Last updated: 8 November 2022 

This Privacy Policy applies to the www.officesky.ro website (hereinafter referred to as the "Website") owned and operated by or on behalf of Office Sky Team S.R.L., headquartered in Bucharest, 21 Dr. Iacob Felix Street, room 4, 2nd floor, sector 1 ("Office Sky Team", "we", "us", "our"). 

Data protection is particularly important for us. The use of our websites is possible without indicating any personal data. However, if someone wants to use our services through the website, the processing of personal data may become necessary.  

The purpose of this "Privacy Policy" is to explain to you what data we process, why we process it and what we do with it. We take your privacy seriously and protect all your personal data.  

In order to comply with the provisions of the General Data Protection Regulation (GDPR), we have implemented numerous technical and organizational measures designed to ensure the most complete protection of personal data processed through this website. However, the transfer of data over the Internet may, in principle, have security gaps, so absolute protection cannot be guaranteed.  

In collecting information, we act as the controller and, by law, we are obliged to provide you with information about us, the reason for and how we use your data and the rights you have over your personal data. 

This Privacy Policy does not cover the applications and websites of other third parties that you can reach by accessing the links on our website. This is beyond our control.  

When accessing our website, you may be asked or you can provide a series of personal data, necessary mainly for the performance of our activity (contact details: name, surname, telephone number, e-mail address, etc.).   

For personal data processed by us, when you wish to transmit certain personal information to us, you will be asked for your express consent, which may be granted by ticking the box: I have read, and I agree with the Privacy Policy.  

Regarding the chat on our website, consent will be requested before the transmission of any type of personal data to us, by requesting the chat user agreement according to the privacy policies. Access to the chat will be allowed only after the acceptance of the terms of use, so it is impossible to transmit personal data via chat without your prior consent. 

If you do not give your consent to the processing of personal data for the purposes mentioned in the Privacy Policy, your data will be processed based on the performance of contractual relations, strictly for the purpose of achieving the object the contract concluded between you and the Company, if any. 

Giving consent to the use of cookies in accordance with the terms of this policy when you visit our website for the first time, allows us to use cookies every time you visit our website. 

1. Definitions 

Personal data = Personal data means any information relating to an identified or identifiable private person ("data subject"). An identifiable private person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social character of that private person. 

Data subject = Data subject is any identified or identifiable private person whose personal data is processed by the controller or processor. 

Processing = Processing is any operation or set of operations which is performed with personal data or sets of personal data, whether by automated means or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction. 

Restriction of processing = Restriction of processing is the selection of stored personal data for the purpose of limiting future processing. 

Profiling = Profiling means any form of automated processing of personal data that consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or anticipate aspects regarding the individual's performance at work, economic situation, health, personal preferences, interests, behavior, location or travel. 

Pseudonymization = pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a particular data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person. 

Controller = Controller is the private or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU law or by a Member State, the controller or the specific criteria for his appointment may be laid down by EU law or by the Member State. 

Authorized person = Processor is a private or legal person, public authority, agency or other body that processes personal data on behalf of the controller. 

Beneficiary = The beneficiary is a private or legal person, a public authority, an agency or another body, to whom the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the framework of an investigation in accordance with EU or Member State law are not considered as beneficiaries; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing. 

Third party = May be a third party, a private or legal person, a public authority, an agency or a body, other than the data subject, the controller, the processor, the processor, who, under the direct authority of the controller or the processor, is authorised to process personal data. 

Consent = Consent of the data subject is any specific, informed and unambiguous indication of the wishes of the data subject by which he or she, by a statement or by a clear affirmative action, accepts the processing of personal data concerning him or her. 

2. Principles governing our privacy and personal data processing policy 

• The principle of legality, fairness and transparency.  It requires that personal data be processed lawfully, fairly, and transparently in relation to the data subjects. 

• The principle of purpose limitation. It requires that personal data must only be collected for specified, explicit and legitimate purposes. 

• Principle of collecting the minimum data in order to achieve the purpose for which consent was obtained. According to this principle, personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. 

• The principle of keeping data up to date ensures that personal data are accurate and updated where necessary. 

• The principle of data retention strictly for the period for which consent was obtained. This implies that personal data are kept for the time for which consent has been obtained. 

• The principle of ensuring adequate security of the data so that it is of integrity, confidentiality, and availability. 

• Principle of responsibility. The controller is responsible for compliance with the principles listed in Article 5(1) of the GDPR and must be able to demonstrate compliance with them. 

3. Collection of personal data 

The following types of personal information may be collected, stored and used: 

• information about your computer, including your IP address, geographic location, browser type and version, and operating system; 

• information about visits to and use of this website, including the referral source, duration of the visit, page views and website navigation paths; 

• information such as your ip address, e-mail, first and last name, which you enter when you register on our website; 

• information you enter when an account is created on our website – for example, your name, photo, gender, date of birth, interests and hobbies, academic details and details of the occupation; 

• information such as your name and email address, which you enter to set up subscriptions to emails and/or newsletters; 

• information you enter while using the services on our website; 

• information that is generated while using our website, including when, how often and under what circumstances you use it; 

• information about any purchase made, services used or transactions you make through our website, which may include your name, address, telephone number, email address and bank card details; 

• information contained in any communications you send us by e-mail or through our website, including the content of the communications and their metadata; 

• any other personal information you submit to us. 

Before you disclose another person's personal information to us, you must obtain that person's consent for both the disclosure and processing of personal information in accordance with this policy. 

4. Use of your personal information 

Personal information submitted through our website will be used for the purposes specified in this policy or on the respective pages of the website. We may use your personal information/data for the following purposes: administration of our website and business; customizing our website for you; authorizing the use of the services available on our website; providing the services purchased through our website; sending invoices to you and collecting payments from you; sending commercial communications for information; sending by e-mail of expressly requested notifications; sending our newsletter by e-mail, if you have requested it (you can inform us at any time if you no longer wish to do so); sending marketing communications relating to our business or carefully selected third-party companies that we believe may be of interest to you, by email or similar technologies (you can inform us at any time if you no longer wish to receive marketing communications); providing third parties with statistical information about our users (these third parties will not be able to identify any user with the help of this information); dealing with requests and complaints made by you or about you relating to our website; maintaining the security of our website and preventing fraud; verifying compliance with the terms and conditions governing the use of our website; other uses. 

Without your express consent, we will not provide your personal information to third parties for direct marketing from these third parties or from any other third party. 

Customers who have contracted our services instruct us to process the personal data they provide to us or the personal data they instruct us to collect on their behalf (e.g. personal data relating to the users of the services where our customers are legal persons or personal data relating to other natural persons) for purposes related to the performance of the contract they have concluded with us, which include the use of the web account for drafting the necessary documents, managing correspondence, checking documents, drafting reports, organizing programs and meetings, planning, organizing and booking events, organizing maintenance and any other services requested by our customers. With regard to these processing activities, we act as the processor of our customers (which means that we process personal data according to the instructions received from our customers), while our customers each act as controller (which means that they establish the essential elements regarding the reason for and how the personal data is processed). As controllers, our customers have a responsibility to inform the persons whose personal data they provide to us or whose personal data we have been instructed to collect on behalf of our customers about the processing of their personal data and the rights they enjoy in relation to this processing, as well as to manage their requests in respect of such processing and to comply with any other requirement incumbent on them under data protection law.  

We process personal data relating to our customers who are private persons and to individuals in relation to our clients who are legal persons, including our clients' representatives, contact persons, employees, for the following purposes: to negotiate the terms of the relationship with our customers and to conclude the contract with them, to provide the services requested by our customers and to manage the aspects arising from the execution of the relationship contract with our customers. For these purposes, we rely on the need to perform our contract (only in the case of clients who are private persons) and on our legitimate interests in taking the necessary measures to protect our business, including to maintain our business operations and develop them. 

We process personal data relating to any person in connection with the services provided to our customers in order to take the necessary measures to establish, enforce or defend our rights (if any); to comply with any legal obligation, for example, in the field of archiving or taxation, as well as in the context of structural changes or similar transactions in which we are involved (if applicable). For these purposes, we rely either on a legal obligation incumbent on us or on our legislative interests to protect our rights. 

For these purposes, we process personal data that has been provided to us either directly by the individuals to whom the personal data refers or by our customers in the context of our relationship with them and the processing for which we act as a processor, in the latter case, in accordance with the information provided to individuals by customers. The provision of personal data is not a contractual or legal obligation for these persons (with the exception of our clients who are private persons and who must provide us with their personal data in the context of the contract we have concluded with them), while the refusal to provide the requested personal data may lead to the impossibility of concluding and executing our contractual relationship with customers or touching the other purposes explained above. 

5. Disclosure of personal information 

In order to achieve the purposes mentioned above and to the extent necessary, we disclose personal data to the following categories of recipients: public authorities, government agencies, payment service providers, IT support service providers, storage and hosting services, accountants, lawyers and financial service providers, other contractual partners to whom personal data should be disclosed in order for them to be able to provide the services provided for in the relevant contracts, any persons or entities to whom personal data should be disclosed pursuant to a legal obligation.  

We may disclose your personal information to any member of our group of companies (this includes our subsidiaries, the parent company and all its subsidiaries) as reasonably necessary for the purposes set out in this policy. 

We do not transfer personal data outside the European Economic Area. 

6. Retention of personal information 

Personal information that we process for any purpose will not be kept longer than necessary for that purpose or purpose. 

We will store personal data for as long as is reasonably necessary for the purposes explained in this Privacy Policy. For example, in the case of our clients who are private persons or representatives of our corporate clients, contact persons, employees, their personal data is stored, if necessary, for the duration of the contractual relationship, and subsequently for a subsequent period necessary to ensure compliance with the applicable law. 

We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. 

We will store all the personal information you provide on our secure servers (password protected and firewall). All electronic financial transactions concluded through our website will be protected by encryption technology. 

You acknowledge that the transmission of information over the Internet is typically insecure and we cannot guarantee the security of data sent over the internet. 

7. YOUR RIGHTS 

Within the limits and conditions provided by law, individuals have the right to request access to their personal data, rectification and deletion of personal data concerning them, restriction of processing, the right to object to processing, as well as the right to data portability. In addition, individuals have the right to file complaints with the National Supervisory Authority for Personal Data Processing. 

If we act as controller, individuals can exercise these rights and learn more about the processing of personal data by sending a request to our headquarters or using the following contact details: [email protected].  

8. Updating information 

Please let us know in writing if the personal information we hold about you needs to be corrected or updated. 

9. COOKIES 

Our website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers), which is sent by a web server to a browser and which is stored by that browser. The identifier is then sent back to the server each time the browser requests a page from it. Cookies do not usually contain information that personally identifies a user, but the personal information we store about you may be linked to the information stored and obtained through cookies. The company uses cookies to personalize content, advertisements, to provide integration facilities with social media platforms or to analyze our site traffic. 

We may disclose information about your use of our website directly to our advertising and traffic data analysis partners, who may, under the terms of their own privacy policies and cookies, combine this data with other information that you have provided directly to them or that they have collected about you in the context of other uses of their services or products. 

Under the conditions of compliance with the applicable legislation, we can store cookies on your equipment, only if they are strictly necessary for the operation of the site. For any other type of cookie, we must ask for your consent. 

Strictly necessary cookies help us to offer you the services available on www.officesky.ro and allow the use of functionalities such as secure access. Because they are strictly necessary, they cannot be refused by the user without affecting the use of www.officesky.ro. You can always block or delete them from your browser settings. 

The performance and functionality cookies of the site allow the improvement of your user experiences but are, in themselves, non-essential. However, without these cookies we cannot guarantee you certain functionalities. 

Analytics or experience personalization cookies collect information about you and use it either in aggregate form to help us better understand how our site is used or how effective marketing campaigns are, but also to customize our sites and applications. 

Advertising or targeting cookies are used by us to make marketing messages as relevant as possible to your interests. It helps that the ads we provide to you are not repetitive and are displayed correctly, or selected by us according to your interests. 

We use different types of cookies, some of which are placed directly by third-party service providers that appear on www.officesky.ro. 

The data subject may, at any time, prevent the use of cookies by our website by means of an appropriate setting of the Internet browser. In addition, cookies already set can be deleted at any time from the Internet browser. If the data subject disables the setting of cookies in the Internet browser used, not all functions of our website can be fully used. 

We may change this Privacy Policy from time to time, for example, to update it or to comply with legal requirements or changes in the way we operate.