The purpose of using personal data by Global Tax Advise SRL
Global Tax Advise SRL collects, records, organizes, stores and uses to manage, maintain, improve, and obtain feedback on the services it offers, as well as to prevent errors and leakage of information through its own IT network, law violations or contract terms.
Marketing
If you have a contract with Global Tax Advise SRL it is possible to contact you to get feedback on the contracted service to improve its quality.
Global Tax Advise SRL collects and updates information about service customers and users of their websites, as well as about providers with whom they regularly interact and can obtain this information either directly from you or from third parties, or automatically with the use of Global Tax Advise SRL through Cookies and traffic reports generated by the servers hosting the taxadvise.ro website.
User rights
In the context of processing personal data, users have the following rights:
Right to be informed:
1. Where personal data are obtained directly from the data subject, the operator shall provide at least the following information to the data subject, unless that person already possesses the following information:
a.the identity of the operator and his representative, if any;
b. the purpose of data processing;
c. additional information such as: recipients or categories of data recipients; if the provision of all required data is mandatory and the consequences of the refusal to provide them; the existence of rights under the law for the data subject, in particular the right of access, data interference and opposition, and the conditions under which they may be exercised;
d. any other information the provision of which is required by the provision of the supervisory authority, taking into account the specific nature of the processing.
2. Where the data are not obtained directly from the data subject, the operator shall, at the time of data collection or, if it is intended to be disclosed to third parties, at the latest by the time of the first disclosure, provide the data subject the following information, unless the data subject already possesses the following information:
a.the identity of the operator and his representative, if any;
b. the purpose of data processing;
c. additional information such as: the data categories concerned, the recipients or categories of data recipients, the existence of rights under the law for the data subject, in particular the right of access, data interference and opposition, and the conditions under which exercised;
d. any other information the provision of which is required by the provision of the supervisory authority, taking into account the specific nature of the processing.
3. The provisions of paragraph (2) shall not apply where the processing of data is for statistical purposes, historical or scientific research, or in any other situation where the provision of such information proves impossible or would involve a disproportionate effort to the legitimate interest which would could be harmed, as well as in situations where the recording or disclosure of data is expressly provided for by law.
Right of access to data
1. Any person concerned shall have the right to obtain from the operator, on request and free of charge for a request per year, the confirmation that data relating to him or her are processed by him or her. An operator is obliged, when processing personal data concerning the applicant, to communicate to him, together with the confirmation, at least the following:
a. information for purpose of the processing, the categories of data concerned and the recipients or categories of recipients to whom the data are disclosed;
b. communicating in an intelligible form the data subject to processing, as well as any available information on the origin of the data;
c. information on the operating principles of the mechanism by which any automatic processing of data relating to that person is carried out;
d. information on the existence of the right to interfere with data and the right to object and the conditions under which they may be exercised;
e. information on the possibility of consulting the registry for personal data processing, submitting a complaint to the supervisory authority, and addressing the court to appeal the decisions of the operator in accordance with the provisions of the law.
2. The person concerned may request from the operator the information provided in paragraph (1), by means of a written, dated and signed application. In the application, the applicant may indicate whether he wishes the information to be communicated to him at a specific address, which may also be e-mail, or through a mail service to ensure that the person is handed over only personally.
3. The operator is obliged to communicate the requested information, within 15 days from the date of receipt of the application, observing the possible option of the applicant expressed in accordance with paragraph (2).
Right to interfere with data
1. Everyone concerned shall have the right to obtain from the operator, on request and free of charge:
a. where appropriate, correcting, updating, blocking or deleting data the processing of which is not in accordance with the law, in particular incomplete or inaccurate data;
b. where appropriate, the transformation into anonymous data of data whose processing is not in accordance with the law;
c. notification to third parties to whom the data of any transaction performed pursuant to subparagraph (a) or (b), if such notification is not impossible or does not involve a disproportionate effort in relation to the legitimate interest which might be harmed.
2. For exercising the right provided in paragraph (1) the person concerned shall submit to the operator a written, dated and signed application. In the application, the applicant may indicate whether he wishes the information to be communicated to him at a particular address, which may also be e-mail, or through a mail service to ensure that personal information is handed over.
3. An operator shall be obliged to communicate the measures taken pursuant to paragraph (1) and, where applicable, the name of the third party to whom the personal data relating to the data subject have been disclosed within 15 days of the date of receipt of the application, in compliance with the applicant’s possible option expressed in accordance with paragraph (2).
The right of opposition
1. The data subject has the right to oppose, at any time, for legitimate and legitimate reasons relating to his/her particular situation, data that are intended to be processed, unless otherwise provided by law. In the case of justified opposition, the processing may no longer cover the data concerned.
2. The data subject has the right to oppose at any time, free of charge and without any justification, that the data that is intended to be processed for direct marketing on behalf of the operator or a third party or disclosed to third parties in a such purpose.
3. In order to exercise the rights stipulated in paragraphs (1) and (2), the data subject shall submit to the operator a written, dated and signed application. In the application, the applicant may indicate whether he wishes the information to be communicated to him at a particular address, which may also be e-mail, or through a mail service to ensure that personal information is handed over.
4. The operator is obliged to communicate to the person concerned the measures taken pursuant to paragraph (1) or (2) and, where applicable, the name of the third party to whom the personal data relating to the data subject have been disclosed within 15 days of the date of receipt of the application, in compliance with the applicant’s possible option according to paragraph (3).
The right not to be subject to an individual decision
1. Everyone has the right to request and obtain:
a. the withdrawal or cancellation of any decision having legal effects in respect of it, adopted solely on the basis of the processing of personal data by automated means intended to assess certain aspects of its personality, such as professional competence, credibility, conduct or other aspects;
b. the reassessment of any other decision taken in respect thereof which significantly affects it, whether the decision was adopted solely on the basis of a data processing meeting the conditions set out in subparagraph a).
2. Subject to the other safeguards provided by the law, a person may be subject to a decision of the kind referred to in paragraph (1) only in the following situations:
a. the decision is taken in the context of the conclusion or performance of a contract provided that the request for termination or performance of the contract by the person concerned has been satisfied or that appropriate measures such as the possibility of asserting its point of view guarantee the defense of their legitimate interest;
b. the decision is authorized by a law that specifies the measures that guarantee the legitimate interest of the data subject.
Right to delete data
1. The data subject shall have the right to obtain from the controller the deletion of the personal data relating to him without undue delay and the operator shall be required to delete the personal data without undue delay if one of the following reasons applies:
a. personal data are no longer required for the purposes for which they were collected or processed;
b. the data subject withdraws the consent on the basis of which processing takes place and there is no other legal basis for the processing;
c. the data subject opposes the processing and there are no legitimate reasons for his processing;
d. personal data has been processed illegally;
e. personal data must be deleted in order to comply with a legal obligation incumbent upon the operator under European Union or national law under which the operator is located;
f. personal data has been collected in connection with the provision of information society services.
2. Where the operator has made publicly available his personal data and is required under paragraph (1) to delete the data, the operator shall, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform operators who process personal data that the data subject has requested that these operators delete any links to that data or any copies or reproductions of that personal data.
The right to appeal to justice
1. Without prejudice to the possibility of addressing the supervisory authority with complaint, the data subjects have the right to appeal to the courts for the defense of any rights guaranteed by the law that have been violated.
2. Any person who has suffered damage as a result of the processing of personal data, which has been unlawfully made, may appeal to the court for its repair.
3. The court of jurisdiction is the one in whose territory the applicant is domiciled. The claim for legal action is exempt from the stamp duty.
In order to implement the necessary technical and organizational measures to maintain the confidentiality and integrity of personal data, the operator will comply with the minimum security requirements for personal data processing developed by the supervisory authority according to the state of the art used in the processing and costs so that to ensure an adequate level of security with regard to the risks posed by processing and the nature of the data to be protected.
In this respect, the minimum security requirements for personal data processing cover the following aspects:
Staff training
In the user training courses, the operator is obliged to inform/train them on the following aspects:
1. the provisions of Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free circulation of such data, to the minimum security requirements for the processing of personal data;
2. the risks involved in the processing of personal data, depending on the specificity of the user’s activity;
3. keeping personal data confidential, in which they will be alerted by messages that will appear on monitors during the activity, while users are also required to close the work session when they leave the workplace.
Computers usage
In order to maintain the security of the processing of personal data (especially against computer viruses), the operator will take the following measures:
1. prohibiting the use by software users of software that comes from external or dubious sources;
2. informing users about the threat to computer viruses;
3. implementation of automatic devirusion and security systems for IT systems;
4. deactivate the “Screen Printers” button as much as possible when personal data is displayed on the monitor, thereby forbidding them to be printed on the printer.
Contact
For any other information regarding the collection, archiving and protection of personal data, please e-mail us at office@www.gtatax.ro
Update
These Privacy Terms are updated as often as needed. Please read these terms and conditions periodically in order to be aware of what information collects, uses and transmits to Global Tax Advise SRL.