This GDPR compliance has been prepared pursuant to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“).
Table of Contents
- Information regarding the data controller
- Definitions and Principles
- Data Processing Purposes and categories of Personal Data processed
- Transfers of Personal Data and Data Recipients
- Storage Period
- Your Rights
- Data Security
- Updates and Changes
1. Information Regarding the Data Controller
The data controller for the personal data processing operations performed within the use of the Website services is:
DELTATEL S.R.L. (“Deltatel” or the “Controller”)
Address: 11 Gheorghe Lazar Street, 300081, Timisoara, Timis County
Phone number: +40 256 270 425
Contact information of the Data protection officer/Privacy Responsible:
2. Definitions and Principles
“Personal Data“: means any information which relates to an identified or identifiable natural person. Among these are, for example, name, e-mail address or telephone number;
“Processing“: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Deltatel processes your personal data in accordance with the GDPR principles, as follows:
“Lawfulness, fairness and transparency”: the personal data is processed fairly in relation to the data subject, based on a legal basis provided by GDPR at Art. 6, and the data subject is informed on the processing as requested by Art. 13 and Art. 14 GDPR.
“Purpose limitation”: the purpose for which we process the personal date is specific, explicit, and legitimate. We do not collect and use data for other purposes than the ones we informed the data subject about.
“Data minimization”: we process the minimum amount of personal data we need; the personal data we collect are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
“Accuracy”: personal data processed is accurate and where necessary kept up to date. We do not retain old and outdated data in our system.
“Storage limitation”: we established and documented the necessary retention period for the personal data we collect and process for specific objectives. After the retention period is met, the personal data shall be deleted, destroyed, or anonymized.
“Integrity and confidentiality”: we handle personal data in a manner ensuring appropriate security, which include protection against unlawful processing or accidental loss, destruction or damage.
“Accountability”: as data controller, we are responsible for proving compliance with the principles of the GDPR mentioned above.
3. Data Processing Purposes and Categories of Personal Data processed
The Website enables you (i) to find out more information about our Company and services we provide in various areas, (ii) to get in touch with us, (iii) request a commercial offer or (iv) submit a complaint, (v) find articles on subjects that interest you on our blog and (vi) to apply for one of the jobs available within Deltatel.
For the use of the Website, you must provide certain Personal Data, that we shall process in order to be able to assist you with the requested matter. If additional information may be voluntarily shared, these are indicated as being “optional“.
3.1 Customer/Visitor Support
Should you want to contact us via the contact form made available on our Website, it is necessary to provide us with the following personal data: first and last name, e-mail address, phone number, company name and the message that you want to submit, which may include personal data.
Thus, we shall process your data in order to analyze and respond to your inquires that you voluntarily submit through the contact form, based on our legitimate interest to offer the requested support to our visitors (Art. 6 (1) f) GDPR).
3.2 Job Application
As a visitor of our Website, you have the possibility to directly apply to any of our vacant jobs posted on the Website, by filling in the application form. For this purpose, we need you to provide us with the following personal data: first and last name, phone number, e-mail address, desired position, any personal data you choose to mention within the CV uploaded (e.g. studies, work experience, age, etc.).
The legal ground we rely on when assessing your resume and processing the abovementioned data transmitted is Art. 6 para. (1) let. b) GDPR, namely in order to take steps at the request of the data subject prior to entering into a contract.
For more information regarding all the activities performed in relation to the job applications, please see the Candidate Privacy Notice available to you on the Website before submitting the application form for one of our vacancies.
3.3 Usage data
As is true of most other websites, we may also collect information that your browser sends whenever you are using our Website.
This Usage Data may include information such as the IP address, region, browser type, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other usage data.
It is our legitimate interest (Art. 6 (1) f) GDPR) to understand how customers, potential customers and visitors use the Website. This assists with providing more relevant products and services, with communicating value to our visitors, and with providing appropriate staffing to meet visitor and customer needs.
3.4 Marketing messages
If you expressly agree, we may use your personal data consisting of first and last name, phone number, e-mail address, company name, for marketing purposes such as announcements, updates, questionnaires pertaining to our services, invitations to live or online events/ webinars and other communications promoting our services, newsletters, contests, etc. or otherwise improving our products.
Deltatel may send you marketing messages to your e-mail address or your phone number only based on art. 6 (1) lit. a) GDPR, namely if you expressly consented to such processing.
Please note that you may withdraw your consent to such processing anytime, such withdrawal producing no effects on the processing operations already performed.
3.5 Blog management
We also have the legitimate interest (Art. 6 (1) f) GDPR) to process personal data when we communicate with our blog readers and give them the opportunity to express certain points of view/questions.
Thus, they expressly agree with the processing of their name and e-mail address, when they leave a comment on our article.
3.6 Links to other websites
In this respect, we emphasize that Deltatel has no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
We are not responsible for the collection, usage and disclosure policies and practices of other organizations, such as Facebook, YouTube, Google, or any other developer, provider, social media platform, operating system provider, wireless service provider, including any personal information you disclose to other organizations through or in connection with our social media functionalities.
4. Transfers of Personal Data and Data Recipients
Services providers: We may employ third party companies and individuals to perform Website -related activities, to ensure data storage or to assist us in analyzing how our Website is used. These third parties may access your Personal Data only to perform these tasks on our behalf and are compelled not to disclose or use it for any other purpose.
Also, where these recipients qualify as data processors, they will be contractually bound to respect the same obligations in what regards the protection of Personal Data as that incumbent to us and shall implement adequate technical and organizational measures for the protection of personal data, at least at the same level as those implemented by the data controller.
Third parties: Your Personal Data may be provided to governmental and regulatory agencies (e.g. tax authorities), courts or other governmental authorities, in accordance with the provisions of the applicable legislation and in line with art. 6 (1) (c) GDPR, as well as to external consultants acting as data controllers (e.g. lawyers, accountants, auditors, etc.), based on art. 6 (1) (f) GDPR.
4.2 Data Transfers
We may transfer your Personal Data abroad, to countries located within the EU/EEA (e.g. data storage activities performed within a service provider’s infrastructure located in EU or in IT infrastructures and systems at our sites within the EU).
In case that any data transfers shall be performed also to countries located outside EU/EEA, Deltatel will ensure that adequate guarantees are in place for the protection of the personal data to be transferred.
Thus, by executing Data Transfer Agreements based on Model Contractual Clauses (Decision of the European Commission no. 2010/87/EU and/or Decision of the European Commission no. 2004/915/EU), in accordance with art. 46 (5) GDPR or by using other adequate means for the transfer of Personal Data, we ensure that all such recipients offer an adequate level of protection for the personal data and that adequate technical and organizational measure have been implemented for the protection of Personal Data against unlawful destruction, loss, alteration or unauthorized disclosure.
5. Storage Periods
Therefore, the Personal Data processed for customer/visitor support shall be kept for 3 years, if no longer storage periods are required by the law or necessary for grounded purposes (e.g. pending investigations for which such data are relevant); also, we keep your personal data in relation to blogging activities during the existence of the blog or until the deletion of the comment by you.
Usage data collected by us shall be stored for 1 year if no longer storage periods are required by the law or necessary for grounded purposes (e.g. pending investigations for which such data are relevant). Also, marketing related data shall be stored for 3 years, unless the data subject meantime withdraws its consent to this processing.
Regarding the personal data processed for job applications through the Website, it will be stored for a period of 3 years or longer, if you consent to such extended period.
After the retention period is met, the personal data shall be deleted, destroyed, or anonymized.
6. Your Rights
Based on the provisions of the GDPR, you have the following rights in what regards the protection of the Personal Data:
Right of access: You have the right to obtain information regarding the extent, the origin and the recipient of retained data as well as the purpose of the retention.
Right to rectification: You have the right to obtain the rectification of your incorrect Personal Data. Depending on the Processing purpose, you have the right to complete the Personal Data, where case, including by means of a supplementary declaration.
Right to erasure (“right to be forgotten”): You have the right to ask us to delete your Personal Data.
Right to restriction of processing: You have the right to request the restriction of the Processing of your Personal Data. In this case, the respective data will be marked and can be processed by us only for certain purposes.
Right to data portability: You have the right to receive your Personal Data that you have provided to us, in a structured, common and machine-readable format, and you have the right to transmit this data to another entity without objection from us.
Right to object:
You have the right to object, for reasons related to your situation, at any time, to the processing of your Personal Data by us, and we may be required to cease the Processing of your Personal Data. If you have the right to object and you exercise it, we will no longer Process your Personal Data for that purpose. The exercising of this right does not imply any cost.
This right may be invalidated in particular if the Processing of your Personal Data is necessary for the formalities related to the execution of a contract or for the fulfillment of a contract already executed.
Irrespective of any other administrative or judicial legal remedy, you have the right to file a complaint regarding the Processing of your Personal Data by us with the competent data protection authority (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal, also known as ANSPDCP).
Please note that the above rights may be limited based on applicable national data protection law.
All informational requests, queries, objections, exercising of data protection rights or any other related issues can be sent by e-mail to
7. Data Security
We have taken appropriate technical and organizational measures to guarantee data security, in particular to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Such measures are periodically reviewed and updated.
Updates and changes