General framework

 

Although Expert Software is a business dedicated company, this section is addressed to you personally, because the account you use to access the Expert Software applications, even if assigned to a company, has associated your personal or identification data, as defined in the GDPR legislation (first name, last name, email address, IP address from which you access our applications, company position an so on). The role of this section is to present you   our policy of using this data and to offer you the possibility to take control over them.

Starting with May, 25th 2018, the European Regulation 2016/679 regarding the processing of personal data, commonly referred to as the GDPR (General Data Protection Regulation), became applicable. It’s main purpose is to increase the level of personal data protection and to create a safe climate, that allows each person to control it’s own data.

Expert Software has been developing custom IT and software solutions since 2003 and keeping the information confidentiality represents an essential condition for our existance in such a competitive industry. This is the reason why data security and confidentiality has always been our highest priority. Moreover, we can ensure you that your personal data will never be transferred to any third party, except for the legitimate purposes of operating the Expert Software applications or the cases required by law and by the Romanian State authorities.

 

Processed data

 

The personal data we process are mainly identification data, such as: name, surname, personal ID, localization (IP), contact data (phone number, e-mail address, associated company), cookies, job position.

 

Storage and processing purpose

 

We only store and process personal data for legitimate purposes, such as providing the services agreed upon the contracts concluded between us, Expert Software SRL and the company you represent, or the collaborators who send you data regarding the commercial relationship you are developing with them. In this category are included:  data delivery of the company you represent, support services, improvement and development of the products and services we provide you, notifications regarding the contracted services or available services. The storage and processing of personal data is based on the performance of contracts concluded between us, access to the data made available to you by the trading partners with whom you work, compliance with legal obligations, our legitimate interest or, where appropriate, your consent, if you have indicated your choice.

 

Transfer of personal data to third parties

 

In order to fulfill our legal obligations, or for other legitimate purposes, it is possible to send your personal data to public and judicial authorities, commercial partners of the company you represent, empowered companies to whom we have outsourced the provision of certain services and other categories of recipients from Romania, but always ensuring that appropriate safeguards to protect your personal data are established.

 

Duration of data processing

 

Your personal data is processed throughout our contractual relationship and, after its completion, at least for the period required by the applicable legal provisions, included but not limited to the provisions on archiving (e.g.  keeping invoices with the personal data of the person who issued it in the electronic archives for 10 years, maintaining security auditing and access for the users of Expert Software applications for at least 3 years).

 

Rights of individuals

 

Whereas the GDPR purpose is to assist us, once  this Regulation came into force, there is also a list of rights we have as citizens of EU, and which we present to you below, and we urge you to access whenever you consider it necessary:

Right to information – you can always ask for information about the processing of your personal data;

• Right for rectification – you can rectify or complete inaccurate or incomplete personal data;

• Right for erasure ("right to be forgotten") you can obtain the deletion of data if their processing has not been lawful, or in other cases established by law;

• Right for processing restriction – you may request that the data processing to be restricted if you challenge the accuracy of the data, as well as in other cases provided for by law;

• Right to object – you may oppose, in particular, data processing based on our legitimate interest;

• Right for data portability  - you can receive, under certain conditions, the personal data you provided to us, in a machine-readable format, following a written request;

• Right to lodge a complaint – you may lodge a complaint as to how your personal data are processed with the  National Supervisory Authority For Personal Data Processing;

• Right to withdraw consent – in cases where data processing is based on your consent, it may withdraw at any moment.  Withdrawal of consent will only have effect for the future, as theprocessing carried out prior to withdrawal remaining valid. This can be done from the GDPR menus on our online platforms and applications;

 

Additional rights attached to automatic decisions: you can request and obtain human intervention on the processing, express your own view on it and challenge the decision.

 

You can exercise these rights very easily, by simply sending a written request to our headquarters located in Bucharest, no.319C Spl. Independentei, Trust Center Building A, 1st floor, district 6, or by e-mail, to dataprotection@xpertsoft.ro