fPRIVACY POLICY regarding the processing of personal data

Last update: 24.11.2022

The purpose of this Privacy Policy is to explain how, when and why is your personal data processed by or through our website, as well as to inform you regarding the legal rights you have as a data subject related to the processing of your personal data.

This Privacy Policy does not consider the processing activities performed by our partners. Please check our partner’s privacy notices for information on the way they process your personal data as controllers.

1. WHO ARE WE?

The website www.worldcomm.ro  is owned and administrated by World Comm Trading GFZ SRL, a company incorporated by Romania  laws, headquartered in Bucharest,Splaiul Independenței, no. 319, OB 209, registered under trade registration no. J40/10819/2014, VAT no. RO16167421, hereinafter referred to as `the Controller` or `Us`.

World Comm ensures the distribution of a large range of handheld mobile devices, mobile accessories, and related products, in a very short time anywhere in Romania.

2. DEFINITIONS

• Personal data or personal information – means any information regarding an identified or identifiable natural person;
• Controller – means the natural or legal person that determines the purposes and means of the processing of personal data processing. Regarding the personal data processing activities performed through the website, the Controller is WorldComm Trading GFZ SRL;
• Data subject – means the identified or identifiable natural person the personal data refers to;
• Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, storage, adaptation, consultation, use, disclose or deletion;
• Consent of the Data subject – means any freely given, specific, informed and unambiguous indication of the user’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• The website – worldcomm.ro

3. HOW DO WE COLLECT PERSONAL DATA?

As a rule, the Personal Data we process is collected directly from you as a Data Subject. However, there may be situations where data is collected indirectly from social media, from the website of the company you represent, from your employer as a contact person, from a third party who recommended you or from various public platforms (for example ad platforms).

When we do not receive personal data directly from you, we will inform you accordingly on the processing activities within the legal term.

4. CHILDREN AND SENSITIVE DATA

Our Website and services are not intended for individuals below the age of 16. We do not intentionally collect Personal Information from children below the age of 16.

If you are the parent or legal guardian of a child below the age of 16 and you believe your child has provided us with personal information, please contact us to request the deletion of these personal data. If we confirm that we have collected this kind of personal information, we will delete that information as soon as possible.

We do not collect nor is our intention to collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation or personal data relating to criminal convictions and offences or related security measures, excepting the situations expressively regulated by the applicable law.

5. OUR PURPOSES FOR PROCESSING PERSONAL DATA, LEGAL GROUNDS AND RETENTION PERIODS

Below you will find information about the purposes for which we Process your Personal Data, the categories of Data we collect for those purposes, the legal grounds on which we carry out the Processing activities and the periods of time we store the Personal Data, in relation to the purposes of the Processing.

Where the lawful basis for the Processing is the Data Subject’s Consent, you may withdraw your consent at any time without constraint and without affecting the lawfulness of the Processing prior to its withdrawal.

• Purpose: Provision of goods and services, including through business partners

Personal data categories: name and surname, contact data (e-mail, phone number/numbers), delivery and billing addresses, desired product/service, payment method, returns of purchased products

Legal ground: execution of the contract regarding the provision of our services/goods, legal obligation regarding the issuance and content of the invoice, according to the Tax Code

Retention period: the entire duration of the contract and subsequently 10 years after the delivery/supply of goods and services, according to the legal obligations to keep financial and accounting documents

Your refusal to provide one or more details explained above will make it impossible for us to provide you our goods and services.

• Purpose: Commercial communications, surveys, marketing analysis

Personal data categories:  name, surname, e-mail, phone number

Legal ground: your freely expressed consent

Retention period: until the withdrawal of consent

• Purpose: Video surveillance

Personal data categories:  the image provided through CCTV systems

Legal ground: legal obligation regarding the security of assets and objectives according to Law no. 333/2003 and the methodological rules of implementation

Retention period: 20 days or for the period necessary for the investigation and, as the case may be, the trial of possible crimes or contraventions according to the legitimate interest or legal obligations of the controller.

• Purpose: Recruiting for vacant positions

Personal data categories: name, surname, phone number, e-mail, education, professional experience, targeted role, profession or qualification, professional and social skills and any other relevant information provided by you, as candidate

Legal ground: take steps at your request to conclude a working contract with us and our legitimate interest to contact you for future vacant jobs

Retention period: the data will be retained according to the applicable law, if entering into a contract, or up to 1 year from the ending date of the selection and recruitment process

Your refusal to provide one or more details explained above will make it impossible for us to add you to our selection and recruitment process and to hire you at WorldComm.

• Purpose: Assistance and support via phone, email, regarding WorldComm services and products

Personal data categories: our first and last name, contact data (email, phone number/s), product and service order data and other data that you voluntarily provide in your message, including when you decide to continue our discussion via email or phone messages

Legal ground: the our legitimate interest to provide assistance in the sale/supply of products and services

Retention period: for the duration of the requested support/assistance

Your refusal to provide one or more details explained above will make it impossible for us to providing you with assistance and support.

• Purpose: Comply with legal obligations – invoicing, accounting records, archiving, etc.

Personal data categories: according to the legal provisions, the data collected for this processing may be your name, surname, company, position or representation powers, bank account information and any other personal information required by law

Legal ground: compliance with a legal obligation

Retention period: the data will be retained according to the applicable law

• Purpose: To establish, exercise or defend a legal right in a court proceeding, administrative proceeding or other official proceeding in which we are involved.

Personal data categories: name, surname, any other information necessary to fulfil the purpose

Legal ground: the our legitimate interest to defend or exercise his rights and interests or the fulfilment of legal obligations

Retention period: according to the applicable law or until the final resolution of the case

• Purpose: Enter into or execute commercial contracts, including the necessary correspondence – if you are the representative or employee of our existent or potential client company

Personal data categories: name, company, position, signature (for the representatives), contact details such as phone number and e-mail address

Legal ground: our legitimate interest to provide our services by concluding and executing commercial contracts

Retention period: during the existence of the contract with our client and after the termination for the period necessary to keep the evidence of providing our services

6. COOKIES

Our Website uses cookies, plug-ins and other online identifiers in order to ensure functional browsing or to provide a better browsing experience, to perform statistical analysis on accessing information on the site, or to provide you with custom content and advertising appropriate to your preferences and interests.

Cookies are small text files placed by the visited website or page, through the browser, on the device you use for browsing (computer, smartphone, etc.), which identifies the device when the website or the page is accessed.

Plug-ins are small software applications placed by social media platform providers that integrate them when they are included on the visited website or page.

Online identifiers may be placed by WorldComm or by third-parties. In accordance with the permissions you have granted, our partners, third-party websites, will place cookies that will allow you to view the content of these third-party websites on our website and to share the content on the website. The third-parties may collect and use your personal data through their cookies for the purposes they have determined in accordance with their privacy policy. WorldComm provides you with the identity information and links to these third-parties, as well as the option to accept or reject their online identifiers.

Personal data may be processed through cookies on the basis of the users’ prior consent, excepting those situations when the cookies and other online identifiers are used for the purpose of transmitting a communication via an electronic communications network or they are necessary in order to provide an information society service, expressly requested by the user. In such case, the processing of personal data is carried out in accordance with the legislation in force on personal data processing and privacy protection in the electronic communications sector on the basis of our legitimate interest of ensuring safe browsing of our website, both for us and for our users, by implementing appropriate technical and organizational measures.

Depending on the cookie type, the categories of personal data processed by cookies may be information about the used device, journal information like IP, searches, browser, browser’s language, hardware settings, date and time of the request, method used to send requests to the server, file capacity obtained in response, and other parameters regarding the user’s operating system.

Detailed information on the cookies our website uses may be found in our Cookie Policy.

7. AUTOMATED DECISION MAKING

We do not make decisions based solely on automatic data processing of your data including profiling that will have legal effects on you or that will affect you in a similar way to a significant extent.

 

8. DISCLOSURE AND TRANSFER OF PERSONAL DATA

We may transfer your personal information, to the extent that this is necessary, to the following categories of recipients: companies from the same group, service partners, subcontractors, shipping providers, payment providers, archiving companies, IT service providers, software or hardware vendors, market research companies, marketing companies, public authorities, court or arbitral tribunals, as well as competent authorities to investigate criminal offenses.

The Personal data may be disclosed or transferred to the categories of recipients mentioned above in order to provide our services at the highest quality level, ensuring the intervention of specialists by outsourcing parts of our business or to provide access to services and benefits according to our business partnerships or to ensure compliance the specific legal obligations to which we are subject according to the activity carried out.

As a rule, these recipients are located in the European Economic Area or in third countries for which the European Commission issued decisions recognizing the adequate level of Personal data protection ensured by those countries and we do not transfer data to countries that are not in one of the situations mentioned.

In the event that, in exceptional cases, your data is transferred to third countries other than those for which the appropriate level of protection of personal data has been recognized, you will be informed in accordance with the legal requirements.

9. SECURITY OF PERSONAL DATA

The security of your Personal Data is important to us. Therefore, we maintain a variety of appropriate technical and organizational measures to protect your Personal Data from loss, misuse, and unauthorized access or disclosure. We limit access to Personal Data to employees who we believe reasonably need to retrieve that information to provide our services. Considering the current state of technology, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect your Personal Data, such as limiting access, encrypting, anonymizing, or storing it on secure media.

Given the technological dynamics and the magnitude of the current threats in the online environment, despite our considerable efforts to ensure the highest possible level of protection of personal data, we cannot always guarantee the absolute effectiveness of the security measures implemented. For this reason, it is very important that you, as the Data subject, know the risks and take minimum measures to protect your Personal data, by thoroughly checking the sources of information, avoiding access to suspicious or unknown links, regular change of passwords and the use of appropriate anti-virus and anti-malware solutions.

10. YOUR RIGHTS AND HOW TO EXERCISE THEM

Right to be informed:

You have the right to be informed regarding the processing of your personal data, as we are doing through this Privacy Policy.

Right of access:

You have the right to obtain confirmation whether or not we process your Personal Data, as well as information on the specifics of the processing activities, as well as get access to that Personal data.

Right to rectification:

You have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the Processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure:

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay to the extent that the legal requirements are met. Personal Data will be erased when the legal requirements are met.

Right to restriction of processing:

If the applicable legal provisions are met, you have the right to obtain the restriction of Processing of your Personal Data.

Right to data portability:

If the applicable legal provisions are met, you have the right to receive your Personal data which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller.

Right to object:

In certain situations, such as when we process Personal Data based on legitimate interest, you have the right to object the Processing of your Personal Data. In the event of unjustified opposition, the Controller is entitled to further process your Personal data.

Right to object commercial communication:

You may also object to the Processing of your Personal Data for the purpose of sending commercial messages.

Right not to be subject to decisions based solely on automated processing:

If the applicable legal provisions are met, you have the right not to be subject to a decision based solely on automatic processing, including profiling, which has legal effects on you or affects you similar to a significant extent.

Right to address to the Supervisory Authority:

You have the right to file a complaint with the competent Supervisory Authority on any violation of your rights regarding the processing of your Personal Data.

The Romanian National Authority for the Supervision of Personal Data Processing may be reached at the following contact details:

• Postal address: 28-30 G-ral. Gheorghe Magheru Boulevard, District 1, Bucharest, Romania, zip code 010336;
• e-mail: anspdcp@dataprotection.ro;
• website: dataprotection.ro.

If you want to contact the Supervisory Authority from your place of residence, another EU Member State, you may find the contact details at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-ie.

Consent withdrawal:

To the extent that we process your Personal data based on your given Consent, you can withdraw your Consent at any time, without affecting the lawfulness of the Processing based on the consent prior to its withdrawal.

Except for the right to contact the Supervisory Authority, which you can exercise using the contact details indicated above, you can exercise your legal rights by contacting our Data Protection Officer in writing at the e-mail address privacy@worldcomm.ro

We will respond to your requests without undue delay and in any case within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of applications. We will inform you of any such extension within one month of receiving the request, stating the reasons for the delay.

In the event that we do not take action on your request, we will inform you, without delay and no later than one month after receipt of the request, of the reasons for not taking action. In such a case, you have the possibility to lodge a complaint with the competent Supervisory Authority or to take a legal action.

11. UPDATES

This Policy is subject to periodic review and updating to ensure that it always corresponds to reality and it is in line with the applicable legal requirements. For this reason, please consult this section regularly to keep up to date with any changes. Any major changes to this Policy will be notified accordingly.

12. CONTACT

If you have any questions or concerns regarding the Processing of your Personal Data, this Privacy Policy or how it applies, or you wish to exercise any of your rights, you can contact the Data Protection Officer within WorldComm in one of the following methods:

• Email:  privacy@worldcomm.ro
• Postal address: Bucharest, 319 Splaiul Independenței., OB. 209, Ground Floor, Left, SEMA PARC 6th District., mentioning “in the attention of the Data Protection Officer”.

We thank you for your interest,

WorldComm team