account of the subject person, the company will transform the personal data into anonymous data and will process them for internal statistical purposes, during the existence of the company.

1.5 Who else can process personal data on our behalf?

The Company will make all reasonable efforts to protect your personal data in our possession or under our control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal, as well as others similar risks.

Our company can empower the courier companies to process such data for the delivery of the products, at the same time our employees are also involved in the process of collecting and processing personal data.

Also, the company may provide personal data to other companies with whom it is in partnership, but only on the basis of a confidentiality commitment from them, which guarantees that these data are kept safe and that the provision of this personal information is done according to the legislation in force, as follows: providers of marketing services, courier, payment / banking, telemarketing or other services, provided by companies with which we can develop joint programs on the market of our Goods and Services, insurers.

Your information, respectively personal data can also be provided to the General Prosecutor's Office, the Police, the courts and other competent bodies of the state, based on and within the limits of the legal provisions and as a result of some express requests.

2. THE RIGHTS AND OBLIGATIONS OF THE PARTIES

In the processing of personal data under the Contract, the Parties undertake to comply with all obligations applicable to them as personal data operators in accordance with the legislation on the protection of personal data including, but not limited to, according to the provisions of the GDPR:

2.1. The personal data of the Customer’ Contact Persons are processed for the purpose of concluding and executing the Contract, as well as for the purpose of transmitting communications to the Customer’ Contact Persons, including commercial communications from FGG IMMOBILIEN or partners;

2.2. It complies with the obligations incumbent upon it as an operator regarding the breach of the security of personal data and at the same time, informs the Client of any such breach of the security of the personal data without undue delay.

2.3. Designates a person responsible for the protection of personal data, which can be contacted by the Client, for aspects related to the protection of personal data, at the following e-mail address: cristina.flutur@fggimmobilien.ro ;

2.4. It processes the personal data of the Client's contact persons for the purpose of concluding and executing the Contract, thus ensuring that it complies with the requirements of the law by using an adequate basis for data processing and ensuring adequate information of FGG IMMOBILIEN, according to this document;

2.5. As a personal data operator, it is responsible for implementing appropriate technical and organizational measures to ensure the security and confidentiality of personal data, to all clients providing personal data as well as to the contacts of FGG IMMOBILIEN, mentioned in contract or other documents.

2.6. If it is required under the applicable law, it designates a person in charge of the protection of personal data and communicates the contact data to which it can be contacted by FGG IMMOBILIEN for aspects related to the protection of personal data;

Unless otherwise provided by law, you have the following rights:

1. The right of access, respectively the right to obtain a confirmation from us that we process your personal data, as well as access to them and providing information on the way of processing;

2. The right to rectification, which refers to the correction, without undue delay, of inaccurate personal data and / or the completion of incomplete data;

3. The right to delete / the right to be forgotten, that is to say, the right to delete your personal data collected without undue delay, if these data are no longer necessary to fulfill the purposes for which they were collected and there is no other legal basis for processing, the data has been collected illegally or the data must be deleted in order to comply with a legal obligation;

4. The right to restrict or oppose to the processing, which applies if you dispute the accuracy of your personal data, processing is illegal.

5. The right of portability, respectively your right to receive personal data, which you have provided to us for the purposes indicated herein, in a structured format, currently used and which can be read automatically, as well as the right to send this data to another operator;

6. The right to file a complaint with the National Supervisory Authority for Personal Data Protection (ANSPDCP) at the postal address b-dul. Gral. Gheorghe Magheru no. 28-30, sector 1, 010336 Bucharest or at the email address anspdcp@dataprotection.ro;

7. Right to information - you can request information regarding the processing of your personal data;

8. The right of opposition - you can oppose, in particular, to data processing based on our legitimate interest;

9. The right of withdrawal of consent - in cases where the processing is based on your consent, you can withdraw it at any time. The withdrawal of the consent will have effects for the future only, the processing carried out before the withdrawal will remain valid;

Except for the right to make a complaint to ANSPDCP, according to the above mentioned, these rights can be exercised by sending a written request to the headquarters of FGG IMMOBILIEN, Bdv. Decebal Nr.2, et.2, Birou 207, Arad, Jud. Arad;

CONFIDENTIALITY MEASURES FOR THE PROTECTION OF PERSONAL DATA

3.1. We make sure that the rights of the data subjects related to the processing of our personal data are observed and that we provide the necessary means to enable them to exercise their rights.

3.2. Providing information to the subject persons - we provide the data of subject persons with clear and easily accessible information regarding the data operator and the processing of their personal data.

3.3. Providing a mechanism for modifying or withdrawing consent - we provide a mechanism for the subject persons to modify or withdraw their consent.

3.4. Providing a mechanism to oppose the processing - we offer a mechanism that allows the subject persons to oppose the processing of their personal data.

3.5. Sharing the exercise of the rights of principle with regard to personal data - we take reasonable steps to inform the third party with whom the personal data have been shared about any changes, withdrawals or objections resulting from the exercise of the rights of the data subjects.

3.6. Rectification or deletion - we implement a mechanism to facilitate the exercise of the rights of the subject persons to access, correct and / or delete their personal data.

3.7. Offering some copies of the personal data processed - we can offer a copy of the personal data processed, subject to the retention and deletion policy, when requested by a person responsible for the personal data.

3.8. Limitation of collection - we limit the collection of personal data to the minimum relevant, proportionate and necessary for the identified purposes.

3.9. Limitation of processing - we limit the processing of personal data to what is appropriate, relevant and necessary for the identified purposes.

3.10. Retention - we do not retain personal data more than it is necessary for the purpose for which the personal data were processed.

3.11. Elimination - will be done safely and to avoid and prevent other risks.

PERSONAL DATA SECURITY

The Company will make all reasonable efforts to protect your personal data in our possession or under our control by establishing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal, as well as others similar risks.

Also the company guarantees the security and confidentiality of the data hosted and transmitted through its computer system, declares that the databases are protected including by electronic encryption, have been concluded protocols of collaboration with computer companies that manage our web page, security specifications of the data in the collaboration contracts have been provided as well as in the internal procedures and there are confidentiality provisions in the contracts of our employees.