1. Introduction and Purpose
Coleff Consulting SRL, as a data controller, complies with all data protection regulations under GDPR. These rules outline how we manage, collect, process, and protect the personal data of clients, partners, and employees.
2. Principles of Data Protection
Coleff Consulting SRL adheres to the following principles when processing personal data:
- Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and transparently.
- Purpose limitation: Data is collected and used only for specified, explicit, and legitimate purposes.
- Data minimization: Only the data necessary for achieving the purposes is processed.
- Accuracy: Personal data is accurate and up-to-date.
- Storage limitation: Data is stored only as long as necessary.
- Security: Data is protected against unauthorized access and loss.
3. Categories of Personal Data Processed
- Name, address, phone number, email address.
- Identification details (e.g., personal identification number, ID series, and number) for document intermediation.
- Financial or business-related information of clients, if applicable.
- Other data required for fulfilling contractual purposes.
4. Purposes of Data Processing
Coleff Consulting SRL processes personal data for the following purposes:
- Intermediation of documents in various fields of activity.
- Communication with clients and partners.
- Fulfillment of contractual and legal obligations.
- Handling client complaints and inquiries.
5. Legal Basis for Processing
Personal data is processed based on the following legal grounds:
- Consent: When necessary, explicit consent is obtained from the data subject.
- Contractual performance: Processing is required to fulfill contracts with clients.
- Legal obligation: Compliance with applicable legal requirements.
- Legitimate interest: For service improvement and business protection.
6. Rights of Data Subjects
Clients and partners have the following rights:
- Right of access: To know what data is collected and processed.
- Right to rectification: To correct inaccurate personal data.
- Right to erasure (“right to be forgotten”): To request data deletion under certain conditions.
- Right to restrict processing: To limit data processing in specific cases.
- Right to data portability: To transfer data to another controller, where feasible.
- Right to object: To object to data processing for marketing purposes.
- Right to file a complaint: With the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) if rights are violated.
7. Security Measures
- Implementation of IT protection systems (antivirus, firewall, encryption).
- Restricted access to personal data for employees and collaborators.
- Secure storage of physical documents.
- Backup procedures for electronic data.
8. Transfer of Personal Data
Coleff Consulting SRL does not transfer personal data outside the European Economic Area without adequate safeguards and in compliance with GDPR.
9. Data Retention and Storage
- Personal data is retained for the duration of the collaboration with the client and as required by law.
- Once the legal retention period expires, data is deleted or anonymized.
10. Data Breach Policy
In the event of a security incident affecting personal data:
- Data subjects will be notified within 72 hours, where required.
- The National Supervisory Authority for Personal Data Processing (ANSPDCP) will be informed.
11. Contact Information
For any questions regarding data protection, please contact us:
Coleff Consulting SRL
Address: Satu Mare, Str.Decebal Nr.2, Et.1
Email: office@coleff-consulting.ro
Phone: +40 742 131 741