The company  DR.MAX S.R.L., with registered office in Mogosoaia, 53rd Aeroportului St., Ilfov, registered at the Trade Register with order number J23/673/2007, SIN RO9378655, as controllers(„The company”), hereby inform you on the processing of your personal data in the context of certain operations carried out by the Company.

The address of the headquarters is: 8, Jiului Street, J8 Office Park, building A, Bucharest.

The Company acts as a personal data controller for the purpose of ensuring the security and protection of property and persons on the premises belonging to the Company, by implementing a video surveillance system at the access points thereto, as well as rules on access to the premises of the Company, by issuing and granting access cards.

1. Purpose, categories of data and grounds for processing

This information notice relates to your status as employees, customers, visitors to the Company's premises, including agents, operators, occupants, contractors and/or suppliers or other categories of persons who may have access to the Company's premises.

The Companny processes the personal data listed in Section 2 below for the following purposes, based on the legal grounds indicated for each purpose:

2. Collection of personal data

The Company has collected your personal data from the following sources:

2.1 For video surveillance:the video surveillance system located on the premises of the Company, which has been mounted in visible places at the access points.

2.2 For the implementation of the rules on access to the Company's premises, by issuing and granting access cards: the data is collected directly from the data subject.

3. Recipients of personal data

In order to fulfil the purposes mentioned above, the Company uses the services of several contractual partners.

Some of them are processors, such as specialized security and protection companies, companies that carry out security activities for objectives, goods or values, in conditions of maximum security of the same, as well as the protection of persons and are active in the protection and security sector and carry out their commercial activity in Romania, Bucharest , , and they may be provided with your personal data to be used within the limits of the obligations they assume towards the Company. The personal data that we disclose to our assignees is limited to the minimum personal information that is necessary for the provision of those services and we ask them not to use personal data for any other purpose.

We make every effort to ensure that all entities we work with store your personal data in a safe and secure manner.

The personal data indicated above may also be made available or transmitted to third parties in the following situations: (i) public authorities, auditors, or institutions with powers to carry out inspections and controls on the Company's activity and assets and/or which request the Company to provide information, by virtue of the latter's legal obligations. Such public authorities or institutions may be courts, police; or (ii) to comply with a legal requirement or to protect the rights and assets of our Company or other entities or persons, such as courts.

In addition, for the purposes of the above processing, we may distribute your personal data to Group companies, that will fully comply with the Company's instructions regarding the processing of your personal data.

4. Processing time

We will store your personal data only for the period necessary to achieve the above processing purposes, while complying with the legal requirements in force. Should the Company determine that it has a legitimate interest or legal obligation to further process your personal data for other purposes, you will be duly informed to this effect.

We estimate that the processing activities detailed above will require the storage of personal data for the following periods:

*Cu excepția cazului în care este necesar să fie protejate interesele legitime ale operatorului sau există obligații legale de păstrare. În astfel de cazuri, vom acționa conform legii, inclusiv în ceea ce privește informarea dvs.

5.What happens to your personal data after the processing has ended

Once the processing period indicated above expires and the Company no longer has legal or legitimate grounds to process your personal data, the data will be deleted in accordance with its procedures, which involves their destruction.

6. Refusal of processing and its consequences

The data processing described in section 1, purposes 1, 2 and 3, is a legal obligation of the Company, to ensure the security and protection of the establishments where it holds valuables and assets. If you do not wish your data to be processed for this purpose, you will not be able to access the premises of the Company.

7. Security of data processing

The Company hereby informs you that we constantly evaluate and update the security measures implemented to ensure safe and secure processing of personal data.

8.Rights of the data subject regarding data processing

In the context of the processing of your personal data, you have the following rights:

1. Right of access to personal data processed: you have the right to obtain confirmation as to whether your personal data are being processed and, if so, to have access to the type of personal data and the conditions under which they are processed, by making a request to the data controller;
2. The right to request rectification or erasure of personal data: aveți posibilitatea de a solicita, prin adresarea unei cereri în acest sens către operatorul de date, rectificarea datelor cu caracter personal inexacte, completarea datelor incomplete sau ștergerea datelor dumneavoastră cu caracter personal în cazul în cazul în care (i) datele nu mai sus necesare în scopul inițial (și nu există un nou scop legal), (ii) temeiul juridic al prelucrării este consimțământul persoanei vizate, persoana vizată își retrage consimțământul și nu există alt temei legal, (iii) persoana vizată își exercită dreptul de a se opune, iar operatorul nu are motive legitime care să prevaleze pentru a continua prelucrarea, (iv) datele au fost prelucrate ilegal, (v) ștergerea este necesară
   for compliance with EU or Romanian law, or (vi) the data have been collected in connection with information society services offered to children (if applicable), where specific consent requirements apply;
3. Right to request restriction of processing: you have the right to obtain restriction of processing in cases where: (i) you consider that the personal data processed is inaccurate, for a period allowing the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, but you do not want us to erase your personal data but to restrict the use of such data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need the data to establish, exercise or defend a legal claim; or (iv) you have objected to the processing, for the period of time within which we verify whether the data controller's legitimate grounds outweigh the data subject's rights;
4. The right to withdraw your consent to the processing, where the processing is based on consent, without affecting the lawfulness of the processing carried out up to that moment;
5. The right to object to the processing of data on grounds relating to your particular situation, where the processing is based on legitimate interest, and to object at any time to the processing of data for direct marketing purposes, including profiling.
6. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or otherwise significantly affects them.
7. The right to data portability, meaning the right to receive your personal data that you have provided to the data controller in a structured, commonly used and machine-readable form, and the right to transfer that data to another controller, where the processing is based on your consent or the performance of a contract and is carried out by automated means;
8. The right to lodge a complaint with the Data Protection Authority (ANSPDCP) and the right to apply to the competent courts.

The above rights can be exercised at any time. To exercise these rights, we encourage you to send a written, dated and signed request or an electronic request to the following address: 8, Jiului Street, J8 Office Park, building A, Bucharest, or by e-mail to dpo@drmax.ro

9. Data Protection Officer

You may address any questions regarding this document to the Data Protection Officer, who can be contacted using the following contract details:

E-mail dpo@drmax.ro

Tel: 021.301.74.74

Fax: 021.301.74.75

Address: 8, Jiului Street, J8 Office Park, building A, Bucharest

Version date: 18.10.2024.