This Confidentiality Policy defines how we, Standard Studio, collect, store and use your personal data when you access or interact with our websites www.standardstudio.ro and www.standardacasa.ro and where we obtain or collect the data. This Confidentiality Policy is applicable from 25.05.2018.
Content
SUMMARY
This section summarizes how we collect, store and use your data. This summary is intended only to provide an overview of our confidentiality policy. This section is not a complete description and it is necessary to read the additional chapters in this document for additions.
The new European Union law on personal data protection, GDPR (“General Data Protection Regulation”) entered into force on 25 May 2016, but will start to take effect on 25 May 2018.
The protection of your personal data is important to us, therefore, we pay special attention to the privacy protection of visitors who access the sites www.standardstudio.ro and www.standardacasa.ro, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”).
Please pay special attention to the reading of this Confidentiality Policy, in order to understand how your information will be treated ("personal data").
The Confidentiality Policy explains the practices of Standard Studio, regarding the application of GDPR provisions, as well as the rights you enjoy regarding the way your information is collected, processed and stored, through the site and offline interaction with our employees.
The processing of personal data performed by Standard Studio will always be performed in accordance with the provisions of the GDPR, as well as with the regulations on the protection of personal data, specific to each country in which Standard Studio operates.
What is personal data?
"Personal data" means any information or information that can identify you directly (for example, your name) or indirectly (for example, through pseudonymous data such as a unique identification number). This means that personal data includes things like email address, home address, mobile phone, username, profile pictures, personal preferences and shopping habits, user-generated content, financial information, and financial statement information. It may also include unique numeric identifiers, such as the IP address of your computer or the MAC address of your mobile device, as well as cookies.
Sensitive personal data
"Sensitive personal data" means information about an individual that discloses racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a trade union, genetic information, biometric information for the purpose of uniquely identifying an individual, health information or information on the sexual life or sexual orientation of an individual.
We do not knowingly or intentionally collect sensitive personal information from individuals and you must not send us sensitive personal information.
However, if you intentionally provide us with sensitive personal information, you will be deemed to have given us explicit consent to the processing of sensitive personal information in accordance with Article 9 (2) (a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purpose of deleting it.
What does personal data processing mean?
"Processing" means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.
Data operator: Standard Studio Data processing principles
Standard Studio undertakes to comply with the principles of personal data protection (hereinafter referred to as the “Principles”) provided by the GDPR, in order to ensure that all data is:
How we collect or obtain information about you:
When you provide the respective data (for example, by contacting us, filling in the contact form on www.standardstudio.ro or www.standardacasa.ro, through the chat on the sites, on social networks)
When you access our site, some data is collected through cookies.
What information we collect:
name, surname, telephone number, email address, information from cookies (type of device used, web browser, how you accessed our site (what pages you accessed), the geographical location from which you have accessed our website (based on IP address).
How we use your data:
for business and administrative purposes, in particular to contact you and to process the orders you place on our site, to improve the user experience, to create advertising campaigns based on your interest by you to certain sections of our site, for interview scheduling. The email address provided in the application form can be used to send you a newsletter with relevant information.
Disclosure of user data to third parties:
If you consent to the creation of the model account, your data is provided to third parties, in order to register in the Streamate network. The personal data entered on the fiscal documents are processed by third parties (accounting firm) in order to fulfill the legal fiscal obligations.
Are user data sold to third parties?
(in cases other than the sale or purchase of the business / company): No.
How long your information is stored:
no longer than necessary, depending on our legal obligations (for instance, to maintain accounting records), for up to 5 years.
How your data is secured:
by using technical and organizational solutions such as: using SSL technology on our website, storing your data in the cloud (secure servers, within the European Union or in appropriate states), limiting access to data Your access to virtual storage systems is made only on the basis of user and password, and employees who process your personal data do not have access to download the database, access to the physical archive is made only in the presence of an authorized person within the company ). Your data is not stored on hardware in the company (eg computers, USB sticks, external hard drives).
Use of cookies:
our website uses essential, functional, analytical cookies (Google Analytics) and targeting and margeting cookies (Google Adwords, Facebook Pixel). For more information, please access our cookies policy.
Transfer of your personal data outside the European Economic Area:
we will transfer your personal data outside the European Economic Area only if we are obliged to do so. The refusal of this transfer from you makes it impossible to process in view of starting the model activity.
Use of automated decision-making and profiling processes:
we use automated processes to use the data collected for marketing purposes: data collected through Google Adwords and Facebook Pixel cookies, to deliver advertising in the form of banners, on various partner sites, based on information such as visiting certain pages on our website and your actions on those pages (for example, clicks on certain buttons).
Your rights in relation to your personal data
Sensitive personal information:
we do not collect what is commonly referred to as "sensitive personal data". For more information, see the main section entitled "Sensitive Personal Information"
DETAILS OF OUR COMPANY
The data operator of our website is: Standard Studio, residing in Bucharest, Bdul Magheru 11, 5th floor, district 1, registered with the Trade Registry no. J40/12601/2010, unique registration number 27841587.
You may contact the data operator by writing an email: gdpr@standardstudio.ro
You may contact the personal data officer by email on gdpr@standardstudio.ro
For queries on this confidentiality policy, please contact the data operator.
WHAT INFORMATION WE COLLECT WHEN YOU ARE ACCESSING YOUR WEBSITE
We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.
Web server log information
We use a third party server to host our website. The server records all the IPs that access it in the access log. This server is located in Romania. For security reasons, we cannot make public under this Policy the partner that offers the hosting services.
Use of information from website server logs for IT security purposes
We do not access our server log data, and the host collects and stores server logs to ensure the security of the IT network. This includes analyzing log files to help identify and prevent unauthorized access to our network, distributing malicious code, predicting DDOS attacks and other cyber-attacks by detecting unusual or suspicious activity.
Processing legal ground:
The observance of the legal provisions which we are submitted to (article 6 para. (1) letter (c) of the Data Protection General Regulation)
Legal obligation:
Registering access to our website using server log files is a technical measure to ensure an adequate level of security to protect the information collected from our website in accordance with Article 32 (1). of the General Data Protection Regulation.
We use the information collected from our server log to analyze how users of our site interact with our website and its features. For example, we analyze the number of unique visits and visitors we receive, the time and date of the visit, the location of the visit and the operating system, the browser used and the type of device used.
We use the information collected from the analysis of this information to improve our website. For example, we use the information we collect to change the information, content and structure of our website and individual pages, depending on what attracts the most users and the length of time spent on certain pages on our website.
Legitimate interest:
improving our site for our site users and knowing the preferences of website users so that our site can better meet their needs and desires.
Cookies
Cookies are data files that are sent from a website to a browser to record information about users for various purposes.
We use cookies on our website, including essential, functional, analytical and targeting cookies. For more information about the use of cookies, see our cookie policy.
You can reject some or all of the cookies we use on our website by changing your browser settings, but by rejecting them you can affect the operation of the website or some features of the website. For more information about cookies, including changing your browser settings, visit www.allaboutcookies.org or see our cookies policy.
THE INFORMATION WE ARE COLLECTING WHEN YOU ARE CONTACTING US
We collect and use information from people who contact us in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.
E-mail
When you send a message to the email addresses displayed on our site, we collect your email address and any other information you provide in that email (such as your name, your email number). phone and the information contained in any signature block in the email).
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest:
To answer the questions and messages we receive and to keep track of correspondence. Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
The reason why it is necessary to perform a contract: if your message is about providing services or taking action at your request before we provide you with our services (for example, providing information about such services) we will process your information to do so).
Transferring and storing your information
We do not use a third-party email provider to store the emails you send us. The emails you send us will be stored on our servers which are protected by HTTPS encryption (also known as SSL or TSL). The servers are located in states of the European Economic Area or in appropriate states (ex USA).
Contact form
When you contact us using the contact form we collect name, e-mail address, telephone. We also collect any other information you provide to us when you complete the form (for example, the names of other people for processing the booking).
If you do not provide the required information required by the contact form, you will not be able to send the contact form and we will not receive your request. Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest:
to answer the questions and messages we receive and to keep track of correspondence.
For more information on precautions taken when transferring your data outside the European Economic Area, see the section on this confidentiality policy below entitled Transferring Your Data Outside the European Economic Area.
Phone
When you contact us by phone, we collect your phone number and any information you provide to us during the conversation with us. We record phone calls.
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest: to answer the questions and messages we receive and to schedule interviews, if you provide us with the necessary data for an appointment (name, phone number) by phone.
Your information transfer and storage
Information about your call, such as your phone number and the date and time of your call, is processed by our telephone service provider Orange SA. Its confidentiality policy is available here: https://www.orange.ro/termeni-si-conditii/
Post
If you contact us by mail, we will collect all information you provide to us in any postal communications you send us.
Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)
Legitimate interest:
to answer the questions and messages we receive and to keep track of correspondence.
Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
The reason why it is necessary to perform a contract:
if your message is about providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so).
THE INFORMATION WE ARE COLLECTING WHEN YOU ARE INTERACTING WITH OUR WEBSITE
We collect and use data from people who interact with certain features of our website, in accordance with this section and the section entitled Disclosure and Additional Use of Your Information.
E-Newsletter
When you subscribe to our newsletter, on our website, enter your email address and check the box confirming that you want to receive our newsletters, we collect your email address.
Legal basis for processing:
your consent (Article 6 (1) (a) of the General Data Protection Regulation).
Consent: you give your consent to receive our e-newsletter by subscribing to receive it, using the steps described above. Transfer and store your data
We do not use a service provided by a third party to send our e-newsletter and manage our email list.
The information you send to subscribe to our newsletter will be stored in the European Economic Area on our provider's servers.
Information collected or obtained from third parties
This section defines the manner in which we obtain or collect information about you by means of third parties.
Information received from third parties
In general, we do not receive information about you from third parties.
The information we obtain from third parties will generally be your name and details in the identity document (identity card, passport), but will include any additional information about you that you provide to us.
Legal basis for the processing:
it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).
Why it is required to perform a contract:
If a third party has provided information about you (such as your name and email address) to provide you with services, we will process your information to take measures at your request to enter into a contract with us (as applicable).
Legal basis for processing:
consent (Article 6 (1) (a) of the General Data Protection Regulation). Consent: If you have requested that a third party disclose information about you to us and the purpose of disclosing that information is unrelated to our performance of a contract or service to you, we will process your information based on consent, which you give by requesting the third party concerned to forward your information to us.
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interests:
if a third party has disclosed information about you to us and you have not given your consent in exchange for that information, we will have a legitimate interest in processing that information in certain circumstances.
For example, we will have a legitimate interest in the processing of your information to fulfill our obligations under the subcontract with the third party, if the third party has the main contract with you. Our legitimate interest is the fulfillment of our obligations under our subcontract.
Similarly, third parties may pass on information about you to us if you have violated or could violate any of our legal rights. In this case, we will have a legitimate interest in processing this information to investigate and prosecute any such potential breach.
If we receive information about you by mistake
If we mistakenly receive information about you from a third party and / or do not have a legal basis for the processing of this information, we will delete your information.
Use of automatic decision-making mechanisms
We use automated decision-making mechanisms on our website. We do not believe that this has a legal effect on you or affects you in a similar way.
You may object to our use of the automated decision-making and profiling mechanisms described in this section. You can do this by waiving cookies and similar technologies, in accordance with the method described in the relevant section of this confidentiality policy. If you do not want us to process your real IP address (usually the IP address assigned by your Internet Service Provider) when you visit our site, you can use a virtual private network (VPN) or a free service, such as Tor.
You can learn more about the use of cookies and similar technologies (including the legal basis for their use) and how to opt out of them in your cookie policy.
USE OF DECISION-MAKING AND PROFILING AUTOMATIC SYSTEMS
Automatic decision-making mechanisms are those decision-making mechanisms by technological means (through a machine) without human involvement.
Use of automatic decision-making mechanisms for advertising
We automate the display of ads containing our products and services on other websites that you visit by using cookies. For more information about the types of cookies we use, see our cookie policy.
Logic involved:
Automatically displaying ads to people who have visited our site increases the efficiency of advertising, because the user is delivered ads based on their preferences and can help them find the product / service he is interested in faster.
Significance and Expected Consequences:
Cookies will be used to acknowledge that you have visited our site to display your ads (unless you have blocked such cookies) and will collect information about your online behavior.
How you can oppose:
you can block these types of cookies by blocking third-party cookies using your browser settings or by installing Opt-out applications in your browser, from third parties that offer such solutions. For more information, see our cookie policy
Using profiling to analyze online behavior
Our online behavior analysis service uses information such as your location (based on your IP address) and your behavior (based on cookies) when you visit the website (such as the pages you use). access what you click on). We will only process information from cookies if you have given your consent to the storage of cookies on your computer in accordance with our cookie policy. The information collected about you, once collected, is anonymous and stored in an aggregate database, for specified periods of time, as stated on the link provided.
Logic involved:
by automatically analyzing and classifying information, such as location (based on IP address), and visitor behavior and devices on our website (using cookies), we can better understand what visitors want our website (in terms of our website content and our products), how to improve our website and how to advertise and market our services.
Significance and Expected Consequences:
Cookies will be used to track and store information about your behavior and device on our website (unless you have declined to receive these cookies through the methods set forth in our Confidentiality Policy). use of cookies The location will be analyzed based on your IP address We may target advertisements based on the level of interest we receive from certain visitors and their behavior on our website.
YOUR DATA DISCLOSURE AND ADDITIONAL USES
This section sets out the circumstances in which we will disclose your data to third parties and any other additional purposes for which we use your data.
Disclosing your information to service providers
We use a number of third parties to provide us with services that are necessary to run our business or to help us run our business and that process your information for us on our behalf. These include the following:
Your information will be shared with these service providers, where necessary to provide you with the service you have requested, whether this request is for accessing our site or ordering services from us.
We do not publicly disclose the identities of all our service providers for security and competitiveness reasons. If you still want additional information about the identity of the service providers, please contact us directly via our contact form or by e-mail and we will provide you with such information if you have a legitimate reason to request it).
Legal basis for processing:
legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest based on:
if we share your information with these third parties in a context other than where it is necessary to perform a contract (or following your request to do so), we will share it with you. information with such third parties to enable us to conduct and effectively manage our business.
Accountants
We share information with our accountants for tax purposes, for reporting to ANAF.
Business partners
Business partners are the companies we work with that allow us to provide services that we cannot provide on our own. We share information with our business partners in case you have requested services that they provide (training services in video chat activities or any other service that is the subject of our activity).
Disclosure and use of your information for legal reasons
Indication of possible criminal acts or threats to public safety to a competent authority
If we suspect that criminal or potential behavior has taken place, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect that a fraud or cybercrime has been committed or if we receive malicious threats or communications to us or to third parties.
In general, we will only need to process your information for this purpose, if you have been involved or affected by such an incident in one way or another.
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest:
prevention of crime or suspected criminal activity (such as fraud).
In connection with the application or potential application of our legal rights.
We will use your information in connection with the implementation or potential enforcement of our legal rights, including, for example, the exchange of information with debt collection agencies, if you do not pay the amounts due when you are contractually obliged to do so. Our legal rights can be contractual (if we have entered into a contract with you) or non-contractual (such as the legal rights we have under copyright or tort law).
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest: to impose our legal rights and take measures to ensure our legal rights.
In connection with a legal or potential legal dispute or procedure We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court decision or a similar process.
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest:
settlement of disputes and possible disputes.
For continuous compliance with laws, regulations and other legal requirements
We will use and process your information to comply with our legal obligations. For example, we may need to disclose your information based on a court order or subpoena if we receive one.
Legal basis for processing:
compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation.
Legal obligation:
legal obligations to disclose information that is part of Romanian law or if it has been integrated into Romania's legal framework (for example in the form of an international agreement that Romania has signed).
Legal basis for processing:
our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest:
if the legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.
YOUR DATA STORAGE TIME
This section sets how long we keep our data collected. We have set specific retention periods where possible. If this was not possible, we established the criteria we use to determine the retention period.
Server logs:
we keep information on the server logs for a period of 5 years
Information about the services provided:
when you place a firm order for services, we keep this information for 5 years from the end of the financial year in which you placed the order, in accordance with our legal obligation to keep records for tax purposes.
Correspondence:
when you make a request or contact us for any reason, by email, we will keep your information for 1825 days, and the information sent through the contact forms on the site will be kept for 60 months, after which they will be anonymized.
E-Newsletter:
We retain the information you used to subscribe to our e-newsletter as long as you remain a subscriber (as long as you do not unsubscribe) or if we decide to cancel our newsletter service, whichever comes first.
Criteria for establishing retention periods
In any other circumstances, we will keep your information only for as long as necessary, taking into account the following:
YOUR INFORMATION SECURING
Standard Studio has adopted technical and organizational data processing measures, updated in accordance with GDPR requirements, in order to protect your personal data against any actions of unauthorized access, misuse or disclosure, unauthorized modification, destruction or accidental loss. All employees and collaborators of Standard Studio, as well as any third parties acting in the name and on behalf of Standard Studio are obliged to respect the confidentiality of your information and the requirements of GDPR, in accordance with the provisions of this Policy.
We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:
Sending information to us by e-mail
The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by e-mail, through our website or by any other means), you do so entirely at your own risk.
We cannot be liable for any expenses, loss of profits, damage to reputation, damages, debts or any other form of loss or damage suffered by you as a result of your decision to provide us with information by such means.
YOUR DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC ZONE
Your information will only be transferred and stored outside the European Economic Area (EEA) under the conditions set out below. We will also transfer your information outside the EEA or to an international organization in order to comply with our legal obligations (for example, compliance with a court order). If we are obliged to do so, we will ensure that there are adequate protection measures in place and that protection is in place.
Contact form and Email
The information you send us via our contact form will not be transferred outside the EEA.
Reservations:
Your personal data may be sent to Streamate.com, outside the European Economic Area, if the realization of the object of the contract requires this. In this case, we will rely on an ad hoc contract, which ensures that the respective provider ensures the protection of your data.
YOUR RIGHTS ON YOUR PERSONAL DATA
Subject to certain restrictions on certain rights, you have the following rights in connection with your data which you may exercise by writing to the e-mail address gdpr@standardstudio.ro
Verify your identity if you request access to your information
If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity
fraud, identity theft or unauthorized general access to your information.
How we check your identity
If we have adequate information about you in the file, we will try to verify your identity using this information.
If we are unable to identify you based on this information, or if we do not have sufficient information about you, we may request copies or certificates of documents to verify your identity before we can give you access to your data.
We will be able to confirm the exact information we need to verify your identity in your specific circumstances if and when you make such a request.
Your right to object to the processing of data for certain purposes
You have the following rights regarding your data that you can exercise by writing to gdpr@standardstudio.ro
object to our use or processing of information to perform a task in the public interest or in our legitimate interest, including "profiling" (analyzing or predicting your behavior based on your information); and
object to the use or processing of your data for direct marketing purposes (including any profile we involve in connection with this direct marketing).
You may also exercise your right to object to the use or processing of your data for direct marketing purposes: by clicking on the unsubscribe link at the bottom of any marketing email we send you and following the instructions that appear in your browser after you click that link.
For more information about how you may object to the use of data collected through cookies and similar technologies, please see the section entitled "How cookies are accepted or rejected" in our cookie policy.
CHANGES OF OUR CONFIDENTIALITY POLICY
We regularly update and change our confidentiality policy.
Minor changes to our confidentiality policy
If we make minor changes to our confidentiality policy, we will update the Confidentiality Policy with a new effective date mentioned at the beginning. The processing of your information will be governed by the practices set out in the new version of the Confidentiality Policy from its effective date.
Major changes to our confidentiality policy or the purposes for which we process your information.
If we make major changes to our confidentiality policy or we intend to use your data for a new or different purpose from the purposes for which we originally collected it, we will notify you by email (if possible). or by posting an ad on our website.
We will provide you with information about the change in question and the purpose and any other relevant information before we use your information for the new purpose.
Whenever necessary, we will obtain your prior consent before using your information for a purpose other than for the purposes for which we originally collected it.
CONFIDENTIALITY OF MINOR CHILDREN
Because we care about the safety and confidentiality of children online, we do not knowingly contact or collect information from people under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18. Sending a request for offer / reservation from our site will not involve financial, and the conclusion of a tourist services contract can be made only by an adult.
Relationships with other operators
Depending on the context, we may find ourselves in an absolute need to provide information at a higher level, both globally and internally or externally, to our partners and to those with whom we transfer data in accordance with the above Regulation. mentioned, by virtue of ensuring the provision of the most professional services possible. The information controlled by Standard Studio may be transferred, transmitted or stored and processed in the EU or in countries other than the country where you live, for the purposes described in this policy. These data transfers are necessary in order to be able to provide services at the highest level, as well as to continue to provide you with our materials at the best professional level. We use standard contractual clauses approved by the European Commission and rely on the appropriateness decisions issued by the European Commission in respect of certain countries, as appropriate, regarding the transfer of data from the EEA to the United States and other countries.
COPYRIGHTS
Standard Studio owns copyright or use for the content of the sites www.standardstudio.ro, www.standardacasa.ro, including, but not limited to logos, stylized representations, commercial symbols, static images, dynamic images, text and / or multimedia content. The customer / buyer is not allowed to copy, distribute, publish, transfer to third parties, modify and / or alter, use any content in any context other than the original intended by Standard Studio
Version updated on 24.05.2018