Legal information

Our privacy policy applies to your use of the site bati-al.ro/bati-al.fr (hereinafter referred to as «the Site»). BATI-AL FACADES SRL (hereinafter referred to as «BATI-AL» or «we») understands the importance of your personal data and protects their confidentiality and security. In this respect, we provide you below with information relating to the processing of your personal data as data subjects (users of the Site) under this Privacy Policy.

In principle, it is possible to use the websites of the BATI-AL SRL without providing any personal data. If a data subject wishes to request special services from our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we obtain the consent of the person concerned.

Who we are

BATI-AL offers aluminium systems and components for contemporary, energy-efficient architecture, supporting the implementation of sustainable construction concepts.

Definitions

BATI-AL S.R.L.'s privacy statement is based on the terms used by the European legislative and regulatory authority when adopting the General Data Protection Regulation (GDPR). Our privacy statement must be easy to read and understand for the public, as well as for our customers and business partners. To this end, we would like to explain the terms used in advance.

We use the following terms in this privacy statement, among others:

a) Personal data All information relating to an identified or identifiable natural person (hereinafter referred to as the «data subject») constitutes personal data. A natural person is considered identifiable and can be identified directly or indirectly, in particular by combining identifying information such as a name, an identification code, location data, an online identifier or one or more special characteristics, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) Person concerned The data subject is an identified or identifiable natural person whose personal data is processed by the operator.

c) TreatmentProcessing means any operation or set of operations which is performed upon personal data, with or without the aid of an automated procedure, such as recording, organising, ordering, storing, adapting or altering, reading, retrieving, using, disclosing by transmission, dissemination or otherwise making available, comparing or consolidating, limiting, erasing or destroying.

d) Limitation of treatment Limiting processing is the marking of stored personal data with the aim of limiting its future processing.

e) ProfilingProfiling means any type of automated processing of personal data consisting in the use of such personal data in order to evaluate certain personal aspects relating to an individual, in particular in order to analyse or predict aspects associated with the individual's performance, economic situation, state of health, personal preferences, interests, seriousness, conduct, residence or change of locality.

f) Pseudonymisation Pseudonymisation: Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be associated with a data subject without obtaining additional information, provided that this information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not associated with an identified or identifiable natural person. insofar as this information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not associated with an identified or identifiable natural person.

g) OperatorThe operator is a natural or legal person, an authority, an institution or another body which decides, alone or with others, on the purposes and means of the processing of personal data. If the purposes and means of such processing are defined by Union law or by the law of the Member States, the operator may respectively define the criteria for his designation by Union law or by the law of the Member States.

h) Person authorised by the operator The person authorised by the operator is a natural or legal person, an authority, an institution or another body which processes personal data on behalf of the operator.

i) Recipient The recipient is a natural or legal person, authority, institution or other body which makes personal data public, whether or not it is a third party. However, the authorities likely to to receive personal data in the context of a specific request for investigation in accordance with Union law or the law of the Member States are not considered to be recipients.

j) Third partyThe third party is a natural or legal person, an authority, an institution or another body, with the exception of the data subject, the operator, the person authorised by the operator and persons authorised to process personal data under the direct responsibility of the operator or the person authorised by the operator.

k) Consent Consent: Consent is any specific and informed expression of will, in the form of an unequivocal statement or other act of confirmation, by which the data subject understands that he or she agrees to the processing of personal data. processing of personal data.

The name and address of the operator

The operator within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union and other data protection provisions is: BATI-AL FACADES SRL («BATI-AL»), Bucharest, sector 3, bd. Basarabia, nr.256 C, TVA# 41590146 , J40/11596/2019 / 04 Nov 2019, e-mail tehnic@bati-al.ro.

Our privacy policy

In accordance with the requirements imposed by the law on the processing of personal data and the protection of privacy in the electronic communications sector, BATI-AL manages, in conditions of security and for the sole specified purposes, the personal data that you have provided to us, in the context of visiting the site and purchasing our services. Because we know how important your privacy is, we have created this privacy policy to explain how we collect, use and protect this information.

Information collected automatically by our website

We limit the information we collect to that which is strictly necessary for the proper operation of the site and the production of traffic statistics on our site. You are not required to register, log in or provide any personal information in order to use our website.

When you use our website, we collect the following information:

-Internet Protocol address («IP address»). IP addresses are assigned by your Internet service provider (e.g. RCS-RDS / Telekom, UPC, etc.) to the modem used to access the Internet for devices connected to your home and/or workplace. All devices that use the modem to access the Internet can broadcast the same IP address. At home, connected devices can include one or more laptops / desktops, tablets, mobile phones, smart / connected TVs and games consoles. Our site receives the IP address from your web browser (for example, Microsoft Explorer, Mozilla Firefox or Google Chrome) each time you request a file or web page.

-User agent. Because of the way the Internet works, we may receive information (called «user agents») sent automatically by your web browser, such as data associated with your web browser/content delivery software (e.g. Microsoft Explorer, Mozilla Firefox or Google Chrome) and the operating system used on your device (e.g. Windows, Mac OS or Linux). The user agent information we receive may also include information such as the type of device (e.g. computer, tablet, mobile device) and/or the date/time of the visit.

If you use the contact information provided on our site to contact us directly, we will receive your contact information which may include, depending on how you contact us, your email address, name, company, reason for contact and postal address.

How we use the information we collect

-Analysis/statistics: we may use the aggregate information collected to understand general information and trends related to our website, such as the number of users who have visited our website during an interval and the types of devices used by visitors. The information cannot be used to identify any individual and is used by us to improve the customer solution.

Answering questions: If you choose to contact us directly (by e-mail, form or post) using the contact information provided on our site, we will use it to answer your request.

-To comply with a legal or contractual obligation.

What is the difference between personal information and aggregated information?

Personal information is information that can be used to identify a specific individual, generally considered to be information such as your name, physical address, e-mail address and telephone number. Aggregate information is not considered personal information and cannot be used to identify you.

With whom we share the information we collect

We will not rent, sell or distribute any information about you to other people or non-affiliated companies.

-Aggregate information (i.e. information that cannot be used to identify an individual) may be shared for a number of reasons, including the following:

To improve our services;

If BATI-AL is acquired by or merges with another company, the global information will be transferred to the company concerned;

We may share aggregate information, if necessary, to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with law enforcement officials and/or authorities;

For any legal basis.

What about cookies?

BATI-AL may use cookies in your web browser to identify you when you return to our site.you will find detailed information about the cookies used on our site in the Cookie Policy. Here you can also find information on how to deactivate them.

Do we collect your e-mail address?

If you use the information provided on the bati-al.ro/batial.fr site to contact us directly (for example, send us an email at tehnic@bati-al.ro), we will receive your contact information, but we will only use it to respond to your request. If you complete a web form on our site, we will receive your message and may store it and the associated contact information for up to 12 months.

Your rights with regard to the processing of personal data and how you can exercise them

In accordance with current regulations, you have the following rights:

-Go toYou can obtain information about the processing of your personal data and a copy of your personal data;

However, your access to processed data may only be exercised insofar as it does not infringe the rights and freedoms of others;

-RectifyIf you believe that your personal data is inaccurate or incomplete, you can request that it be amended accordingly;

-Deletedeletion of personal data: you may request the deletion of your personal data, in accordance with the obligations laid down by the legislation in force;

However, data will not be erased where processing is necessary for:

- the exercise of the right to freedom of expression and information;

- to comply with a legal obligation which provides for processing, under Union or national law, applicable to the undertaking or the performance of a task carried out in the public interest;

- to find, exercise or defend a right before a court.

In addition, when BATI-AL has made public in any context the data whose deletion is requested and you request in particular the deletion of the data of all the recipients, appropriate measures (including technical measures) will be kept so that the recipients of the data are informed of such a request.

LimitYou may request the restriction of the processing of your personal data, i.e. strictly to the processing with which you agree and/or to the processing necessary to seek, exercise or defend a right before a court or for the protection of the rights of another natural or legal person or on grounds of public interest of the Union or of a Member State;

The restriction applies when:

- you contest the exercise of the data, for a period allowing you to check the accuracy of the data;

- the processing is unlawful and you object to the deletion of personal data, requesting instead that their use be restricted;

- BATI-AL no longer needs personal data for processing, but you ask us to seek, exercise or defend a right before the courts;

- You have objected to the processing, in accordance with the legal provisions governing your right to object, during the period in which it has been determined whether our legitimate rights prevail over yours.

Oppose data processingObjection: you may object, for reasons related to the particular situation in which you find yourself, to the processing provided for in art. 6 paragraph 1 letters e) and f) of Regulation no. 679/2016, as well as, in the case of data processing for direct marketing purposes, in the latter case, without motivation or justification;

In this situation, we will no longer be able to process your personal data, unless we can prove the existence of legitimate and compelling reasons which justify the processing and override your interests, rights and freedoms or that the purpose of the processing is to find, exercise or defend a right before the court.

The right to inform recipients of the rectification, deletion or restriction of personal dataThe recipient to whom your personal data has been communicated will be informed of its rectification or deletion, as well as of any restrictions on its use;

The right to data portabilityYou have the right to request that the personal data you have provided to us be returned to you or, if possible, transferred to a third party, if all of the following conditions are met:

(a) the processing is based on consent or is necessary to perform a contract to which you are a party or to request your input prior to entering into a contract; and

b) it is carried out by automatic means (not in physical/paper form, but by any automated means).

The right not to be subject to automated decisions, including profiling- you have the right not to have your personal data processed in the context of automated decision-making:

The processing of data for automated decision-making is authorised when:

- it is necessary to fulfil the company's object of activity and/or to conclude or execute a contract between you and BATI-AL;

- is authorised by European Union law or national law applicable to BATI-AL and also provides for appropriate measures to protect your rights, freedoms and legitimate interests; or

- you have expressly consented to this processing.

You can exercise your rights mentioned above and learn more about these rights by filling in a written request with us, as data controllers, to BATI-AL FACADES SRL - Bucharest, sector 3, bd. Basarabia, nr.256 C, TVA# 41590146 , J40/11596/2019 / 04 Nov 2019, In order to identify and prevent the unauthorised disclosure of your data by e-mail tehnic@bati-al.ro.Afin, please include an electronic/digital copy of your identity card, certified by you as being the original.

In accordance with the regulations in force, in cases where you find that your rights with regard to the processing of personal data have been violated, you also have the right to lodge a complaint with the national supervisory authority for the processing of personal data - Blvd Gheorghe Magheru nr. 28-30, Bucharest, Romania, tel: +40.318.059.211; 40318059212; fax 40318059602; Web address:  http://www.dataprotection.ro and/or the competent courts.

Data protection for applications and selection procedures

The operator collects and processes candidates' personal data in order to carry out the selection procedure. The data may also be processed electronically.

This is particularly the case where a candidate submits the relevant application documents to the operator electronically, for example by e-mail or via a web form available on the Internet. If the operator concludes an employment contract with the candidate, the data transmitted is stored for the purpose of establishing an employment relationship in accordance with the legal provisions. If the operator does not conclude an employment contract with the applicant, the application documents will be automatically deleted within twelve months of notification of the rejection decision, insofar as such deletion would not be contrary to the operator's other legitimate interests.

Legal basis if we process personal data

BATI-AL may base the processing of your personal data on one of the legal grounds below:

-ConsentThe data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes.

-Performance of a contractprocessing is necessary for the performance of a contract to which the data subject is party or to carry out actions at the request of the data subject prior to entering into a contract.

-Compliance with legal obligationsprocessing is necessary in order to comply with the operator's obligations under laws or other regulations.

-Vital interests of the person concernedprocessing is necessary to protect the vital interests of the data subject or of another natural person.

-Public interest or public authoritythe processing is necessary for the performance of a task serving a public interest or resulting from the exercise of official authority vested in the operator.

-Legitimate interest of the operatorthe processing is necessary for the legitimate interests pursued by the operator or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which implies the protection of personal data.

In cases where the applicable legal provisions require your prior and explicit consent for the processing of particular categories of data, we will only process the respective data on the basis of your prior and explicit consent.

You have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of the processing on the basis of the consent prior to its withdrawal. To withdraw your consent to any processing to which you have already consented, please email us at tehnic@bati-al.ro or send us a notice to BATI-AL FACADES SRL («BATI-AL»),Bucharest, sector 3, bd. Basarabia, nr.256 C, TVA# 41590146 , J40/11596/2019 / 04 Nov 2019.

The security of your personal data if it is necessary to process it

BATI-AL complies with its obligations under national law and the GDPR by taking measures such as:

-Updating personal data;

-Secure storage and destruction;

-Avoid collecting or storing excessive amounts of data;

–Apply appropriate technical measures to protect personal data;

–To protect personal data against loss, misuse, unauthorised access and disclosure.

At BATI-AL, technical and organisational measures have been put in place to preserve the confidentiality and security of your personal data, in accordance with our internal procedures relating to the storage, disclosure and access of personal data. Personal data may be stored in our personal data computer systems and/or in printed form, in areas specially set aside for each department or according to the specific activity of each department.

Transferring your personal data abroad

We may transfer your personal data to EU, EEA or other countries.

In such cases, we will ensure that such international transfers are subject to appropriate safeguards, as required by the General Data Protection Regulation (EU) 2016/679 or any other applicable law.

Personal data that you have provided to us about other individuals

If, for any reason, you provide us with personal data relating to another individual, you must ensure that you have the right to disclose such data to us and that, without taking further steps, we may collect, use and disclose such personal data.

In particular, you must ensure that the person in question is aware of issues such as: our identity, how they can contact us, the purposes we collect, our personal data disclosure practices; the individual's rights in relation to personal data and the right to complain about the handling of personal data.

Your information on security breaches

We assure you that we have trained the people involved in data processing so that they can identify security breaches and bring them to the attention of the people responsible for taking the necessary measures to analyse and limit the consequences of the security breach and, where appropriate, to inform the supervisory authority and any data subjects.

Our company will notify security breaches for which notification is mandatory (likely to generate a risk for the rights and freedoms of data subjects) to the supervisory authority for the processing of personal data.

In cases where notification of the authority is mandatory, this will be done without delay, in principle no later than 72 hours from the date on which the operator became aware of the violation.

When preparing the notification, the operator will seek to protect the confidentiality of the information provided by you, which means that it will provide the authority with detailed information on the categories and number of people concerned, without compromising the confidentiality of the data received.

In the event of a security breach, we will inform you so that protective measures can be taken no later than 72 hours from the date on which we learn of the breach.

Your information will only be generated if the security incident is likely to create a high risk for your rights and freedoms.

If the specific circumstances do not require a different approach, the information will be sent directly by an appropriate means of communication (e-mail, SMS, etc.).

As an exception, the public may be informed only if direct contact would involve a disproportionate effort.

We guarantee that you will be informed of any new developments relating to the incident and of the measures we will take in this respect, in consultation with you, in order to limit the consequences of the incident and prevent it from happening again.

In respect of each breach, we will assist you in any way we can, including by providing sufficient information and supporting investigations by the regulator, to remedy the breach and investigate incidents in order to limit the impact of the incident on the parties involved and/or to limit the damage caused to you as a result of the security breach.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in applicable laws and regulations or other applicable requirements, changes in technology or changes in our business. Any changes we make to the Privacy Policy in the future will be posted on this page. Please check back periodically.

Last update: 12.04.2022