Information note
Conta Orasanu GDPR Statement
- About this information note
ORASANU CORNELIA-NICOLETA - EXPERT CONTABIL, CONSULTANT FISCAL (Conta Orasanu) is an accounting and tax consultancy office authorized by C.E.C.C.A.R. and The Tax Consultants Chamber of Romania, based in Bucharest, district 1, CIF 26433830, registered at MFP – ANAF, represented by Orasanu Cornelia, as the Holder. Mail: cabinet.orasanu@yahoo.com.
For the purpose of this information note, Conta Orasanu is a personal date controller. You can find above information about our identity and contact details.
This note contains important information. So we encourage you to take the time to read it thoroughly and carefully and make sure you understand it fully. Do not hesitate to tell us any questions you might have. We want to be clear to you how we use your data and how we protect it.
The content of this information note is purely informative and does not affect the rights of the law. We will do our best to facilitate your exercise.
Thank you for your trust in our services and the way we work with your data.
Conta Orasanu process the following groups of personal data:
- the personal data in relation to wich Conta Orasanu is the controller as it determines the purpose and means of its processing;
- the personal data in relation to wich Conta Orasanu is the processor as it processes the respective data on behalf of its clients which determine the purpose and means of processing.
Conta Orasanu processes the personal data in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (here in after as the “Regulation”).
In order to fulfill the obligation laid down by the Regulation, Conta Orasanu is obliged to inform the Data Subject about the details of the processing of the personal data.
1. Conta Orasanu, as the Controller may collect the Personal Data for the following purposes:
- Marketing
Purpose of personal data collecting: sending our newsletters about important and interesting business-related news, events invitations and other Conta Orasanu materials.
Legal basis: Art. 6 and 7 from the Regulation (GDPR) regarding the lawfulness of processing and consent; Recital 42 (GDPR) regarding the burden of proof and requirements for consent, and Recital 43 (GDPR) on freely given consent
Scope of personal data: name, surname, company, function, e-mail, phone number, interests (countries, business areas, material/communication type), CVs, other details that the user is including in the available message box
Recipients: IT services suppliers and administrative services in the premises of Conta Orasanu for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of consent of the data subject or for the period of the contractual relationship (for clients/partners/suppliers)
Data subjects: contact persons of Conta Orasanu´s clients, potential clients, individuals interested in receiving the information our company is offering (newsletters, events, informational or promotional materials, career and business opportunities)
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment or combination, restriction, erasure or destruction
- Job apllicants
Purpose: keeping records of unsuccessful job applicants of the controller
Legal basis: consent (art. 6 para. 1 a) of the Regulation)
Scope of personal data: data stated in curriculum vitae and other accompanying documents
Recipients: IT services suppliers and administrative services in the premises of Conta Orasanu for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of 2 years
Data subjects: job applicants
- KYC (KnowYour Client)
Purpose: fulfilling of controller’s obligations resulting from legislation related to the prevention of legalization of proceeds from criminal activity and to the prevention of the terrorist financing.
Legal basis: compliance with a legal obligation (art. 6 para. 1 c) of the Regulation), especially with the Act No. 297/2008 Coll. on the prevention of legalization of proceeds from criminal activity and on the prevention of terrorist financing.
Scope of personal data: name, surname, personal number, eventually date of birth, address of permanent residence, eventually of temporary residence, nationality, eventually additional personal data required in terms of the special legal regulation stated above.
Recipients: directorate of the financial authority, law enforcement authorities, IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: during the contractual relationship and 5 years after its termination.
Data subjects: statutory bodies, proxy holders, contact persons, ultimate beneficiaries of the controller´s clients.
- Contractual documentation
Purpose: Administration of evidence of natural persons with whom a contract has been concluded, contact persons in case of contracts with legal persons and natural persons to whom the Power of Attorney has been granted.
Legal basis: contract (art. 6 para. 1 b) of the Regulation) legitimate interest (art. 6 para. 1 f) of the Regulation) – processing of contact data of the client´s employee for communication purposes.
Scope of personal data: degree, name, surname, maiden name, job position, address of permanent residence, address of temporary residence, phone number and e-mail, date of birth, type and number of identification card, bank account, signature.
Recipients: tax authorities, courts, Social insurance company, health insurance company, banks, IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: during the contractual relationship and 11 years after its termination.
Data subjects: employees of the controller, natural persons with whom a contract has been concluded or to whom the power of attorney has been granted, contact persons of the
Purpose: keeping records of recipients and senders of mail.
Legal basis: legitimate interest (art. 6 para. 1 f) of the Regulation) – to be informed on the date of the sent and received mail including the sender and recipient in order to protect the rights and interests of the controller.
Scope of personal data: degree, name, surname, signature, address, e-mail.
Recipients: IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: 5 years following the closure of the evidence for calendar year.
Data subjects: natural persons – senders and receivers of mails.
Please read also our Terms and Conditions and Cookie Policy for more details about the data we collect via our website (forms, email, phone), the way we collect it and how you can handle it.
2. Conta Orasanu, as the Processor shall process the Personal Data in the areas of the provision of the services based on the contract or any other legal act:
- HR and Payrollservices
Purpose of personal data collecting: Provision of the services of the fulfilling of the obligations of the employer related to employment relationship or to similar labour relations
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation and performance of contract (art. 6 para. 1 b of the Regulation)
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance entity, health insurance entity, tax authorities, supplementary pension insurance entity, labour inspectorate, Labour offices, courts, law enforcement authorities, bailiff, payroll software providers, IT services suppliers, administrative services providers in the premises of Conta Orasanu for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: Employees of the controller, spouses of the employees, dependent children of the employees, parents of the dependent children of the employees, close relatives, former employees
Categories of processing: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
-
Accounting services
Purpose of personal data collecting: keeping of accountancy of the controller according to local legislation
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance company, health insurance companies, tax authorities, accounting software providers, IT services suppliers, administrative services providers in the premises of Conta Orasanu for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: employees, statutory bodies and shareholders of the controller
Categories of processing: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
- Tax services
Purpose of personal data collecting: Provision of tax advisory services according to the local legislation
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance company, health insurance companies, tax authorities, accounting software providers, IT services suppliers, administrative services providers in the premises of Conta Orasanu for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: employee, statutory body, shareholders of the controller
Categories of processing: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Security of your data
We work hard to protect our customers, other people whose data we process ourselves from unauthorized acces, and unauthorized modificacion, disclosure, or destruction of the data we process.
In particular, we have implemented the following technical and organizational measures to ensure the security of your personal data:
Minimize data: we have ensured that your personal data we peocess are limited to those that are necessary, appropriate and relevant for the purposes stated in this note..
Back-ups: we work hard to protect our access systems or unauthorized or accidental modification of your data and other possible threats to their security. We make monthly archives (backups), which we keep for at least six (6) months.
Ensure the accuracy of your data: it is possible that from time to time we ask you to confirm the accuracy and/or actuality of personal data about you that we are processing.
Anonymisation of data: where posible and appropriate to our work (activity), we anonymize/pseudo-assimilate the personal data we process, so that we can no longer identify the people they are referring to. The Data Subject shall have the following rights in relation to the personal data processing:
Right to be informed(article 12-13). You have the right to be informed about the categories of data collected, purpose, recipient, transfer.
Right of acces by the Data Subject(art. 15). You have the right to gain access to your data that we process or control, or to copies thereof.
Right to data rectification(art. 16). You have the right to rectify the inaccuracies of your data that we process or control.
Right to delete („right to be forgotten”)(art. 17). You have the right to obtain from us the deletion of your data that we process or control when the processing is no longer justified or when the data subject has released a withdrawal of consent.
Right to restrict data processing(art. 18). You have the right to restrict the processing of your data that we process or control.
The right to object. You have the right to object or oppose certain types of processing of your data by us or on our behalf.
Right to data portability. You have the right to obtain the transfer of your data that we process or control, to another controller.
Right to withdrawal. In situations where we process your data under your consent, you have the right to withdraw your consent; you can do it at any time, at least as easy as giving us your initial consent; the withdrawal of consent will not affect the lawfulness of processing your data that we made before withdrawing. Right to file a complaint with the supervisery authority. You have the right to file a complaint with the personal data processing supervisory authority about your data processing by us or on our behalf.
Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod postal 010336, Bucuresti, Romania
Phone: +40.318.059.211 or +40.318.059.212
E-mail: anspdcp@dataprotection.ro
Changes to this information note
Conta Orasanu can modify this information note without prior notice, depending on the legal requirements in force, and to reflect Conta Orasanu's practices in this field. When we make changes to this information note, we will change the date when the information was updated ("updated"). We encourage you to periodically re-read this information note to let you know how Conta Orasanu protects your personal data.
How you can exercise your rights
In order to exercise one or more of these rights (including the right to withdraw your consent when processing your data on that basis) or to ask any question about any of these rights or any provision in this notice or any other aspects of your data processing by us, please use our contact details at any time. Our entire team will make all reasonable efforts to ensure that we respond as quickly and completely as possible.
Response time:
We intent to respond to any valid requests within a maximum of one month. If this proves to be very complicated or if you have made more requests, we will respond within a maximum of two months and we will notify you of the time available to respond to your requests.
Our contact details:
Phone number: +4 0745 954 317 (available between 09:00 and 17:00 Monday to Friday)
E-mail: cabinet.orasanu@yahoo.com