This document sets forth the privacy policy of ALBION EDUCATIONAL CONSULTING S.R.L. [a Romanian company, with headquarters at Zboina Neagra Street Number 8-10, Block 91-95, Entrance 3, Apartment 99, Sector 6, Bucharest, Romania, Post Code: 060455, registered at the Trade Register under Number J40/1244 /2018, Sole Registration Code 38773054, referred to as „The Company”] for the use and protection of personal information, pursuant to the applicable regulations.

The subject can exercise its rights, in accordance with Section 3, by sending an e-mail to the Data Protection Officer at [email protected] or by sending a registered letter via the post office with acknowledgement of receipt to the office address of The Company. All requests will be dealt with in accordance with the stipulated legal time-frames.

The data subject can unsubscribe at any time from our newsletter by using the „unsubscribe” link via received e-mail.

Section 1 – Collected data

Item 1 – In order to carry out its commercial activity, The Company collects personal information using the following:

a) Information received from users:

• To send us a message via our web-site contact form we collect the following: name and surname, e-mail address and phone number (optional).

• In order to take an on-line quiz:

o The data subject creates an on-line account in order to save the progress and return to saved quizzes. In order to create an on-line account The Company processes the following personal data: e-mail address, username and password;

o The Company requests and processes the following personal data: name, surname, e-mail address. The information sent via the on-line quiz will be processed by The Company for statistical purposes and, with the subject’s consent, can send personalized offers to the subject.

 

Section 2 – How do we process this information?

Item 2 – The Company stores and processes personal data for the following purposes:

• Answers to subject’s inquiries and optimizes the website;

• Contacts subjects in order to inform about services;

• Offers customized offers to subjects based on quiz answers;

• Sends personalized offers

• To provide services to clients and to fulfil legal obligations (such as issuing invoices).

Item 3 – The Company processes personal data based on the subject’s agreement, by performing contractual or legal obligations.

 

Section 3 – Processing duration

Item 4 – The Company stores personal data in order to fulfil legal obligations or until the subject was automatically deleted, has withdrawn its consent or has exercised its right to be forgotten.

 

Section 4 – Rights of the data subject

Item 5 – According to the European Regulation on protection of personal data, The Company recognizes and guarantees the following rights of the data subjects:

a) Right of access – the right of the data subject to obtain a confirmation from The Company as to whether or not his personal data is being processed and, if applicable, access to this data and information regarding the way his data is being processed.

b) Right to rectification – the right of the data subject to request correction of inaccurate personal data, without undue delay. The rectification will be communicated to each beneficiary to whom the data was transmitted, unless this proves impossible or involves disproportionate efforts.

c) Right of data portability – the right to receive personal data in a structured, commonly used, readable format and the right to transmit this data directly to another operator, if feasible from a technical point of view.

d) Right of opposition – the right of the person to oppose to processing of its personal data, when processing is not necessary for performance of a task which is in the public interest or does not have a legitimate interest in the controller. When processing your personal data for direct marketing purposes, you have the right to oppose at any time to the processing.

e) Right of having your data deleted (“right to be forgotten”) – right of the person to request deletion of its personal data, without undue delay if one of the following reasons applies:

• they are no longer necessary for the purposes for which they were collected or processed;

• consent was withdrawn and there are no longer any legal grounds for processing;

• using one’s right to opposition and in-existence of legitimate reasons that would prevail;

• personal data has been processed illegally;

• personal data must be deleted to comply with a legal obligation;

• personal data has been collected in connection with the services offered by The Company.

f) Right to restrict processing – The data subject may request restriction of processing in the following cases:

• the person challenges the accuracy of the data, for a period that allows The Company to verify the correctness of the data;

• processing is illegal and the person opposes deletion of personal data, calling for data restriction instead;

• if The Company no longer requires personal data for processing, but the person requests them for the establishment, exercise or defence of a right in court;

• if the person opposed to processing for the period during which The Company checks if there are other legitimate grounds for processing personal data.

 

Section 5 – Data transfer to third parties

Item 6 – The Company does not transfer personal data to other operators without the prior notice or request of the person.

Item 7 – The Company may transfer information to other affiliated companies, service providers or other partners, processing them on behalf of The Company, on the basis of The Company’s instructions and ensuring the level of security under the applicable legislation. These companies can provide global services, including customer support, information technology, payments, sales, marketing, data analysis, research and surveys.

Item 8 – All employees of The Company have implemented and comply with the standards of personal data imposed by Regulation (EU) 2016/679 on the protection of individuals with regard to processing of personal data and on free movement of such data.

Item 9 – The Company may keep or disclose information sent in order to comply with legal provisions, legal procedures or to answer to a request from public authorities. They may also use the data to exercise their legal rights to defend themselves in court actions or to prevent, detect or report illegal activities such as frauds, abuses, branches of terms and conditions or threats to The Company’s security or physical security of any person.

 

Section 6 – Security of Information

Item 10 – The Company is working hard to keep the data safe. The Company uses a combination of technical, administrative and physical controls to maintain the security of the processed data, including the use of encryption software. However, no method of transmitting or storing data is completely secure. If you have a security issue, please contact [email protected]

Item 11 – In accordance with the European Regulation, The Company shall seek, identify, record archive and report, where appropriate, all security incidents.

 

Section 7 – Competent authorities

Item 12 – Notices regarding the processing of personal data can be sent to The Company via e-mail to: [email protected] or by sending a letter with acknowledgement of receipt to The Company’s headquarters or secondary unit, in the attention of the Data Protection Officer.

Item 13 – The subject also has the right to notify the National Authority for Personal Data Processing Supervision (ANSPDCP) regarding the illegal processing of personal data by sending a notice to the headquarters of the Authority: 28-30 G-ral. Gheorghe Magheru Street, Bucharest, Sector 1, Post Code 010336, e-mail: [email protected]