Privacy Notice

regarding the processing of personal data through reea.net website

The purpose of this Privacy Notice is to inform you about the processing of your personal data on reea.net website, owned by SC Reea SRL.

REEA SRL is a Romanian company, organized under the Romanian law, based in Târgu-Mureș, 41 Republicii Square, Mureș County, Postal Code 540110, registered with the Mureș Trade Registry J26/628/1998, tax code RO10966500.

When you visit or use our Website, we process a series of your personal data, as we will describe below. In the view of the legislation regarding the protection of personal data, Reea SRL is in this situation the Data Controller and you have the status of Data Subject. Please read this Notice carefully to understand how we process your personal data.

This Privacy Notice is formulated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, also known as the "GDPR Regulation".

The processing of personal data is the set of operations that we can perform on your data, such as: collection, storage, organization, transfer, and deletion of data.

This Notice on the processing of personal data is an integral part of the Terms of Use of the Website.

1. What data we collect and under which legal basis we process such data?

Your personal data might be collected by us:

• • directly from you (the data you introduce in the contact form, in your comments on our blog, if you choose to contact us by phone or by postal address);
• • noticed by us when you browse our website.

2. Personal data provided directly by you

You can write us a message through the Contact form. The data you enter in this form (name, surname, e-mail, telephone, message) are collected directly from you and are processed based on our legitimate interest to respond to your request and to keep a record of the requests made by the people who contact us.

In this case, your data is processed by our website hosting provider Hetzner Online GmbH. All data is processed exclusively on infrastructure located in the European Union.

Apart from the Contact form, you can contact us by phone or by writing to our postal address. We will process your contact details and other information you send us based on our legitimate interest to respond to your requests.

If you choose to post a comment on our blog posts, we only use the data you submit (pseudonym/alias and message) to post your comment. In this case, we also process your data based on our legitimate interest to respond to your comment and to moderate our blog.

In this situation, your data is processed through our website hosting provider Hetzner Online GmbH, a company that stores the data on servers located in the European Union.

When you choose to contact us by any means, please send us only personal data strictly necessary to resolve your request.

3. Traffic data, collected automatically while browsing our Website

Our website automatically collects certain information in our legitimate interest to ensure its security and optimal functioning.

This information collected by us is traffic data sent automatically by your browser - collected by us or through third-party services: Google, YouTube, Meta (Facebook, Instagram), Twitter, LinkedIn - are statistical data, in anonymous form , which, although individually (or in isolation) cannot lead to direct identification, through correlation with other data sets, in exceptional situations have the potential to be used to identify a person, such as: locating the device from which you access the Internet, established on the basis of the IP address or following your consent, provided through the device used for access; the browser used for navigation, its version and functions; other information accessible through the browser or application used, such as for example the version the operating system or resolution used on your device; the names of pages accessed and/or files downloaded, the source of the previous page.

We use cookies and similar technologies on our website. You can find out more details in our Cookie Policy.

The anonymized statistical data to which Reea, as a beneficiary of Google Analytics services, has access are anonymized and do not provide information about an identifiable person.

4. Data collected as Joint Controllers

In the case of Reea accounts on various social networks (Facebook, Twitter, LinkedIn, YouTube, etc.) - we collect your data only for normal interaction within that network, when: you subscribe to our pages, if you leave us comments on our posts, like/share or write us a direct message. In these cases, we have access to your public profile, the reaction made, the date and time of the message/comment.

The data is collected jointly with the social networks, with which we are Joint Controller. The legal basis for collection is your consent. The data is used to publish the comment or to be able to respond to the message you sent us. The data is kept until: the closing of our page on the social network, the moment when you withdraw your previously obtained consent via the social network, or until you ask us to delete this information.

When you interact with our pages on various social networks, those networks process some personal data, based on which they provide us with aggregate statistics. These statistics do not directly contain personal data, but only information such as: the number of views of our page, the number of people to whom the content of our page was displayed to, the number of likes our page has.

Our accounts on these various social networks are created under the conditions imposed by the respective networks. For more details about the processing of your data by these networks, please read their personal data processing policies.

When we choose to personalize the audience of our advertising posts on Facebook, we set certain interest categories, such as: residents of certain cities or a certain business category. These categories are based on personal data processing, but we do not have access to these data, but Facebook makes available to us the categories previously indicated by us. Thus, the personal data required for inclusion in a certain category are processed only by Facebook. We process such data based on our legitimate interest to promote our brand or certain services and to be able to prove, if necessary, the correspondence we have had with you.

5. How we store and protect your personal data?

Reea securely stores your data on servers located in the European Union.

Reea implements appropriate technical and organizational measures to ensure the security, confidentiality, integrity, availability and protection of data against destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data processed.

Some of the technical measures are:

• - Implementation of an ISO27001 certified information security management system. This system involves a series of technical (monitoring systems, compliant equipment, specialized staff, physical, cyber security measures, etc.) and organizational (policies, operational procedures) measures that apply to all staff;
• - Use of cryptographic systems for medium and long-term data storage;
• - The use of antivirus solutions on the computer systems we use;
• - Encryption of electronic communications;
• - Safe and redundant backup systems.

Some of the organizational measures are:

• - Appointment of a Data Protection Officer (DPO);
• - Designation of a person in charge of the information security management system;
• - Adoption of an internal code of conduct, applicable to all staff;
• - Ensuring specialized legal support regarding local and international legislation on personal data;
• - Establishing contractual obligations with our partners and employees regarding the confidentiality and protection of personal data.

Your personal data that we process is limited to those that are necessary, appropriate and relevant for the purposes stated in this Privacy Notice.

Even though we strive to provide as much security as possible to your data, we cannot 100% guarantee the security of the information transmitted, considering the lack of security of data transmissions made via the Internet due to external factors such as: viruses or malware programs, the loss of the electronic devices from which you access the Website, the access of unauthorized persons to your electronic devices, the insecurity of some Wi-Fi networks.

For better protection of your data, we recommend:

• - In the relationship with us, do not communicate personal data unless expressly requested;
• - Change Wi-Fi router username and password;
• - Choose strong, complex (use a password manager), unrelated passwords for your electronic devices and save them in a secure way;
• - Secure your electronic devices with passwords or other locking methods;
• - Do not leave your electronic devices unattended;
• - Check the identity of the people you communicate with, to ensure that you do not communicate personal data to people who do not legally represent us.

1. How long do we keep your personal data?

The collected data will only be kept for a determined period, depending on the needs and purpose of the processing.

If you choose to contact us through the Contact form, we will keep your data for 3 years from the date we last communicated with you or from the date of our final resolution regarding your request.

If you choose to leave us a comment on the blog, we will keep the data you provided for the entire duration of the existence of our website.

The data obtained based on your consent will be kept until the consent is withdrawn.

Traffic data is kept for a minimum of one year and a maximum of three years.

After the expiration of the periods indicated above, your data will be deleted by the persons authorized by Reea according to our internal procedures.

6. Who do we share your personal data with?

In accordance with the above purposes, your personal data will not be sold or rented to third parties.

We will share your personal data only to the extent necessary and only to the following categories of third parties:

1. If you choose to use our Website, we will be able to provide your personal data to:

• - the company that provides us with certain services, as we have indicated in Section 2 of this Privacy Notice (eg: the company that hosts our servers, Hetzner Online GmbH);
• - archiving services in physical and/or electronic format; legal, notarial, accounting or other consulting services.

The third parties indicated above, who have access to your personal data, are obliged, according to the legislation in force or the contracts we have concluded with them, to use the personal data to which they have access only for the purpose of providing the service for which we contracted them.

1. Public authorities and institutions if we have a legal obligation to disclose them.
2. We may disclose your personal data to third parties:

• - If you request or consent to this;
• - If those people can demonstrate that they have the legal authority to act on your behalf;
• - If we have a legitimate interest to administer, expand or develop our business: in the event that the Company or a substantial part of the Company’s assets is acquired by a third party, and the personal data held by us will be part of the transferred assets;
• - In order to respond to any claims, to protect the rights of a third party, to protect the safety of any person or to prevent any illegal activity;
• - To protect the rights of the Company or our employees and customers, as well as others.

7. Transfer of personal data outside the Economic European Area(EEA)

Reea stores the personal data it processes on servers located in the European Union.

However, some personal data to which we have access may be processed by Reea's partners who operate outside the European Economic Area (EEA). Thus, there are situations in which Reea collaborates with other companies that provide similar services, under Reea's guidance. In this case, the respective companies collect personal data under the guidance of Reea, having the role of processors from the perspective of the legislation on the processing of personal data. In this case, the companies authorized by Reea have contractual obligations to respect the confidentiality of personal data and to provide an adequate level of security. Companies authorized by Reea have the obligation not to transfer personal data to third parties without Reea's consent or without complying with Reea's instructions.

In case we provide any personal data to Reea's partners operating outside the EEA, we will take appropriate measures to ensure that they provide an adequate level of protection for the data they have access to. These measures include the conclusion of contracts in accordance with standard contractual clauses approved by the European Commission. If necessary, we also implement additional security measures, such as encryption and/or pseudonymization.

8. Which are your rights and how do we respect them when we act as Data Controllers?

Personal data legislation gives you several rights in relation to your data; please find below details about your rights and how you can exercise them:

1. Right to access - you have the right to request information about your personal data that we process, including the purpose of the processing, if and with whom it is shared and how long it will be kept.

2. Right to rectification - if your processed data is inaccurate, you have the right to obtain their rectification or completion.

3. Right to erasure ("the right to be forgotten") - you have the right to ask us to delete data we process about you, except in the case where the data is necessary for us: to exercise the right to free expression and information; for compliance with our legal obligations; for archiving purpose in the public interest, for scientific purpose, historical or statistical research; for establishing, exercising or defending a right in court.

4. Right to restriction - you can request the restriction of the processing of your personal data if: you dispute the correctness of the data, for the period in which we verify the accuracy of the respective data; the processing is illegal and you object to the deletion of your personal data, requesting instead the restriction; the data are no longer necessary for us to process, but you request them to establish, exercise or defend a right in court; you have objected to the processing, for the period of time in which we check whether our legitimate rights prevail over your rights.

5. Right to data portability - you have the right to receive your personal data from us if you have previously provided it to us in a structured, machine-readable form. You also have the right to ask us to transfer your data to another data controller.

6. Right to object - you have the right to object at any time, given your particular situation, to the processing of your data if we are processing it on the basis of our legitimate interests or the legitimate interests of a third party. In such a situation, we will no longer process your data with the following exceptions: (i) if we can demonstrate legitimate grounds and an interest that prevails over your interests, rights and freedoms and (ii) if the purpose of the processing is to establish, exercise or defend a right in court.

7. Right to withdraw your consent - if your personal data is processed based on your consent (e.g. subscribing to the newsletter), you can withdraw your consent at any time. The withdrawal of consent does not have retroactive effect, so the withdrawal of consent does not affect in any way the processing carried out prior to the withdrawal.

8. Right to lodge a complaint to the National Data Protection Authority (ANSPDCP) - you have the right to lodge a complaint to the ANSPDCP if you believe that your personal data rights have been violated. Complaints can be submitted online, for more details regarding how to lodge a complaint to the Romanian Data Protection Authority please access the following link: https://www.dataprotection.ro/?page=Plangeri_pagina_principala

9. What can it happen if you do not wish to transmit your personal data to us?

In most cases, you do not have to provide us with your personal data. However, there are situations in which, without additional data, we cannot resolve your request. Also, if you do not provide us with this data, it will not be possible for us to provide you our services.

10. Further processing of personal data

Reea uses your personal data only for the purpose for which it was collected. According to the GDPR, the further processing of personal data for historical, statistical or scientific purposes is compatible with the initial purpose of processing.

11. Absence of automated decision-making process

As a user of our services, you will not be subject to a decision based solely on automated processing, which produces legal effects on you or similarly significantly affecting you.

12. How can you reach us?

To send us a request related to the processing of your data, please write us a message in the contact form available on the Website or write us an e-mail at dpo.in@reea.net.

We will inform you, within one month of receiving your request, about the actions taken. This term can be extended to two months when necessary, considering the complexity, the number of applications or the impossibility of identifying the applicant. If the deadline is extended, you will be informed within one month of receiving the request, also presenting the reasons for the delay. If we cannot identify the person contacting us, we will only be able to respond to the respective request if we request and receive additional information to be able to identify the data subject.

If we do not resolve your request affirmatively, we will inform you of this within at most one month after receiving the request, regarding the reasons why we did not act and the possibility of filing a complaint with the ANSPDCP or the court.

13. Final clauses

This Privacy Notice may change from time to time. Changes are in force from the moment they are placed on the website. Each time your consent is required, we will inform you. We therefore recommend that you consult the Privacy Notice each time you use the website.

This version of the Privacy Notice is stored at https://www.reea.net/privacy/data-processing-policy-reeanet.

Version 2 – in force since November 3rd, 2023

Version history

1. Version 1 – in force from November 13, 2018 to November 2nd, 2023