Privacy and Personal Data Protection Policy of Casa Noastra SA
Thank you for your interest in our company, our products and / or services. When you start a partnership of any kind with us, you entrust us with your personal data.
This information is important. We hope you read it carefully.
This note informs you of the personal information we process about you in relation to our organization. In collecting this information we act as an operator and by law we are obliged to provide you with information about us, the reason and the way we use your data and the rights you have on your data.
CASA NOASTRA SA, known as the QFORT brand, is a company headquartered in Pieleşti, Calea Bucureşti, no. 113, Dolj County, having registration number J16 / 857/1995 and fiscal code RO7510066 (hereinafter referred to as “CASA NOASTRA” or “Company”), e-mail email@example.com, phone number 0251.439.532, responsible for processing your personal data that we collect directly from you or from other sources.
For your data to be processed safely, we have made every effort to implement reasonable measures to protect your personal information.
Casa Noastra complies with the EU General Regulation on the Protection of Personal Data no. 2016/679 (hereinafter referred to as “GDPR”) and national legislation.
According to the legislation in force, as the recipient of our services, or a person in any kind of relationship with our company (such as our client, our potential customer, the site visitor), you are “a target person”, an identified or identifiable individual. In order to be completely transparent with regard to data processing and to allow you to easily exercise your rights at any time, we have implemented measures to facilitate communication between us, the data operator and you, the data subject.
This data protection policy ensures:
The regulation (EU) No. 679/2016 describes how companies – including CASA NOASTRA SA must process personal data. These rules apply regardless of whether the data is stored electronically, on paper, or on other media.
To be consistent with the legislation, personal information must be collected and used legally, fairly, transparently, appropriately and limited to the purpose of collection and must be stored securely.
There are a total of 26 definitions listed in the GDPR. These include the most relevant definitions for this policy:
Personal data – any information about an identified or identifiable individual (“the data subject”);
The person concerned – an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements, of its physical, physiological, genetic, psychic, economic, cultural or social identity;
Processing – any operation or set of operations performed on personal data or on personal data sets with or without the use of automated means such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Operator – individual or legal person, public authority, agency or other organization which, alone or with others, determines the purposes and means of processing personal data; where the purposes and means of processing are laid down by European Union or national law, the operator or the specific criteria for designating it may be laid down in Union or national law;
Person authorized by the operator – individual or legal person, public authority, agency or other body processing personal data on behalf of the operator.
There are a number of fundamental principles on which the processing of personal data is based on the GDPR Regulation.
Personal data are:
CASA NOASTRA SA will ensure that it complies with all these principles both in its current processing and as part of the introduction of new processing methods such as new IT systems.
Protecting your personal information is very important to us. That is why we are committed to complying with European and national legislation on the protection of personal data, in particular Regulation (EU) 679/2016, also known as GDPR, and the following principles:
We process your data legally and correctly. We are always transparent about the information we use, and you are properly informed.
Within the limits of the law, we offer you the opportunity to examine, modify, delete the personal data that you have shared with us and exercise your other rights.
We use the data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our goals are compatible with the law. We take reasonable steps to ensure that personal data is accurate, complete and up-to-date.
We have implemented reasonable security and encryption measures to help protect your information. However, it notes that no website, application or internet connection is completely secure.
Your data processing can be based on:
For the conclusion or performance of a contract or for the application of certain measures, at your request, before the conclusion of a contract, we need some personal data to fulfil contractual obligations (invoicing, delivery, installation, customer service) and / or compliance with the legislation, such as accounting legislation.
As far as data processing for marketing purposes is concerned, the legal basis for the processing of personal data is your agreement, which you can withdraw at any time, as outlined in this document.
Please note that in certain circumstances, if you do not provide us with the above data, we will not be able to provide our services and products as your data is necessary for the conclusion of the contract, invoicing, installation, etc.
As we apply the minimization principle, we are committed to collecting only those data that are really needed. We hereby inform you that personal data that the Company processes are personal data that we collect from you or from other sources, such as:
These data are required for activities such as: preparation of the offer, execution, modification or termination of the Contract, remedy of possible non-compliance, receipts and payments in bank accounts, resolution of complaints.
We may also collect data through cookies or other similar technologies, such as IP address, internet browser, location, web pages you visit on our site. For more information on using cookies, you can access our Policy at https://qfort.com/use-of-cookies/.
CASA NOASTRA collects personal data for the following purposes:
We collect personal data to conduct business with individuals or legal entities (such as organizing work visits at the company’s headquarters for partners, agencies, etc.)
The person concerned provides personal data, including name, e-mail address or other contact information when contacted by phone, e-mail, mail, or using our digital platforms. This personal information allows us to respond to inquiries about CASA NOASTRA products, details of measurements and price offers for fitting CASA NOASTRA products, to set up a service visit, or to respond to complaints under CASA NOASTRA guarantee policy. The information provided may be sent to CASA NOASTRA or to other CASA NOASTRA commercial representatives, independent installers or distributors in order to assist clients in their requests or to provide services or a price offer.
We may collect personal data of customers and potential clients including names and surnames, contact information, payment information and credit cards, credit information, and other information that is required to conduct our business with that individual or organization. This information may be disclosed to distributors and logistics partners in order to process a customer’s order, including in order to determine the delivery of our products to our customers or to respond to requests.
The personal information provided by the Individual and the personal information we collect on our digital platforms will be used to increase the level of understanding of our customers and to ensure relevant communication in all aspects of your relationship with our CASA NOASTRA (QFORT). Personal data will also be used to develop new products and services or to improve existing ones.
We may collect personal data from visitors to our digital platforms or from our customers for the purposes of processing surveys on our products and services. Your personal data will not be used for marketing communications without your consent.
When a person signs up to occupy a position at CASA NOASTRA or concludes a contract with us, we can collect certain personal data such as name, contact information, job history information, study diplomas, relevant reviews files and information on professional interests. They may be collected directly from the person concerned, from a recruitment consultant and from the previous employer of the person or other persons, including references and sources made public. This information is used to inform or assist us in making the decision to make an offer of employment or to conclude a contract with that person.
We may collect personal data in accordance with the requirements or permissions of the applicable law, such as the provision of your personal information to the police, the courts and other authorized bodies of the State, on the basis of and within the limits of the legal provisions, and following explicit requests.
Other purposes we process the data are the following:
We do not make automated decisions with legal or other similar effect on you, but to the extent that this will change in the future, we will inform you accordingly and allow you to exercise all legal rights.
In order to always ensure the quality of our products and services, we have constant partnerships with various suppliers to which we can transmit your data, which they process either as authorized agents or as associated operators, and in the latter case they are directly responsible for complying with the legislation in the field of personal data protection.
We are continually making reasonable efforts to ensure that these third parties have implemented appropriate safeguards and security measures. With these third parties (empowered persons) we have contractual terms so that your data is protected.
The categories of recipients of personal data can be:
We could also share your data with business partners as a result of a joint effort to offer a product or service.
Although unlikely, we may sell the business or part of the business in the future, which will include the transfer of your data.
We may also transmit the data to other parties with your consent or instructions (for example, when you direct us to transmit your personal data to third-party platforms or websites, such as social media pages or where we handle a request data portability).
We will also be able to provide your personal information to the police, the courts and other authorized institutions of the State, on the basis of and within the limits of the legal provisions and as a result of expressly formulated requests
We will ensure, within reasonable limits that your data do not leave the European Economic Area, but as we transfer data to non-EEA countries, we will ensure in all cases that transfers are legitimate based on your consent explicit or otherwise legal basis. For example, as mentioned above, we may send data to the US through Google Analytics and Mailchimp platforms, but these providers are included in Privacy Shield and your data is safe, under European law. For more information, please visit https://policies.google.com/privacy and https://mailchimp.com/legal/privacy/.
The company does not have a “We keep everything” approach. This is neither practical nor cost-effective nor does it comply with the storage limitation principle set out in Regulation (EU) 679/2016. However, some personal data will be kept, among other things, because it forces us to enforce the law or protect our commercial interests. Among the reasons, we mention:
In order to determine the period for which the data will be processed, we take into account the contractual duration until the contractual obligations and the archiving deadlines, both legal and domestic. Also, in order to exercise and defend our rights in the case of a legal procedure, the 3-year general limitation period is also included in the calculation of the storage period.
Customers’ personal data: 10 years from signing the contract, during the warranty period. After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Personal Data of Potential Customers: 3 years from bidding. After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Personal data of jobseekers: 3 years from the interview. After that time, the data will be deleted or anonymized for historical, statistical or research purposes.
Employee personal data: 3 years after the termination of the employment contract, except for employment contracts (75 years) and payroll (50 years). After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Accounting documents: 10 years. After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Data from business partners or external collaborators: 10 years after termination of the contract. After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Data processed for direct marketing: until withdrawal of consent. After this period, the data will be deleted or anonymized for historical, statistical or research purposes.
Other personal data will be kept for as long as required by law, and in the absence thereof for a period of 3 years from the last interaction of any kind with the data subject.
We may only use your personal data with your consent and at your request to inform you of our operations, products, services, promotional offers and other news. However, if you are already our client, we may transmit to you, pursuant to law no. 506/2004, offers on similar goods and services offered by our company, but you have in all cases the right to oppose and then the commercial communications will cease. As long as you do not want to receive further information, you can easily unsubscribe from our marketing communication at any time. For this, please send an email to firstname.lastname@example.org with the subject UNSUBSCRIBE. If you unsubscribe from our marketing communications, we will delete your personal information within 30 days if these data are not processed for other purposes as specified in this document.
The person concerned has the right to withdraw consent if it is the legal basis for the processing of his or her personal data (if the processing is not based on any other legal basis, such as the contract, legal obligation, legitimate interest, vital interests or public interest).
Before we give up processing the personal data of the person concerned, we will verify that we have no other legal basis on which to process the data. If we do not have another legal basis, we will respond to the request. We will not tacitly migrate from consent to another legal basis, but we will ensure in all cases that the additional basis has been established in the first place. If processing concerns the personal details of a minor (defined by the GDPR as a person under 16), the grant or withdrawal of consent must be authorized by the holder of the parental responsibility.
Most of the time, consent and withdrawal of consent will be available electronically, online.
Regardless of the decision we will make, we will inform you accordingly within a reasonable time.
When personal data is collected from the data subject or obtained from another source, we have an obligation to inform the data subject about the use of this data and the rights thereon.
The person concerned has the right to request the Company a confirmation that the personal data are being processed and, if so, has the right to obtain a copy of this data as well as the following information:
We will not be able to respond to such a request when the claim is manifestly unfounded or excessive, or when we are in a position of legal confidentiality.
If personal data is inaccurate, the data subject is entitled to request the correction and completion of incomplete personal data on the basis of the information he provides.
If necessary, the Company will take additional steps to verify that the information provided by the person is correct before making the change.
The person concerned has the right to request the Company to delete without delay the personal data concerning it in the following cases:
The company will have to make a decision on such a request. Deleting data will not occur if:
The person concerned may exercise the right to restrict processing in the following situations:
If a restriction request is received, it will be checked to see if it falls into one of the above cases.
If data is restricted, it will remain stored but cannot be processed without the consent of the person. They may be processed for the purposes of establishing, exercising or defending a right in court or for the protection of the rights of another natural or legal person or of a major public interest of the Union or of a Member State.
In all cases, the data subject who has obtained the restriction of processing is informed by the operator before lifting the processing restriction.
The data subject has the right to require personal data to be provided in a “structured, machine-readable and commonly used format” (Article 20 of the GDPR Regulation) and to transfer the data to another party, for example another services provider. This applies to personal data for which the processing is based on the consent of the data subject, on the legal basis of the contract or when the processing is carried out by automated means.
Where technically feasible, the data subject may also require personal data to be transferred directly from one operator to another. At present, CASA NOASTRA does not have technology for direct portability from one operator to another, but we are doing reasonable diligence to implement it.
The data subject has the right to oppose the processing that is based on the legitimate interest of the operator or a third party or on the public interest.
Once the objection has been made, the Company must justify the reasons on which the processing is based and suspend the processing until the decision has been taken. The company no longer processes personal data unless it demonstrates that it has legitimate and compelling reasons justifying the processing and which prevails over the interests, rights and freedoms of the data subject or that the purpose is to establish, exercise or defend a right in court.
If personal data is used for direct marketing, the Company will cease processing.
The person concerned has the right not to be the subject of an automatic decision, including the creation of profiles where the decision has a significant or legal effect on it. The person concerned also has the right to express his / her point of view, to request human intervention and to challenge the decision.
There are exceptions to this right, which are where the decision:
Please note that:
The security, integrity, and confidentiality of your personal data are especially important to us. We have implemented technical, administrative, and physical security measures to protect your unauthorized personal access, disclosure, use and modification data. At certain intervals, we review our security procedures to include appropriate new date technologies and methods.
We also inform you that any person acting under the authority of CASA NOASTRA who has access to personal data will process the data only to the Operator’s instructions.
However, no computer mechanism offers total security, a risk element that always exists, a risk that is independent of our will and / or possibilities. The security of this site may be subject to vulnerabilities and, as such, for such situations, we cannot be held responsible for any breach of security.
This privacy statement and privacy policies here are not intended to create contractual or other legal rights or on behalf of any party.
If you have any questions or concerns regarding the processing of your information or wish to exercise your legal rights or any other privacy concerns, you may contact our data protection officer at email@example.com. We will try to respond to the request within one month. However, the deadline may be extended depending on various aspects, such as the complexity of the application, the large number of requests received or the impossibility to identify yourself within a useful time. When submitting a request, we may request additional information for your identification. This information differs on a case-by-case basis, and to ensure that your personal information is not disclosed to unauthorized persons, we will take all measures to identify you. If, although we make every effort, we fail to identify you, and you do not provide us with additional information in order to identify you, we are not required to comply with the request.
This website is owned and operated by QFORT through the company CASA NOASTRĂ SA.