Data protection declaration

We are pleased with your interest in regards the best interests of the our company is particularly pleased. Data protection is of particular importance for the management of SKYLOTEC ROMANIA S.R.L. Browsing the Company’s website is possible without providing personal data, except for cookies if they have been set to a previous visit and have not already expired. However, if a data subject wishes to use our company’s special services through the website, it may be necessary to process personal data. Where it is necessary to process personal data and there is no legal basis for such processing, we always request the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, shall always take place in accordance with the General Data Protection Regulation (GDPR – 679/2016 EC) and in accordance with the country-specific data protection provisions applicable to SKYLOTEC ROMANIA S.R.L. With this data protection statement, our company wishes to inform the public about the nature, volume and purpose of the personal information it collects, uses and processes. At the same time, through this data protection declaration, data subjects are informed of their rights.
SKYLOTEC ROMANIA S.R.L., as a personal data controller, has implemented numerous technical and organisational measures to ensure a high level of protection of personal data processed through its website. However, data transmissionover the Internet may generally have security curates so that absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us by alternative means, for example by telephone or email.

1. Definitions

The data protection statement of SKYLOTEC ROMANIA S.R.L. is based on the terminology used by the European Directive and the regulatory authority in adopting the General Data Protection Regulation (GDPR) Our intention is that our data protection statement is easy to read and understand both to the public and for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.
We use in this data protection statement and the following terms:
a) Personal data: Personal data shall mean any information relating to an identified or identifiable natural person (‘the data subject’). A natural person shall be considered identifiable where it can be identified, directly or indirectly, in particular by associating with an identifier, such as a name, identification number, location data, an online identifier or one or more special characteristics, which restore the physical, physiological character, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: The data subject shall be any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing: Processing means any process or series of operations carried out with or without automated processes related to personal data such as collection, registration, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or other form of making available, reconciliation or association, restriction, erasure or destruction.
d) Restriction of processing: Restriction of processing is the marking of stored personal data for the purpose of limiting further processing.
e) Profiling: Profiling is any kind of automatic processing of personal data consisting in the use of such personal information to assess certain personal aspects relating to a natural person, in particular to analyse and make predictions on aspects of performance at work, economic situation, health, personal preferences, interests, behaviour, place of residence or relocation of that natural person.
f) Pseudonymisation: Pseudonymisation means the processing of personal data so that such personal data can no longer be attributed to a particular data subject without the need for further information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that personal data are assigned to an identified or identifiable natural person.
g) Controller or controller responsible for processing: The controller or controller responsible for processing is the natural or legal person, public authority, institution or body which, alone or together with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are required by Union or Member State legislation, the controller or its specific design criteria may be laid down under Union or Member State legislation.
h) Processor: Processor is a natural or legal person, public authority, institution or other body processing personal data on behalf of the controller.
i) Beneficiary: The beneficiary is a natural or legal person, a public authority, institution or other entity to which the personal data are disclosed, whether or not he is a third party. However, public authorities which may take possession of personal data in accordance with Union law or the laws of the Member States in relation to a particular investigation/research mission shall not be considered as beneficiaries.
j) Third party: The third party is a natural or legal person, public authority, institution or other entity other than the data subject, controller, processor or persons directly responsible for the controller or processor for the purpose of processing personal data.
k) Consent: Consent is the unequivocal expression of the will of the data subject, on a voluntary basis, in the form of a statement or other unequivocal confirmatory act on a particular case on the part of the data subject, indicating that he agrees with the processing of his own personal data.

2. Name and address of the controller responsible for processing

The controller, for the purposes of the General Data Protection Regulation and other applicable data protection laws in the Member States of the European Union and other data protection provisions, shall be:

SKYLOTEC ROMANIA S.R.L.
Grivitei Street, 10. 34.330060 Deva,Jud. Hunedoara
Tel. +40 354808640

3. Cookies

The SKYLOTEC ROMANIA S.R.L. website uses cookies. Cookies are text files that are submitted and stored on a computer system via an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie-ID. A cookie-ID is a biunivoc code for the identification of the cookie. It consists of a string through which pages and Internet servers can be assigned to the specific Internet browser in which the cookie was saved. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified by the unique cookie-ID code.
By using cookies, SKYLOTEC ROMANIA S.R.L. can offer users of this site with more user-friendly services that would not be possible without placing cookies.
Through a cookie, the information on our website can be optimized in the user spirit. Cookies allow us, as we have already mentioned, to recognize users of our website. The purpose of this recognition is to make it easier for users to use the site. For example, the user using cookies will not have to select the language of the site if he has done it once in the past, because this is done by the site using the cookie stored in the user’s computer system.
The data subject may prevent cookies from being placed by our website at any time through an appropriate setting of the internet browser used, thereby permanently opposing the placement of cookies. In addition, cookies already placed can be deleted at any time through an internet browser or other software. This is possible in all common internet browsers. If the data subject disables the placement of cookies in the internet browser used, some functions of our website may no longer be fully usable.

4. Registration of general data and information

The SKYLOTEC ROMANIA S.R.L. website collects a series of general data and information every time it is accessed by a target person or an automated system. This general data and information is stored in server logs. The types and versions of the browser used, (2) the operating system used by the system accessing, (3) the website through which our website is accessed by a system of access (so-called references), (4) sub-pages that are accessed on our website by a access system, (5) the date and time of accessing the website, (6) the address of the website (IP address) and (7) other similar data and information used to prevent attacks on our systems information technology.
SKYLOTEC ROMANIA S.R.L. does not build profiles on the basis of this personal data and does not make decisions automated on the basis of such profiles. This information is necessary and is only processed to: (1) correctly provide the content of our system, (2) to optimize the content of our website and to advertise it, (3) to ensure the continuous functioning of our computer systems and website technology, as well as 4) to provide criminal investigation authorities with the information necessary for law enforcement in the event of a cyber attack. SKYLOTEC ROMANIA S.R.L. statistically evaluates the data and information collected anonymously and also for the purpose of increasing data protection and security in our company, in order to ultimately ensure the best possible level of protection of personal data we process. Anonymous logfile data on the server is stored separately from all personal data provided by the data subjects.

5. Possibility to contact us through the website

Due to legal regulations, the Company’s website contains information that allows quick electronic contact with our company, as well as direct communication with us, including a general e-mail address (e-mail address). If a data subject contacts the data controller, by e-mail or contact form, the personal data provided by the data subject will be automatically saved. Such personal data, voluntarily transmitted by a data subject to the controller, shall be stored for the purpose of processing or contacting the data subject. Such data may then be processed by the company for the purpose of providing goods and services (if the data subject has willfully shown interest in such activities) for marketing purposes (if the data subject consented to the processing of his data for marketing purposes). Access to personal data is explicitly limited by SKYLOTEC ROMANIA S.R.L. to a small set of partners, which also include companies that provide us with development/maintenance services sites (personal data protection is ensured through gdpr standard contractual provisions and appropriate technical and organizational measures).

6. Routine deletion and blocking of personal data

The controller shall process and store the personal data of data subjects only for the period necessary to achieve the purpose of storage or, where applicable, as long as required by European Directives or Regulations or those issued by any other by incidental laws or regulations for the operator.
Where the purpose of storage disappears or on the expiry of the storage period provided for in the European Directives and Regulations or by any other relevant legislator, personal data shall be subject to routine blocking or deletion in accordance with legal provisions.

7. Rights of data subjects

a) Right to information
Any person concerned by the processing of personal data shall have the right, at any time, granted by the European legislative and regulatory authority to obtain from the data controller free information on personal data stored in the connection of himself and a copy of this information. In addition, the European legislative and regulatory authority has allowed the following information to be provided to the data subject:
purposes of processing.
categories of personal data processed.
recipients or categories of recipients to whom personal data have been disclosed or to be disclosed, in particular recipients from third countries or international organisations.
where possible, the planned storage time of personal data or, and where this is not possible, the criteria for determining this duration.
the existence of a right to rectification or erasure of personal data concerning him or a limitation of processing by the controller or of a right of opposition to such processing.
the existence of a right to lodge a complaint with a supervisory authority.
where personal data are not collected from the data subject: all available information about the origin of the data.
the existence of an automatic decision-making process, including profiling pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – relevant information on the logic involved and scope and impact processing on the data subject.
At the same time, the data subject has the right to be informed that personal data have been transmitted to a third country or an international organisation. In such a case, the data subject shall have the right to obtain information on the appropriate guarantees in relation to the transfer.
If a data subject wishes to exercise that right to information, he may contact an employee of the controller at any time.

b) Right to rectification
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority to request the immediate correction of inaccurate personal data thereon. At the same time, the data subject has the right to request the completion of incomplete personal data, including by means of an additional statement, taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, he may contact the controller at any time at the contact address: office@securitgrup.com

c) Right to erasure (right to be forgotten)
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority to require the controller to immediately delete personal data concerning him or her, provided that the one of the following reasons and the fact that processing is not necessary:
Personal data have been collected for such purposes or otherwise processed for which it is no longer necessary.
The data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR and there is no other legal basis for processing.
The data subject objects to processing in accordance with Article 21(1) of the GDPR and there are no particularly good reasons for processing, or the data subject opposes processing in accordance with Article 21(2) of the GDPR.
Personal data have been illegally processed.
The erasure of personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
Personal data were collected in connection with services provided by the information society in accordance with Article 8(1) gdpr.
If one of the above reasons is incidental and a data subject wishes to delete his personal data stored at SKYLOTEC ROMANIA S.R.L., it may contact an employee of the controller at any time at the contact address: office@securitgrup. Com. An amployee of SKYLOTEC ROMANIA S.R.L. will order the request for deletion to be honored as soon as possible. Where personal data have been made public by SKYLOTEC ROMANIA S.R.L. and our company is bound by Article 17(1) GDPR to delete personal data,
SKYLOTEC ROMANIA S.R.L. will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, in order to inform the other operators/power-powerful controllers processing the published personal data, that the data subject has requested the deletion of all links to such personal data as well as their copies or replys, unless the data is necessary. The employee of SKYLOTEC ROMANIA S.R.L. will take the necessary measures in that individual case.

d) the right to restrict processing
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority to require the controller to restrict processing where one of the following is Conditions:
The data subject disputes the accuracy of the personal data, i.e. for a period of time allowing the controller to verify the accuracy of the personal data.
The processing is illegal, the data subject refuses to delete personal data and instead requests the restriction of the use of personal data.
The controller no longer needs personal data for the purposes of the processing, but the data subject needs them to establish, exercise or defend his or her legal rights.
The data subject objected to the compliant processing. Article. 21(1) GDPR and is not yet established whether the operator’s well-founded reasons prevail over those of the data subject.
If one of the above conditions exists and a data subject wishes to request the restriction of personal data stored at SKYLOTEC ROMANIA S.R.L., it may contact the controller at any time at the contact address: office@securitgrup. Com. An employee of SKYLOTEC ROMANIA S.R.L. will initiate the restriction of processing.

f) Right to data portability
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority to obtain his own personal data which has been provided to an controller by the data subject, in a structured, common format that can be read the machine. It shall also have the right to transfer such data to another controller, without restriction, through the controller to whom the personal data have been provided, provided that the processing is based on consent given pursuant to Article 6(1)(a) of the GDPR or Article 9(1)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and provided that the processing is carried out through automated processes, in so far as the processing is carried out through automated processes, in so far as the processing is carried out through automated processes, in so far as processing is not necessary for the performance of a task of public interest or for the exercise of a public authority, which has been assigned to the controller.
In addition, in order to exercise the right to portability of data pursuant to Article 20(1) of the GDPR, the data subject shall be entitled to obtain the facility for personal data to be transmitted directly from one controller to another, to the extent technically feasible and to the extent that this does not affect the rights and freedoms of others.
In order to exercise the right to data portability, the data subject may contact the controller at any time at the contact address: office@securitgrup.com

g) Right to objection
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority, so that at any time, for reasons arising from his specific situation, object to the processing of the data pursuant to Article 6(1)(e) or (f) gdpr. This also applies to profiling based on these provisions.
SKYLOTEC ROMANIA S.R.L. will no longer process personal data in the event of an appeal, unless it can demonstrate that there are convincing good reasons for processing, which go beyond the interests, rights and freedoms of the data subject or if the processing serves to establish, exercise or defend legal rights.
If SKYLOTEC ROMANIA S.R.L. processes personal data to perform direct marketing, the data subject shall have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, to the extent associated with such direct marketing. If the data subject objects to the processing for direct marketing purposes, SKYLOTEC ROMANIA S.R.L. will no longer process personal data in these purposes.
In addition, the data subject shall be entitled, for reasons arising from his particular situation, to object against the processing of his personal data, which at SKYLOTEC ROMANIA S.R.L. are carried out for scientific or historical research purposes, or for statistical purposes, in accordance with Article 89(1) GDPR, unless such processing is necessary to carry out a task of public interest.
In order to exercise his right to objection, the data subject may contact SKYLOTEC ROMANIA S.R.L.at the contact address: office@securitgrup.com. The data subject shall also be free, in the course of the use of information society services, by way of derogation from Directive 2002/58/EC, to exercise his right to opposition through automated procedures using the technical specifications.

h) Automatic decisions in individual cases, including profiling
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority, not to be the subject of a decision based solely on automatic processing – including profiling – which has or which similarly affects it significantly, in so far as decision (1) is not necessary for the conclusion or performance of a contract concluded between the data subject and the controller, or (2) is permitted by the union or the Member State to which the controller is subject, and that legislation provides for appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject, or (3) with the express consent of the data subject.
Where decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) takes place with the express consent of the data subject, SKYLOTEC ROMANIA S.R.L. shall take appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject, which shall include at least the right to the intervention of a person from the controller, to express their position and to challenge the decision.
If the data subject wishes to exercise his rights in connection with decisions taken automatically, he may contact SKYLOTEC ROMANIA S.R.L. at any time at the contact address: office@securitgrup.com

i) Right to revoke consent to data protection
Any person concerned by the processing of personal data shall have the right granted by the European legislative and regulatory authority to revoke at all times consent to the processing of personal data.
If the data subject wishes to exercise the right to withdraw consent, he may at any time contact an employee of the controller.

8. Data protection for applications for employment and in the process of evaluating the application

The operator shall collect and process the personal data of the candidates in order to carry out the application evaluation process. Processing can also be carried out electronically. This applies in particular where an applicant submits to the controller the necessary application documents by electronic means, for example by e-mail or via a web form available on the website. If the operator enters into an employment contract with an applicant, the data transmitted will be stored in accordance with the law for the purpose of carrying out the employment relationship. If an employment contract is not concluded between the operator and the candidate, the application documents will be automatically deleted two months after the notice of the rejection decision, in so far as the deletion does not affect other legitimate interests of the controller. Another legitimate interest in this respect is, for example, an obligation of evidence in a trial under the General Law on Equal Treatment.

9. Data protection rules for using Google Analytics (with anonymisation)

The operator has integrated the Google Analytics component (with anonymization) on this site. Google Analytics is a web analytics service. Web analytics means recording, collecting, and analyzing data about visitor behavior on websites. Google Analytics may also collect age data, commercial preferences, etc., data obtained from user behavior on other websites. Among other things, a web analytics service records data about the site from which a data subject arrived on a website (so-called references), which were the subpages of the site accessed, or how often and how long a subpage was viewed. A web analytics is mainly used to optimize a website to conduct the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The operator uses the “_gat._anonymizeIp” extension for web analytics via Google Analytics. Through this extension, the IP address of the data subject’s Internet access will be reduced and anonymised by Google if access to our website is made from one Member State of the European Union or from another State Party to the Space Agreement European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to assess the use of our website, to present us with online reports showing the activities on our website and to provide other services related to the use of of the site.
Google Analytics places a cookie in the data subject’s computer system. I explained above what cookies are. By placing this cookie, it becomes possible for Google to analyze the use of our website. Each time a page of this site is accessed, if an Analytics component is integrated, the internet browser in the data subject’s computer system is automatically initiated by that Google Analytics component to send data google for online analysis purposes. As part of this technical process, Google will take possession of personal data, such as the IP address of the data subject, which will serve Google, among other things, to track the provenance of visitors and clicks, and subsequently to make it possible settlement of fees.
The cookie stores personal information such as access time, the location from which the data subject was accessed, and the frequency of visits made by the data subject. Every time we visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may transfer such personal data collected through the technical process to third parties.
The data subject may at any time prevent the placement of cookies by our website, as we have shown above, by means of an appropriate setting of the internet browser used, thereby permanently opposing the placement of cookies. Such a configuration of the internet browser used would also prevent Google from placing a cookie in the data subject’s computer system. In addition, a cookie already placed by Google Analytics can be deleted at any time through your Internet browser or other software.
The data subject also has the option to challenge and prevent the collection of data generated by Google Analytics relating to Google’s use of this site and google’s processing of this data. To do this, the data subject must download and install a browser add-on – add-on – from the https://tools.google.com/dlpage/gaoptout link. This browser/add-on communicates to Google Analytics via JavaScript that no visit data and information can be transmitted to Google Analytics. Installing the browser-add-on program is considered by Google to be a contradiction. If the data subject’s computer system is later deleted, formatted, or reinstalled, the data subject must reinstall the browser-add-on program to disable Google Analytics. If the browser-add-on program is uninstalled or disabled by the data subject or any other person in its sphere of control, you can reinstall or reactivate the browser-add-on.
Additional information and data protection rules from Google can be accessed at https://www.google.de/intl/ro/policies/privacy/ and https://www.google.com/analytics/terms/us.html. Google Analytics is explained in more detail to this link https://www.google.com/intl/us/analytics/.

10. Legal basis for processing

Article. 6 I (a) and (b) shall be replaced by a GDPR serves our company as the legal basis for processing operations for which we seek consent for a particular purpose of processing. Where the processing of personal data is necessary for the performance of a contract in which the data subject is a party, as is the case, for example, in the processing processes necessary for the supply of goods or for the provision of services or services in consideration, the processing shall be based on Article 10(1) of Regulation (EC) No 1257/1999. 6 I (a) and (b) shall be replaced by b of the GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of queries concerning our products or services. Where our company is subject to a legal obligation requiring the processing of personal data, such as the fulfilment of tax obligations, the processing shall be based on Article 6 I(a) and (b). c of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. An example of this would be the case if a visitor at our company’s premises suffered an accident/illness, and the name, age, medical insurance data or other vital information should be transmitted to a doctor, clinic or other third party. In such a case, the processing shall be based on Article 10(1) of Regulation (EC) No 1257/1999. 6 I (a) and (b) shall be replaced by d of the GDPR. Finally, processing operations may be based on Article 10(1) of Regulation (EC) No 1257/1999. 6 I (a) and (b) shall be replaced by f of gdpr. This legal basis includes processing operations which are not covered by any of the above legal bases where processing is necessary to protect the legitimate interests of our company or a third party, in so far as the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislature. It considered that a legitimate interest could be assumed if the data subject was the client of the controller (recital 47, paragraph 2 of the GDPR).

11. The legitimate interests of the processing, which are pursued by the controller or a third party

Where the processing of personal data is based on Article 6 I(a) and (b) of Regulation (EC) No 1493/1999, the member states shall, in accordance with the procedure laid down in Article 13 f of the GDPR, our legitimate interest lies in carrying out our business for the benefit of all our employees and shareholders.

12. Duration for which personal data is stored

The criterion for the storage of personal data is given by the period of legal storage/archiving and the originally established terms and conditions for the processing carried out.

BACK