Awwwards
TERMS AND CONDITIONS


TERMS AND CONDITIONS


1. Protection of personal data


Thank you for choosing to visit our website and we are anxious to introduce our services as well.

In order to browse our website or to access our services online, you must agree to the Terms and Conditions to be submitted. Accepting them creates rights and obligations for both parties to be both new and protected. The legal form of this acceptance takes the form of a contract that creates rights and obligations on both sides.

If you do not agree, please do not continue to use and navigate the website.

The terms and conditions and the policies of the website are subject to change without prior notice and it is the responsibility of the user to periodically check for continued navigation.

Any questions or concerns you may address to office@brandaffair.ro and a colleague will respond as soon as possible.

In the event that our websites contain links to other providers' websites where the terms and conditions do not extend, it is necessary to verify and accept from the user the terms and conditions of those websites. Under no circumstances shall we assume responsibility for the terms and conditions, privacy policies, or content of other websites.

We underline that data transmission over the Internet (for example, in email communication) has security breaches and therefore can not be completely protected against third party access.


2. Personal data collected

If you visit and / or use both our web pages and our social media pages, we may collect your personal data identifying a person or referring to an identifiable or unidentifiable person in a way or another.

Collection of personal data may include:

Name, first name, address, home address or residence, e-mail address, telephone number, birthplace, CNP, ID card series, identity card number and other identification data

  • Name of your Internet Service Provider
  • The website you visit, the website you visit, including date and / or duration
  • Anonymous IP address or not and / or the geographic location of the device accessing the web page
  • Unique IDs of your device or devices, including cookies
  • Date and time of the visit, date and time of requests registered on the webpage, name of visited pages and / or files viewed
  • Browser and identification data
  • The operating system used by the user



3. Sources of collection for the processing of personal data

Collection of personal data can come from multiple sources:

Collecting from direct interactions: It's done by using our social media sites and pages, using methods such as enrollments, forms, applications, etc. Transmitting personal data through the web page will cause you to save it in the transmitted form. Personal information is not shared without your consent or shared without your consent, but only with those contributors who provide the trustworthy guarantees required to comply with our privacy policies.

Automatic Interaction Collection: It is achieved by using various technologies (cookies, electronic communications protocols, etracker, etc.)

Cookies: Cookies are text files that are saved on the user's computer / device when they visit a web page. This technology allows, among other things, recognition of the visitor if it returns to the web page and provides an optimal experience in using the web page.

Depending on their nature, cookies are divided into 3 categories:

Session Cookie: Used only while using the web page. Cookies called "strictly necessary" are those cookies that ensure the functionality of the web page and ensure that data transfer security requirements are met.

First Party Cookie: Cookies sent to the pages that they created at the time of first use, useful for meeting the needs of easy web page navigation (for example, the language of use). These are accepted as "default" (pre-accepted), usually by the browser used.

Third Party Cookie: Cookies submitted to another webpage to which they belong. For example, we point to Google Adwords campaigns that set re-marketing or conversion codes to analyze customer behavior on different webpages they visit. In this case, it is necessary to access and verify the terms and conditions and the cookies policy of the webpages that created them.

The user's web browser allows you to erase cookies, limit or even disable them if you want. In this case, you may encounter difficulties in using the web page, and its functionality is limited.

4. How to set cookies

Within your browser you can operate settings that will limit the way you store or create cookies.

Internet Explorer - please refer to this (https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies) Extras - Internet Options - Registration Card "Expanded" - under Security tick "Send" Do Not Track "requests to Internet Explorer visited pages" Do Not Track "- Confirm


Mozzila Firefox - please refer to this (https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen) Menu - Settings - Data Protection - under Chronical Check "Create user-defined settings "- in the" Cookies "section, make the desired settings - confirm

Google Chrome - please refer to this (https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en) Menu - Settings - Extensive Settings - under "Data Protection" click on "Content Settings" - under "Cookies" check the boxes you want - confirm

Safari - please refer to this (https://support.apple.com/kb/ph21411?locale=de_DE) Safari - Settings - Data Protection - under "Cookies and Web Page Data" Make your desired settings - Confirm


5. Social plug-ins

We use social networks such as Facebook, LinkedIn, Instagram, Twitter and Google+ on social networks and Social Plugins (social media access buttons). When using our web page, these Plugins do not transmit any data to those social networks. They are used by direct click (or select - enter). After activation, you will be directed to the server of that social network. This social network can collect personal data independently from our web page.

Facebook Platform

On our web pages, social plugins from Facebook are used. For this purpose, use the Facebook button (US company Facebook Inc., 1601S. California Ave., Palo Alto, CA 94304 USA). Visiting a web page with such a link does not automatically create If you visit one of our pages a Facebook link. For this, the Plugin must be enabled. Any use of Facebook's pages implies a set of conditions independent of our web page, which can be consulted separately (http://www.facebook.com/policy.php). If you want to block Facebook Plugins completely, you can install Facebook Blocker services in your browser. The same applies to other social media Plugins as well.



6. Use and disclosure of personal data and purpose limitation

We use and share personal information collected from you only for the purpose for which we were provided. The purposes of the provision may be exemplary and not limitative:

Answering user questions: Your personal information will be used to answer your questions. Data is stored with your consent (Article 6 (1) (a) of the GDPR / General Data Protection Regulation) in order to evaluate and improve our services. There is the possibility of keeping your data legal in certain special situations. We expressly state that at any time you have the right to revoke your statement of data protection agreement.

Hiring requests: Your personal data can be used and stored to process your employment application and then used for other vacancies for a maximum of 6 months.

Use of third-party services: Personal data may also be used for the use of third-party services, in compliance with applicable legal requirements. In this regard, we may share your personal data with third parties, as an example, to external suppliers of marketing, design, or IT services.


7. Complaints

Any complaints about our Terms and Conditions or our Privacy Policy or Cookie should first be addressed to us in order to try and resolve them together. At the same time, if you are not satisfied or want to contact an authority responsible for processing your personal data, you can do so at the National Supervisory Authority for Personal Data Processing.


8. Confidentiality of the personal data of minors

The visit or use of the web site by minors as well as the provision of personal data must be made only on the express consent of the parents or legal guardians. As we discover the processing of the data provided to minors without the consent of the parents, we are committed to eliminating them from our records.


9. Purpose of processing personal data

  1. The processing of personal data is carried out in compliance with the General Data Protection Regulation (GDPR) for the following purposes:

a. For the fulfillment of contractual obligations (Article 6 (1) (b) of GDPR)

b. To protect legitimate interests, including third parties (Article 6 (1) (f), GDPR) c. Based on your consent (Article 6 (1)


d. Based on legal provisions (GDPR Article 6 (1c)) or Public Interest (Article 6 (1) (e) GDPR) In some situations, personal data is processed to meet special legal requirements, such as tax laws or anti-money laundering.


10. Who will receive my personal data?

Personal data will be distributed to the authorized individuals and departments within our company. At the same time, it is possible that third parties, such as service providers, along with whom we do business, receive such data, subject to the confidentiality of the processed data. Our partners can be in many areas, including legal services, consultancy, sales, marketing, IT, logistics, printing services, etc.



11. Location of personal data retention

The data are stored in the EEA (European Economic Area) and will only be transmitted outside the EEA for as long as it is necessary for the purposes for which they were collected, you have given us consent or required by a legal rule .


12. The duration of personal data retention

Personal data are kept throughout the performance of any contractual or legal obligations, and subsequently for a period of time limited to prescription, usually 3 years, occasionally up to 10 years. Exceptions are made by the data kept in accordance with the Romanian Commercial and Tax Legislation, including Law no. 656/2002 on the prevention and sanctioning of money laundering as well as measures for preventing and combating the financing of acts of terrorism (the Law on Money Laundering) and the Romanian Tax Code or other legal norms that require their preservation. The term for keeping these types of data is usually between two and fifteen years.


13.Automatizarea prelucrării și realizarea de profiluri

Pentru prelucrarea datelor cu caracter personal nu se folosesc procese de decizii automatizate, astfel cum sunt definite de articolul 22 GDPR, dec ât în cazuri individuale și doar în anumite cazuri în scopuri limitate.

Drepturile persoanelor vizate conform Capitolului III din Regulamentului nr. 679/2016 privind protecția persoanelor fizice în ceea ce privește prelucrarea datelor cu caracter personal și privind libera circulație a acestor date și de abrogare a Directivei 95/46/CE (Regulamentul general privind protecția datelor)


14. Automation of machining and profiling

For the processing of personal data, automated decision processes as defined in Article 22 of the GDPR are not used in individual cases and only in certain cases for limited purposes.


The rights of data subjects under Chapter III of Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation)


Section 2: Information and access to personal data

Article 13: Information to be provided when personal data are collected from the data subject

1. Where personal data relating to a data subject are collected from the data subject, the controller shall, upon receipt of such personal data, provide the data subject with all the following information: (a) the identity and contact details of the operator; and , as appropriate, of its representative; b) contact details of the Data Protection Officer, as appropriate; (c) the purposes for which the personal data are processed and the legal basis for the processing; (d) where the processing is carried out under Article 6 (1) (f), the legitimate interests pursued by the operator or a third party; e) recipients or categories of recipients of personal data; (f) where applicable, the intention of the controller to transfer personal data to a third country or an international organization and the existence or absence of a Commission decision on adequacy or, in the case of transfers referred to in Articles 46 or 47 or Article 49 (1), a reference to the appropriate or appropriate collateral and the means of obtaining a copy thereof where they have been made available.


2. In addition to the information referred to in paragraph 1, when the personal data are obtained, the operator shall provide the data subject with the following additional information necessary to ensure fair and transparent processing: (a) the period for which the data stored personal data or, if this is not possible, the criteria used to determine that period; (b) the existence of the right to request access to the data controller for personal data relating to the data subject, rectification or erasure thereof or restriction of processing or the right to object to processing, as well as the right to data portability; (c) where the processing is based on Article 6 (1) (a) or Article 9 (2) (a), the existence of the right to withdraw consent at any time without affecting the lawfulness of processing on the basis of consent before withdrawing it; d) the right to lodge a complaint with a supervisory authority; (e) whether the provision of personal data is a legal or contractual obligation or obligation required for the conclusion of a contract, and whether the data subject is required to provide such personal data and the possible consequences of non-compliance with that obligation; (f) the existence of an automated decision-making process including the creation of profiles referred to in Article 22 (1) and (4) and, at least in those cases, relevant information on the logic used and the significance and expected consequences of such processing for the data subject.

3. Where an operator intends subsequently to process personal data for a purpose other than that for which it was collected, the operator shall provide the data subject,


before such further processing, information on that secondary purpose and any additional relevant information in accordance with paragraph 2.

4. Paragraphs 1, 2 and 3 shall not apply if and to the extent that the data subject already possesses that information.

Article 14: Information to be provided when personal data have not been obtained from the data subject

(1) Where personal data have not been obtained from the data subject, the operator shall provide the data subject with the following information: a) the identity and contact details of the operator and, where appropriate, his representative; b) contact details of the Data Protection Officer, as appropriate; (c) the purposes for which the personal data are processed and the legal basis for the processing; (d) the categories of personal data concerned; e) recipients or categories of recipients of personal data, as the case may be; (f) where appropriate, the intention of the controller to transfer personal data to a third country recipient or an international organization and the existence or otherwise of a Commission decision on suitability or, in the case of transfers referred to in Articles 46 or 47, or in the second subparagraph of Article 49 (1), a reference to the appropriate or appropriate collateral and the means of obtaining a copy thereof where they have been made available.


(2. In addition to the information referred to in paragraph 1, the operator shall provide the data subject with the following information necessary to ensure fair and transparent processing of the data subject: (a) the period for which the personal data will be stored, or this is not possible, the criteria used to establish this period; (b) where the processing is carried out pursuant to Article 6 (1) (f), the legitimate interests pursued by the operator or a third party; (c) the existence of the right to request access to the data controller's personal data relating to the data subject, rectification or erasure thereof, or the restriction of processing and the right to object to processing, as well as the right to data portability; (d) where the processing is based on Article 6 (1) (a) or Article 9 (2) (b)

(a) the existence of the right to withdraw consent at any time without affecting the lawfulness of the processing under consent prior to its withdrawal; e) the right to lodge a complaint with a supervisory authority; f) the source of personal data and, if applicable, whether it comes from publicly available sources; (g) the existence of an automated decision-making process including the creation of profiles referred to in Article 22 (1) and (4) and, at least in those cases, relevant information on the logic used and on the significance and expected consequences of such processing for the data subject.

3. The operator shall provide the information referred to in paragraphs 1 and 2: (a) within a reasonable time after obtaining personal data, but not more than one month, taking into account the specific circumstances in which it is processed personal data; (b) if personal data are to be used for communication with the data subject, at the latest at the time of the first communication to the data subject; or (c) if it is intended to disclose personal data to another recipient, at the latest at the time when they are first disclosed. (4)

Where an operator intends subsequently to process personal data for a purpose other than the one for which it was obtained, the operator shall provide the data subject prior to such further processing with information on the secondary purpose and any relevant additional information in the accordance with paragraph 2. 5. Paragraphs 1 to 4 shall not apply if and to the extent that: (a) the data subject already possesses the information; (b) the provision of such information proves impossible or would involve disproportionate efforts, particularly in the case of processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, subject to the conditions and guarantees laid down in Article Or in so far as the obligation referred to in paragraph 1 of this Article is likely to render impossible or seriously impair the achievement of the objectives of such processing. In such cases, the operator shall take appropriate measures to protect the rights, the legitimate freedoms and interests of the data subject, including the making available to the public; (c) the obtaining or disclosure of data is expressly provided for by Union or national law to which the operator belongs and which provides for appropriate measures to protect the legitimate interests of the data subject; or d) if the data with character

personnel must remain confidential under a statutory obligation of professional secrecy governed by Union or national law, including a legal obligation to keep secret.

Article 15: Right of access of the data subject

(1) The data subject has the right to obtain from the operator a confirmation that personal data concerning him / her are processed or not and, if so, access to the respective data and the following information: a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom personal data has been or is to be disclosed, in particular recipients from third countries or international organizations; (d) where possible, the period for which personal data are to be stored or, if that is not possible, the criteria used to determine that period; (e) the existence of the right to require the operator to rectify or erase personal data or to restrict the processing of personal data relating to the data subject or the right to object to processing; f) the right to lodge a complaint with a supervisory authority; (g) where personal data are not collected from the data subject, any available information on their source; (h) the existence of an automated decision-making process including the creation of profiles referred to in Article 22 (1) and (4) and, at least in those cases, relevant information on the logic used and on the significance and expected consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or an international organization, the data subject shall have the right to be informed of the appropriate safeguards under Article 46 relating to the transfer.

(3) An operator shall provide a copy of the personal data undergoing processing. For any other copies requested by the data subject, the operator may levy a reasonable charge, based on administrative costs. If the data subject enters the application electronically and unless the data subject requests a different format, the information is provided in an electronic format that is currently used.

4. The right to obtain a copy referred to in paragraph 3 shall be without prejudice to the rights and freedoms of others.

Section 3: Correction and deletion

Article 16: Right to rectification

The data subject has the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data relating to him. Taking into account the purposes for which the data were processed, the data subject has the right to obtain the completion of incomplete personal data, including the provision of an additional statement.



Article 17: Right to delete data ("the right to be forgotten")

1. The data subject shall have the right to obtain from the controller the deletion of the personal data relating to him without undue delay and the controller shall be required to delete the personal data without undue delay if one of the following reasons : (a) personal data are no longer required for the purposes for which they were collected or processed; (b) the data subject withdraws his consent on the basis of which the processing takes place in accordance with Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing; (c) the data subject opposes processing pursuant to Article 21 (1) and there are no legitimate reasons with regard to the processing

or the data subject opposes processing under Article 21 (2); d) personal data has been processed unlawfully; (e) personal data must be erased in order to comply with a legal obligation incumbent upon the operator under Union or national law under which the operator is located; (f) personal data were collected in connection with the provision of information society services referred to in Article 8 (1).

2. Where the operator has disclosed his personal data and is required under paragraph 1 to delete it, the operator shall, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform operators who process personal data that the data subject has requested the deletion by these operators of any links to that data or of any copies or reproductions of such personal data.

3. Paragraphs 1 and 2a shall not apply to the extent that processing is necessary: (a) for the exercise of the right to freedom of expression and information; (b) for compliance with a legal obligation providing for processing under Union or national law applicable to the operator or for the performance of a task performed in the public interest or in the exercise of an official authority with which the operator is entrusted; (c) on grounds of public interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3); (d) for purposes of archiving in the public interest for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1), to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously affect the achievement of the respective processing objectives; or e) for the establishment, exercise or defense of a right in court.



Article 18: Right to Restrict Processing

1. The data subject shall have the right to obtain from the controller the restriction of processing if one of the following applies: (a) the data subject contests the accuracy of the data for a period which allows the controller to verify the accuracy of the data; b) the processing is illegal and the data subject opposes the deletion of the personal data, requesting instead the restriction of their use; c) the operator no longer requires personal data for processing, but the data subject asks for the determination, exercise or defense of a right in court; or (d) the data subject opposed to processing in accordance with Article 21 (1), for the period of time to verify that the legitimate rights of the controller prevail over those of the data subject.

2. Where processing has been restricted pursuant to paragraph 1, such personal data may, with the exception of storage, be processed only with the consent of the data subject or for the establishment, exercise or defense of a right in court; or for the protection of the rights of another natural or legal person or of a major public interest of the Union or of a Member State.

3. A person who has obtained restriction of processing under paragraph 1 shall be informed by the operator before the lifting of the processing restriction.


Article 19: Notification obligation to rectify or erase personal data or restrict processing

An operator shall communicate to any addressees to whom personal data have been disclosed any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18, unless that this proves impossible or involves disproportionate efforts. The operator shall inform the data subject about the addressees concerned if the data subject so requests.