terms-and-conditions

TERMS AND CONDITIONS
www.trencadis.ro

BEFORE USING THIS SITE, PLEASE READ THIS AGREEMENT CAREFULLY.
Access and use of this Site is only permitted in accordance with the Terms and Conditions below and the applicable legislation.
If you do not agree to the terms and conditions set forth in this document or the Personal Data Security Policies, do not access or use this SITE and the services provided through it. For the use of this Site, it is necessary to read and accept these terms and conditions in full.
By continuing to access this SITE and the services provided within it, you agree to the terms and conditions detailed below.
Please note that this site is intended to PROMOTE custom software development services.
This site is under control and is operated by:
TRENCADIS CORP S.R.L.
Reg. Com: J24 /31 /2007
CUI: RO20415754
Adresa: Str. Margeanului, nr. 3D, Baia Mare, Jud. Maramures

Terms and conditions may be changed by Trencadis at any time. Verify these terms and conditions from time to time to take into account the changes we make as they are legally binding for you. Some of the provisions contained in these Terms and Conditions may also be replaced by provisions or advertisements published elsewhere on our site.

You may not copy, reproduce, republish, download, post, broadcast, transmit, make available to the public, or otherwise use the content of www.trencadis.ro in any way unless you have prior written permission from Trencadis. You may download items, for example white papers, that are intended for this use but you may only print one copy for reference purposes.

Trencadis will not be responsible for any loss or damage of any kind whether direct or indirect resulting from the use of this website.

Any links to external websites should not be taken as an endorsement of that site and Trencadis accepts no responsibility for the content of any external websites.
Data Privacy Notice
DATA CONTROLLER
The data controller responsible in respect of the information processed on this website is Trencadis Corp SRL, a company registered in Romania.
WHAT WE NEED AND THE LEGAL BASIS
Our Personal Data Protection Policy governs the use and storage of your personal data. You may check our Policy below.
Trencadis Corp is a Controller of the personal data that you provide to us by using this website. Here are the types of personal data that you share with us:
● Name and Surname
● E-mail
● Phone no
Any processing of your personal data for the below mentioned purposes is based on your implicit consent, when accessing our website, trencadis.ro hereinafter the “Website”.

We also use Google Analytics to analyse the use of this website, including information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation). Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html.

COOKIES
This website uses "cookies". A cookie is a small text file stored on your computer, tablet, or phone when you open a website that helps the website recognize you, including your preferences. Some cookies are deleted when you close your browser. These are called session cookies. Others stay on your device until they expire or until you delete them from your cache. These are called persistent cookies, which allow us to keep track of recurring visitors. The cookies we use allow us to recognize and count visitors, and see where visitors go to the site. Thus, we can improve site performance, for example by organizing them so that users find what they're looking for. Our cookies also allow us to personalize your content, according to your preferences.

We use session cookies for the following purposes:
● Navigate through different pages of the website without entering information again.
● Accessing saved information after registration.
● Building anonymous and aggregated statistics, which helps us understand how the website is used by users and helps us improve the website structure.

We use persistent cookies for the following purposes:
● Recognize unique visitors when they return to the website, and customize content according to your interests.
● Building anonymous and aggregated statistics, which helps us understand how the website is used by users and helps us improve the website structure.
● Your internal identification through account name, email address, client ID and location (geographic and IP address).
● Customize your content according to your interests

The website may use cookies of third parties. These cookies, called Third-Party Cookies, are used for the following purposes:
● Provide content on the website and record and track if users click on that content.
● Control how often a certain content is shown to you.
● Count the number of anonymous users on the site for use analysis.

Keep in mind that you can set up your browser to notify you when you receive a cookie. So you can accept or deny them. You can also set up your browser to block any cookies. In that case, the use or use of sites or services may be limited.
WHY WE NEED IT
We need your personal data in order to provide you with the following services:
● Name and Surname: this information allows us to communicate with you in a more personal way;
● E-mail: this information allows us to send you the requested information through our contact form or to provide you with the newsletter you subscribed to;
● Phone number: this information allows us to contact you if you have requested this via the contact form or if this is required for the effective communication of the information requested through the contact form.;
The collection of your personal data is strictly limited to what is necessary for the purposes outlined above.
WHAT WE DO WITH IT
Your personal data is shared by TRENCADIS CORP with our employees, collaborators, third-party service providers who help us operate or improve our Website and with national or European authorities to comply with legal obligations and to protect and defend our rights and property.
We do not transmit personal information to any other third parties (except in circumstances when this is necessary for our legitimate professional and commercial needs in order to meet your requests and/ or if required or permitted by law or professional standards). You will be notified if TRENCADIS CORP decides to future transfer your personal data to any other third parties (whether private individual or legal entity, public authority or any other entity) except in the cases mentioned above or when such transfer or disclosure is expressly provided for by European Union law or by national law.
HOW LONG WE KEEP IT
The processing of the data provided through the contact form on the website is done for the period necessary to fulfill the purpose for which they were provided. The processing of the data provided by our clients for the purpose of developing a contractual relationship will be made in accordance with the contractual provisions. Once the processing is over, your data will be deleted or converted to anonymous data to be used for statistical purposes only.
WHAT ARE YOUR RIGHTS?
● The right to be informed about the data processed through the website
● Right of access to personal data
● Right to rectification
● Right to delete data ("the right to be forgotten")
● The right to restrict processing if personal data is inaccurate;
● Right to data portability
● Right to withdrawal the consent
● The right to file a complaint
● Right to Compensation
If you wish to contact us for more details about how we have handled your personal data or to exercise your rights in accordance with the European Union law or with the national law, please contact us at office@trencadis.ro or at Margeanului Street no. 3D, Baia Mare, Maramures County.
If you still feel that your personal data has not been handled appropriately and/or according to the law, you can contact the Romanian Data Protection Authority at www.dataprotection.ro or at 28-30 G-ral. Gheorghe Magheru Boulevard, District 1 Bucharest, Romania.
___

Data Privacy Policy (the “Policy”)

INTRODUCTION
This Data Privacy Policy (hereinafter referred to as "Policy") defines the processing and protection procedure of personal data in Trencadis Corp SRL, a limited liability company organized and operating in accordance with the provisions of Romania, with headquartered in Romania, Baia Mare, Margeanului Street, no.3D, Maramures County, registered with the Trade Registry under no. J24 / 31/2007, CUI RO20415754 (hereinafter referred to as „the Company” or „The Controller”) and sets out the procedures to prevent any applicable law violations of personal data. This Policy sets forth the basic principles by which the Company processes the personal data of website visitors, customers, suppliers, business partners, employees and other individuals, and indicates the responsibilities of its business departments and employees while processing personal data.

This Policy has been developed in accordance with the laws of Romania and the European Union, in particular with the following:
- General Data Protection Regulation (RGPD) adopted by the European Parliament and the European Council on 27 April 2016
- Any other local law on the protection of personal data that applies in Romania.
DEFINITIONS
The following definitions of terms used in this Policy are drawn from Article 4 of the GDPR:
● Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject“) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
● Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
● Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
● Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.
● Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
● Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified.
● Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
● Cross-border processing of personal data Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State;
● Supervisory Authority An independent public authority which is established by a Member State pursuant to Article 51 of the GDPR;
● Lead supervisory authority The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the GDPR;
● Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers includes conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means.
● “Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
● “Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
● Group Undertaking Any holding company together with its subsidiary.
BASIC PRINCIPLES REGARDING PERSONAL DATA PROCESSING
The data protection principles outline the basic responsibilities for organisations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
● Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
● Purpose limitation: Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
● Data minimization: Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The Company must apply anonymization or pseudonymization to personal data if possible to reduce the risks to the data subjects concerned.
● Accuracy: Personal data must be accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
● Storage period limitation: Personal data must be kept for no longer than is necessary for the purposes for which the personal data are processed.
● Integrity and confidentiality: Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company must use appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure. Appropriate technical or organisational measures are to be taken in order to comply with this requirement: such data security measures can include the use of encryption and authentication and authorisation mechanisms.
● Accountability: Data Controllers must be responsible for and be able to demonstrate compliance with the principles outlined above.
BUILDING DATA PROTECTION IN BUSINESS ACTIVITIES
In order to demonstrate compliance with the principles of data protection, an organisation should build data protection into its business activities.

Collection
The Company must strive to collect the least amount of personal data possible. If personal data is collected from a third party, The Company must ensure that the personal data is collected lawfully.

Use, retention, and disposal
The purposes, methods, storage limitation and retention period of personal data must be consistent with the information contained in the Data Privacy Notice. The Company must maintain the accuracy, integrity, confidentiality and relevance of personal data based on the processing purpose. Adequate security mechanisms designed to protect personal data must be used to prevent personal data from being stolen, misused, or abused, and prevent personal data breaches.

Disclosure to third parties
Whenever the Company uses a third-party supplier or business partner to process personal data on its behalf, The Company must ensure that this processor will provide security measures to safeguard personal data that are appropriate to the associated risks.
The Company must contractually require the supplier or business partner to provide the same level of data protection. The supplier or business partner must only process personal data to carry out its contractual obligations towards the Company or upon the instructions of the Company and not for any other purposes. When the Company processes personal data jointly with an independent third party, the Company must explicitly specify its respective responsibilities of and the third party in the relevant contract or any other legal binding document.

Cross-border transfer of personal data
Before transferring personal data out of the European Economic Area (EEA) adequate safeguards must be used including the signing of a Data Transfer Agreement, as required by the European Union and, if required, authorization from the relevant Data Protection Authority must be obtained. The entity receiving the personal data must comply with the principles of personal data processing.

Rights of access by data subjects
When acting as a Data Controller, The Company is responsible to provide data subjects with a reasonable access mechanism to enable them to access their personal data, and must allow them to update, rectify, erase, or transmit their Personal Data, if appropriate or required by law.

Data portability
Data Subjects have the right to receive, upon request, a copy of the data they provided to the Company in a structured format and to transmit those data to another controller, for free.

Right to be forgotten
Upon request, Data Subjects have the right to obtain from the Company the erasure of their personal data. When the Company is acting as a Controller, it must take necessary actions (including technical measures) to inform the third-parties who use or process that data to comply with the request.
FAIR PROCESSING GUIDELINES
Notices to data subjects
At the time of collection or before collecting personal data for any kind of processing activities including but not limited to selling products, services, or marketing activities, the Company is responsible to properly inform data subjects of the following: the types of personal data collected, the purposes of the processing, processing methods, the data subjects’ rights with respect to their personal data, the retention period, potential international data transfers, if data will be shared with third parties and the Company’s security measures to protect personal data. This information is provided through Data Privacy Notice.
Where personal data is being shared with a third party, the Company must ensure that data subjects have been notified of this through a Data Privacy Notice.
Where personal data is being transferred to a third country, the Data Privacy Notice should reflect this and clearly state to where, and to which entity personal data is being transferred.
Where sensitive personal data is being collected, the Company must make sure that the Data Privacy Notice explicitly states the purpose for which this sensitive personal data is being collected.

Obtaining consents
Whenever personal data processing is based on the data subject’s consent, the Company is responsible for retaining a record of such consent. The Company is responsible for providing data subjects with options to provide the consent and must inform and ensure that their consent (whenever consent is used as the lawful ground for processing) can be withdrawn at any time.
When requests to correct, amend or destroy personal data records are received, the Company must ensure that these requests are handled within a reasonable time frame. the Company must also record the requests and keep a log of these.
Personal data must only be processed for the purpose for which they were originally collected. In the event that the Company wants to process collected personal data for another purpose, the Company must seek the consent of its data subjects in clear and concise writing. Any such request should include the original purpose for which data was collected, and also the new, or additional, purpose(s). The request must also include the reason for the change in purpose(s).

ORGANIZATION AND RESPONSIBILITIES
The responsibility for ensuring appropriate personal data processing lies with everyone who works for or with the Company and has access to personal data processed by the Company.

The key areas of responsibilities for processing personal data lie with the following organisational roles:
The Legal Counsel/Lawyer together with the Operational Manager and the Human resources Manager monitors and analyses personal data laws and changes to regulations, develops compliance requirements, and assists the Company departments in achieving their Personal data goals.

Also, the The Legal Counsel/Lawyer together with the Operational Manager are responsible for:
● Approving any data protection statements attached to communications such as emails and letters.
● Addressing any data protection queries from journalists or media outlets like newspapers.
● Where necessary, working with the Commercial Department to ensure marketing initiatives abide by data protection principles.
● Improving all employees’ awareness of user personal data protection.
● Organizing Personal data protection expertise and awareness training for employees working with personal data.
● End-to-end employee personal data protection. It must ensure that employees’ personal data is processed based on the employer’s legitimate business purposes and necessity.
● Passing on personal data protection responsibilities to suppliers and improving suppliers’ awareness levels of personal data protection as well as flow down personal data requirements to any third party a supplier they are using
● Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
● Performing regular checks and scans to ensure security hardware and software is functioning properly.
The Delivery Department is responsible for:
● Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
● Performing regular checks and scans to ensure security hardware and software is functioning properly.
GUIDELINES FOR ESTABLISHING THE LEAD SUPERVISORY AUTHORITY
Whether acting as a Controller or as a Processor, will have as a Lead Supervisory Authority the Romanian Data Processing Authority, namely Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal.

Contact details:
28-30 G-ral. Gheorghe Magheru Boulevard, District 1, Bucharest, Romania
anspdcp@dataprotection.ro
Phone numbers: +40.318.059.211 / +40.318.059.212
Fax number: +40.318.059.602
RESPONSE TO PERSONAL DATA BREACH INCIDENTS
When the Company learns of a suspected or actual personal data breach, The Legal Counsel/Lawyer must perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of data subjects, the Company must notify the relevant data protection authorities without undue delay and, when possible, within 72 hours after having become aware of the personal data breach.
AUDIT AND ACCOUNTABILITY
The Legal Counsel/Lawyer is responsible for auditing how well business departments implement this Policy. Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
CONFLICTS OF LAW
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which the Company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail. For clarification purposes, the EU General Data Protection Regulation 2016/679 on the protection of natural persons (GDPR) shall apply as of the 25th of May 2018 in addition to any applicable national law.
TRENCADIS CONTACT DETAILS
Data Subject can raise their questions in relation to their rights or to address any questions in relation to this Policy by:
office@trencadis.ro OR
By contacting TRENCADIS at Margeanului Street no. 3D, Baia Mare, Maramures County.
Each request will be reviewed as soon as possible, but no later than 30 days since its submission.
DISCLAIMERS
We reserve the right to modify and update this Policy from time to time. We will send notice of any such modifications in order for you to review our most recent Policy. If you use this website after any such modification or update to this Policy, you consent to those modifications or updates. Modifications will not be applied retroactively.