Business Software Development Policy on the Processing of Personal Data
External Policy
Contents of the Policy
1. Identity and contact details of the operator of your personal data.
2. Contact details of the Data Protection Officer for your personal data.
3. Categories of personal data that we process.
4. Sources from which we obtain your personal data.
5. Ways in which we process your personal data.
6. Purposes for which your personal data is processed and the legal grounds for such data processing.
6.1. Potential Clients / Clients / Former Clients of Business Software Development and other persons associated with them.
6.1.1. Pre-contractual period.
6.1.2. Contractual / post-contractual period.
6.2. Suppliers of Business Software Development and other persons associated with them.
6.3. Partners of Business Software Development and other persons associated with them.
6.4. Other persons.
7. Recipients / categories of recipients of your personal data.
8. Transfer of your personal data outside the European Union.
9. Your rights.
10. Your obligation, or lack thereof, to provide us with your personal data.
11. Absence of automated decision-making processes.
12. Changes to this policy.
13. The exclusive nature of this policy.
VERY IMPORTANT:
Your Right to Object to the Processing of Your Personal Data
You have the right, at any time, to object to our processing of your personal data. The right to object may be exercised by the data subject (meaning you) only in one of the following two cases:
- At any time, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The operator will no longer process the personal data unless the operator demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or if the purpose is to establish, exercise, or defend a legal claim.
- When the processing of personal data is for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to direct marketing.
1. Identity and Contact Details of the Operator of Your Personal Data
Business Software Development S.R.L. (“Business Software Development”) is the operator of personal data. Business Software Development S.R.L. is headquartered in Bucharest, Sector 6, Targu Neamt Street, no. 26, block TD 29, entrance 1, floor 6, apartment 37, registered with the Trade Register under no. J40/10461/2004, and has CIF RO16552869. The contact details for Business Software Development S.R.L. are as follows:
- Address: Bucharest, Sector 6, Targu Neamt Street, no. 26, block TD 29, entrance 1, floor 6, apartment 37
- Phone: 031.425.28.38 / 0722.44.79.48
- Fax: 031.425.29.66
- Email: office@bsd.ro
2. Contact Details of the Data Protection Officer
Business Software Development has appointed a Data Protection Officer (DPO) who can be reached at the email address: dpo@bsd.ro. If you prefer not to contact the DPO via email, you may use any other form of correspondence by referring to the contact details of Business Software Development mentioned in Chapter 1 above.
3. Categories of Personal Data We Process
Depending on the category of individuals to which you belong, as well as how your personal data comes into our possession, we may process, in whole or in part, the following categories of personal data:
- Identification data (e.g., name, surname, address, CNP, etc.).
- Identification data using remote communication means (e.g., phone number, email address, IP address of a device).
- Employment/profession data (e.g., the company you work for, your position, etc.).
- Data regarding how you carry out your activities (e.g., the content of an email sent from an address associated with your workplace, etc.).
- Data regarding the IT equipment you use (e.g., desktop/laptop/tablet/mobile computers/printers/scanners/routers, their IP address, MAC address, etc.).
- Data regarding the software installed on the IT equipment you use (e.g., Windows operating system, macOS, Microsoft Office suite applications like Word, Excel, PowerPoint, Outlook, etc.).
- Data regarding how you store your information (e.g., on your own computer, on a personal file server, on a virtual machine stored in a data center, in the cloud, etc.).
- Data regarding the email groups you belong to (e.g., email group for support activities, sales email group, accounting activities email group, the period during which you were part of a specific email group, etc.).
- Data regarding the level of access and security assigned to you (e.g., the right to access certain folders/documents, the right to upload/download/view/modify/send/delete certain documents/folders, etc.).
- Data regarding how you access IT equipment and/or software installed on IT equipment (e.g., the date you connect to the internet, the date you send/receive an email, the date you generate or modify a specific document, the fact that you generate/upload/view/modify/download/delete a specific document/folder, etc.).
- Any data you choose to store within virtual machines hosted on our servers and/or other servers, including sensitive data (e.g., documents you upload to the servers we host).
- Graphoscopic data (e.g., your signature applied to a contract concluded with us).
- Biometric data (e.g., your image recorded by one of our cameras, your image included in an identity document stored by us).
- Financial data (e.g., your bank account, the bank where it is opened, the date of a payment, justification for a payment, etc.).
- Your opinions (e.g., your opinion regarding the services provided by our company).
4. Sources from Which We Obtain Your Personal Data
The sources from which we obtain your personal data are varied, depending on the case, and may include:
- Your person (e.g., you send us an email or contact us by phone, you submit a CV for employment within our company, you access an IT device/software that is under our monitoring, etc.).
- The company/entity where you are employed (e.g., your company sends us your personal data so that we can generate/modify/close an email address and/or a user account within an application and/or to generate/modify a specific level of permissions within an application, etc.).
- The company/entity with which you have a specific relationship (e.g., the company for which you provide certain goods and/or services, without being its internal employee).
- Other persons/entities that hold your personal data (e.g., a friend, a company where you were employed, another client of ours, etc.).
- Public sources (e.g., contact data from the trade registry, search results displayed by a search engine, etc.).
5. Ways in Which We Process Your Personal Data
Business Software Development may process your personal data, in whole or in part, through the following methods:
- Collection (e.g., receiving a signed contract from you, receiving an email from you, automatically recording your activities within a software, etc.).
- Storage (e.g., keeping an email received from you, retaining a signed contract from you, etc.).
- Registration (e.g., registering you as a user of a specific email address, registering you as part of an email group, registering you as a member of a security group (with a certain type of access) within an organization, etc.).
- Viewing (e.g., viewing your contact data from our database, viewing documents uploaded to our servers, etc.).
- Modification (e.g., when you request us to modify your contact details, when we change your email address, when we change your email group membership, when we change your security level (access) to a specific application, etc.).
- Encryption (e.g., when we encrypt the devices that store your personal data, when we encrypt the virtual machine that holds your data, etc.).
- Transmission/Disclosure (e.g., when we transmit your contact details to a courier, when we transmit your login credentials to a specific application of the company where you are employed, etc.).
- Destruction (e.g., when we delete your email address, when we remove you from a specific email and/or security (access) group, etc.).
- Any other operations performed on/in relation to your personal data (e.g., restricting access to an email address, moving you from one email group to another, etc.).
6. Purposes for Which Your Personal Data is Processed and the Legal Grounds for Processing Personal Data
Business Software Development processes a range of personal data based on one or more purposes, as well as one or more legal grounds, as outlined below. To understand the purposes and legal grounds for which we process your personal data, please refer to the category of individuals to which you belong.
6.1. Potential Clients / Clients / Former Clients of Business Software Development and Other Persons Connected to Them
Business Software Development processes the personal data of its potential clients/clients/former clients, as well as other individuals who have a specific relationship/connection with them, such as:
- Natural persons,
- Representatives of legal entities and/or other entities without legal personality (e.g., administrators, general directors, financial directors, internal IT engineers, etc.),
- Employees of legal entities and/or other entities without legal personality (e.g., employees, public officials, contractual staff, etc.),
- Representatives of suppliers/partners/subcontractors/consultants, etc. associated with them (e.g., the administrator of the accounting firm, etc.),
- Employees of suppliers/partners/subcontractors/consultants, etc. associated with them (e.g., an employee of an internet service provider, etc.),
- Representatives of a public authority/institution connected to them (e.g., a director from ANAF, etc.),
- Employees of a public authority/institution connected to them (e.g., an inspector from ANAF, etc.),
- Any other natural person who is in any kind of connection with them (e.g., an external IT consultant, etc.).
6.1.1. Pre-Contractual Period
Purposes of Processing
Business Software Development aims to provide its services to as many individuals/entities as possible.
During the pre-contractual period, Business Software Development processes personal data for the following purposes:
- To initiate and maintain a dialogue with you,
- To present our services,
- To obtain information from you based on which we can propose the services that best suit your needs,
- To draft documents related to the pre-contractual period (e.g., offers, contract templates, etc.),
- To understand market requirements and trends (e.g., what services are sought, by which categories of clients, at what prices, etc.),
- To comprehend how we can improve our services (e.g., evaluating internal employees, analyzing the necessity of hiring additional staff, etc.),
- To understand how we need to organize our activities from all perspectives (commercial/marketing/HR/IT/financial, etc.) (e.g., evaluating contracts concluded in a month compared to contracts that could have been concluded, assessing how our internal employees fulfill their job duties, analyzing how we present ourselves as a company, etc.),
- To protect our rights and interests (e.g., if you consider yourself harmed in any way by how we present our services).
Legal Grounds for Processing
The legal grounds for processing your data are:
- The necessity of taking steps at your request (e.g., drafting a contract template, creating a personalized offer based on your needs, etc.),
- Our legitimate interests in achieving the purposes stated above.
Considering the above, Business Software Development may contact you, either on its own initiative (e.g., sending you an email), at your initiative (e.g., contacting us by phone, visiting our website, etc.), or at the initiative of another person/entity (e.g., both you and we receive an email from an intermediary).
If you become a client of Business Software Development, your data will be processed according to what is outlined in section 6.1.2 below.
Data Retention Period
If you do not become a client of Business Software Development, your data will be permanently deleted within 90 calendar days from the time it becomes clear that you will not become our client (e.g., if you send us an email informing us, if you cease communication with us for an unreasonable period, or if we inform you that we cannot provide the requested services, etc.).
6.1.2. Contractual / Post-Contractual Period
Purposes of Processing
Business Software Development provides/services its clients, fulfills a series of legal/conventional obligations, and adapts its business strategy according to the requirements of the relevant market.
During the contractual/post-contractual period, Business Software Development processes personal data for the following purposes:
- To execute the contract concluded with you and/or with the company you are employed at,
- To initiate and maintain a dialogue with you and/or with the company you are employed at,
- To present our services other than those you have already contracted/that the company you are employed at has contracted,
- To obtain information from you/the company you are employed at, based on which we can propose additional services that may suit you, other than those already contracted and/or that may suit the company you are employed at,
- To draft documents related to the contractual period (e.g., timesheets, invoices, addenda, balance confirmations, etc.),
- To fulfill legal obligations (e.g., the obligation to prepare primary accounting documents, the obligation to store accounting documents for a certain period, etc.),
- To understand market requirements and trends (e.g., what services are sought, by which categories of clients, at what prices, etc.),
- To comprehend how we can improve our services (e.g., evaluating internal employees, analyzing the necessity of hiring additional staff, etc.),
- To understand how we need to organize our activities from all perspectives (commercial/marketing/HR/IT/financial, etc.) (e.g., evaluating contracts concluded in a month compared to contracts that could have been concluded, assessing how our internal employees fulfill their job duties, analyzing how we present ourselves as a company, etc.),
- To protect our rights and interests (e.g., if you do not pay the invoices issued, and we are forced to initiate civil proceedings).
Legal Grounds for Processing
Legal Grounds for Processing Your Data:
- Processing is necessary for the execution of the contract concluded with you,
- Processing is necessary to fulfill legal obligations that we have (e.g., the obligation to prepare and maintain primary accounting documents, such as the contract concluded with you, invoices issued to you, etc.),
- Our legitimate interests (the interests of achieving the purposes outlined above).
Data Retention Period
Your data will be stored by us throughout the entire contractual period, as well as after the termination of contractual relations for a period of 5 calendar years, calculated from January 1 of the year following the year in which the contract ends.
By way of exception, some of your data will be stored for either a longer or shorter period if a normative/administrative act applicable to us imposes such an obligation (e.g., the Fiscal Code requires/could require us to keep your data for a period of 7 years, etc.).
The reasons we retain your data for the period stated above are as follows:
- During the contract period, the data is necessary for us to know the parameters we need to respect regarding you/the company you are employed at (e.g., what we need to provide, where, under what conditions, at what costs, etc.),
- During the contract period, as well as afterwards, the data is included in a series of financial-accounting documents that the law obliges us to keep (e.g., the contract, invoices issued, payment orders, bank records, receipts, etc.),
- During the contract period, as well as afterwards, the data is necessary for us to inform you/to inform the company you are employed at regarding the opportunity of offering services that may better suit you and/or the company you are employed at, beyond those initially contracted,
- During the contract period, as well as afterwards, the data is necessary for us to analyze the viability/technical efficiency/cost efficiency/potential technical issues related to the services offered, so that we can better understand all the technical/economic aspects of the services provided,
- During the contract period, as well as afterwards, the data is necessary for us to understand market trends, what types of services are sought, what is available on the market, what costs customers are willing to allocate, etc., knowing this information helps us adapt our business strategy to remain competitive in the relevant market and to meet your and/or the needs of the company you are employed at,
- During the contract period, as well as afterwards, there may be misunderstandings/disputes between our company and you/the company you are employed at regarding the execution of the contract, in which case the data is necessary for us to protect our rights (e.g., in the event of a lawsuit, to prove that we fulfilled our obligations, in the case of non-payment of an invoice, to demonstrate that we provided the billed services, etc.).
- During the contract period, as well as afterwards, the data is necessary for us to analyze our own activity and how we conduct it (internal analysis) so that we can adapt to the market in the most appropriate way (e.g., we analyze whether new hires are necessary, if so, in which department; we assess the efficiency of our employees; we evaluate the knowledge and professionalism of our employees, etc.).
- After the conclusion of the contract, there is a possibility that you/the company you are employed at, or we, may be subject to inspection by fiscal authorities/other public authorities/institutions, in which case we must be able to fully demonstrate the contractual relations between us and how they were executed by both you/the company you are employed at and by us.
6.2. Suppliers of Business Software Development and Other Related Individuals
Business Software Development processes the personal data of its potential suppliers/suppliers/former suppliers, as well as of other individuals who have a certain relationship with them, as outlined in section 3.1. Sections 6.1.1. – 6.1.2. apply correspondingly to the suppliers of Business Software Development.
6.3. Partners of Business Software Development and Other Related Individuals
Business Software Development processes the personal data of its potential partners/partners/former partners, as well as of other individuals who have a certain relationship with them, as outlined in section 3.1. Sections 6.1.1. – 6.1.2. apply correspondingly to the partners of Business Software Development.
6.4. Other Individuals
Business Software Development processes the personal data of individuals other than those mentioned in sections 6.1. – 6.3., such as:
- Representatives of public authorities/institutions (e.g., ANAF inspectors, police officers, etc.),
- Visitors to our headquarters and work locations,
- Visitors to our website,
- Other individuals we may come into contact with, etc.
Purpose of Processing
Business Software Development aims to provide its services to as many individuals/entities as possible, as well as to fulfill its legal obligations, thereby maintaining a prominent and efficient presence in the relevant market.
Business Software Development will process your personal data for the following purposes:
- In order to initiate and maintain a dialogue with you/the company you are employed at,
- in order to present our services,
- in order to obtain from you/the company you are employed at information based on which we can propose services that best suit you and/or that best suit the company you are employed at,
- in order to draft documents related to the pre-contractual period (offer, contract template, etc.),
- in order to understand the requirements and trends in the relevant market (e.g., what services are in demand, by which categories of clients, at what prices, etc.),
- in order to understand how we can improve our services (e.g., evaluating internal employees, analyzing the need for additional staff, etc.),
- in order to fulfill legal obligations (e.g., the obligation to provide documents and information requested by a public authority/institution that initiates an audit regarding us),
- in order to understand how we should organize our activity from all perspectives (commercial/marketing/HR/IT/financial, etc.) (e.g., evaluating contracts concluded in one month against contracts that could have been concluded, assessing how our internal employees perform their duties, analyzing how we present ourselves as a company, etc.),
- in order to protect our rights and interests.
Legal Grounds for Processing
The legal grounds for processing your data:
- The processing is necessary for fulfilling our legal obligations (e.g., if we are subject to a tax audit, we provide the documents and information concerning you to the tax inspector, etc.),
- Our legitimate interests (interests in achieving the purposes outlined above).
Storage Period
The storage period varies from case to case depending on the specifics of the data (e.g., the number of visitors to our website may be retained for a period of 3 months necessary to carry out a specific survey, or it may be retained for a period of 1 year for analyzing a trend, etc.).
However, we assure you that we will not retain your data after the purpose for which we collected it has been achieved.
7. Recipients / Categories of Recipients of Your Personal Data
Your personal data may also be transmitted by us, in some cases depending on the circumstances, to:
- Individuals acting under our careful guidance (e.g., our employees),
- Our co-operators of personal data (e.g., the company you are employed at, our partner companies, self-employed individuals with whom we have contractual relationships, etc.),
- Individuals acting under the careful guidance of our personal data co-operators (e.g., employees of the company you work for, employees of our partner company, etc.),
- Individuals authorized to process personal data on our behalf (e.g., a courier company, a self-employed individual collaborating with us),
- Individuals acting under the careful guidance of the individuals authorized to process personal data on our behalf (e.g., a driver employed by a courier company),
- You, to the extent that you understand to exercise one of the rights provided by law (e.g., the right of access),
- Any other person/entity outside those mentioned in points 1 – 6, for example, a distinct personal data operator (e.g., ANAF).
The transmission of personal data to the individuals listed above will occur only to the extent that this transmission:
- Is required by the necessity of achieving the purposes for which we process your personal data,
- Is imposed by law.
8. Transfer of Your Personal Data Outside the European Union
Business Software Development keeps your personal data, either in physical format, digital format, or both, on the territory of the European Union.
However, in certain situations, Business Software Development may transfer your personal data outside the European Union (e.g., by sending an email to your company that has its own email server outside the European Union).
In these cases, Business Software Development will ensure that the transfer of data is made only if the conditions imposed by European legislation regarding personal data protection are met (e.g., there is a compliance decision issued by the European Commission, an agreement is concluded to ensure the necessary guarantees, etc.).
9. Your Rights
Regarding your personal data, you have a series of rights:
- The right to access your data,
- The right to rectify your data,
- The right to obtain the deletion of your data,
- The right to obtain the restriction of the processing of your data,
- The right to object to the processing of your data,
- The right to lodge a complaint with the competent authority regarding the processing of personal data. Business Software Development facilitates the exercise of your rights, so do not hesitate to contact us at dpo@bsd.ro.
10. Your Obligation or Lack of Obligation to Provide Your Personal Data
As a general rule, Business Software Development does not require you, in any way, to provide your personal data.
However, in certain situations, if you do not provide us with your personal data, we cannot fulfill the purposes outlined above.
For example, if you do not send us the contract bearing your signature, we cannot consider that a valid contract has been concluded between us.
11. Absence of Automated Decision-Making Processes
Business Software Development does not hold/use any form of automated decision-making processes, including profiling concerning you, and all decisions/actions/inactions/measures taken/adopted/implemented by our company are based solely on human factors.
Although we use a range of IT equipment, the decisions we make concerning you are adopted only by individuals within our team, based on their own beliefs and assessments, rather than automatically based on the information provided by IT equipment.
12. Modification of this Policy
Business Software Development informs you that this personal data processing policy is an overview of how we process your personal data today, when you read this document.
There is a possibility that we may update this policy from time to time (e.g., due to legislative changes, or because we wish to process your data for other purposes and/or based on other legal grounds, etc.).
In such cases, the update of the policy will be carried out without affecting your legitimate rights and interests regarding the protection of personal data.
13. Exclusivity of this Policy
This personal data processing policy was developed by Dumitru, Popescu and Associates S.P.A.R.L. (DPA Legal Team) in collaboration with members of the Business Software Development team, exclusively for Business Software Development, and is the exclusive property of Business Software Development.
Reproduction, in whole or in part, of this policy can only be carried out with the express written consent of Business Software Development.