INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

The following information is designed to inform you of the aspects regarding the processing of your personal data and your rights regarding this processing in accordance with the General Regulation 2016/679 on data protection (“GDPR”) and the national legislation in force.

General information
We, the company – Thecon SRL-, based in Galati, Str. Monks no. 3 Block P1A, staircase 1, apartment 1, no. of registration at the Trade Register J17/1962/05.12.2006, CIF RO 19302026, bank account with IBAN: RO84BUCU1671304262061RON we designate Mr. Vlad Ionut, the operator in accordance with the GDPR. The contact details of the data protection officer of the Company are e-mail: gdpr@thecon.ro, telephone: 0756 192 121

Purpose of processing and categories of processed data:
The company processes your personal data for the following purposes:
for the purpose of providing software products, providing services in the field of digital marketing
in order to fulfill the legal obligations of the Company;
in order to collect personal data in software applications developed by the company that include the application and aimedia as well as websites associated with them.
for the purpose of pursuing the legitimate interests of the Company;
for the following purposes, all regarding the field of digital marketing, to the extent that you have agreed with each of them:
Providing information on commercial offers;
Providing information about software products;
Provision of digital marketing services;
Recruitment and selection;
Marketing and advertising;
Online sales;
Support received;
Participation in the opinion poll regarding the digital products, the applied solution, aimedia but also the Company’s services regarding the collection of their data.

For these purposes, the following categories of data may be processed:
• Name and surname, personal code, date of birth, gender, series and number of the identity document, home address/residence, e-mail address, landline and/or mobile phone number, in the case of natural persons;
• Name, address of the headquarters and registration data, name and surname of the legal representative, position, e-mail address, telephone number, fax number, in the case of legal entities;

• Account information, such as data on payments due or received, account numbers or other financial information or that is included in our customer relationship management portal;
• Preferences and settings for certain products, services and lifestyle when you do not say what they are or when we assume what they are, based on how users request services or applications developed by Thecon SRL;
• Cookie Policy for details on data collected using web platforms, mobile applications and other technologies, including data on advertisements distributed in the digital environment;
• Information obtained from other sources, such as public or private authorities, fraud prevention agencies, as well as other data providers. This includes demographic data, interest data, and online browsing behavior.
• History of users’ commercial activity by offering advantages, discounts, discounts to reward customer loyalty.
• The level of services provided, operational problems and other events that may affect the services provided;
• Responses to invitations and confirmations of participation in events or other relevant elements of the user’s calendar in relation to the Aplicat or Aimedia applications.
• Sensitive personal data discloses racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union affiliation, genetic data, biometric data, health data, or life data or sexual orientation.
Thecon SRL does not intentionally collect sensitive personal data to store on the equipment of suppliers or other third-party data operators.
The personal data processed is mainly identification, transaction, financial, demographic, location or other personal data that is collected directly from customers.

The legal basis of the processing
The legal basis for the collection and processing of data for each of the purposes mentioned above is:
The supply contract or services for which they have to be requested before the conclusion of a contract for which they receive consent;
The Company’s legitimate business interests, for example, preventing fraud, maintaining the security of the Services, direct marketing and creating the Company’s Services. Whenever there is a legal basis to process the data, the commercial interests do not prevail over the assurance of the right.

In addition, in some cases customers have the right to object to this processing. The legitimate interest of Thecon SRL Company to allow the exercise of the rights provided by law in its favor, to take legal action against any illegal activity or that damages the Company.
Compliance with a mandatory legal requirement, such as accounting and tax requirements, is subject to strict internal policies (eg retention periods), procedures and the right to restrict the use of data, which govern the services to be provided.
Furthermore, to the extent there is agreement, consent is deemed. The processing of personal data on the basis of consent constitutes an additional purpose of the processing of personal data in order to execute the contract and does not condition the provision or provision of contractual services.”
Thecon company will collect personal data when, for example:
• Purchase or use available products and services;
• Within developed applications (e.g. Applicat, Aimedia)
• Register for a specific product or service;
• Contact through various channels or request information about a product or service;
• There is permission from other companies, such as business partners or associations, as well as from third-party suppliers or contractors, to exchange information;
• When personal data is public; or the client/beneficiary of a commercial activity purchased/provided.
Also, the collection of information from certain organizations, if and to the extent that there were legal grounds for this. These include fraud prevention agencies, business directories, verification/control agencies, billing agencies and contracted service providers.

The categories of recipients to whom personal data collection may be disclosed:
To achieve the above purposes, the following categories of product and service providers are used:
suppliers directly/indirectly involved in the supply of products and services in the field of digital marketing;
applications developed by the commercial company (e.g. Applicat, aimedia) but also the websites associated with these applications;
state authorities (including tax authorities);
accountants, auditors, legal experts, lawyers or other such external advisers of the Company or to third parties who provide products and services to the company (providers of security services, IT systems, financial consultants)
the Company’s suppliers directly/indirectly involved in the marketing and promotion process.

Duration of data retention
Information, which may include personal data, will be retained for as long as necessary to provide the Services, comply with applicable laws, resolve disputes with any party and, if necessary, to conduct business, including the detection and prevention of fraud or other illegal activities.
For example, there is an obligation to keep documents related to financial transactions 10 years after the end of the financial year in which they were processed.
All personal data held will be subject to this Privacy Policy. If there are questions about a specific retention period for certain types of personal data processed, it is recommended to contact us via the contact details included below.

Customer rights
The regulation gives the persons concerned by the processing of personal data a series of rights. Thus, in addition to the previously existing rights, there is also the right to data portability and the right to delete data. Essentially, the rights conferred are:
There is the right to withdraw a given consent at any time in order to stop a data processing based on the consent. The withdrawal will not affect the legality of the processing based on the consent given before the withdrawal, for the execution of a contract, in order to fulfill a legal obligation or for the purpose of pursuing legitimate interests.
The right of access – involves obtaining a confirmation regarding the processing or not of personal data and, if applicable, access to these data and to information regarding the manner in which they are processed.
The right to data portability – refers to the receipt of personal data in a structured, currently used and machine-readable format, and the transmission of such data to another operator, if technically feasible.
The right to opposition – refers to the opposition to the processing of personal data when the processing is necessary for the performance of a task of public interest or for a legitimate interest of the operator. There is a right of opposition in particular in the case of direct marketing or processing based on express consent.
The right to rectification – implies the correction of inaccurate personal data.

The right to data erasure (“the right to be forgotten”) – involves requesting the erasure of personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.
The right to restrict processing – can be exercised in certain situations, such as disputing the accuracy of data or opposition to their processing.
The right to file a complaint – complaints about the processing of personal data can be addressed to a competent authority, such as the National Supervisory Authority for the Processing of Personal Data.
ANSPDCP address: Bucharest, str. B-dul G-ral Gheorghe Magheru 28-30, sector 1, postal code 010336
Email address: anspdcp@dataprotection.ro
Phone +40 318 059 211
+40 318 059 212
Fax: +40 318 059 602

To exercise these rights, as well as for any additional questions regarding this information or regarding the Company’s use of personal data, please contact our data protection officer, choosing any of the communication methods described below.
You can contact us:
By email: gdpr@thecon.ro or
In person or through a request sent by post – to the Company Headquarters
By phone – at the number: 0756 192 121

Additional details as well as possible updates to this information regarding the protection of your data – you can find on the Company’s web page – Data Protection section