Informații privind protecția datelor cu caracter personal conform Art. 13 al Regulamentului General privind Protecția Datelor (GDPR)

The Data Controller, in accordance with Article 4, Paragraph 7 of the General Data Protection Regulation (GDPR), is:UNICOM HOLDING SA
‍
CUI: RO3507700
Registration Number: J20/1100/2399236
Address: Bdul Pipera 1-IA, Voluntari City, Ilfov County
Email: dataprotection.uh@unicom-group.ro
Website: unicom-holding.ro

If you have any questions regarding the protection of personal data, please contact the person responsible for data security at UNICOM HOLDING by mail at the address specified above, marked “For the attention of the Data Protection Officer”, or by email at the following address: dataprotection.uh@unicom-group.ro.

‍Note:
If you choose to contact us via email or through a contact form, the information you provide (such as your email address and, if applicable, your name and phone number) will be stored by us in order to respond to your request. We will delete the provided data when it is no longer necessary to store it or restrict its processing if there is a legal obligation to retain the data.

1. Scope of Personal Data Processing
We assure you that the data stored by us, UNICOM HOLDING SA, is used solely to respond to requests, to fulfill and execute contracts concluded between the parties (including payment processing and any necessary credit checks), and for marketing purposes. The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act.
If you contact us with a question, request a quote, or if a contractual relationship is established between the parties, we will process personal data.

‍2. Legal Basis for Processing Personal Data
When we process personal data based on consent, Article 6(1) of the GDPR serves as the legal basis.
For the processing of personal data to fulfill a contractual relationship, we rely on Article 6(1)(b) of the GDPR. This also applies to processing operations necessary for pre-contractual measures.
As long as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and your interests, rights, and fundamental freedoms do not override this legitimate interest, then Article 6(1)(f) of the GDPR serves as the legal basis for the processing of personal data.

‍3. Deletion and Retention Period of Personal Data
UNICOM HOLDING SA blocks or deletes personal data as soon as the purpose of processing is no longer applicable. Data may be retained if required by European or national legislation under EU regulations, laws, or other provisions to which we as the data controller are subject.
Blocking or deleting personal data also occurs when retention periods established by the aforementioned regulations expire, except where there is a necessity to retain the data further to conclude or fulfill a contract.

1. Visiting the Website
You can use our website without disclosing any personal data. By accessing our website, certain data is stored for security purposes, such as the name of your internet service provider, the website from which you visited us, the websites and pages you visit through us, and your IP address. These pieces of information might allow identification; however, no personalized use takes place in this regard. The data mentioned above may be analyzed for statistical purposes, with the user remaining anonymous. Regarding data transfer to external service providers, we have ensured through technical and organizational measures that the regulations and provisions regarding personal data protection are respected.
‍
Processing and temporary storage of data is necessary to allow access to and delivery of the website to your computer under optimal conditions. For this purpose, data remains stored during the session.
The processing purpose is based on legitimate interest in accordance with Article 6(1)(f) GDPR.

2. Use of Cookies
Out of respect for personal data confidentiality, the website UNICOM-HOLDING.RO uses various cookies: technical cookies, marketing cookies, and analytics cookies. You can also visit our website without cookies, except for those that are technically necessary. The law provides that we can store cookies on your device only if they are strictly necessary for the operation of the website. For all other types of cookies, we need your permission. This site uses different types of cookies. Some cookies are placed by third-party services appearing on our pages. You can always change or withdraw your consent regarding cookies on our website.
Learn more about who we are, how to contact us, and how we process personal data in the “Privacy Policy.”

3. Filling Online Forms for Contact, Quote Requests, or Phone Contact
By providing personal data in the online forms on UNICOM HOLDING SA websites, you agree that UNICOM HOLDING may provide your company, by email or phone, information related to UNICOM HOLDING SA products and services. If your company should not be informed through the contact person or does not wish to receive information by these communication means, the contact person can leave the contact data fields empty. This approval may also be revoked at any time later without any cost for revocation. The use of data for these purposes can be contested at any time.
‍
By filling out the online forms, you agree that the named contact person is responsible for the information provided to UNICOM HOLDING SA and is informed about the data communication and the above consent.
There is no obligation to fill in all data. However, UNICOM HOLDING SA can only send requested information by the desired and requested means for the contact person if you provide the appropriate contact data. The legal basis for processing data based on consent is Article 6(1)(a) of the GDPR.

4. Web Analysis
We use various tools to analyze browsing behavior on our website.Use of Google Analytics
We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files stored on your computer to analyze website usage. Information generated by the cookie may include:Browser type/versionOperating system usedReferring URL (previously visited webpage)IP address of the computer accessing the websiteTime of website accessThis information is generally transmitted to a Google server in the USA and stored there. The IP address sent by the browser within Google Analytics is not linked to other Google data. We have extended Google Analytics on our website with the “anonymizeIP” code, ensuring IP addresses are masked, so all data collected is anonymized. Only in exceptional cases is the full IP address transferred and stored by Google.
Google complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
On behalf of the website operator, Google uses this information to evaluate website usage, prepare reports on website activities, and provide related services. The legal basis for data processing is your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie banner, effective for the future. You can also contact us by email: dataprotection.uh@unicom-group.ro.
‍
To better integrate and manage Google Analytics on our site, we use Google Tag Manager. According to Google, no cookies are used, and no personal data is collected.
We use Google Analytics to evaluate data from DoubleClick cookies and AdWords for statistical purposes. If you do not wish this, you can disable it through Google’s Ads Preferences platform (https://adssettings.google.com/authenticated?hl=ro).
More information about personal data protection used through Google Analytics can be found in “Google Analytics Help” (https://support.google.com/analytics/answer/6004245?hl=ro).
Data is kept for statistical purposes for 26 months.

5. Use of Google Maps
We use Google Maps on this website to display interactive maps and allow map function usage. When you visit the website, Google receives a notification that you accessed a subpage. Other data, such as IP address, date/time of access, referring website, browser, and operating system, are also sent to Google. This happens regardless of whether you have a Google account logged in. If logged in, data is directly associated with your account. To prevent association, log out of your Google account before visiting the website. Google stores data as user profiles used for marketing, market research, and platform design to meet user needs. This includes targeted advertising tailored to preferences, even for users not logged in. You can object to such profiling by contacting Google directly.
For further info about the purposes and scope of data collection and processing by the plugin provider, consult their privacy statements at https://policies.google.com/privacy. Google may process data in the USA and adheres to the EU-US Privacy Shield framework.
The legal basis for transfer is your consent under Article 6(1)(a) GDPR. You can withdraw your consent anytime. Contact us at dataprotection.uh@unicom-group.ro.

6. Google AdWords
Our website tracks Google conversions through Google Conversion Tracking. If you reached our site via a Google ad, Google AdWords places a conversion tracking cookie on your computer.

This cookie expires after 30 days and is not intended for personal identification. If you visit certain pages on our website while the cookie is still active, Google and we can see that you clicked the ad and were redirected to that page. Each advertiser has a unique cookie, so cookies cannot be tracked across different advertisers.
Data obtained via conversion cookies are used to compile conversion statistics for AdWords clients, showing the total number of users who clicked their ad and visited tagged pages without revealing personal identities.
If you do not want to participate in tracking, you can refuse cookie installation by setting your browser to block cookies from “googleleadservices.com” or disable automatic cookie installation altogether.
Please note that if you delete all cookies, you need to reset the opt-out cookie to maintain your refusal.

7. Facebook Page and Personal Data Protection
Besides this website, we also operate a Facebook page: https://www.facebook.com/unicomholding, where we present our company, offer information, and communicate with clients and interested persons. We process personal data only if you interact with our Facebook page, for example by commenting, liking, or sending a message. The legal basis for personal data processing is partly Article 6(1)(b) GDPR (e.g., if you send us a contact request) and partly consent under Article 6(1)(a) GDPR (e.g., liking a post, commenting, or uploading content). You can revoke your consent at any time by deleting comments or posted content. Withdrawal does not affect the lawfulness of processing done before withdrawal.
We also analyze visits and interactions on our Facebook page, for which Facebook creates user profiles and provides us with anonymized data only.
‍
Please note that Facebook processes personal data independently, with headquarters in Ireland and the USA. Facebook stores and uses data for marketing, market research, and personalized ads, often using cookies tracking behavior across devices. You can consult Facebook’s privacy policy here: https://www.facebook.com/about/privacy/. Facebook offers opt-out options at www.facebook.com/settings.
‍
Facebook may process data in the USA or other third countries but only transfers data to countries with European Commission adequacy decisions or guarantees under GDPR Articles 45 and 46. Facebook Inc. is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
You can exercise your data subject rights related to Facebook processing (see “Data Subject Rights”) by contacting Facebook directly or consulting their privacy statement.

1. Purpose and Legal Basis for Processing Personal Data
We process personal data in accordance with the EU General Data Protection Regulation (GDPR), as well as the Federal Data Protection Act (BDSG), respecting sector-specific regulations (specific laws) relevant to personal data protection.a. For the Fulfillment of Contractual Obligations (Art. 6, Para. 1, Lit. b, GDPR)
In the case of a request to initiate a contractual relationship with UNICOM HOLDING SA, we process the provided data to conclude the contract and to assess the economic risks to be assumed by us.Data Processing within the Business Relationship
If a contract is concluded, we process data for contract preparation. The personal data processed in this context include basic data (e.g., company name, address), contact person data, and all data necessary for invoicing (e.g., VAT identification number, bank details). This category also includes processing personal data for communication through accepted media.
Signing and executing the contractual relationship is not possible without processing personal data.

Use of Personal Data in Case of Payment Delay
In case of delayed payment, we have the option to assign claims to third parties. In this context, all necessary data are communicated to the extent required for processing the debt recovery process by the respective third party (e.g., debt collection agency).b. Ordering Products & Services (Art. 6, Para. 1, Lit. b, GDPR)
During the ordering and use of UNICOM HOLDING SA products/services, additional personal data processing may be necessary, beyond the data mentioned above. These mainly include:Products (fuel cards)
Data related to the vehicle (e.g., vehicle owner or lessee, vehicle registration number), driver data (different shipping address or different name for fuel card personalization).c. Based on a Legitimate Interest of UNICOM HOLDING SA (Art. 6, Para. 1, Lit. f, GDPR)
We also process personal data after the actual execution of the contract to respect our and third parties’ legitimate interests. These processes are carried out according to Art. 6, Para. 1, Lit. f, GDPR. These include:Assessment of economic risk to be assumed (creditworthiness calculation)
To complete the steps for initiating business relationships and monitoring existing customer relationships—especially in case of payment delay—we use credit agencies’ assistance. The risk of payment incapacity is assessed based on available information provided. The result of the analysis is reviewed by us and evaluated by a UNICOM HOLDING SA employee for possible contractual consequences.
A fully automated evaluation is not performed.Marketing purposes to promote products and services
If no specific contact persons are communicated for marketing purposes, we use the indicated contact person’s data and inform them within the contractual relationship about UNICOM HOLDING SA’s products and services as well as our affiliated companies.
You have the option to revoke your consent for this type of communication at any time, with effect for the future.Other forms of data processing for respecting our legitimate interest may include:Measures to manage the contractual relationship and to develop and improve our own products and servicesInternal monitoring for controlling the existing contractual relationshipPrevention: to prevent offenses, we monitor usage behavior and the use of our communication channelsVerification and optimization of procedures for needs analysis and direct customer approach, including internal client segmentationd. Based on Consent (Art. 6, Para. 1, Lit. a, GDPR)
If we have obtained consent regarding the processing of personal data for certain purposes (see details below), the legitimacy of this processing is based on the received consent. Consent can be revoked at any time. This also applies to revoking consents given before the GDPR came into effect on May 25, 2018.
Please note revocation is only effective for the future. Processing done before revocation remains unaffected.

Newsletter Subscription for Marketing Purposes
Newsletters are sent only based on specific and distinct consent.Personal Guarantees
In the case of personal guarantees provided by third parties (third-party guarantees), UNICOM HOLDING SA processes all necessary personal data together with information about the economic and financial situation of these third parties.e. For Compliance with Legal Obligations (Art. 6, Para. 1, Lit. c, GDPR)
Within economic-financial processes and for fulfilling legal archiving requirements.

2. Recipients or Categories of Recipients of Personal Data
Within the company, all units that need personal data to fulfill contractual and legal obligations have access to the personal data.Service providers, based on contractual provisions, as well as other authorized agents, may have access to personal data. These partners are contractually obliged to comply with personal data protection instructions during order processing, assistance provided for UNICOM HOLDING SA in the course of contractual relationships.Among others, we use intermediaries who process data for the following services: support/administration/development of electronic/IT applications, call center services, data deletion and erasure, sending marketing materials, website hosting, website organization, lettershop, office building security, address validation, driver’s license checks, procedural support (24/7), online authorizations, breakdown assistance services.In special cases, we process personal data jointly with our partners, each party processing data only for the contractually specified purpose and under shared responsibility. This contractual structure applies in:Sales/distribution partnerships and collaboration models:
In models where partners have independent contractual relationships with the client, data may be exchanged during cooperation. Data processing, including previously exchanged data by any collaborator, is based on the direct contractual relationship with the client. There is no further obligation to inform you about data processing by our collaborator because it is assumed you were fully informed by them in their separate contractual context. There is no separate right to give instructions to our collaborator.Activities with internal group companies or affiliated companiesBilling servicesExternal Service Providers
To fulfill contractual obligations, we sometimes use external providers for: creditworthiness information, toll fee records, logistics services, reimbursement services, debt collection procedures, settlement of revenues related to services provided within reimbursement procedures.
In all cases mentioned above, we ensure that third parties only access the personal data necessary to provide the respective services.Other Recipients
We may also disclose data to other third parties, e.g., authorities, for fulfilling legal notification obligations, such as social insurance agencies, financial authorities, or law enforcement agencies.Very important: UNICOM HOLDING SA never sells personal data to third parties.Data Transfer to Third Countries
If personal data is processed by a provider outside the EU/EEA, it will only be processed if the third country has a data protection agreement with the European Commission or other appropriate data protection safeguards.3. Data Retention Period
Data is deleted as soon as it is no longer necessary for the purposes mentioned above. However, data may be stored during the resolution of any claims against our company (legal statute of limitations—3 years). In addition, data is stored if we are legally obliged to do so. These obligations arise, among others, from commercial and tax law.

If we process personal data, you are the data subject under the GDPR Regulation and have the following rights in relation to us, the data controller responsible for processing personal data – GDPR:

1. Right to information
You can request from the responsible party confirmation regarding the processing of personal data concerning you.
If such processing takes place, you can request from the data controller the following information:the purposes of the processing of personal data;the categories of personal data processed;the recipients or categories of recipients to whom the personal data have been or will be disclosed;the planned duration of storage of personal data or, if concrete information is not possible, the criteria used to determine the storage period;the existence of a right to rectification or erasure of personal data or to restriction of processing by the controller, or the right to object to such processing;the existence of a right to lodge a complaint with the supervisory authority;any available information about the origin of the data if the personal data were not collected directly from the source.You have the right to request information on whether personal data have been transferred to a third country or to an international organization. In this context, you can request appropriate safeguards pursuant to Article 46 GDPR regarding the transfer of data.

‍2. Right to rectification
You have the right to request rectification and/or completion from the responsible party if the personal data processed concerning you are incorrect or incomplete.

‍3. Right to restriction of processing
You can request restriction of processing of personal data under the following conditions:if you contest the accuracy of the personal data for a period allowing us to verify their accuracy;if the processing is unlawful and you oppose the erasure of personal data and instead request restriction of their use;if the controller no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims;if you have lodged an objection pursuant to Article 21(1) GDPR and it has not yet been determined whether our legitimate grounds override those of the data subject.If processing of personal data has been restricted, then such data – apart from storage – may only be processed with your explicit consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for important public interest reasons of the Union or a member state.If restriction of processing has been limited according to the above conditions, we will inform you before the restriction is lifted.

‍4. Right to erasure (Right to be forgotten). Obligation to erase personal data
You can request that personal data be deleted immediately, and we are obliged to delete such data immediately if one of the following reasons applies:if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;you withdraw consent regarding processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or there is no legal basis for processing;you object to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or you object pursuant to Article 21(2) GDPR;personal data have been processed unlawfully;personal data must be deleted to comply with a legal obligation under Union or member state law to which the controller is subject;personal data have been collected in relation to information society services pursuant to Article 8(1) GDPR.

‍b. Transfer of data to third parties
If we have made personal data public and are obliged to delete them pursuant to Article 17(1) GDPR, we will take reasonable technical measures, including costs, to inform data processors that you have requested the deletion of such personal data and copies or replicas thereof.

‍c. Exceptions
Data cannot be deleted legally as long as processing is necessary for:exercising the right of freedom of expression and information;compliance with a legal obligation which requires processing under Union or member state law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority;reasons of public interest in public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, insofar as the law makes the achievement of the processing objectives impossible or seriously impaired otherwise;establishment, exercise, or defense of legal claims.

‍5. Right to notification
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to communicate this rectification, erasure, or restriction to all recipients to whom the personal data were disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients.

‍6. Right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit these data to another controller without hindrance from us, provided that:the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; andthe processing is carried out by automated means.To exercise this right, you may also request that personal data be transmitted directly from us to another controller where technically feasible. The freedoms and rights of others must not be affected.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

‍7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data based on Article 6(1)(e) or (f) GDPR; this applies also to profiling based on these provisions.
The controller will no longer process personal data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.If personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing, including profiling to the extent it is related to direct marketing.
If you object to processing for direct marketing purposes, personal data will no longer be processed for these purposes.You have the option to exercise your right to object regarding the use of information society services through automated means – notwithstanding Directive 2002/58/EC.

‍8. Right to withdraw consent regarding data protection
You have the right to withdraw consent regarding the protection of personal data. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

‍9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision:is necessary for entering into or performance of a contract between you and the controller;is authorized by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; oris based on your explicit consent.However, such decisions cannot be based on special categories of personal data pursuant to Article 9(1) GDPR unless Article 9(2)(a) or (g) applies and appropriate safeguards are in place.In the above cases, we take measures to safeguard your rights, including at least your right to obtain human intervention, express your viewpoint, and contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint, in particular in the member state where you live, work, or where the alleged infringement occurred, if you consider that the processing of personal data infringes the GDPR.
The supervisory authority where the complaint was lodged will inform the complainant about the status and results of the complaint, including the possibility of legal remedy under Article 78 GDPR.

‍National Supervisory Authority for Personal Data Processing (ANSPDCP)
B-dul G-ral. Gheorghe Magheru, No. 28-30
Sector 1, CP 010336
Bucharest, Romania
Phone: +40 318 059 211 / +40 318 059 212
Email: anspdcp@dataprotection.ro / dpo@dataprotection.ro
‍Edition: May 2018