The purpose of this Privacy Policy is to explain what data we process (collect, use, share), why we process it, how we process it, your rights under GDPR, and how you can exercise these rights. In collecting this information, we act as a data controller and, by law, are required to provide you with this information.
Fully aware that personal information belongs to you, we make every effort to store it securely and process it carefully. We do not provide information to third parties without informing you in accordance with legal requirements if such notification is mandatory under the law. We do not make decisions that are exclusively automated with legal or similar significant impact on you.
By visiting the site or interacting with us through any means and/or via any communication channel (e-mail, phone, social networks, etc.), you agree to this Privacy Policy. If you do not agree with the terms described in this Privacy Policy, please do not use our services.
IMOTRUST S.A. is a data controller within the meaning of GDPR.
This Privacy Policy covers only data processing for which IMOTRUST S.A. is the data controller.
About us:
IMOTRUST S.A., headquartered at 5 Mihai Eminescu Street, Apt. 2, represented by Luisa Berar, is responsible for the protection of your personal data. You can contact us at the email address dpo@imotrustarad.ro or by phone at 0733.800.400
Definitions:
“GDPR,” “RGPD,” or “Regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“The Controller” or “We” means IMOTRUST S.A., a Romanian company headquartered at 5 Mihai Eminescu Street, Apt. 2, Arad, registered with the Arad Trade Registry under registration number J02/541/1991, with fiscal code 1680630.
“Data Subject” refers to any identified or identifiable natural person whose personal data is processed by us as the controller, such as clients, potential clients, or visitors to the website.
“Processing” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
2. Collected Personal Data
We collect the following personal data:
Processed personal data
Purpose
Legal Basis
Name, phone number
For invoicing. To comply with legal requirements. To prevent fraud and other crimes. For direct marketing (only if we have your prior consent)
Conclusion or execution of a contract – Art. 6(1)(b) GDPR. Legal obligation – Art. 6(1)(c) GDPR. Consent – Art. 6(1)(a) GDPR(only for direct marketing)
Email address
For invoicing. To comply with legal requirements. To prevent fraud and other crimes. For direct marketing (only if we have your prior consent)
Conclusion or execution of a contract – Art. 6(1)(b) GDPR. Consent – Art. 6(1)(a) GDPR (only for direct marketing). Legitimate interest – Art. 6(1)(f) GDPR
IP address
To protect ourselves against cyberattacks. To prevent fraud. To ensure the operation of the network
Legitimate interest – Art. 6(1)(f) GDPR
3.Purposes of Collection
Your personal data is collected for the following purposes:
Processing contact requests on our website
Sending newsletters (if you subscribe to them)
Analyzing website traffic to improve user experience
Providing and improving the services we offer
Diagnosing or fixing technical issues
Protecting ourselves against cyberattacks
4.Methods of Collection
Your personal data is collected through:
Contact forms completed by you
Cookies (for details, see section 6)
5. Automatically Collected Data
We automatically collect users’ IP addresses and locations anonymously for website traffic analysis.
6. Cookies
We use cookies to enhance user experience on our website. You can learn more about the use of cookies in our cookie policy.
7. Data Storage and Security
We understand the importance of personal data security and take necessary measures to protect our clients and others whose data we process from unauthorized access, as well as from unauthorized alteration, disclosure, or destruction of the data we process in our daily operations.
We have implemented the following technical and organizational measures for personal data security:
Dedicated Policies. We continually adopt and review our internal practices and policies for processing personal data (including physical and electronic security measures) to protect our systems from unauthorized access or other potential security threats. These policies are subject to regular reviews to ensure we meet legal requirements and that the systems function properly.
Data Minimization. We ensure that the personal data we process is limited to what is necessary, adequate, and relevant for the purposes stated in this Policy.
Data Access Restriction. We strive to restrict access to personal data to the minimum necessary: employees, collaborators, and other individuals who need access to this data to process it and perform a service. Our partners and collaborators are bound by strict confidentiality obligations (either through contract or legal requirements).
Specific Technical Measures. We use technologies to ensure the security of our clients, always striving to implement the most effective solutions for data protection. We also perform regular data backups to recover data in the event of an incident and have implemented periodic audit procedures for the security of the equipment used.
Ensuring Data Accuracy. Occasionally, we may ask you to confirm the accuracy or current status of your data to ensure it reflects reality.
Staff Training. We constantly train and test our employees and collaborators on legislation and best practices in personal data processing.
8. Data Sharing
We may disclose your data, in compliance with applicable law, to business partners or other third parties. We make reasonable efforts to ensure that these third parties have implemented appropriate protection and security measures. We have contractual clauses with these third parties to ensure that your data is protected. In such cases, we will ensure that any transfer is lawful according to the legislation.
9. Your Rights
Your rights under the GDPR Regulation are as follows:
Your Rights
Right to be informed about the processing of your data. You have the right to be informed about whether or not your personal data is being processed and, if so, to access that data and the information specified in Article 15(1) of the GDPR.
Right of access to data. You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed and, if so, access to that data and the information specified in Article 15(1) of the GDPR.
Right to rectify inaccurate or incomplete data. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you.
Right to erasure (“right to be forgotten”). In the situations provided in Article 17 of the GDPR, you have the right to request and obtain the erasure of personal data concerning you.
Right to restriction of processing. In the cases provided in Article 18 of the GDPR, you have the right to request and obtain the restriction of processing.
Right to data portability. You have the right to transfer the data we hold about you to another controller (“right to data portability”).
Right to object to processing. In the cases provided in Article 21 of the GDPR, you have the right to object to the processing of your data.
Right not to be subject to automated decision-making. You have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal effects or similarly significant impacts on you.
Right to seek legal remedies. You have the right to seek judicial remedies to defend your rights and interests.
Right to file a complaint with a supervisory authority.
Name
National Authority for the Supervision of Personal Data Processing
Address
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poștal 010336, Bucharest, România
Phone
+40.318.059.211 or +40.318.059.212
E-mail
anspdcp@dataprotection.ro
Please note that:
You can withdraw your consent for direct marketing at any time by following the unsubscribe instructions in each email.
You can exercise your rights by sending a written, signed, and dated request to the email address: dpo@imotrustarad.ro
The rights listed above are not absolute. There are exceptions, so each request will be reviewed to determine whether it is justified. To the extent that the request is justified, we will facilitate the exercise of the rights. If the request is not justified, we will reject it but will provide legal reasons for the refusal and information on your rights to lodge a complaint with the Supervisory Authority and to seek judicial remedies.
We will aim to respond to the request within one month. However, this period may be extended depending on various factors, such as the complexity of the request, the large number of requests received, or the difficulty in identifying you within a useful timeframe.
If, despite our best efforts, we are unable to identify you and you do not provide additional information to assist us in identifying you, we are not obligated to process the request
10. Marketing Communications
We do not offer the option to subscribe to marketing communications.
11. Applicable Legislation
The processing of your personal data is carried out in accordance with Law No. 679/2016 and Law No. 190/2018 regarding personal data protection.
12. Changes to the Privacy Policy
This privacy policy may be updated periodically to reflect changes in our data processing practices. The current version is effective from 30.09.2023.
13. Contact
If you have any questions or concerns about the processing of your information, wish to exercise your legal rights, or have any other privacy-related concerns, you can contact us at the email address: dpo@imotrustarad.ro
