Contact

Personal data processing policy

Axes Software » Personal data processing policy

Current version of the policy

Previous version of the policy (valid until 12.03.2023)

1. WHO WE ARE

AXES SOFTWARE S.R.L., having its headquarters in Bucharest, Sector 3, 36 Matei Basarab Street, registered under the Trade Register no. J40 /21580/2005, having the fiscal code RO 18238677, (hereinafter referred to as “the Company”) is a data controller.

The purpose of this Policy is to inform the data subjects about the conditions under which personal data are processed by the Controller, in accordance with Article 13 of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘General Data Protection Regulation’ or ‘GDPR’).

The services offered by the Company can only be used after acknowledging this Policy.

This site is not intended for minors under the age of 16.

2. DEFINITIONS

Under this Policy, the terms mentioned will have the meanings specified below in accordance with Article 4 of the GDPR:

a) “Personal data of the data subject” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

b) “Data subject” means the natural person whose personal data is processed by the Controller;

c) “Supervisory Authority” means an independent public authority established by a Member State, having the competence to supervise the protection of personal data in the EU in the jurisdiction where the entity that processes data as Controller has its seat;

d) “Processing” means any operation or set of operations performed upon personal data or personal data sets, with or without the use of automated means, such as: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use,
disclosure by transmission, dissemination or otherwise, alignment or combination, restriction, deletion or destruction;

e) “Controller” means the legal person or the natural person who, alone or jointly with others, determines the purposes and means of processing personal data. Under this Policy, the Controller is the Company;

f) “Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, agree to the processing of personal data relating to them.

g) “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

h) “Regulation” means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).

3. GENERAL PROVISIONS

As we value the confidentiality of your information, we undertake, as the Controller, to comply with the provisions of this policy, as well as the provisions set out in the Regulation and the national laws regarding the processing of personal data, their security and confidentiality.

If we change this Policy, we will notify you on this page and publish an updated version.

4. PURPOSE, DURATION, NATURE, PURPOSE, TYPE OF PERSONAL DATA PROCESSED

Personal data means any data or information that helps us to identify you directly (e.g. your surname, forename) or indirectly (e.g. data collected through cookie technology). Some information is less obvious (such as your computer’s IP), but associated with your person and corroborated with other personal data can help us, at least in theory, to identify you. Thus, all these are limited to the notion of “personal data”.

Sensitive data refer to data that include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade-union membership, health-related information, and genetic and biometric data. We do not collect any information about beliefs, sex life or sexual orientation, political opinions, trade-union membership, health, genetic or biometric or crime-related data.

The personal data we process in accordance with the purposes and means presented below is obtained directly from you or from third sources as mentioned.

The purposes for and the conditions under which we process your personal data are the following:

– Contacting the Company through the forms available on the website

When you contact us via the contact form on the site, we will process the following data:

The legal basis for data processing is Art. 6 para. (1) let. (f) of the GDPR – the legitimate interest of the Controller to facilitate communication with potential clients through the website.

The data retention period is 12 months calculated from 1 January of the year following collection.

– Concluding contracts between the Company and the entity you represent

When you are the legal representative of a contracting entity of the Company, such as a client or service provider, we will process your personal data for the conclusion and performance of the contract between the two entities. In such situation we shall process the following data:

The legal basis for data processing is Art. 6 para. (1) let. (f) of the GDPR – the legitimate interest of the Controller to enter into contractual relationships.

The retention period applicable will be the Company’s duration of operation.

– Ensuring communication in order to conclude and perform commercial contracts

If you are the contact person or the legal representative of a contracting entity of the Company, such as a client or service provider, we will process your data in order to ensure the communication indispensable for the performance of contractual relations. For this purpose we will process the following data:

The legal basis for data processing is Art. 6 para. (1) let. (f) of the GDPR – the legitimate interest of the Controller to ensure the communication indispensable for the performance of contractual relations.

The retention period shall be determined in accordance with the specifics of the contractual relationship.

– Subscribing to our newsletters

When you subscribe to our newsletters, we may periodically send you promotional messages. For this purpose we will process the following data:

The legal basis for data processing is Art. 6 para. (1) let. (a) of the GDPR – the consent of the data subject. You have the right to withdraw your given consent any time without affecting the lawfulness of the processing based on consent before its withdrawal.

The data will be retained until your consent is withdrawn.

– Defending rights in court

When we defend our rights in court to recover sums due or when we protect our interests against unjustified claims / complaints, we will process your data (provided to us by you) necessary to file lawsuits, other specific requests and documents.

The legal basis for data processing is Art. 6 para. (1) let. (f) of the GDPR – our legitimate interest in defending the interests of the Company.

The data retention period will be determined according to the nature of the dispute subject to resolution.

– Recruitment

When we recruit, we come into possession of CVs that are provided to us directly by the potential recruits or by our recruitment service providers. The data processed are those contained in your CV , such as:

The data retention period is 5 years calculated from January 1 of the following year in which we came into possession of your data.

– Realization of statistics, identification of preferences, tracking of interaction with the website and marketing

When you visit our website as a visitor, we also collect data obtained, with the help of cookies, from your computer, phone, tablet or other device (” the device”) you have used, information by which we can identify you online (“online identifiers”):

It is very important to know that most devices give you the option to disable geo-location services right from the settings of that device.

The data collected through cookies and similar technologies used through the website and the purposes for which they are processed correspond to your selections in the cookies banner.

“Cookies” are files that are placed on a website or sent by a server to your device. The way in which we process cookies is detailed in the Cookie Policy, in accordance with the permissions granted by you through the cookie banner .

The legal basis for data processing is Art. 6 para. (1) let. (a) of the GDPR – your consent. You have the right to withdraw your consent at any time through the means presented in the Cookies Policy, without affecting the lawfulness of the processing prior to the withdrawal of consent .

– Ensuring the security and maintenance of the website

We normally use the following online identifiers to maintain and secure the Company’s website:

These data are processed to ensure the proper functioning of the website, respectively:

The legal basis for data processing is Art. 6 para. (1) let. (f) of the GDPR – our legitimate interest in implementing, setting up and maintaining security measures of the Company’s website.

5. TO WHOM WE CAN DISCLOSE DATA

i. Your personal data may be transmitted to and processed by our trusted partners in order to provide you with services.

When we outsource certain activities to our trusted partners, we make all reasonable efforts to verify in advance that they ensure the protection of your data through strict data security measures and we will enter into data processing agreements with each of them, in accordance with the legal requirements. The categories of recipients to whom we may disclose your data are hosting or software/hardware maintenance service providers, IT service providers, software or hardware product providers, subcontractors, training and education service providers, payment processors, banking institutions , accounting service providers.

ii. Transmission of data to public authorities and institutions or judicial bodies

We may transmit some of your personal data to the competent public authorities or institutions when required to do so by law (e.g. fraud investigation, money laundering prevention, filing of returns and financial statements with tax authorities, etc.) or we may transmit such data to the courts when defending ourselves in court or before other public authorities.

iii. Access of auditors and consultants

We may pass on some of your personal data to providers of accounting, legal, human resources, auditing, banking and other services.

6. INTERNATIONAL TRANSFERS

As a rule, your data is not transferred to countries outside the European Union or the European Economic Area (“EEA”).

If we transfer your data to other categories of partners / suppliers of the Company which are located in states that do not ensure an adequate level of protection of the transmitted data, we undertake to
take all necessary measures to ensure that those partners / suppliers comply with the terms and conditions set out in this Policy. These measures may include the implementation of data protection standards (e.g. ISO 27001), standard contractual clauses adopted by the European Union Commission and systems of direct control of these mechanisms.

7. DATA SECURITY

The Company has implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed in an unauthorized manner. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a commercial need to know those data. They will process your personal data at our instruction and are subject to confidentiality obligations.

We have implemented procedures to deal with any breach of personal data and we will notify you and any competent regulatory authority of the breach when we are legally obliged to do so.

We may store your data in physical or electronic format. In some circumstances, we may anonymize your personal data (so that it is no longer associated with you) for research or statistical purposes, in which case we may use this information indefinitely without informing you.

8. YOUR RIGHTS

In addition to those mentioned in this Policy, in certain circumstances, the data subject has certain rights in accordance with the personal data protection regulations. These include:

a. Right to be informed

You have the right to be informed regarding the processing of your personal data, as we are doing through this Privacy Policy.

b. Right to access

You have the right to obtain confirmation whether or not we process your personal data, as well as information on the specifics of the processing activities and a copy of that personal data.

c. Right to rectification

You have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

d. Right to erasure (“right to be forgotten”)

You have the right to ask us to delete your personal data, but only if one of the following grounds applies:

We are not obliged to respond to your request to delete your personal data if the processing of your personal data is necessary:

There are several other circumstances in which we are not obliged to respond to your request for erasure.

e. Right to restriction of processing

You have the right to obtain the restriction of processing of your personal data (i.e keep your personal data without using them) only when:

We may continue to use your personal data following a request for a restriction if we have your consent; or

f. Right to data portability

g. Right to object

You have the right to object to any processing of your personal data based on our legitimate interests if you believe that your fundamental rights and freedoms override our legitimate interests.
If the opposition is unjustified, the Controller is entitled to further process the personal data.

h. Right to object commercial communications

You have the right to object to processing of your personal data for direct marketing purposes at any time.

i. Right not to be subject to decisions based solely on automated processing

If the applicable legal provisions are met, you have the right not to be subject to a decision based solely on automatic processing, including profiling, which has legal effects on you or affects you similar to a significant extent.

j. Right to lodge a complaint with a Supervisory Authority

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing. Please try to resolve any issues by discussing them with us in the first instance, although you have the right to contact the supervisory authority at any time.

The Romanian National Authority for the Supervision of Personal Data Processing may be reached at the following contact details:

k. Right to withdraw your consent

To the extent that we process your personal data on the basis of consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

The data subject will not pay a fee or any other charge to access their personal data or to exercise any of their other rights. However, the Company, as Controller, may charge a reasonable fee if the request made is manifestly unfounded, repetitive or excessive. Alternatively, the Company may refuse to comply with a request received in these circumstances.

The Company has the right to request certain information in order to confirm the identity of the data subject who made the request to exercise any rights. This is a security measure to ensure that
personal data is not disclosed to persons who are not entitled to receive them. We may contact you to request additional information regarding your request to expedite our response.

The company will make reasonable efforts to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if the data subject’s request is very complex or the data subject has made several requests. In this case, the Company will notify you and keep you informed.

9. LET’S KEEP IN TOUCH

We have appointed a data protection officer. For all matters arising from this Policy, including requests for the exercise of the rights of the data subjects, you may contact the Data Protection Department:

If you have a complaint or you are concerned about the way in which we use your personal data, please contact us in the first instance and we will try to resolve the issue as soon as possible.

We hope you enjoy browsing our website!

Last update: March 13, 2023

Sign up for our newsletter

Subscribe for weekly logistics insights & news!