Privacy Notice
For all visitors and users of the Arkum Invest website (www.arkuminvest.ro)
1. Introduction
Arkum Invest SRL, the entity responsible for the website www.arkuminvest.ro (hereinafter referred to as the “Website”) published as the current data controller of privacy and data management (hereinafter referred to as the “Notice” or “Privacy Notice”), which demonstrates the Operator’s commitment to secure and protect personal data based on principles and these will be described in detail below.
The data controller should take all reasonable steps to ensure the protection of personal data processed by it.
Please read this Notice carefully before using this website which contains additional relevant information. If you do not agree with this Notice or are likely to have any comments on it, please contact the Operator in writing using the contact details.
The following data protection information applies to both the currently applicable national legal framework and the requirements of Regulation 2016/679 of the European Parliament and of the Council (the GDPR Regulation).
Name and address of data controller
- Name: Arkum Invest Srl
- CIF: RO14333919
- Office: 535600, Harghita, Odorheiu Seciuesc, Str. Kuvar 28
- Website: www.arkuminvest.ro
Contact details of the Operator
- Name: Arkum Invest Srl
- Post: 535600, Harghita, Odorheiu Seciuesc, Str. Kuvar 28
- E-mail: project@arkuminvest.ro
- Telefon: 00 40 266 213 756
2. Definitions
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
“Data Subject” means any natural person who can be identified, directly or indirectly, by an identifier, such as a name, an identification number, location data, or by factors specific to the natural person, such as physiological, genetic, mental, economic, cultural or social identity.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies his or her unambiguous agreement, in a statement or action, to the processing of personal data relating to him or her;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law.
“Processor” means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
“Recipient” means the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or national law shall not be regarded as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Profiling” means any form of automatic processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of the natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Supervisory authority” means an independent public authority established by a Member State pursuant to Article 51.
“Pseudonymisation” means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Personal data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed.
“Information society services” means a service provided electronically, for absence, usually for remuneration, to which the recipient of the service has individual access.
“E-commerce service” means an information society service for the sale, purchase, exchange or alternative use of goods and services such as real property, including money and securities, natural resources that can be used for this purpose, services, real estate, property rights (hereinafter collectively referred to as a commodity).
3. Subject of data processing
The following natural persons are subject to data processing:
- Users who register on the site;
- The unregistered person using the services of the website and the person is identified / can be identified based on any specific data.
4. Principles relating to the processing of personal data
The Operator declares that it processes personal data in accordance with the provisions of the Privacy Notice and complies with the provisions of the relevant legislation with regard to the following principles:
- Personal data are processed lawfully, fairly and transparently in relation to the data subject.
- Personal data are collected for specified, explicit and legitimate purposes.
- Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- personal data are accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; personal data may be stored for longer periods in so far as they will be processed solely for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes.
- Personal data shall be processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by taking appropriate technical or organizational measures.
- The data protection principles apply to all information relating to an identified or identifiable natural person.
5. General information on data processing
Purpose of data processing: contacting partners, providing additional information or services or processing data related to the management of the contractual relationship.
Legal basis of data processing: consent of the data subject or processing is necessary to carry out (pre-) contractual measures.
Data processing subject: users of the registration form and “Contact us” (newsletter subscribers, those who contacted through the form).
Data storage and deletion period: Data processing and therefore storage depends on the purpose and legal basis of the processing, but data will be deleted or blocked if the original purpose is fulfilled or the legal basis is expired or withdrawn. In case of consent, the data subject can withdraw at any time by sending a complaint to the email address of the Operator (see contact details). If there is no legal obligation to keep personal data, it will be deleted or pseudonymised.
Right of access to the data concerned: legal representative of the Operator and its employees.
The data subject may request from the Controller access to and rectification or erasure of personal data or restriction of processing relating to the data subject or object to the processing, as well as the right to data portability.
The data subject has the right to withdraw his/her consent at any time and the withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
The data subject has the right to lodge a complaint with a supervisory authority. However, please send your complaint to to the controller on the first occasion.
If the data subject wants to use the benefits of registration, such as specific dedicated services of the website, it is necessary to add the necessary personal data. The data subject is not obliged to add this personal data and there are no negative consequences of such an action. However, some features of the website are not available without registration.
The data subject shall have the right to obtain from the Controller, without undue delay, rectification of inaccurate personal data relating to him or her.
The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay if there is no lawful basis or it has already expired.
Correction or deletion of personal data can be initiated by e-mail, telephone or letter using the contact information provided above.
6. Filling in the “Contact us” form
The operator uses the personal data, which are received through the contact form, only for the purpose of contacting and informing you, without sending to any third party.
7. Persons authorized to process data
The authorized entity for processing personal data is GuruLabs Srl. (Cluj Napoca, RO-400112, Cluj, Strada Emile Zola 1/6, CIF 38156938, Nr. înmatriculare: J12 /5457 /2017) as processor. Personal data, which may be processed, can only be accessed by the legal representative, employees, colleagues of the processor. The processor does not transfer personal data to a third party unless the data subject expressly agrees to it.
Professional hosting services (Web hosting)
Name: GuruLabs Srl.
Office: Cluj Napoca, RO-400112, Cluj, Strada Emile Zola 1/6
E-mail: office@webgurus.io
The information you have provided is stored on a server operated by the hosting provider. The data can only be accessed by the Operator’s employees and processor and all employees operating this server, but all are responsible for the secure management of this data.
Name of activity: web hosting service.
Purpose of data processing: to ensure the operations of the web service.
Object of the data processing: personal data which are provided by the data subject.
Storage periods and general expiry date of data deletion: Data processing continues until the website ceases to function or the contractual relationship between the controller and the hosting provider is terminated. The data subject may request the deletion of his/her data by also contacting the hosting provider.
Legal basis for data processing: consent of the data subject or on the basis of legal obligations.
8. Validity
The controller shall process the personal data provided on the basis of the consent of the data subject until the purposes of the data processing are fulfilled or the user withdraws. The operator manages the personal data provided to you during the registration procedure until you stop using the website, which includes requesting the deletion of your registration.
The controller may process the personal data concerned without the consent of the data subject or after the data subject’s revocation if:
- for the fulfillment of a legal obligation of the Operator,
- due to the legitimate interest of the data controller or the third party fence and the exercise of this lawful request is proportionate to the restriction of the right to protection of personal data without any specific consent.
The controller retains and processes the data subject’s data for 5 years to comply with accounting obligations or within the storage period specified by current accounting laws.
9. Transfers and combination of personal data
The operator does not sell, rent or otherwise provide personal data or information to other companies or individuals. The controller should ensure adequate security of personal data by taking appropriate technical or organizational measures which should constitute safeguards for the application of data protection rules and principles and contribute to the security of personal data.
The controller may transfer personal data to a third party or parties only with the consent of the data subject.
10. Cookies
Cookies are placed on the user’s computer by websites visited and contain information such as page settings or login status. A cookie is a small file of letters and numbers that will be stored on a user’s computer, mobile device or other equipment from which the internet is accessed. The user experience is enhanced by saving browsing data. With cookies, the website remembers your site preferences and provides you with locally relevant content.
Our cookie policy is available here.
11. Google Analytics
Our website uses Google Analytics.
Google Analytics uses internal cookies to generate reports for customers about the behaviour of users of the site. On behalf of the website owner, Google uses information to measure how users interact with the content of the website. As an additional service, reports about website activities are prepared for website owners to provide additional services. The data is stored in encrypted form on Google servers to limit or prevent misuse of the data.
How to disable Google Analytics:
Site users who do not want Google Analytics to create a JavaScript report about their data can install the Google Analytics Opt-out Add-on. This extension tells Google Analytics JavaScript (ga.js, analytics.js, és dc.js) not to send information to Google Analytics. This extension is available for major web browser applications. However, the Google Analytics opt-out add-on will not prevent the transfer of data between the website and other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=ro
Google’s privacy policies: https://policies.google.com/privacy?hl=ro
More information about data use and protection is available at these links above.
12. Rights of data subjects
Right to information: you can request information from us through the contact details in which personal data are processed, such as the legal basis and purposes of the processing and how long we store personal data. Upon your request, we will immediately send the requested information which should not exceed in maximum 30 days, to the email address you have provided.
Right to rectification: you can ask us to rectify inaccurate personal data about you. We will act without undue delay but within a maximum period of 30 days and will inform you of the outcome of your request via the e-mail you provided.
Right to erasure of data (“right to be forgotten”): you can ask us to erase personal data about you. We will act without undue delay, but within a maximum period of 30 days, and will inform you of the outcome of your request by the e-mail you have provided. However, we can only comply with your request if it does not conflict with another legal ground (e.g. a legal obligation).
Right to restrict processing: you can request the restriction of the processing of your personal data. The restriction will be obtained until it has been verified whether the data controller’s legitimate reasons outweigh those of the data subject. We will act without undue delay, but within a maximum period of 30 days, and will inform you on the outcome of your request through the e-mail you have provided.
Right to object: you may object to the processing of personal data concerning you at any time. Your request is examined without undue delay, but within a maximum period of 30 days, and we inform you of the outcome of your request by the e-mail you have provided.
13. Legal option for data processing application
If you have experienced unlawful data processing, please contact us to restore legal compliance status in a short time. We make every effort to resolve your raised issue as soon as possible.
If the problem still exists or is not resilient, please lodge a complaint with the Data Protection Supervisor at the following contact details:
National Supervisory Authority for Personal Data Processing
Office: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest
Mobil: 00 40 318 059 211, 00 40 318 059 211
Email: anspdcp@dataprotection.ro
14. Legislation
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Date of application of these privacy notices: 31/08/2021. The operator reserves the right to modify.