Privacy Policy of NTT DATA Romania S.A.

Effective Date: 21st May 2018

INTRODUCTION

NTT DATA Romania S.A. (“Company” or “we”), which can be contacted at the email address data.protection [at] nttdata.ro wants to inform you about how we collect, use and disclose personal data from and about you, through this website (“Website“) and all its associated mobile sites, applications and widgets (collectively, the “Company Services”), in compliance with all applicable data protection laws and regulations.

You can find a brief summary of this Privacy Policy in the chart below. For further details with regard to the data processing carried out by the Company click to the links in each section of the summary to access the full content of the Privacy Policy relevant to that topic.

Issue Information
1.     What and who this Privacy Policy covers? The Company is the data controller of the personal data we collect from and about you through the Website and the Services.

This Privacy Policy applies to all users, including both those who use the Website of the Company Services without being registered or having subscribed.

For further information click [here]

2.       What kind of personal data do we collect about you? The Company might collect data from and about you.

More in particular, the Company collects (1) data that you have voluntarily shared with the Company, (2) activity data and (3) information shared with other sources.

However, we do not collect either financial information or special categories of personal data relating to you (e.g., health or judicial data).

For further information click [here]

3.       How do we use your personal data? The main reason why we collect data about you is to allow you to use the Website or to provide you with our Company Services and to allow you to interact with such services.

For further information click [here].

4.       On what ground do we use your personal data? Your personal data are mainly collected in order to allow you to use the Website and the relevant Services.

Your personal data are also necessarily collected to comply with legal obligation or to protect the legitimate interests of the Company.

Failure to provide such data may entail the impossibility to offer you the Company Services or grant you access to the Website, as the case may be.

When your personal data are collected for marketing purposes, you will always have the right to object to such processing.

For further information click [here].

5.       How do we process your personal data? The security of your data is a priority for us. For this purpose, the Company has implemented adequate administrative, technical and physical measures to safeguard your personal data against loss, theft and unauthorized use, disclosure of modification.

For further information click [here].

6.       Who can access to your personal data?

 

The Company might share your personal data with (i) service providers, (ii) our affiliated companies and (iii) national authorities, when allowed by applicable laws.

We may also share your personal data with our commercial partners for their marketing purposes but only upon your prior optional consent.

For further information click [here].

7.       Is your personal data transferred abroad? Your personal data might be transferred to other countries within the European Economic Area (EEA). In any case, we always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data.

For further information click [here].

8.       What are your rights with regard to your personal data? You have among others the right to access, integrate, update, amend and delete your personal data.

For further information click [here].

9.       What is going to happen on May 25, 2018? The EU General Data Protection Regulation 2016/679 is becoming effective on May 25, 2018, introducing among others additional rights for individuals.

For further information click [here].

10.     Updates to this Privacy Policy The Company may modify or update this Privacy Policy also in order to comply with applicable law.

Please look at the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised.

11.     How can I contact you with regard to the processing of my personal data? You can contact us at the following email address :
data.protection [at] nttdata.ro.

WHAT AND WHO THIS PRIVACY POLICY COVERS?

The Company is the data controller of the personal data (i.e. information that identifies a specific person, such as full name or email address) we collect from and about you through the Website and the Company Services that is processed in compliance with the terms of this Privacy Policy.

This Privacy Policy and our Cookies Policy apply to all users, including both those who use the Website and the Company Services without being registered or having subscribed to a specific service.

WHAT TYPE OF PERSONAL DATA DO WE COLLECT ABOUT YOU?

The Company collects (1) data that you have voluntarily shared with the Company, (2) activity data collected when you access and interact with the Website or the Company Service and (3) Information from other sources.  More in particular, the Company collects the following data from and about you:

      1. Data that you have voluntarily shared with the Company: is the information we collected upon receipt of your explicit requests relevant to the use of the Company Services or with your interactions with the Website. Such information may include, for example, request to sign up for newsletters or online services, interaction with us through our contact section, etc..
      2. Activity Data. When you access and interact with the Website or the Company Services, we may collect certain information about those visits. For example, in order to permit your connection to the Website or the Company Services, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, and other software or hardware information. If you access the Website or the Company Services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information for that device.. For more information please visit our Cookie Policy.
      3. Information from Other Sources. We may supplement the information we collect with information from other sources, such as publicly available information from social media services and commercially available sources.

When the information collected from or about you does not identify you as a specific person, directly or indirectly, we may use that information for any purpose or share it with third parties, to the extent permitted by applicable data protection laws and regulations.

We do not collect:

      • Financial information from a payment service provider: in some cases, we may use an unaffiliated payment service to allow you to purchase a product or make payments. In that case, the information that you provide will be subject to the applicable payment service’s privacy policy, rather than this Privacy Policy.
      • Special categories of personal data: we ask that you do not send us, and you do not disclose, any information included in a special category of personal data (such as social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through the Website, the Company Services or otherwise.

Linked Services. The Company Services may also be linked to sites operated by unaffiliated companies, and may carry advertisements or offer content, functionality, games, newsletters, contests or sweepstakes, or applications developed and maintained by unaffiliated companies. The Company is not responsible for the privacy practices of unaffiliated companies, and once you leave the Company Services or click an advertisement you should check the applicable privacy policy of the other service.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We process the personal data we collect from and about you to:

      1. allow you to use the Website and, as the case may be, provide you with the Company Services that best suit you;
      2. measure and improve those Company Services and features;
      3. improve your experience on the Website and with both online and off-line Company Services by delivering content you will find relevant and interesting;
      4. provide you with customer support and to respond to inquiries;
      5. protect the rights of the Company and others: more in particular there may be instances when the Company may disclose your personal data, including situation where the Company has a good faith belief that such processing is necessary in order to: (i) protect, enforce, or defend the legal rights, privacy, safety, or property of the Company, our Company Affiliates or their employees, agents and contractors (including enforcement of our agreements and our terms of use); (ii) protect the safety, privacy, and security of users of the Website or of the Company Services or members of the public; (iii) protect against fraud or for risk management purposes;
      6. comply with the law or legal process; or (v) respond to requests from public and government authorities;
      7. deliver – via email, SMS, telephone, chat and social media, – offers, promotions and marketing communications of the Website and the Company Services, such as contests or other promotions arranged together with a third party that may be hosted on the Website or the Company Services or on the third party’s services;

When the data collected from or about you does not identify you personally, we may use that information for additional purposes or share it with third parties.

ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

The processing of your personal data for the purposes of:

      • Section 3, letters from a) to f) of this Privacy Policy is necessary for the running of the Website and the provision of the Company Services and therefore it is mandatory since otherwise the services could not be provided; and
      • Section 3, letter g) of this Privacy Policy is performed on the the legitimate interest of the Company and of its counterparties. This data processing activity is not mandatory and you can object at any time through the modalities as per Section 11 of this Privacy Policy

On the contrary, the processing of:

      • Section 3, letter g) is discretionary, but objecting to their performance would determine the impossibility to connect to social media services account with the Website or the Company Service; or would determine the impossibility for the Company to provide you with generic marketing communications of the Company or communications based on your interests and needs and to provide co-branded services.

You can object to the processing of your personal data for the purposes as per Section 3, letters g) at any time by sending a communication to the address: data.protection [at] nttdata.ro or completing the webform here.

HOW DO WE PROCESS YOUR PERSONAL DATA?

With regard to the above mentioned purposes, the data is processed through both electronic and manual means, and is protected through adequate security measures. With this regards, although the Company uses appropriate administrative, technical, personnel and physical measures to safeguard personal data in its possession against loss, theft and unauthorized use, disclosure or modification, it cannot guarantee that all possible cyber-risks can be excluded.

WHO HAS ACCESS TO YOUR PERSONAL DATA?

For purposes consistent with those at Section 3 of this Privacy Policy, the Company may share your personal data to the following categories of recipients located within the European Union or outside of the European Union in compliance and within the limits of the provisions of Section 7 below:

Third parties service providers entrusted with processing activities and duly appointed as processors when required by applicable laws, e.g. cloud service providers, other entities of the group, providers of services instrumental to or supporting the Company Services – and thus, by way of example and without limitation, companies that provide IT services, experts, consultants and lawyers, and

Company Affiliates, in their capacity of data controllers or data processors, a list of which Company Affiliates is available at data.protection [at] nttdata.ro;

Competent national authorities in order to comply with applicable laws.

IS YOUR PERSONAL DATA TRANSFERRED ABROAD?

Your personal data may be transferred to countries within the European Economic Area (EEA), in particular in [Germany and UK]. Some non EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. The full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679 (the “GDPR“).

WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA?

You have the right, at any given time, to:

      1. obtain confirmation as to whether or not your personal data exist and to be informed of its content and source, verify its accuracy or request integration, update or amendments;
      2. request the deletion, conversion to an anonymous form or restriction of any personal data processed in breach of the applicable law;
      3. oppose its processing, in all cases, for legitimate reasons.

With this regard you may send your request at the address outlined in Section 11 of this Privacy Policy. In your request, please include your email address, name, address, and telephone number and specify clearly what information you would like to access, change, update, suppress or delete.

Also, the additional rights outlined in Section 9 below will be effective from May 25, 2018.

    1. WHAT IS GOING TO HAPPEN FROM MAY 25, 2018?

From 25 May 2018, the GDPR will become effective and the following provisions will apply:

      1. Retention period applying to your personal data

We will retain your data only for the period necessary to fulfill the purposes for which the data was collected as outlined in this Privacy Policy. In any case, the following retention periods will apply to the processing of your personal data for the purposes indicated below:

  • data collected for the purposes as per Section 3, letters from a) to g) of this Privacy Policy is retained for the time necessary to provide you access to the Website or to grant you the provision of the Company Services plus the length of any applicable statutory limitatation period following the termination of the Company Services;

At the end of the retention period your personal data will be either cancelled, anonimized or aggregated.

      1. Additional rights

In addition to the rights as indicated in paragraph 8 of this Privacy Policy and further to the application of the GDPR, you will also have the right, in any given moment, to:

a) request to Company to limit the processing of your personal data where

– You contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
– The processing is unlawful but you do not want us to erase the data;
– We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
– Where you have objected to processing justified on legitimate interests grounds pending verification as to whether the Company has compelling legitimate grounds to continue processing.

b) object to the processing of your personal data;
c) request the erasure of your personal data without undue delay;
d) the right to data portability (i.e. to receive an electronic copy of your personal data, if you would like to port your personal data to yourself or a different provider), when we are relying upon your consent or the fact that the processing is necessary for the provision of the Company Services and the personal data is processed by automatic means;
e) the right to lodge a complain with the relevant supervisory authority.


  1. UPDATE TO THIS PRIVACY POLICY

    The Company may modify or update this Privacy Policy also also following different interpretations, decisions, opinions and orders relating to the the GDPR. Please look at the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will be notified in advance and will in any case be available when we post the revised Privacy Policy on the Website or the Company Services. If we make material chances to this Privacy Policy that expand our rights to use the personal data we have already collected from you, we will notify you and provide you with a choice about our future use of the personal data.

    CONTACT US

    If you have questions about this Privacy Policy, please contact the Company at the following email address: data.protection [at] nttdata.ro.