We believe it is important to protect your privacy and to be open about how we use your personal data. This statement has the purpose of letting you know about the type of information collected from customers and how we use this information.
OPERATOR IDENTIFICATION / WHO WE ARE
This Website (here in after referred to as “SITE”) is owned and operated by Gepperi Call Center S.R.L. (here in after referred to as Gepperi), located in Buzau, Buzau, Strada Independentei, nr. 53, cod postal 120204, registered at the Trade Register under no. J10/1062/2017, C.U.I. RO 38122501 , phone +40770371682, e-mail: GDPR@gepperi.com.
According to Regulation (EU) 679/2016 (applicable in Romania from 25th of May 2018), Gepperi is a personal data “operator”.
“GDPR” – Regulation (EU) 679/2016 regarding the protection of individuals on the subject of personal data processing and regarding the free movement of such data.
“operator” means the individual or the legal person who establishes the purposes and the means of processing personal data.
“personal data” means any information regarding an identified or identifiable individual (“the data subject”);
“targeted person”, means an identified or identifiable individual. An identifiable individual is a person who can be identified, directly or indirectly, mostly by taking reference an identification element such as a name, an identification number, location data, an online identification element, or one or more specific elements, such as his physical, physiological, genetic, psychic, economic, cultural or social identity.
We reserve the right to modify this document whenever is necessary. We encourage customers to review this page periodically to keep up-to-date with our latest privacy practices.
WHAT TYPE OF INFORMATION DO WE COLLECT?
- a) Information provided voluntarily
When filling in the forms on the website, when you contact us by phone or e-mail or when you communicate with us in any way, you voluntarily give us the information we are processing. This information may include name, surname, e-mail address, telephone number, mail address / home address. By providing this information, we keep it secure and confidential in our database.
- b) Information gathered automatically
When you browse our website, we may collect information about your visit to the site. This information may include the IP address, operating system, browser, browsing activity, and other information about your interactions with the site. We may collect this information by using cookies or other similar technologies and only by having your permission. We can store cookies, as more detailed information is presented in the Cookies Policy. These are statistics regarding the actions and patterns of our users’ browsing history and they do not identify you or any other individual.
- c) Audiovisual data, such as images captured by the existing video cameras from Gepperi’ workstations or call recordings for calls initiated to / from any Gepperi telephone number.
We do not record sensitive data about your health, ethnicity, religious or political beliefs, unless it is necessary. When we record such data, we limit ourselves to specific actions, such as when you mention your ethnical or political beliefs in your contact form or CV. The information will be kept as part of the message and will be destroyed with the rest of the data provided, when the purpose of processing these data has been fulfilled.
We do not collect data about children. We can process certain data about minors only if they have more than 16 years old and they have the legal capacity to accept the statements they’ve made. In this case, the processing will be done only in the purpose of hiring them or for inviting them to participate to various career workshops organized by Valoris.
OUR PURPOSES FOR COLLECTING DATA
- To respond to your requests and to inform you about our new or modified services;
- To answer questions or queries when you contact us;
- To retain your application if you apply for a job;
- To provide you with information (marketing communications) about Gepperi services, available jobs, invitations to events or surveys, newsletters etc., by mail, e-mail, SMS, MMS, phone, social media and by using other means – To no longer receive marketing/ promotional messages, you can follow the unsubscribe instructions included in each e-mail or by sending an e-mail to GDPR@gepperi.com;
Providing personal information through our contact forms is not a statutory or contractual requirement; however, please note that the fields marked with an asterisk (*) are mandatory fields because we need this information to comply with or respond to your request. Other data or personal information you provide when filling in our contact forms are up to you. If you contact us, we will keep track of that correspondence.
Using your information in the ways described above is permitted by the applicable data protection law, as it is:
- Required for our legitimate interests in pursuing the goals outlined above, and your privacy interests do not prevail over them in any of the cases;
- Required in some cases to fulfill our legal or regulatory responsibilities, such as exposing the information to authorities, or to governmental or regulatory institutions;
- Required in some cases to fulfill an assignment for the public interest, and when using special categories of personal information, their usage is necessary for establishing, exercising or defending the rights in the courtroom or where the processing of data relates to information publicly owned;
- In conditioned circumstances, processed with your recurrent consent, like when you choose to receive marketing information and news via e-mail.
We do not make decisions by default based on the automated data processing, such as creating profiles that produce legal effects for you or which significantly affect you in a similar way.
We will keep your data for as long as it is necessary to achieve the purposes mentioned above or for as long as it’s required by the law, but for no longer than 12 months from your last interaction with us. Your personal data will then be deleted.
The storage length of time for your personal information depends on the purpose of processing the data and the way in which that personal information is processed. The various storage periods of retaining the information cannot be highlighted in a reasonably understandable format within this Policy. The criteria used to determine the applicable storage period is that we retain the personal data set out in this policy for as long as (i) it is necessary to achieve that purpose, (ii) it is necessary to develop a business relationship with you, (iii) you have consented and / or (iv) is required by applicable law regarding the data retention.
We use your personal information to send you marketing materials directly by e-mail when you choose this option.
We will send you marketing information by e-mail only if you have agreed to this when filling in the relevant contact form.
We will put at your disposal a checkbox on the forms used to collect your personal information regarding the way for receiving marketing information and if you agree to it, you must click the checkbox. If we send you marketing information by e-mail, you can opt-out of receiving any additional information by clicking on the “unsubscribe” or “stop” checkbox in your email. You may also exercise the right to cancel such communications any time by contacting us at GDPR@gepperi.com and providing the following information: your name, e-mail address, telephone number, marketing communications upon receipt of which you want to quit.
WHAT IS THE LEGAL THRESHOLD FOR PROCESSING DATA?
The legal basis regarding the data you voluntarily provide by completing and submitting the relevant form or by contacting us in any way is provided in art. 6 par. (1) lit. b of Regulation (EU) 679/2016), respectively “to intercede at the request of the person concerned before expiring the contract”.
According to the current legislation and the GDPR (applicable from May 25, 2018), your consent is not necessary if the data processing is required to complete a contract, fulfilling a legal obligation or legitimate interest.
WHO HAVE ACCESS TO YOUR PERSONAL DATA? HOW ARE YOUR DATA PROTECTED?
We do not communicate, sell, or give your data to third parties for marketing purposes. To streamline the use of your information and to provide you with content and / or resources, we may divulge your information to third parties. However, disclosure will only occur in one of the following situations:
To suppliers, contractors and agents: We can periodically engage or hire other companies and individuals to perform functions on our behalf. These entities are carefully selected to ensure that they meet the specific privacy protection requirements. These entities have limited power to use your information for any other purposes than offering us their services;
Examples include hosting and /or preserving the website’s content or providing certain features within the site, providing marketing services. These suppliers from Romania. These consignees will comply to their contractual confidentiality obligations and will only have access to your requested personal data to perform their functions.
If we use a supplier, a contractor or a third party, your personal information remains under our control.
To Gepperi Call Center SRL. (an authorized company as Temporary Worker, Gepperi Entity), including its suppliers, contractors and agents, who may be involved with the purpose to serve your best interests or simply so that we can respond to your requests (e.g. when using contact forms).
Courts, prosecutors or other public authorities to comply with the law or as a response to a mandatory legal procedure (such as a search warrant or court order), if we determine, free of choice, that it is our legal duty to do it.
We strive to take all necessary steps to ensure that your personal information is safely used and according to this Policy.
DO WE TRANSFER DATA TO THIRD COUNTRIES?
We do not currently transfer your data to countries outside the European Union. If we will change the policy, we will inform you accordingly, we will provide you the related warranties and we will ask for your consent.
SECURITY OF DATA
We have taken technical and organizational measures to protect your data against unauthorized access, manipulation or loss.
While we will do our best to protect your personal data, you must be aware of the fact that transmitting information through the Internet is not completely secure and that we can’t guarantee the safety of your personal data transmitted to the Site or to any third party; for this reason, transmitting any information is at your own risk.
We use strict operational procedures and we took appropriate technical and organizational security measures to prevent unauthorized access, modification, deletion or unauthorized disclosure of such personal information. We continuously adapt our security measures according to technological progress and developments.
WHAT ARE YOUR RIGHTS?
You have the right to request information about the personal data we hold about you. If your data is incorrect, incomplete or irrelevant, you may request that this information to be corrected or removed. We cannot remove your data when there is a legal requirement to keep it or when there are other legal grounds for storing the data.
You may withdraw your given consent for using your data in marketing purposes at any time. You can contact us by email at GDPR@gepperi.com.
Right of withdrawing consent;
To the extent that processing of your personal data is based on having your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the legality of any processing performed on the ground of the consent granted prior to the receipt of the respective withdrawal.
If processing is based on consent, you may withdraw your consent at any time, free of charge, by sending an email to GDPR@gepperi.com with the subject of “Withdrawal of Consent”.
The right to lodge a complaint to a supervisory authority;
You can also file a complaint about processing your personal data to a local data protection authority.
In the unlikely event when customers have suffered damages due to the violation of personal data protection rights and if we did not deal with the complaint properly, there is the possibility of submitting a complaint to the superior authority, such as the National Authority for the Supervision of Personal Data Processing.
The right to appeal to justice;
The right of access;
You have the right to obtain from us a confirmation that your personal data are processed or not, and, if so, you may have access to your personal data and to certain information about the way they are being processed . In some cases, you can appeal to us for an electronic copy of your information.
The right to rectification;
If you can prove that the personal data we hold about you is not correct, you may request this information to be updated or corrected. You have the right to get from us, without undue delay, the rectification of inaccurate personal data that concerns you. Taking into consideration the purposes for which data was processed, you have the right to fill in the incomplete personal data, including by giving a supplementary statement.
The right to delete data (“the right to be forgotten”);
Under certain circumstances, you have the right to delete your personal data. You may make such a request any time and Valoris will assess your claim, but this right is subject to any legal rights or obligations that may require to retain the data. For situations where, according to the law, we determine that your request to delete your personal information must be respected, Valoris will do so without undue delay.
Where (1) the data are no longer necessary for the fulfillment of the purposes, (2) the consent has been withdrawn and there is no other legal basis for the processing, (3) you oppose to the processing of data, and there are no legitimate reasons to prevail processing or (4) personal data have been processed unlawfully, you have the right to obtain the deletion of the data that concerns you without undue delay.
The right to restrict the processing;
You have the right to obtain from us restriction of processing the data if one of the following cases applies:
(a) you contest the data’s accuracy for a period that allows us to verify it;
(b) the processing is illegal, and you will oppose the deletion of your personal data, requesting instead the restriction of their use;
(c) we no longer need personal data for processing, but you ask us to find, exercise or defend a right in court;
(d) You have opposed to the processing under Article 21 (1) of the GDPR regarding the length of time that it is necessary to verify whether our legitimate rights overweigh your rights.
The right to data portability
You have the right to receive the personal data that concerns you and which you provided to us in a structured, commonly used and readable form, and you are entitled to transmit this data to another operator without any obstacles from our part, where:
(a) processing is based on consent under Article 6 (1) (a) or Article 9 (2) (a) of the GDPR or on a contract made by respecting Article 6 (1) (b) of GDPR; and
(b) processing is carried out by automatic means.
The right of not being the subject of a decision based solely on automatic processing, including profile creation, which produces legal effects that concern you or affect you to a similar extent to a significant extent.
You do not have this right if the decision:
(a) is required for closing a contract between you and a data controller;
(b) is authorized by Union law or the national law applicable to the controller and which also stipulates for appropriate measures to protect the legitimate rights, freedoms and interests of the data subject; or
(c) is based on your explicit consent.
In order to exercise your rights, you can contact us to the following address: GDPR@gepperi.com.
PLEASE NOTE THE FOLLOWING:
Period of time: We’ll try to respond to your requests within 30 days. However, the term may be extended for specific reasons related to the specific legal law or to the complexity of your application.
Access restriction: In some situations, we may not be able to provide you with access to all or some of your personal information due to legal provisions. If we refuse your access request, we will inform you of the reason for your refusal.
Failure to identify you
In some cases, we may not be able to search for your personal data because of the identifiers provided in your request. An example of personal data that we cannot see when you provide us with your name and email address are data collected through browser cookies.
In such cases, if we cannot identify you as a person, we are unable to comply with your request, unless you provide additional identification information.
QUESTIONS AND REQUESTS / HOW TO EXERCISE RIGHTS
If you have any questions or concerns regarding the processing of your data or you wish to exercise your legal rights regarding your data, or if you are concerned about the way we manage any privacy issues, you can write to us at the e-mail: GDPR@gepperi.com.