GDPR recognises to data subjects a series of 8 important rights that you are allowed to exert:
- Right for information – art. 13 and 14 of the GDPR – it allows data subjects to know, even from the moment when the collection is made, the manner in which the data is going to be used, to whom it will be disclosed or transferred, what are the rights of data subjects with regard to the processed data etc.
- Right for access to data – art. 15 of the GDPR. It allows you to obtain, from our part, a confirmation whether any personal data related to you is processed or not and, if so, to obtain the access to the respective data and other useful information.
- Right for data removal – art. 17 of the GDPR. It allows you to obtain from our part the removal of the personal data related to you, without any undue delay. Still, there are exceptions from this rule, such as the case in which the data is processed to offer the public the right to information, for statistical or archiving purposes, for the fulfilment of a legal obligation, or for finding and defending a right before the court.
- Right for data modification – art. 16 of the GDPR. It allows to obtain from us, without any undue delay, the modification or completion of any unclear personal data related to you.
- Right for data restriction – art. 18 of the GDPR. This is a temporary right. In certain situations, between the moment when, for example, we make the decision to remove certain data (we no longer need personal data for processing purposes) and the actual removal of the data, you send us an application by which you oppose to the removal, claiming that you need this data to find, exert or defend a right before the court. Following such request, we shall “freeze” the data stopping its processing for a certain period of time.
- Right for data portability – art. 20 of the GDPR. You have the right to receive the personal data that concern you and which you have supplied to the controller in a structured format, used commonly and which can be read automatically, as well as the right to send this data to another controller, without any obstacles from our part. Otherwise said, your personal data will be given to you in a structured format, so you can decide whether you download them or, on the contrary, you send them to a different controller.
- Right for opposition – art. 21 of the GDPR. You have the right to oppose at any given time the processing of your personal data. For example, in all newsletters from cbex.ro (irrespective whether we talk about newsletters that provides us only with information or newsletters that promote services or products of cbex.ro) you will always have the possibility to unsubscribe (art. 7 of the GDPR).We offer this option in all situations, irrespective whether the law binds us or not to it, because we find important that your interaction with CBEX shall exist only as long as you want it.
- Right for not being subjected to a decision based exclusively on automatic processing, including the creation of profiles – art. 22 of the GDPR, which can cause legal effects that concern the data subject or affect the data subject similarly in a significant measure. CBEX does not create such profiles to be followed by automated decisions with legal or significantly similar effect for the data subject.
- Right to submit claims to the competent supervisory authority (National Supervisory Authority for Personal Data Processing), http://www.dataprotection.ro/.
Security
CBEX undertakes to protect your personal data against any loss, improper use, disclosure, modification, unavailability, unauthorized access and destruction and to take all reasonable measures to protect the privacy of this data, including by taking appropriate technical and organizational measures.
Organisational measures include the control of the physical access into our premises, the training of the personnel and the blocking of the physical files in storing lockers. Technical measures include encryption, passwords necessary to access our systems, certificates of security type SSL, for the encryption of data in transit etc.
During the supply of your personal data to you, the personal data can be transferred on the internet. Even though we make every effort to protect the personal data you provide us with, the transmission of information between you and us, online, is not completely safe (the device you use for writing to us might be monitored by third parties, for example, without having the possibility to take any measures in this respect).
Therefore, we cannot guarantee the security of your personal information send by means of the internet. So, you understand that any such transmission is made at your own risk. Once we receive your personal data, we shall use strict procedure and security characteristics to prevent any unauthorised access to it.