Privacy Policy 1 — Just Oak

PRIVACY POLICY:

This Privacy and Personal Data Protection Policy (the “Policy”) describes the framework applicable to the personal data collected by Nord Color SRL in Romania, respectively by the following companies, each of which has the status of operator individually and separately:

Nord Color S.R.L. is a limited liability company under Romanian law, having its registered office in Sat Urmenis, no. 194, Maramureș County, registered with the ORC with registration number J24 / 884/1996, unique registration code 7038614, called “Operator”, including the provisions of the General Regulation on data protection (“GDPR”).

Personal data operator

Nord Color is the Personal Data Operator. The personal data collected will be controlled and processed by Nord Color SRL. This Policy applies to the beneficiaries of our services.

This Policy describes the categories of personal data or personal information we collect, how we use the information, how and for what purposes we process and protect the data we collect, the duration of storage, the situations in which we transfer data and recipients, such as and the rights and options that individuals have with regard to the use of personal data. We also describe how you can contact us about our privacy and data protection policies and how you can exercise your rights. Our privacy and data protection policies may vary depending on the jurisdictions in which we operate, to reflect local practices and legal requirements, and you may review specific local provisions by accessing local websites.

The personal data we collect

We collect personal data about you in a variety of ways, including by accessing and visiting our sites, including by creating and updating the account you register through the use of the sites, as well as through various channels. social media; by telephone; in connection with different types of services provided by us; or in connection with our service providers or business partners. We may collect various types of personal data depending on the nature of the relationship, including, but not limited to (according to applicable law):

identification or contact details (such as name, surname, home address, business address, e-mail address, telephone number, job title);

username and password when you register on our sites;

the information you provide about other people you want to contact;

other information you may provide to us, such as in surveys, follow-ups or through the “Contact Us” feature on our sites.

In addition, if you are a candidate / applicant, an employee, submit your CV for a job or create an account to submit your CV for a job, we may collect the following types of personal data ( according to local legislation):

data on education and professional experience;

known foreign languages and other professional skills;

personal numerical code or other personal data having an identification function;

date of birth;

sex;

citizenship and work permits;

benefit information;

references about you;

any other data contained in your CV that you provide regarding the areas of interest regarding your career and other data about your qualifications for employment;

And when required by law, based on the express consent provided by you:

information about your disability and health;

In addition, we may collect information you provide to us about other people, such as information about people we may contact in an emergency.

If you visit us at our headquarters or our local offices or if you write to us or call us about various requests or issues of interest to you, we may collect your name and contact details, as well as other personal data that you you provide them to us directly.

Employee (hereinafter individually referred to as “Employee” and collectively “Employees”), as applicable, understands and acknowledges that Nord Color, as an employer, collects, processes and stores personal data of the employee and its dependents in order to conclude and execute its employment contract with Nord Color SRL.

How we use the personal data we collect

The operator collects and uses the data collected for the following purposes (as permitted by applicable law):

a) managing relationships with our customers and suppliers;

b) creation and management of online accounts;

c) processing of guarantees, financing applications;

d) issuing insurance policies;

e) to the extent permitted by applicable law, communication and management of participation in events specials, promotions, programs, offers, surveys, contests and market research;

f) providing answers to people’s questions and requests;

g) managing, evaluating and improving our business (including development, analysis and improving our services; communications management; performing data analysis and performing accounting, auditing and other internal activities);

h) protection against fraud, identification and monitoring of the prevention of fraud and other illegal activities; and

i) compliance with and application of applicable legal requirements, applicable service standards, contractual obligations and our policies.

All processing will be carried out on the basis of appropriate legal grounds which could be included in several categories, including:

a) the consent or express consent of the data subject, if required by applicable law;

b) to ensure that we comply with a legal or contractual requirement or a requirement to conclude / amend / terminate a contract (for example, the processing of your personal data to ensure that your salaries and taxes are paid).

c) the legitimate interest of the Operator (for example, to allow the customer to benefit from the services we offer).

In addition to the activities listed above, if you are a person applying for a position or creating an account to apply for a position, to the extent permitted by applicable law, we use the information described in this Policy for the following purposes:

a) providing employment and work opportunities; and

b) assessing your skills and qualifications for different jobs;

We may also use the data for other purposes, in which case we will provide you with specific information at or before the time of collection.

If you are an Employee, Nord Color processes your personal and dependent data, if any, for the following purposes:

In order to conclude and execute the employment contract to which the Employee is a party, as well as to modify or terminate the employment contract of the Employee.

In order to pay the salary to the Employee, as well as other bonuses, compensations, bonuses, vouchers meal, other benefits, etc. from which the Employee could benefit.

In order to fulfill Nord Color’s obligations in the field of employment and social security and social protection, as well as in order to fulfill Nord Color’s obligations in occupational health and safety, emergencies, occupational medicine, including the assessment of work capacity of the Employee.

In order to provide training sessions, including e-learning / online.

In order to keep records of all employees in the REVISAL register, including the Employee, according to the labor law obligations of the employer.

In order to submit declarations, applications, documents to the competent authorities, including ANAF, Labor Inspection, General Inspectorate for Immigration, General Inspectorate for Emergency Situations, Pension House, Health Insurance House, for compliance with the legal obligations of the employer.

In order to issue certificates at the request of the Employee.

In order to recover any claims owed by the Employee to the employer or to recover any claims owed by the Employee to third parties (under the seizure procedure).

In order to monitor the location of the equipment used by the Employee in the performance of his duties.

In order to maintain the security of the computer system and to prevent the transfer of data that is the property of Nord Color or related to the business secret of Nord Color, outside the company (security incidents) in accordance with the policies and procedures of Nord Color.

For the purpose of accessing location data via remote internet connection to ensure the security of the company’s IT system.

Legitimate interest

The operator may process personal data for certain legitimate purposes in the course of his business, which include some of the following:

if the process allows us to improve, modify, customize or otherwise improve our services / communications for the benefit of our customers, candidates and employees;

to identify and prevent fraud;

to increase the security of our network and computer systems;

to better understand how people interact with our sites;

for direct marketing purposes;

to provide you with communications by mail / e-mail, which we consider of interest to you;

to determine the effectiveness of promotion and advertising campaigns.

Whenever we process data for this purpose, we will make sure that we pay special attention to your rights. You have the right to object to such processing and, if you wish to do so, please write to us at office@justoak.com.

How we process and protect personal data

We also process personal data that we collect by automatic means, for the purposes defined above.

We maintain the administrative, technical and physical protection guarantees intended to protect the personal data you provide against the destruction, loss, modification, access, disclosure or accidental, illegal or unauthorized use. To ensure the proper security and confidentiality of personal data, we apply the following security measures:

Appropriate user authentication measures;

Secure network infrastructure;

Network monitoring solutions.

We store in our systems the personal data that we collect in a way that allows the identification of data subjects limited to the time period for which it is necessary in the light of the purposes for which the data were collected or for which these data are further processed.

We determine this specific period of time taking into account:

The need to keep personal data stored in order to provide our services;

To protect the legitimate interests of the Operator, in accordance with this Policy;

Existence of specific legal obligations that make it necessary to process and related storage for a certain period of time;

Regarding Employees, personal data will be stored and stored by Nord Color as follows:

a) Personal Data necessary for the achievement of the purposes mentioned in point II, 10), until the date of withdrawal of consent for the processing of data by the Employee;

b) Personal Data necessary for the achievement of the purposes mentioned in points II 9), 11), 12) above, until the termination of the legitimate interest of the employer or until the exercise by the Employee of the right of objection;

c) Personal Data necessary for the achievement of the purposes mentioned in points II 3), 4), 6), 7), until the termination of the employment contract with the Employee;

d) The Personal Data necessary for the achievement of the purposes mentioned in point II 1) above, shall be kept in the personnel files, for a period of 75 years from the elaboration of the personnel file, according to the Law of National Archives no. 16/1996;

e) The Personal Data necessary to achieve the purpose mentioned in point II 5) above, shall be kept for a period of 75 years, according to the Law on National Archives no. 16/1996;

f) The Personal Data that are found in any supporting documents that are the basis of the records in the accounting records are kept in the Employer’s archive for 10 years, according to the provisions of the Accounting Law no. 82/1991;

g) The Personal Data that are found in the Employee’s payrolls (according to point II 2) above), are kept for 50 years, according to the provisions of the Accounting Law no. 82/1991.

After the expiration of the above terms, personal data are deleted and / or destroyed from the records / databases of Nord Color.

People to whom we may transfer your personal information and data

We do not disclose personal data we collect about you, except as described in this Policy or in separate notices provided in connection with certain activities. We may share personal data with providers who provide services on our behalf based on our instructions. We do not authorize these providers to use or disclose the information, unless necessary to perform services on our behalf or to comply with legal requirements. We may also share your personal data (i) with our affiliates; and (ii) our employees.

In addition, we may disclose personal data about you (i) if we are required to do so by law; (ii) law enforcement authorities or other officials on the basis of a request for legal disclosure; and (iii) where we consider that disclosure is necessary or appropriate to prevent physical injury or financial loss or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer the personal data we hold about you if we sell or transfer all or part of our business or assets (including reorganization, dissolution or liquidation).

With regard to our Employees, in the context of processing operations carried out for the purposes mentioned in points II 1) -12) above, the Personal Data of the Employee will be transferred to the following third parties, as follows:

(a) the service providers used by Nord Color, including: the provider of occupational medicine and medical subscription services; the provider of meal vouchers and gift vouchers; banks, in order to pay the salary by bank transfer; the courier service provider with which Nord Color collaborates, only when there are documents to be transmitted involving the Employee and only the minimum Personal Data necessary for the delivery services (name, surname, telephone, address);

(b) training service providers and other similar services;

c) external consultants;

d) other companies in Nord Color’s reporting / administrative activities.

(e) authorities, including: (i) the National Agency for Fiscal Administration, for the submission of various declarations in accordance with the applicable legal provisions; (ii) the Territorial Labor Inspectorate and the General Inspectorate for Emergency Situations, for fulfilling the obligations of keeping records of employees, as well as for fulfilling the legal requirements of health and safety at work and for preventing and extinguishing fires / emergencies;

the Health Insurance House and the Pension House, for submitting various applications and forms; (iv) The General Inspectorate for Immigration, in order to fulfill the obligations of keeping records of employees for foreign nationals, (v) as well as other authorities for fulfilling other legal obligations.

All transfers of data mentioned above are carried out in compliance with Nord Color’s principles related to the processing of personal data, in particular the principle of minimization of personal data – Nord Color transmits to third parties only personal data that are strictly necessary for the purposes mentioned.

Data Transfer

We may also transfer the personal data we collect about you outside the country where the initial information was collected. Those countries may not have the same data protection laws as the country where you originally provided your personal data. When we transfer your personal data to other countries, we will protect those data described in this Policy and such transfers will be in accordance with applicable law.

The countries to which we may transfer your personal data that we collect may be:

Within the European Union;

Outside the European Union.

When we transfer personal data from within the European Union to countries or international organizations outside the European Union, the transfer takes place on the basis of:

a) The decision of the European Commission regarding the degree of adequacy;

b) in the absence of a decision on the adequacy, on the basis of other permitted legal grounds:

a legally binding and enforceable instrument between public authorities or entities; (ii) mandatory corporate rules; (iii) standard data protection clauses (hereinafter referred to as standard clauses) adopted by the Commission, etc.

Your rights and options

Where applicable law so requires, a data subject may exercise the following specific rights under Articles 15 to 22 of the GDPR:

a) Right to information: the right of the data subject to receive information on the processing of Personal Data. This right is respected by Nord Color through this information.

b) Right of access: The data subject has the right to obtain from the company a confirmation that personal data concerning him or her are being processed or not and, if so, access to those data and the provision of information on data processing.

c) Right to rectification: The data subject has the right to obtain from the controller the rectification of any inaccurate or incomplete personal data concerning him, in order to ensure the accuracy of such information and to ensure proper processing.

d) Right of deletion: The data subject has the right to obtain from the operator the deletion of personal data concerning him, and the operator has the obligation to delete personal data.

e) Right to restrict processing: The data subject has the right to request the Operator to limit the processing of his data.

f) Right to data portability: The data subject has the right to request data portability, which means that the data subject may receive personal data originally provided in a structured and commonly used format or that the data subject may request the transfer of data to a another Operator.

g) Right to object: The data subject who provides personal data to an Operator has the right to object at any time to the processing of data for several reasons provided in the GDPR, without having to justify his decision.

h) The right not to be subject to an automated individual decision: The data subject has the right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles, if this creation produces a legal effect on the data subject or significantly affects similar way.

i) Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State in which he or she has his or her habitual residence, place of work or employment. which is presumed to have been breached, if the data subject considers that the processing of personal data concerning him violates the provisions of the GDPR.

Whenever the processing is based on consent, according to art.7 of the GDPR, the data subject may withdraw his consent at any time.

If you need more information about the processing of your personal data, please see the “How to contact us” section below.

Updating our Policy

This Policy (including any annexes) may be updated periodically to reflect changes in our privacy practices and legal updates. For significant changes, we will notify you by posting a visible notice on our sites, indicating at the top of each notification when the last update was made.

Contact Information

If you have any questions or comments regarding this Policy or if you wish to exercise your rights, please email us at the following address: office@justoak.com or you may send a written request by mail to the following address: Sat Urmenis no. 194, Maramures county, Romania.