PRIVACY NOTICE ON DATA PROCESSING DATA OF CONTRACTUAL PARTNERS

 

Through this Privacy Notice, we want to provide you with details regarding the processing of your personal data, in your capacity as a representative, employee, or party involved in a contract between Therme and your company.

This Privacy Notice applies to the processing activities carried out by us, as a data controller, having the legal responsibility to inform you adequately about the purposes, legal grounds, rights you have or other relevant information.

We recommend that you read this information Notice together with the Privacy Policy, in order to obtain as much information as possible on how we protect your personal data.

Given that the scope of work of the contract and the manner of work established by the parties may differ on a case-by-case basis, if you consider that the information provided in the Privacy Notice and Privacy Policy is not sufficient, please contact us.

WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE PROCESS?

Depending on the purpose and nature of the contractual relationships, we may process the following personal data:

Identification and contact details:

  • First name and last name;
  • Email address;
  • Phone number

Professional data:

  • Position;
  • Experience, certifications etc.;
  • The role you have in your relationship with us, responsibilities, etc.
  • The name of the company you represent;
  • The location and/or the place of work where you conduct your business;

 Data collected at Therme locations:

  • Your image, if you provide services and access the video surveillance areas;
  • Purpose, duration of visit, time of arrival and time of departure, signature.

Other personal data:

  • Any information disclosed in emails, notes, presentations, meetings;
  • Any information found in contracts, additional documents, supporting documents (offers, additional documents, activity reports, orders, invoices, annexes, plans, graphs, analysis etc.

WHY DO WE PROCESS THIS PERSONAL DATA?

Personal data is necessary for purposes such as:

  • Negotiation, offer, verification, approval and signing of the contract;
  • Communication;
  • Activity organising and provision of services;
  • Issuing and retention of documents resulting from the activity performed;
  • Fulfillment of legal obligations (financial-accounting, tax, labor protection, security, food hygiene, other legal obligations);
  • Protection of property and people;
  • Security of IT systems;
  • Security of restricted spaces;
  • Prevention of financial losses;
  • Defense of Therme’s rights;
  • Financial reporting.

WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?

We process your data, for the aforementioned purposes, on the following legal grounds:

  • Contract concluded between Therme and the legal entity you represent;
  • Legal obligation, when processing is necessary to fulfill our legal obligations.
  • Our legitimate interest, such as

- Protection of property and people;

- Securing of IT systems;

- Securing of restricted spaces;

- Preventing financial losses;

- Defending Therme’s rights;

- Issuing financial reports;

- Issuing and storing documents resulting from the activity performed;

- Protecting Therme reputation;

- Other similar situations described in the Privacy Policy.

WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?

Your data may also be disclosed to other third parties such as IT service providers, payment processors, financial-accounting service providers, marketing service providers, occupational safety and health service providers, security and protection service providers, applications and web tools providers, website and mobile app developers, market research providers, consultants, lawyers, legal advisors, auditors or similar entities.

Personal data may be accessed by third parties only if this is reasonably necessary in accordance with the purposes mentioned in this information Note.

For details, please see the dedicated section of the Privacy Policy.

HOW DO WE HANDLE INTERNATIONAL DATA TRANSFER?

As a rule, your personal data is processed in Romania, within European Union and other countries that provide adequate level of protection, similar to the General data Protection Regulation no. 679/2016.

However, the use of it systems may also involve the transmission of data outside the European Union and countries that do not provide an adequate level of protection, such as the United States. In this situation, for the protection of your data, we will take additional protection measures. For more details, please see the “International data transfer” section of the Privacy Policy.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Data retention periods may vary, depending on the purpose for which they are processed and may be influenced by the type and nature of the contract, legal provisions or our legitimate interests.

Therefore, the criteria on which we determine the retention of data are:

- legal retention periods, where applicable;

-contractual obligations to which you or the company you represent is a party ;

- Therme's legitimate interests.

We keep the data that is necessary for financial and accounting purposes, according to the legal provisions of national and European law, at least 10 years after the issuance of the supporting documents containing them. After the expiry of this period, the data will be destroyed safely within 1 year, according to the internal storage policies.

Data that is not subject to legal regulations are assigned retention periods in accordance with the purposes for which they were collected.

We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued.

The erasure will only take place to the extent that such personal data are no longer necessary for other purposes.

WHAT ARE YOUR RIGHTS?

For the purposes of using your personal data for the purposes aforementioned, you shall have the following rights:

  • Right to be informed;
  • Right of access;
  • Right to rectification;
  • Right to erasure, under the conditions stipulated by law;
  • Right to restriction of processing;
  • Right to data portability to another controller, under the conditions stipulated by law;
  • Right to object to the processing of your personal data;
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;
  • Right to lodge a complaint with a supervisory authority.

UPDATING THE PRIVACY NOTICE

The information presented in this Privacy notice will be reviewed periodically to reflect any changes in current processing activities.

Please visit this page periodically to make sure you always have up-to-date information.

However, if we intend to significantly change the way we use your personal data, we will notify you in advance.

Last update: April 2022