Privacy Policy regarding the use of personal data
I. INTRODUCTION
Meta Estate Trust SA, a company established and operating in accordance with Romanian law, registered with the Trade Registry under no. J40/4004/2021, VAT number 43859039, headquartered in Bucharest, Sector 1, Str. Buzesti nr. 75-77, Floor 9, Office 13, (hereinafter referred to as the "Company"), pays special attention to the operations of collecting, using, processing, and storing personal data that it comes into contact with in the day-to-day activities of the Company.
Through this privacy policy, we inform you about how we collect, use, store, and disclose personal data that we receive from certain categories of individuals, such as website users, partners and potential partners, employees, collaborators, etc.
II. METHODS OF COLLECTING PERSONAL DATA
Personal data is collected as follows:
Directly - by obtaining the respective data from individuals, through various means, including, but not limited to: filling out online forms, registering for various events organized by the Company and/or its collaborators, accessing the Company's website, or submitting resumes or cover letters for employment vacancies within the Company.
Indirect - from external sources, such as:
from public sources, such as: public registers, the Trade Registry Office, articles published on various websites, news, public lists of sanctions issued by Romanian or foreign public authorities;
social media and/or professional websites, in cases where registration on the Company's website is done using social media accounts (Facebook, Instagram, LinkedIn, Google Maps, etc.), in which case the Company collects information regarding the name, email address, additional personal information, etc.
through intermediaries: recruitment firms, agencies, etc.
III. CATEGORIES OF PERSONAL DATA COLLECTED
The types of personal data regarding individuals obtained either directly or indirectly may include the following (the list below is not exhaustive):
Personal data:
Identification data: name and surname, personal identification number (CNP), identity document number and series, date of birth, citizenship, mobile phone number, email address, employer name, position held, political exposure, financial information, etc.
Civil status data;
Racial or ethnic origin;
Contact details: home address, mailing address, email address, phone number;
Occupation-related data, employer name, position held;
Data regarding political orientation;
Financial or transactional information (information obtained from payment providers, if applicable).
Personal geolocation data (geographical locations), in case you are searching for the contact address of the Company.
IV. LEGITIMATE BASIS FOR PROCESSING PERSONAL DATA
Personal data is processed based on the explicit, freely given, specific, and unambiguous consent of the website user, in accordance with the provisions of the applicable legislation and the conditions of this policy.
The following may constitute a legal basis for processing:
A contract, for the purpose of processing personal data to fulfill contractual obligations.
A request from the user prior to entering into a contractual relationship.
Legitimate interest, in which case the processing of personal data is carried out based on the legitimate interests pursued by the Company.
V. USAGE OF PERSONAL DATA
The company aims to demonstrate transparency at the moment of collecting personal data, in accordance with the provisions of the General Data Protection Regulation 2016/679 (GDPR). Therefore, the purpose for which we process the collected personal data may include:
Authentication of users on the company's website;
Sending invitations regarding upcoming events organized by the Company or its collaborators/partners.
Registering attendees for the organized events.
Processing the requests received online, including formulating responses to the received inquiries.
Identifying qualified candidates for vacant positions within the Company.
Administering, maintaining, and ensuring the security of the Company's website.
Carrying out marketing and advertising activities, including subscribing to newsletters, for specific marketing purposes, in order to provide content, including personalized content, that may be of greater interest to you.
Compliance with existing legal provisions (e.g., anti-money laundering, counter-terrorism financing, and/or other forms of financial crime).
Compliance with legal provisions and obligations that the Company has assumed through the conclusion of various contractual relationships.
VI. THE TRANSFER OF PERSONAL DATA
The company will not disclose your personal data to third parties through sale or rental. Within the company, employees who handle your personal data are subject to confidentiality obligations. They are only authorized to manage personal data based on instructions provided by the company, in connection with their job responsibilities.
Appropriate technical and organizational measures are taken to protect personal data. The website uses security measures against loss, alteration, or misuse of information under their control. However, the company does not assume responsibility for information losses caused by errors in the software used to design and host the website. Additionally, they are not liable for errors in the security of the server hosting the website.
Personal data may be disclosed to governmental authorities, tax authorities, and/or law enforcement agencies if required by applicable laws or if necessary for the exercise of our rights, including the terms of use, or to protect our legitimate interests (including the legitimate interests of third parties) in accordance with applicable laws.
Additionally, there are situations where your personal data is transmitted to contractual partners, such as: telecommunications companies, technical and IT support companies, real estate agencies, accounting firms, audit firms, maintenance companies, post offices, lawyers, notaries, auditors, bailiffs, translators, real estate brokers, financial institutions, insurance companies and brokers, investors and/or potential investors, etc.
Each time we subcontract certain services, acting either as a data controller or as a data processor, we ensure that the requirements set by the General Data Protection Regulation 2016/679 are met and respected, so that personal data is processed in an appropriate manner.
Personal data is stored on servers located in Romania. We may transfer personal data outside the European Economic Area if some of the contractual partners of the Company are located outside it.
VII. PERIOD OF RETENTION OF PERSONAL DATA
Personal data is processed throughout the contractual relationship and after its termination, at least for the period imposed by the applicable legal provisions, including, but not limited to, the provisions regarding archiving. In the case where personal data is processed based on your consent, this data will be processed only for the period provided in the given agreement, unless you withdraw this consent before the expiration of this period.
It is possible that, following the expiration of the legal archiving periods, the Company may anonymize the data, thus depriving them of their personal nature, and continue processing anonymous data for statistical purposes. In the event that personal data no longer serve the purpose of processing, this data will be destroyed/deleted.
VIII. RIGHTS OF THE DATA SUBJECTS
According to the provisions of the General Data Protection Regulation 2016/679, data subjects have the following rights regarding the processing of personal data:
The right to be informed - you can request information regarding the processing activities of your personal data;
The right to rectification - you can rectify inaccurate personal data or complete it;
The right to erasure ("the right to be forgotten") - you can obtain the erasure of data if their processing was not lawful or in other cases provided by law;
The right to restrict processing - you can request the restriction of processing if you contest the accuracy of the data, as well as in other cases provided by law;
The right to object - regarding processing activities carried out for direct marketing purposes, including profiling activities, the right to object can be exercised at any time by submitting a request as indicated below;
The right to data portability - you can receive, under certain conditions, the personal data you have provided to us in a format that can be automatically read or you can request that such data be transmitted to another controller.
The right to lodge a complaint - you can lodge a complaint regarding the processing of personal data with the National Supervisory Authority for Personal Data Processing (http://www.dataprotection.ro/) or with the competent courts, if you deem it necessary.
The right to withdraw consent - in cases where processing is based on your consent, you may withdraw it at any time. The withdrawal of consent shall only have future effects, with the processing carried out prior to the withdrawal remaining valid.
Additional rights related to automated decisions - you can request and obtain human intervention regarding the processing, you can express your own point of view on it, and you can contest the decision.
IX. DATA SECURITY
We store your personal data on the servers of the Company, located within the territory of Romania.
We use appropriate technical and organizational measures to protect personal data and prevent unauthorized access to it. We have entered into contractual relationships with third parties that provide hosting services, and these contracts include obligations regarding the organizational and technical security of personal data.
The security of your personal data is very important to us, but please be aware that transmitting data over the internet is not completely secure. Although we do our best to protect your data, we cannot guarantee 100% security for data transmitted on our website; any transmission of personal data is at your own risk. After we receive your data, we will use strict security procedures to try to prevent unauthorized access, alteration, or unauthorized destruction of it.
X. FINAL PROVISIONS
The Company reserves the right to modify/revise this personal data processing policy, and will publish the revised/updated version on the Company's website.
Subsequent access to the Company's website after the publication of the updated version of the personal data processing procedure constitutes your acceptance to comply with and agree to the new revised/updated policy.