Information note regarding Personal Data Processing at the Central Headquarters

The company, Mediplus Exim S.R.L. headquartered in Mogosoaia, 133 Ciobanului St., Ilfov county, registered at the Trade Register Office under no. J23/741/2007, sole registration code 9311280, fiscal attribute RO, represented by its Director, Razvan-Alexandru Predica, as controller (“the Company”), wishes to inform you regarding the personal data processing in the context of certain operations performed by the Company for the purposes specified below.

The Company acts as a personal data controller in order to provide security and protection of assets and persons within the Company premises, by implementing a video surveillance system at its access points, as well as rules regarding access to such Company premises, by issuing and granting access cards.

  1. Purpose, data categories and grounds for processing

This information note refers to your quality as employees, clients, visitors of the Company’s premises, including agents, operators, occupants, entrepreneurs and/or suppliers or other categories of persons that may have access to Company premises.

The Company processes the personal data listed in Section 2 below for the following purposes, based on the legal grounds indicated for each of them:

 

Purpose/Data categories

Legal ground

1

Purpose: Providing security and protection for assets and persons within the Company premises by implementing a video surveillance system at the access points.

Data categories: Images of natural persons accessing the Company premises, which allow the direct or indirect identification of such persons

Legal obligation provided by Law no. 333/2003, as subsequently modified, regarding the security of objectives, assets, values and personal protection – in order to provide security and protection of Company assets and values, against any illicit actions affecting the ownership, their material existence.

The legitimate interest of protecting Company assets and values.

2

Purpose: Providing security and protection of assets and persons within the Company premises by issuing and granting access cards and registering the data of the person to which the card is granted in the visitors’ register.

Data categories: Surname, name, ID card series and number for the persons to which an access card is granted

Legal obligation provided by Law no. 333/2003, as subsequently modified, regarding the security of objectives, assets, values and personal protection – in order to provide security and protection of Company assets and values, against any illicit actions affecting the ownership, their material existence.

The legitimate interest of protecting Company assets and values.


 

  1. Collecting personal data

The Company collected your personal data from the following sources:

    2.1  For video surveillance: the video surveillance system located within the Company premises, which was installed in visible areas at the access points;

    2.2  To implement rules regarding access to Company premises by issuing and granting access cards: the data is collected directly from the concerned person.

      3. The beneficiaries of personal data

To achieve the above-mentioned purposes, the Company uses the services of various contractual partners.

Some of them are persons empowered by the controller, such as specialized security and protection companies, which perform security activities for sites, assets or values, under maximum security conditions, as well as personal protection, and are active in the protection and security field and carry out their activity in Romania, Bucharest, and your personal data may be transmitted to them in order to be used as limited by their obligations towards the Company. The personal data that we disclose to the persons empowered by us are limited to minimal personal data necessary to perform those services and we request that they not use the personal data for any other purpose.

We make all necessary efforts to make sure that all the entities we collaborate with store your personal data safely and securely.

The above-indicated personal data may also be provided or sent to third parties in the following situations: (i) public authorities, auditors or competent institutions performing inspections and controls on the Company’s activity and assets and/or that ask the Company to provide information, on grounds of the legal obligations of the latter. Such public authorities or institutions may be courts, the police; or (ii) to comply with a legal requirement or to protect Company rights and assets or the rights and assets of other entities or persons, such as courts of law.

Moreover, for the above processing purposes, we may distribute your personal data to companies from the group 1 the Company is part of, which perform their activity in Mogosoaia, 133 Ciobanului St., Ilfov county, such companies complying with the Company’s instructions in terms of processing your personal data.

  1. Processing period

We will store your personal data only as long as necessary to achieve the above processing purposes, while observing the applicable legal requirements. If the Company establishes that it has a legitimate interest or a legal obligation to continue processing your personal data for other purposes, you will be appropriately notified.

We estimate that the above-specified processing activities will require storing personal data for the following periods:

 

Purpose

Duration

1

Providing security and protection for assets and persons within Company premises by implementing a video surveillance system.

30 days*;

2

Providing security and protection for assets and persons within Company premises by implementing rules regarding access to the Company premises, by issuing and granting access cards and completing the personal data of the person to which the card is granted in the visitors’ register.

[12 months]

 

1 Sensiblu SRL, Mediplus Exim SRL, AA Farma Leader SRL, Farma Business Class A SRL, Extra Farm ACD, Farmacia Sphera SRL and Farmacia Smart 101 SRL, A&D Pharma Marketing and Sales Services SRL

*Except when it is necessary to protect the legitimate interests of the controller or there are legal obligations of retention. In such cases, we will act according to the law, including in terms of notifying you.

  1. What happens to your personal data after the completion of the processing

Once the above-indicated processing period expires and the Company no longer has legal or legitimate grounds to process your personal data, the data will be erased in accordance with its procedures, which may involve archiving, anonymization or destruction.

  1. Refusal to process and its consequences

Data processing activities described in section 1, purposes 1, 2 and 3 are performed while considering the Company’s legal obligations to provide security and protection for the units where they own values and assets. If you do not want your data to be processed for this purpose, you will not be able to access the Company premises.

  1. Data processing security

The Company hereby informs you that it constantly evaluates and updates the implemented security measures in order to provide a safe and secure processing of personal data.

  1. Rights of the concerned person in terms of data processing

In relation to the processing of your personal data, you have the following rights:

  1. Right to access the processed personal data: you have the right to obtain confirmation of the fact that your personal data is processed or not and, if so, to gain access to the type of personal data and their processing conditions, by addressing a request to the data controller;

  2. Right to request the rectification or deletion of personal data: you have the possibility of requesting, by addressing a request to the data controller, the rectification of inaccurate personal data, the completion of incomplete data or the deletion of your personal data if (i) the data is no longer necessary for the initial purpose (and there is no new legal purpose), (ii) the legal ground for processing is the consent of the concerned person, the concerned person withdraws their consent and there is no legal ground, (iii) the concerned person exerts the right to oppose and the controller has no prevailing legitimate reasons to continue processing the data, (iv) the data was processed illegally, (v) it is necessary for the request to comply with the EU or Romanian legislation or (vi) the data was collected in relation to services of the IT company offered to children (if applicable), when specific consent requirements apply;

  3. Right to request a restriction of the processing: you have the right to obtain a restriction of the processing if: (i) you believe that the processed personal data is inaccurate, for a period allowing the controller to verify the accuracy of the personal data; (ii) the processing is illegal, however, you do not want us to erase your personal data, but restrict its use; (iii) if the controller no longer needs your personal data for the above-mentioned purposes, however, you need the data to determine, exert or defend a right in court or (iv) you opposed to the processing, for the period in which we verify if the data collector’s legitimate grounds prevail over the rights of the concerned person;

  4. Right to withdraw your consent for the processing, when the processing is based on consent, without affecting the lawfulness of the processing activities performed up to that moment;

  5. Right to oppose to data processing, for reasons related to your particular situation, when the processing is based on a legitimate interest, as well as to oppose, at any moment, to data processing for direct marketing purposes, including profiling;

  6. Right to not make the object of a decision based exclusively on automated processing, including profiling, which produces legal effects for the concerned person or can affect them similarly in a significant manner;

  7. Right to data portability, meaning the right to receive your personal data that you provided to the data controller in a structured, easily accessible and machine-readable format, as well as the right to transfer said data to another controller, in which case the processing is based on your consent or the execution of an agreement and it is performed through automated means;

  8. Right to submit a complaint at the Data Protection Authority (ANSPDCP) and right to address the competent courts.

The rights above may be exerted at any moment. In order to exert such rights, we encourage you to address a written request, dated and signed, or in electronic format at the following address: Mogosoaia, 133 Ciobanului St., Ilfov county or by e-mail at protectiedate@adpharma.com.

  1. Data Protection Respondent

You can address any question about this document to the Data Protection Respondent, which can be contacted using the following contact details: e-mail protectiedate@adpharma.com, Tel: 021.301.74.74 and/or Fax: 021.301.74.75, located in Mogosoaia, 133 Ciobanului St., Ilfov county;


 


 


 

Date: 25 May 2018

back to website