Ultravision Consult SRL, Romanian limited liability company, with headquarters in Bucharest, 58 Escalei Street, registered with the Trade Register under No. J40/8537/2013, Sole Registration No. 31975315, through the online platform ultravisionconsult.com undertakes to respect your private life and personal data through securing the access system according to the legislation concerning personal data protection and private life.

By reading this policy you will find out information about:

1. The measures we have taken
2. The measures you need to take

III.     What happens with your data on our website

1. Your rights – general aspects
2. Who is your personal data controller?
3. Where do we store your data?

VII.        Who has access to your personal data?

VIII.      What is the legal basis for data processing?

1. What are your rights? – specific aspects
2. The right to be informed
3. The right to data portability
4. The right to rectify the data
5. The right to be forgotten
6. The right to oppose the processing of data and mirect marketing
7. The right to restrict processing
8. The right to withdraw consent
9. The right to submit a complaint to the Supervision Authority
10. How can you exercise your rights?
11. Updates regarding the site Policies

XII.        Specific information regarding types of activities that involve personal data processing

1. DIRECT MARKETING
2. Why do we use your personal data for direct marketing activities?
3. What type of personal data do we collect?
4. The right to withdraw your consent
5. DEVELOPMENT/IMPROVEMENT VIA THIRD PARTIES
6. Why do we use your personal data?
7. What type of personal data do we collect?
8. THE FULFILLMENT OF LEGAL OBLIGATIONS
9. Why do we use your personal data?
10. What type of personal data do we collect?

XIII.       For how long will we keep your data?

XIV.      What happens if an infringement or security breach occurs that affects your personal data?

1. The right to withdraw your consent

XVI.      Definitions

 

I.The measures we have taken

We have taken all appropriate technical and organizational measures for data protection:

• Securing databases;
• Aligning the Terms and Conditions, the Privacy Policy and Cookie Policy to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General data protection regulation)(hereinafter “GDPR”)
• Clear information regarding personal data processing.

II.The measures you need to take

• Use safe passwords;
• Keep your devices safe;
• Protect yourself from spam emails.

III.What happens with your data on our website

When you interact with our website ultravisionconsult.com it may be that you offer us limited access to your personal data, strictly necessary for the execution of the commercial contract (address, first name, last name, phone no., email, company data).

Please find a few examples of cases in which we use these data:

• So we can deliver you a service;
• To contact you;
• To answer your questions regarding services and products.

IV.Your rights  – general aspects

You have the ability to express your consent for processing your personal data in the conditions provided in the current version of the “Privacy policy”.

You can ask the deletion of all your personal data by sending an email to contact[@]ultravisionconsult.com.

V.Who is your personal data controller?

Ultravision Consult SRL, owner of the brand ultravisionconsult.com is the personal data controller of the data our clients send and is responsible for your personal data in accordance with the applicable law regarding data protection.

Ultravision Consult SRL undertakes to use the data of its clients exclusively for the purpose of which they have been submitted (commercial information regarding the products and services shown on our website). We undertake not to disclose the personal data to third parties and we respect the confidentiality of the information. Ultravision Consult SRL does not encourage SPAM, does not exchange email addresses received via this site, we do not disclose your email address to other persons, we do not provide your address or phone number or other data to third parties.

The following data is necessary for the conclusion of a contract with the client: first name, last name, address, phone number, email address, company name (for legal entities), legal form, billing address, VAT ID (for EU clients: VAT registration number).

The rest of the data collected during the client registration process can be provided by you voluntarily via the registrations forms provided on the site ( e.g. contact, careers, feedback, newsletters). You are not obliged to provide us these personal data and these data are not a legal or contractual requirement or a necessary one for concluding a contract. The lack of provision of such data will not have any consequences regarding you. Your personal data will be stored until the moment you withdraw your consent, except when there is a legal obligation to store your information for providing them to the public authorities, such as the tax authorities. The storage and transfer of your personal data to the public authorities for complying with a legal obligation is legally based on Art. 1 para. (1) first sentence, letter c) of GDPR.

VI.Where do we store your data?

The data we collect from you are stored in Romania, according to the current legislation, in the Easyhost Bucharest Datacenter. Production server NXDATA-2 is located at 6-A Dimitrie Pompeiu Blvd, UpGround, BOB building, Bucharest 020337, and the backups are kept in NXDATA-1 which is at the address Blvd. Dimitrie Pompeiu no. 8, Feper building, floor 3, Bucharest 020337. The personal data is protected by Easyhost security infrastructure.

VII.Who has access to your personal data?

We do not send, sell, nor cede your data to third parties for marketing purposes outside of Ultravision Consult SRL. The data sent to third parties are used only for providing you our services. To meet the above-mentioned objectives, we use service providers, respectively processors according to Art. 28 GDPR, for example our hosting service provider, courier service providers, or our providers for personalized advertising materials, for delivering you the requested services.

These service providers process data according to the applicable European law on data protection for guaranteeing a high level of data protection. We do not send your data to third parties, unless we are obliged to do so by law. The beneficiary companies have an independent obligation to process your personal data.

For optimizing our website we use analysis tools provided by Google, Facebook, Youtube: Tag Manager, Google Analytics, Google Adwords and Facebook Pixel. (Please see the complete cookie list by accessing the dedicated page).

VIII.What is the legal basis for data processing?

We will process personal data collected via client registration forms and, in the course of potential commercial transactions, in the scope of concluding and executing a sales contract. This processing is based on Art. 6 letters a)-c) and f) of GDPR, namely:

1. Processing your personal data based on your consent for one or more specific purposes, such as contacting you for providing the information you requested through the online form;
2. With the purpose of conclusion and execution of a sales contract or to take steps regarding your request before concluding a contract;
3. The processing is necessary for fulfilling a legal obligation of the controller – e.g. accounting purposes;
4. For serving a legitimate interest of our company – according to GDPR, we can process data for preventing fraud or direct marketing.

For every specific processing of the personal data we collect from you, we will inform you if providing personal data is mandated by regulations or if it is necessary for the conclusion of a contract, if it is mandatory to provide personal data and what are the possible consequences if you refuse.

IX.What are your rights?  – specific aspects

A.The right to be informed

You have the right to request information regarding the personal data that we hold about you (Art. 15 GDPR). You can request this matter via email at contact[@]ultravisionconsult.com.

B.The right to data portability

Any time ultravisionconsult.com processes your personal data through automated means based on your consent or based on an agreement, you have the right to obtain the transfer of a copy of your data in a structured format frequently used and processable automatically for you or another party. This includes personal data sent by you only. (Art. 20 GDPR)

C.The right to rectify the data

You have the right to request the rectification of the personal data if these are incorrect, including the right to add to the incomplete personal data.

D.The right to be forgotten

You have the right to request at any time the deletion of any personal data processed by ultravisionconsult.com (Art. 17 GDPR).

E.The right to oppose the processing of data and direct marketing

You have the right to oppose the processing of data and direct marketing (Art. 21 GDPR) and you can make objections to any type of processing. You can request this via contact[@]ultravisionconsult.com.

F.The right to restrict processing

You have the right to request that ultravisionconsult.com restricts the your personal data processing in the following cases (Art. 18 GDPR):

• If you oppose the processing based on legitimate interest, com will restrict any processing of this information until the confirmation of the legitimate interest.
• If you claim that your personal data are incorrect, com has to restrict any processing of these data until the verification of the correctness of the personal data.
• If the processing is illegal, you can oppose the processing of your personal data and request the restriction of your personal data use.
• If com no longer needs your personal data, but these are necessary to protect your rights in court.

G.The right to withdraw consent

You have the right to withdraw at anytime the consent provided in order to stop the data processing based on your consent. The withdrawal will not affect the legality of the processing based on your previous consent before its withdrawal (Art. 7 GDPR).

H.The right to submit a complaint to the Supervision Authority

If you consider that ultravisionconsult.com is processing    your personal data incorrectly, you can contact us at contact [@] ultravisionconsult.com. Furthermore, you have the right to address a complaint to the Supervision Authority. (Art. 77 GDPR)

X.How can you exercise your rights?

We value greatly your personal data and, therefore, we have personnel dedicated to client assistance who manages your requests regarding the aforementioned rights. Our personnel is at your disposal via email at contact [@] ultravisionconsult.com, we would kindly ask you to mention “Data protection” in the subject of the message.

XI.Updates regarding the site Policies

We might need to update our Terms and Conditions, Privacy Policy and Cookies Policy. Their most recent version is available permanently on our website. We will communicate any significant changes to these policies, for example the scope in which we use your personal data, the identity of the data controller or your rights.

XII.Specific information regarding types of activities that involve personal data processing

A.DIRECT MARKETING

1.Why do we use your personal data for direct marketing activities?

We use personal data for sending you marketing offers and invitations via e-mail. For optimizing your experience with ultravisionconsult.com  we will offer you relevant information, product recommendations, payment terms information, etc. All these services are based on the articles you clicked and the information you sent.

2.What type of personal data do we collect?

We will process the following categories of personal data:

• Contact information, such as: name, email address, phone number, postal address.
• Products and offers you clicked.

3.The right to withdraw your consent

You have the right to withdraw your consent at any time regarding personal data.

When doing so, ultravisionconsult.com will not be able to send you other direct marketing offers or information based on your consent.

You can unsubscribe from direct marketing by following the instructions from each marketing message.

B.DEVELOPMENT/IMPROVEMENT VIA THIRD PARTIES

1.Why do we use your personal data?

We will use the data to evaluate, develop and improve our services, products and systems for all our clients. For this purpose, we will not analyse your data individually, instead the whole processing will be carried out statistically, provided by Google Analytics reports.

This includes analysis for making our services easier to use, such as changing the user interface for simplifying the information flow or to highlight the functions used on a regular basis by our clients on the digital channels and for improving IT systems, for increasing security for visitors and clients in general.

The analysis is used also for the development and permanent improvement of the logistic flow of goods, by forecasting the stocks and deliveries, and also of our resources from a sustainability point of view, through rationalizing acquisitions and planning deliveries.

2.What type of personal data do we collect?

We will process the following categories of personal data if you chose to provide them to us:

• Email address,
• Click history,
• Browsing and browsing history.

C.THE FULFILLMENT OF LEGAL OBLIGATIONS

1.Why do we use your personal data?

We will use your personal data to respect our legal obligations, court decisions and authorities’ decisions.

This includes the use of personal data for collecting and verification of accounting data in conformity with the regulations regarding accounting records.

2.What type of personal data do we collect?

We will process the following personal data:

• Name,
• Postal address.

XIII.For how long will we keep your data?

We will keep your data for the fulfillment of the sales contract, direct marketing and website optimization, until the moment in which you will withdraw your consent and/or according to the legal provisions regarding document records.

XIV.What happens if an infringement or security breach occurs that affects your personal data?

There are certain stages we will take for diminishing the impact and solving the cause of the breach. Therefore, we hereby present you the notification process in the event of a data security breach:

1. Identifying the incident:

In the event that the company identifies a personal data security breach, either internally, or through notification received from third parties, the notification process will be initiated.

2. Investigating the incident:

A team responsible with the information security will be established to investigate the incident to determine the extent and nature of the breach.

3. Identifying the affected data:

The investigation team will identify the type of personal data that have been affected by the breach, as well as the number of the users or clients affected.

4. Notifying the data protection authority:

In accordance with GDPR, if the breach poses a risk for the rights and liberties of the users, the company will notify the Data Protection Authority – for example, the National Authority for the Supervision of Personal Data Processing, within 72 hours from the moment of incident identification.

5. Notifying the affected person:

In the event that the breach poses a high risk for the rights and liberties of the affected persons, the company will also notify the respective subjects. The notification will be made in a clear and concise manner and it will include relevant information on the breach, affected data, remedy measures and contact details for additional information.

6. Solving the incident:

We will make all efforts for remediating the incident as fast and as efficient as possible. We will take appropriate measures to prevent possible breaches in the future.

7. Evaluating and improving the security measures:

The team responsible with data security will evaluate the cause of the incident and will take measures for improving security and protection measures for the data in the future.

XV.The right to withdraw your consent

You have the right to close your account at any moment, provided that you had the possibility to generate an account on our website, or to request the deletion of your personal data via email on contact [@] ultravisionconsult.com. If you choose to do so, your data will be erased. In this context, ultravisionconsult.com will not be able to offer the aforementioned services. We will keep your personal data if this is required by the law in force and/or in case of pending trial.

XVI.Definitions

For an easier understanding of the text, we offer you the definition of certain terms used within the present policy, as per GDPR, as follows:

personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;

controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

relevant and reasoned objection means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;