The following privacy notice applies to the websites and services offered by Automac Union SRL, Automac Construct SRL, Automac Logistic SRL and Automac BG Ltd. describes how we gather and use your information and goes into effect as of May 25, 2018.
You may contact Automac Union SRL (“AUTOMAC”), the data Controller, address: George Missail str., nr. 108, sector1, Bucharest, RO011542, Romania.
AUTOMAC agrees to respect your privacy and to comply with the privacy and protection laws concerning applicable data.
At AUTOMAC, we always process the data of our clients as if it were our own, in order to ensure its security, and act in accordance with data protection legislation, including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”).
DOES AUTOMAC HAVE A DATA PROTECTION OFFICER?
Yes, AUTOMAC takes data protection very seriously and has a Data Protection Officer who is responsible for all matters related to data protection. Please contact said officer should you have any questions.
Email us at firstname.lastname@example.org or call our Romania office at (+4) 0736745588 and they will be happy to assist you.
DOES AUTOMAC ALWAYS ACT AS A DATA CONTROLLER?
As a data controller, some of our activities entail that we act solely as a data processor for our clients; for example, when we provide our online assessment service.
Here is a simple way of understanding the difference:
The data controller decides what personal data is gathered, how it is gathered and its purpose. While the data processor acts specifically under the explicit instructions of the staff member responsible for the applicable processing required to execute a defined process that involves the personal data provided.
When AUTOMAC acts as a data processor or sub-processor for clients, we have existing agreements to guarantee the security of the data and ensure that we act according to our clients desires and, of course, in accordance with applicable data protection legislation.
WHAT PERSONAL DATA DO WE GATHER DIRECTLY FROM A PERSON WHEN THEY VISIT OUR WEBSITE?
When you request information on our services, you might use a contact form where you are asked to enter your name, email address, zip code, telephone number or other data to aid the client experience or to provide you with documentation, such as technical documents.
WHAT PERSONAL DATA DO WE GATHER INDIRECTLY FROM A PERSON WHEN THEY VISIT OUR WEBSITE?
We may gather information on how you use our website in order to continue improving how it works. We may gather statistics on how many people visit our web pages, where they come from, when they visit them, how long they stay and what pages they look at.
This shall include information regarding IP addresses of origin (which can indicate your geographic location but not your identity), internet service providers, files viewed on our websites and time stamps.
We may also gather information on the browsers, operating systems and devices that you use to ensure that you have a good experience online regardless of how you access our websites.
A new prospect or client may come to us from anywhere in the world and we can send their question to the appropriate global partner according to the user’s regional configuration.
IF A AUTOMAC ASSESSMENT WAS PERFORMED, HOW ARE MY PERSONAL DATA GATHERED AND USED?
The company that asks you to complete an assessment online is the data controller and AUTOMAC acts as the data processor. The data controller decides what data is gathered and what this data is utilized for. If you have any concerns about the data requested of you or about the process, you should contact them first.
We act as processors for two main assessment processing methods:
- 1. give clients access to their own user logins on our server so they can administrate the service themselves or
- 2. administrate the assessment submission service on behalf of the data controller – this shall be described as the automatic correction service in this document.
ARE THE ASSESSMENTS PROVIDED BY AUTOMAC CONSIDERED “AUTOMATED DECISION-MAKING, INCLUDING PROFILE ASSESSMENT”?
No, the assessment provided by AUTOMAC should never be used in an isolated way in the recruitment or staff development process. AUTOMAC assessments are provided to the data Controller as part of their more broad-based decision-making process along with the rest of the information the Controller has gathered.
DOES AUTOMAC USE PERSONAL DATA IN ITS RESEARCH?
AUTOMAC conducts research and analysis to further improve the services we provide to clients and candidates, which requires us to process personal data for this clearly defined process.
When we process personal data for research, we do so as a Controller.
When we process personal data for research, we make sure we adopt the proper security measures, such as pseudonymization (where data is not completely identifiable) and guarantee that only our research team has access to the data in order to conduct this research. Our research and psychology teams are subject to the most up-to-date ethical standards and data protection laws. Once they have completed their research, all data utilized are completely anonymous, thus it is impossible to identify an individual person based thereon.
IF AUTOMAC IS THE CONTROLLER: WHAT LEGAL BASIS DOES AUTOMAC HAVE TO USE YOUR DATA?
That depends; however, we can ensure you that AUTOMAC only processes data when we have the legal grounds to do so.
When processing your data, we will apply a legal basis based on the variety of services that we offer and how they are provided.
We may also process your data as a Controller in order to help us achieve our legitimate interests, always ensuring that these interests are carefully balanced and do not negatively impact your rights.
There may also be cases where we ask for your consent to process your personal data. We will ensure that the consent obtained is in line with current applicable legislation and that it is specific and informed when necessary and that it is in alignment with the basis of processing.
HOW DOES AUTOMAC GUARANTEE THE SECURITY OF ITS SYSTEMS AND PROTECT YOUR DATA?
All of us at AUTOMAC take the security of the personal data that you have entrusted to us very seriously. All our servers that are used for our assessments are hosted in highly safe locations in Romania.
AUTOMAC periodically tests the security of our networks and brings in external experts to assist us with that process. Access to personal data is restricted and may only be accessed by those who have a legitimate reason to do so.
All our offices have access control systems and all AUTOMAC employees receive periodic trainings on data protection and IT security.
If you would like to obtain more information on how we secure our systems, please read our policies available on our website, which contains more information about how we incorporate both security and privacy by design.
DOES AUTOMAC WORK WITH A SUB-PROCESSOR?
AUTOMAC is comprised of different legal entities, which are:
- AUTOMAC union SRL
- AUTOMAC construct SRL
- Automac logistic SRL
- AUTOMAC bg Ltd
This privacy notice is issued on behalf of Automac Union SRL, thus when we mention “AUTOMAC”, “PDA”, “us” or “our” in this privacy notice, we are referring to the relevant company of the Group that is responsible for data processing.
We will inform you which entity will be the data controller when you purchase a product or service from us.
Automac Union SRL is the controller and owner of this website.
If you have any questions or if you would like to receive more information about us, please don’t hesitate to contact us at email@example.com
HOW AND WHERE ARE YOUR DATA STORED?
AUTOMAC guarantees the security of client and candidate data at all times.
Our main servers are hosted in highly-rated data centers in Romania, which strictly control access to the physical premises while providing exceptional system availability. AUTOMAC also administrates our IT environment, ensuring that we maintain total control of the systems that house the assessments we provide and the information they contain.
HOW LONG DO WE STORE PERSONAL DATA?
In accordance with what is established in the GDPR, AUTOMAC only stores personal data for the necessary amount of time. When deciding how long we will store personal data, we take into account the minimum data retention requirements established by law. These retention periods are mainly related to our activities as a data controller and not as a data processor.
If a AUTOMAC assessment is being completed, AUTOMAC acts solely as the data processor and the employer or possible employer acts as the data controller, thus they shall be the ones who decide how long to store the data and will carry out the data retention and deletion process accordingly.
For our clients that use our automatic correction service (where we provide a hosted assessment link submission service), the relationship between the controller and processor persists, where AUTOMAC follows the client’s instructions, deleting data according to their explicit instructions.
WHAT ARE YOUR RIGHTS?
The GDPR brings many changes, including new improved rights that allow users to have more control over their data and how said data are used.
The GDPR gives you the right to:
- Request access to the personal data we have that pertains to you, free of charge (certain exceptions apply, which we can explain to you if you contact us at the email address provided at the bottom of this section, as needed).
- Request that your personal data be corrected if it is incorrect or if it is out-of-date. If the data that we have pertaining to you are out-of-date, incomplete or incorrect, you may inform us and we will update said data.
- Ask to withdraw your consent to the processing of your data if that process is based on consent.
- Request that we delete your data. If you believe that we should no longer use your data, you may ask us to delete said data. When we receive a deletion request, we will confirm that the data has been deleted or the reason why the data could not be deleted.
- Oppose to the processing of your data. You may ask us to stop processing information pertaining to you. When we receive your request, we will contact you and inform you if we are able to comply or if we have legitimate reasons to continue processing your data. Even after you exercise your right to object, we may continue to retain your data in order to comply with your other rights or file or defend legal claims.
- Request that we transfer your data to another controller if the data are processed by automatic means (that is, excluding paper records).
- Request that we restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal data:
- if you would like us to establish the accuracy of the data;
- when our use of the data is illegal but you do not want us to delete it;
- when you need us to retain data, even if we no longer need said data to establish, exercise or defend legal claims; or
- you have opposed to our use of your data, but we need to verify if we have legitimate reasons to use it.
Keep in mind that if you complete a AUTOMAC assessment, the controller (who would generally be your employer, potential employer or an academic establishment) is ultimately responsible for helping you exercise rights, thus we recommend that you contact them first.
IF YOU WISH TO EXERCISE ONE OF THE RIGHTS MENTIONED ABOVE, PLEASE CONTACT THE CONTROLLER.
To exercise any of your rights, please contact firstname.lastname@example.org, or send a letter to:
Data Protection Officer Address: George Missail str., nr. 108, sector 1, Bucharest, 011542, Romania.
We will try to respond to your request within 30 days or less, unless said request is highly complex or excessive.
AUTOMAC reserves the right to charge an administrative fee or to refuse a request that contains requests for data that are clearly inadmissible or excessive, especially if they are repetitive.
We may also inform our clients of any substantial changes by email.
REPORTING A DATA BREACH
If you believe that there has been a loss of the personal data that we use or administrate, or illegible use or disclosure of these data, please contact our Data Protection Officer at email@example.com or call (+4) 0736745588.
RESOLUTION OF PRIVACY ISSUES
At PDA, we always work hard to resolve any data privacy issue you may have, so please remember that you may contact our Data Protection Officer at firstname.lastname@example.org