General Rules for Personal Data Processing

REG – GDPR 02 |  Version 1.0 | Issue date: 24.04.2018

 

General Rules

Collectiong of personal data

Processing and use

Specific aspects regarding recruitment

Specific aspects for provision of temporary employees and the provision of services to different clients

Processing personal data to which Lugera employees have access for providing services in favor of different clients

Processing of personal data relating to criminal convictions and offenses

Processing of personal data of the contact persons from clients and suppliers side

Processing of personal data by Lugera’s IT suppliers

Disclosure or transfer of personal data to a third party located within the EEA or outside the EEA

Storing information that contains personal data

Erasure / rectification / restriction of personal data

Portability of personal data

Opposition to the processing of personal data and automated individual decision making process

Objection right regarding decisions exclusively taken bu automatic processing, including profiling

Information and communication with the individual regarding personal data

Security and confidentiality

Deviations from these General Rules

Procedure in case of unauthorized disclosure and security breaches

 

General Rules for Personal Data Processing

Lugera is a group of companies mainly active in the field of human resources (recruitment, temporary work, outsourced services, personnel management adnadministration and salary calculations, etc.), but also in the field of financial brokerage services, human capital being the main Lugera resource we are providing.

Lugera Group is composed of Lugera & Makler S.R.L., Lugera & Makler Romania S.R.L., Lugera & Makler Payroll S.R.L., SSM Outsourcing Services S.R.L., Lugera Executive Search S.R.L., Servicii Profesionale Externalizate S.R.L., Lugera & Makler Broker S.R.L., Lugera Recruitment Services S.R.L. and Credit Card Broker S.R.L.

These general rules define how the Lugera Group and its affiliates collect, use, store, transfer / disclose to third parties and erase personal personal data observing the scopes for personal data processing.

All our processing activities concerning personal data comply with all of the following principles:

  • processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’)
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (‘purpose limitation’)
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’)
  • accurate and, where necessary, kept up to date (‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

The abreviation GDPR, included in these General Rules, reffers to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Modifications to these rules are made in compliance with GDPR and are brought to the attention of the public by making them available on the website www.lugera.ro and/or by e-mail notification, if case.

Collectiong of personal data

In order to provide recruitment services, temporary work, outsourced services, personnel management and payroll services that meet Candidates and Clients’ expectations, in the context of a tightly regulated labor market, the Lugera Group asks potential candidates or employees of the Lugera Group different type of personal data: name, surname, photo, age, date of birth, gender, nationality, ethnicity, home address, email address, IP address, occupation, income, bank account, religion (eg. for granting legal holidays), health data, signature etc.

Lugera Group collects personal information about individuals in various ways, such as:

• in electronic format via e-mail, via the website www.lugera.ro;

• through communication channels associated with social media like Facebook, LinkedIn, Twitter, Instagram, etc.;

• through recruitment online platforms: bestjobs, ejobs, jooble, linkedin, etc.;

• by job applications addressed to the Lugera Group by email or transmited to the Lugera Group premises;

• during events, by phone and fax;

• during interactions with the Lugera Group’s customers and suppliers

Peronal data may be, as appropriate:

• Contact information (such as name, address, e-mail, phone number, social media user name);

• User name and password when registering via www.lugera.ro;

• Geolocation data of the registration via the website www.lugera.ro;

• Information on career interests;

• Information about bank accounts (bank, account number when the individual has an ongoing valid hiring process);

• Personal information included in the identity card, birth certificate, marriage certificate, information on dependents (during commencement and during a work contract);

• Personal medical information (required in hiring processes or during a work contract);

• Personal information on financial income / bonuses associated with a hiring process or the performance of a work contract;

• In addition, if you are a candidate associated with a recruitment process and/or when you apply for a certain position and/or create an account for requesting a certain position, we can collect the following types of personal information (according to local law):

  • History of work and education;
  • Language skills and other skills related to work;
  • Date of birth, age;
  • Gender;
  • Citizen status and work permit;
  • Information provided during interviews that may contain experiences, personal performance data about colleagues, friends, family, etc .;
  • Information provided by references;
  • The information contained in your CV or  your CV;
  • Information you provide about your career interests and other information about your employment qualifications.

Recording of personal data in Lugera Group applications, even when personal data of individuals are obtained from third parties is only made with the consent of individuals and their information regarding:

(a) the identity and contact details of the Lugera Group and, where applicable, its representative;

(b) the contact details of the Data Protection Officer, if case;

(c) the purposes for which the personal data are processed and the legal basis of the processing;

(d) if the processing is carried out pursuant to Article 6 (1) (f) of the GDPR Regulation, the legitimate interests pursued by the operator or a third party;

(e) recipients or categories of recipients of personal data;

(f) where appropriate, the intention of the Lugera Group to transfer personal data to a third country or an international organization and the existence or absence of a Commission decision on adequacy or, in the case of transfers referred to in Articles 46 or 47 or Article 49 the second subparagraph of paragraph 1, a reference to the appropriate or appropriate collateral and the means of obtaining a copy thereof where they have been made available.

If consent to the processing of your personal data can not be obtained, personal data be deleted and any physical documents will be destroyed in accordance with these rules.

Lugera Group will not process any such personal data unless the person concerned  has been informed and/or granted the consent, if case. For example if you did not grant us your consent newsletter communication, Lugera Grup  will not send you any newsletter.

Persons aged at least 16 years old can grant  consent can be granted electronically, during the enrollment on the website www.lugera.ro, using the link provided by Lugera Group or by sending by email the filled in and signed consent form or in paper form by submitting it to the Lugera group’s headquarters or by postal service to Bucharest, sector 3, Str. Vulturilor nr. 98, et. 1.

If the individual is less than 16 years old, consent must be granted by parents or legal guardian by sending by email the consent form filled in with attached evidences of parent / guardian status.

Providing electronic consent via the www.lugera.ro website requires the use of cookies and other electronic communications protocols.

When the www.lugera.ro website is visited, it is possible to collect certain information by automatic means, such as cookies, “web beacons” and web server logs. The information we can collect in this way includes IP address, unique device ID, browser features, device features, operating system, language preferences, referral URLs, information about actions taken on our site, dates and times visiting our site. A “cookie” is a file that sites send to a visitor’s computer or other device connected to the Internet to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon”, also known as the Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and is used to send the information collected by cookies back to a web server. With these automatic collection methods, we may get “clickstream data,” which involves a log of links and other content a visitor clicks while browsing a website. As a visitor clicks on the website, a record of the action can be collected and stored especially for the consent. The www.lugera.ro website links certain data elements we have collected through automated means, such as browser information, along with other information we’ve got about you to let us know, for example, if the individual has opened an email that has been sent. The browser can indicate how to notify when certain types of cookies are received or how certain types of cookies are restricted / disabled. However, it is important to remember that without cookies, you may not be able to use all the features of our sites. To the extent required by applicable law, we will obtain your consent before collecting personal information using cookies or similar automated means.

Application providers can also use automated means to collect information about your interactions with Lugera. This information is collected directly by the feature’s providers and is subject to the privacy policies or notices of these providers. Subject to applicable law, the Lugera Group is not responsible for the information practices of these providers.

The provision of personal information for recruitment is voluntary and it is the individual who determines the complexity of the information provided; is to be noticed if  you decide not to provide information or to provide incorrect informatio , it may affect our ability to consider the individual in a recruitment / hiring process or for submitting relevant hiring opportunities

If the individual is involved in a hiring process, it is mandatory to provide accurate personal data and evidence of these data, otherwise labor contracts are considered null and void.

The individual is responsible to ensure that information  provided does not contain obscene, defamatory, or infringing material to any third party; does not contain malicious code; and is not enforceable in court. Furthermore, if you provide information about any other person, such as the persons you provide as referals, you are responsible for providing any notice and obtaining any consent necessary for the Lugera Group to collect and use this information as described in this General Rules.

Processing and use

Information containing personal data is processed and used to:

• Providing services for the identification, recruitment, employment or placement of temporary labor;

• Providing employment opportunities;

• Providing payroll and personnel management services;

• Provide additional services such as training, career counseling and career transition services;

• Provide candidate analysis and evaluation services as part of the recruitment process: assessing individual performance and capabilities, including job-related skills assessment; identifying skills shortages; using information to suit individuals and potential opportunities; and data analysis (hiring practices trends).

• Provision of anonymous statistical data services;

• Sending newsletter, promotional materials, position alerts;

• Creating and managing records from Lugera applications for service delivery;

• Communication and participation in special events, promotions, programs, offers, surveys, contests and market studies;

• Managing customer and supplier relationships;

• Analyzing and improving our services, managing our communications, conducting data analysis, and conducting accounting, auditing and other internal functions;

• Protect, identify and attempt to prevent fraud and other illegal activities, claims and other debts;

• Respect and enforce applicable legal requirements, relevant industry standards, contractual obligations, and our policies.

Processing must be understood as activities regarding entering personal data into Lugera databases, uploading relevant files made available by individuals or service providers in contact with them such as CV, proposed job description, email communications, documentary evidence of the recruitment / employment process, placement of workforce, communication of such to third parties, including authorities (disclosure / transfer) for providing requested and agreed services, compressing and encrypting information to secure a backup in case of major malfunctions of the Lugera Group and, for the control of the services provided, the partial reporting of these data to authorized personnel / authorities for the agreed purposes.

If the individual has the status of employee, the information can be used in connection with employment.

The processing and use, generally involve the introduction and storage of personal data in Lugera’s own applications, interdepartmental communication for performing activities related to the services offered, storage in the database / file server, communication to third parties (disclosure / transfer) for the provision of group services .

The Lugera Group may use information containing personal data for purposes other than those for which were originally collected, purposes for which it will obtain a separate consent.

The information collected when accesing www.lugera.ro, through cookies, web beacons, pixels, web server logs, and other automated means for customizing the users’ utilization of www.lugera.ro and managing www.lugera.ro and other aspects of our business. Lugera Group will obtain your consent before collecting information, using cookies or similar automated means.

Specific aspects regarding recruitment

For involving a person into recruitment process, personal data are processed based only to the consent of such person.

During a recruitment process, the Lugera Group will not transmit to any client (potential employer) personal sensible data of candidates or personal data relating to criminal convictions, offenses and contraventions without informing and obtaining in advance the candidate’s consent.

The Lugera Group ensures that the party to whom the personal details of the candidates are disclosed will process the personal data for a specified duration agreed by the parties.

At any moment during the agreed term for the processing of personal data, upon the direct request of the candidate or of Lugera Group  as well as upon expiration of this term, the client to whom the personal data has been transferred undertakes to delete or anonymize the personal data of the respective candidate, unless it  has separately obtained the candidate’s consent for  processing its personal data.

Specific aspects for provision of temporary employees and the provision of services to different clients

If Lugera Group or his client presents to one another candidates for the purpose of finding personnel for Lugera Group ‘s employment for the provision of services included in the scope  of the contract for the provision of temporary employees or the provision of services to different clients, the party presenting the candidates ensures they have been  informed of the purpose of the processing, identification data of the other party and have given their consent to such personal data transfer. The party to whom the personal data of the candidates are submitted, compels to process the personal data of the candidates solely for the purpose of finding personnel for the employment of Lugera for the provision of the services subject to the contract except where Lugera Group is entitled to store and / or process such personal data either on the basis of a legal provision or on a legitimate interest, or if Lugera Group obtained separately the consent.

In order to execute the contract for provision of temporary employees or the provision of services to different clients, Lugera Group and its client process the personal data of the employees providing the services that are the object of the contract.

Given that for the provision of services, employees work for the client and / or on the client’s premises and / or using the client’s equipment and / or goods and / or systems, Lugera Group is entitled to disclose personal data and the client has a legitimate interest for which it processes personal data of the employees.

Employee personal data are processed for the purpose of pre-employment, contract performance, unloading of statutory obligations, internal regulations or collective labor agreements, management of work planning and organization, access to work, performance service duties, access to resources, equipment, customer information systems, disciplinary research and discipline, equality and diversity at work, health and safety at work, property protection of Lugera Group, the customer, and their clients for the purpose of exercising and benefiting, individually or collectively, the rights and benefits of employment, the termination of employment relationships and also for reporting  the performance of reports on the provision of services e.

Lugera Group and the client will also process special categories of personal data, such as health data or personal numeric code.

The criminal record certificate will not be requested to the employee except for the situations expressly stipulated by the law, when is mandatory for the person envisaged for a certain position has not have recorded convictions for certain offenses. However, in some cases, before the start of work, employees may be required to make a declaration under their own responsibility regarding the lack of criminal record.

Also, if necessary, Lugera Group and the client process personal data belonging to the employee’s family members in order to fulfill legal obligations or to grant fiscal deductions, rights or benefits to which the employee is entitled.

The processing of personal data for the purpose of accessing the client’s locations and employee work monitoring (video, audio, electronic mail, measuring the quality and quantity of work, etc.), as well as for the use of the client’s resources, equipment and computer systems represent distinct processing personal data by the user, and Lugera Group has no responsibility whatsoever for the purpose and purpose for which the customer processes the personal data.

During the recruitment process and the period of executing the employment contracts, the legal ground is stipulated under art. 6, para. 1, letter b) of GDRP, namely ”processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”, under letter c) of the same article, namely ”processing is necessary for compliance with a legal obligation to which the controller is subject”, under art. 9, para. 2, letter b)  ”processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law”, and under art. 9, para. 2, letter h) ”processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee…” .

Lugera Group is entitled to disclose or transfer personal data of employees to third parties, usually the Romanian authorities (eg the territorial labor inspectorate, the financial administration, the health insurance agency, the social security agency, etc.) and the service providers for labor (eg. occupational health, health and safety at work, emergency situations, meal vouchers, gift vouchers, holiday vouchers, software for salary calculations, etc.) without prior approval, if necessary for the fulfillment of its legal obligations and / or of the client.

Processing personal data to which Lugera employees have access for providing services in favor of different clients

Lugera will process the personal data to which its employees have access to when providing services for clients in accordance with the written instructions of their respective clients.

Processing of personal data relating to criminal convictions and offenses

Lugera will not require the criminal record certificate except in the cases expressly provided by law, when the person in a particular position is not required to be convicted for certain offenses. However, in some cases, before the start of work, employees may be required to make a declaration on their own responsibility that they have no criminal record.

Processing of personal data of the contact persons from clients and suppliers side

The Lugera Group has access and Clients / Suppliers disclose personal data of their representatives, their contact persons and their recipients involved in the management, execution and monitoring of the contract.

The Lugera Group processes these personal data only for the purpose of establishing, implementing, monitoring, communicating and keeping track of business relationships.

Processing of personal data by Lugera’s IT suppliers

In order to carry out the activities, Lugera Group, it is necessary for a suitable IT infrastructure to be provided and this is the reason for using specialized suppliers for providing  such services (eg design, installation, maintenance of the Lugera internal network, hardware, software and applications used – Talent Base, Charisma, Revisal, hosting site www.lugera.ro, etc.). When providing such services, IT providers may access personal data.

They have restricted access to personal data and according to contractual terms imposed by the Lugera Group, the processing of these data is made strictly for the fulfillment of the object of the contract with the Lugera Group, bearing the responsability for the observance of the GDPR.

Disclosure or transfer of personal data to a third party located within the EEA or outside the EEA

The Lugera Group justifies a legitimate interest for ensuring the bussiness necessary supporting processes and may transmit personal data, for administrative purposes, to its affiliates located in an EEA Member State without prior authorization from a supervising authority without the need the consent of the person concerned to that effect.

In case of subcontracting activities that involves personal data processing, Lugera Group ensures contractual agreements for the control of subcontractors, stipulating sufficient guarantees for implementing and control appropriate technical and organizational measures for personal data protection.

The Lugera Group does not discoles or transfer the personal data of individuals to a third party located outside the EEA. By way of exception, the disclosure or transfer of personal data to a third party located outside the EEA will be possible under the conditions provided by art. 46 of the GDPR.

Storing information that contains personal data

Generally, information containing personal data are stored in the databases of Lugera’s own applications and / or its affiliates located in the EEA, in the databases of the www.lugera.ro website, in special folders created on the work stations and equipment of the Lugera Group and / or its affiliates located in the EEA (including specially designated for back-ups), in e-mail folders, in spati amenajate special pentru pastrarea documentelor in format hartie. Their storage and access to them is made according to Lugera’s internal procedures, for a duration for whicg Lugera Group justified the lawfullness of the processing. Access to this data is made only  by authorized personnel and based on secure authentication and authorization procedures.

Lugera Group respects the right to limit to what is necessary of personal data and the the right for processing for a specified period of time and therefore may decide to delete personal data at any time. That is why individuals are advised to keep records of the disclosures / interactions they have with the Lugera Group.

Acces to Lugera site is controlled and restricted for the area where information with personal data is stored / archived.

Keeping information that includes personal data for the purposes of backing up is made secured with restricted access.

The Lugera Group is committed to protect IT equipment and its own network by using antivirus, firewall, and VPN applications.

Information containing physical data in physical form is stored in enclosed areas protected from environmental threats, with approved and restricted access.

The Lugera Group seeks to store only the personal data needed to conduct the activities without duplicating the information, if this is not necessary.

Access to information containing personal data is restricted to authorized personnel, with whom the Lugera Group has clear nondisclosure agreemnts and GDPR compliance clauses.

In case it is necessary to use / store information containing personal data outside the premises of the Lugera Group (eg the client), storage of such information is made using efficient security procedures.

The Lugera Group provides a management system for establishing policies, organizational and technical procedures and audit procedures  for reducing the risk of affecting the confidentiality, integrity and availability of information containing personal data.

Erasure / rectification / restriction of personal data

Lugera Group defined a retention policy for each category of information containing personal data, in compliance to legal applicable legal requirements. The criteria for establishing retention period is based on: statutory or other regulatory requirements, the necessity of evidence events/agreements in the case of disputes, operational needs, requirements for employment records or other case files, need for the preservation of documents of historic or other value.

Through open channels of communication (Facebook, LinkedIn, Twitter, Instagram, Lugera email, post, fax), Lugera Group  can receive request for rectification, erasure and restrictiction of personal data access. The received request will be used to identify and verify the solicitant (by comparison with the existing data) and if the data is not found or the explicit request to delete conflicts with the Lugera Group’s rights mentioned below, the applicant will be held liable.

The Lugera Group may refuse an erasure request:

• for the exercise of the right to free expression and information;

• to comply with a legal obligation that provides for processing under European Union or national law applicable to the operator or for the performance of a task performed in the public interest or in the exercise of an official authority with which the operator is invested;

• for reasons of public interest regaring public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of GDPR ;

• for purposes of archiving in the public interest  in accordance with Article 89 (1) of the GDPR, or

• for finding, exercising or defending a right in court.

The Lugera Group ensures that requests for removal / restraint are processed within a reasonable time (maximum 30 calendar days after request’s registration). This period may be extended by 60 calendar days when necessary, taking into account the complexity and the number of applications..

However, personal data of the personal name / surname / personal email name is still retained for the legitimate interest pursued by Lugera, namely in the following restricted access documents / information:

– Request for deletion of personal data, as well as this response, kept for a period of 3 years from the processing of the request, in order to ensure the traceability of the personal data deletion process;

– Information regarding Lugera communications, stored in back-up files for a period of up to 6 months, from the date of deletion, with restricted access, needed to restore previous versions of Lugera’s applications in the event of a major malfunction. In the case of restoring back-up files within 6 months of the Lugera deletion communication, it will be ensured that personal data is re-erased.

In the unlikely event that the Lugera Group makes public personal data, it is obliged to erase it and, taking into account the available technology and the cost of implementation, the Lugera Group takes reasonable steps, including technical measures, to inform the data processors personal data that the data subject has requested the deletion by these operators of any links to that data or of any copies or reproductions of such personal data.

At the end of retention period, Lugera Group deletes electronic data and hard copy documented information. Erasure is not performed when unable to detach that personal data from other legitimately held personal data contained in the same batch.

For rectification requests, the Lugera Group ensures that records are rectified within 90 calendar days from  registration or in due time necessary to fulfill its contractual obligations. This period may be extended by 60 calendar days when necessary, taking into account the complexity and the number of applications.

In the case of restriction, personal data will not be used by the Lugera Group except with the consent of the individual.

Portability of personal data

The Lugera Group processes personal data in a structured format and ensures that individuals have the right to receive the their personal data which they have provided to the operator in a structured format that is currently used and which, if case, can be read automatically. The individual has the right to transmit this data to another operator without any barriers from the Lugera Group.

When it is feasible, personal data, upon request by the individual or the Lugera Group Customer, may be transmitted to another operator in an electronic format that can be read automatically (e.g., Revisal Statements, Payrolls, etc …).

Opposition to the processing of personal data and automated individual decision making process

The Lugera Group receives requests, through open channels of communication, whereby an individual objects to the processing of personal data pursuant to Article 6 (1) related to their particular situation and to objects to the creation of profiles based on those provisions.

In case of registration of this type of request, the Lugera Group no longer processes personal data unless it has legitimate and compelling reasons justifying the processing and which prevails over the interests, rights and freedoms of the data subject or the purpose of the processing is to establish, exercise or defend a right in court.

In case Lugera Group  receives requests that include the objection for processing personal data for the purpose of transmitting newsletters, promotional materials, offers, the Lugera Group ensures the withdrawal of the consent and the interruption of such communications.

At the latest at the time of the first communication with the data subject, the right referred bellow are explicitly brought to the attention of the individual and are presented clearly and separately from any other information.

Objection right regarding decisions exclusively taken bu automatic processing, including profiling

The Lugera Group recognizes the right to object, except in the following cases, to personal data processing and  individualized automated decision making process by which the individual may object to the processing of personal data in order not to be the subject of a decision based exclusively on automatic processing, including the creation of profiles, which produces physical effects to the individual, affects it to a similar extent to a significant extent.

Cases in which the Lugera Group may not agree to the opposition to an individualized automated decision-making process by which the individual may object to the processing of personal data in order not to be the subject of a decision based solely on automatic processing are:

• When the automatic processing decision is required for the conclusion or performance of a contract between the person concerned and the Lugera Group;

• Where the decision is authorized by Union law or the national law applicable to the controller and which also provides for appropriate measures to protect the legitimate rights, freedoms and interests of individuals;

• When it is based on the explicit consent of the person concerned.

However, in this case, the Lugera Group accepts and processes requests in which the individual wishes to obtain human intervention from the operator, to express his point of view and to challenge the decision.

Information and communication with the individual regarding personal data

The Lugera Group ensures that it has established procedures and allocated resources to ensure Information and communication with the individual regarding personal data.

Lugera Group, according to the applicable law, offers data subject’s free access to  personal data (only for the first 3 requests of a certain kind, otherwise information will be made for a cost of 70 EURO / request), information on obtaining personal date and disclosure / transfer to third parties, their rectification, restriction of processing, their erasure (to the extent that this is not againts the law), their portability, the right to oppose processing, and the right to withdraw their consent.

These rights may be exercised by addressing a written request, either in a physical form, to the Lugera Group  Lugera & Makler S.R.L. at the address in Bucharest, sector 3, Vulturilor nr. 98, et. 1, marked Data Protection or in electronic format, at dataprotection@lugera.ro.

Lugera will respond to the request as soon as possible, but no later than 1 (one) month after receipt of the request. This period may be extended by 60 calendar days when necessary, taking into account the complexity and the number of applications. The date of receipt of the request is the date of receipt of the email, SMS, post date, etc.

Security and confidentiality

Unless otherwise stated in these General Rules or for regulatory purposes, the Lugera Group considers your personal information confidential and will not disclose them to third parties without your consent. T

Lugera Group has implemented a system of operational and technical procedures to ensure personal data security and is making dilligences for the service providers and clients to implement and maintain reasonable administrative, physical and technical measures designed to protect the confidentiality and security of your personal data.

Employees of the Lugera Group who have access to personal information are authorized specificly and must keep this confidential information.

The Lugera Group may use security procedures on its facilities and its IT systems to monitor and maintain security. Any monitoring of Lugera Group’s facilities, systems or assets is carried out in accordance with applicable law.

Deviations from these General Rules

Individuals may complain regarding the conformity with the Personal Data Processing Policy or these General Rules.In case you suspect any incident that has led to the disclosure of personal data, please contact us first.

Contact details are Lugera Group by Lugera & Makler S.R.L., at the address in Bucharest, sector 3, Str. Vulturilor nr. 98, et. 1, marked Data Protection or in electronic format, at dataprotection@lugera.ro.

We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of personal information in accordance with this policy.

You also have the right to file a complaint with the competent supervisory authority, namely the National Supervisory Authority Personal Data (www.dataprotection.ro)

Procedure in case of unauthorized disclosure and security breaches

In the event of a personal data breach (accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access, etc.), the person who identifies such a breach shall notify the Lugera Group and the authority supervision without undue delay and, if possible, within 72 hours of the date on which it became aware of it, unless the breach is not likely to pose a risk to the rights and freedoms of individuals.

The Lugera Group will ensure an incident analysis to limit the effects on the rights and freedoms of individuals.
The Luger Group will inform affected individuals and will fulfill all legal obligations in relation to this situation.

Lugera & Makler S.R.L. | RO 13861487 | J 40/4327/2001

Str. Vulturilor, nr. 98, etaj P, etaj 1,3 si 4, Sector 3, Bucuresti, Romania

+40 (0)21 318 7120 //+40 (0)21 318 7120 || www.lugera.ro || dataprotection@lugera.ro

 

Lugera & Makler Romania S.R.L. – RO 15619774, J40/10246/2003 || Lugera & Makler Payroll S.R.L. – RO 18838779 J40/11234/2006 SSM Outsourcing Services S.R.L. – RO 29319025, J40/13292/2011 || Lugera Executive Search S.R.L. – 32833416 J40/2153/2014 |Servicii Profesionale Externalizate S.R.L. – RO 26061346, J40/9877/2009 || Lugera & Makler Broker S.R.L. – 24967450 J40/556/2009 Credit Card Broker S.R.L. – 26705927 J40/3209/2010

WhatsApp Logo